All of our policies are written in simple, transparent language so that you know exactly how we are protecting your privacy and ensuring your confidentiality.
Zag Bank is committed to protecting the privacy of your personal information. We will fairly and lawfully collect and maintain accurate personal information and protect the confidentiality of all personal information that we collect, retain, use or disclose to others in the course of our business activities.
This policy describes the principles Zag Bank will use to protect the personal information of individual clients in its possession or control. This policy does not apply to clients who are corporations, partnerships or other forms of association. Zag Bank will protect the confidentiality of information with respect to those clients through our adherence to applicable laws, our contracts with our business clients and other internal policies.
What is Personal Information?
Personal information is information about an identifiable individual. It includes an individual’s name, residential address and telephone number, e-mail address, age and gender, personal financial records, identification numbers including their Social Insurance Number, personal health information, and personal preferences.
Publicly available information, such as business contact information or a public directory listing of individuals’ names, addresses, and telephone numbers, or information that is aggregated and not associated with a specific individual, including demographic information and statistics, is not considered to be personal information.
Chief Privacy Officer
Zag Bank’s Chief Privacy Officer is responsible for ensuring the protection of individuals’ personal information. The Chief Privacy Officer may be contacted by mail or email at:
500-11 King Street West
Toronto ON M5H 4C7
Governing Legislation and Standards
Zag Bank complies with the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) as well as applicable provincial privacy laws. This policy is based on the ten principles set out in the Canadian Standards Association (CSA) Model Code:
- Identifying the purposes of collecting your personal information
- Obtaining your meaningful consent
- Limiting the collection of your personal information
- Limiting the use, disclosure and retention of your personal information
- Keeping your personal information accurate and up to date
- Safeguarding your personal information
- Making information about privacy related policies and procedures readily available
- Giving you access to your personal information
- Addressing your questions and concerns
Zag Bank's Accountability
Zag Bank has established clear lines of accountability for management of personal information throughout the organization. The Chief Privacy Officer ("CPO") is responsible for ensuring Zag Bank's compliance with all laws and regulations governing the protection of personal information. The CPO has the support of senior management and the authority to intervene on all privacy issues related to Zag Bank's operation.
Zag Bank is also accountable for any personal information that is transferred to third parties for purposes such as statement issuing, card distribution, research, marketing, mail distribution and data processing. We will ensure that third party service providers have confidentiality and privacy practices that are as stringent as our own when handling or processing your personal information.
All Directors, Officers, employees and agents of Zag Bank are provided with training focused on elements of this Policy, and will provide affirmation online or in writing that they have read and understood the Policy and will abide by it. On an annual basis, each Director, Officer, employee and agent will review the requirements of, and confirm his or her compliance with this Policy.
Identifying the Purposes of Collecting Your Personal Information
Zag Bank will collect, use and disclose different types of personal information. We only collect, use, and disclose personal information in accordance with applicable privacy legislation. Personal information is collected for a variety of reasons, including:
- contact information, such as your address, telephone number, e-mail address or other electronic address and fax number;
- information that we can use to identify you and that we require to meet tax, anti-money laundering and other “know your customer” legal and regulatory obligations, such as your name, Social Insurance Number (SIN), date of birth, occupation, and other information set out on government-issued identification;
- credit and financial information such as employment history, income sources, assets, liabilities, credit history, and payment preferences;
- business relationship information, including information related to agreements, preferences, advisors and decision-makers, feedback, and information provided;
- transactional information such as payment history or other types of information about how you use different products or services or otherwise do business with us;
- information such as language and communication preference, location, demographics and interests, which help us understand you better, including how you like to do business and what types of products, services or offers you may like;
- information to understand your current and future needs, for example, surveys and other forms of market research and analysis.
In circumstances where Zag Bank is required by law to collect your SIN, (for instance, with savings accounts), we will require that you provide your SIN. In all other circumstances, for example to assist us in verifying your credit related information, provision of SINs is optional, though in some circumstances alternative information may be required to verify identity or may otherwise be required in order to provide a particular product or service.
Obtaining Your Meaningful Consent
Zag Bank will obtain your consent to collect, use or disclose your personal information unless we are permitted or required by law to collect, use or disclose personal information without consent. Your consent may be given orally, in writing, or electronically, and may be express or implied.
We will ensure that the form of consent that we use is appropriate for the circumstances, and will take into account the sensitivity of the personal information, the circumstances in which the information is being collected, and your reasonable expectations in determining which form of consent to use. We will always obtain express consent when we are collecting, using, or disclosing sensitive personal information.
You can withdraw your consent, subject to certain restrictions, to our collection, use or sharing of your information at any time upon giving Zag Bank reasonable notice. Withdrawing your consent may limit or prevent us from providing you with, or being able to continue to provide you with, specific products or services. For example, if you choose not to provide us with your SIN, we will not be able to provide you with any product where the collection of SIN is required under tax law, for example, a registered product like an RRSP.
There are circumstances where you cannot withdraw consent. For example, you may not withdraw your consent where Zag Bank’s collection, use or sharing is permitted or required by law. Also, in order to maintain the integrity of the credit reporting system, we may periodically update your information with credit bureaus as long as you have a credit product or service with us and for a reasonable period of time afterwards. Your consent to the exchange of information cannot be withdrawn during this time.
Limiting the Collection of Your Personal Information
Zag Bank will collect only the amount and type of information needed for the purposes documented by us and identified to you. We will collect personal information primarily from you. For example, when you apply for a product, enter a contest, complete surveys, and sign up for special offers.
Zag Bank will also collect information through your browser or device. This is done through:
“Cookies” are encoded files stored on the device you’re using. You can configure your device to not accept cookies, but if you do, you may experience problems using our online and mobile platforms. Zag Bank uses two types of cookies:
i. Session cookies allow you to move back and forth within a secure banking session and they expire once you sign off or leave the secure website.
ii. Persistent cookies remain on your computer and have several purposes. We use them to remember your preferences (such as language, region, and user name) and to collect aggregated and non-personal information (such as error messages that were triggered when using our platform or page visits by all clients combined). Finally, we also use persistent cookies to deliver messages or advertisements that may be relevant to you and to measure the effectiveness of an advertising campaign.
b. Other Technologies
Zag Bank may use pixel tags, web beacons, clear GIFs, Flash objects or other technologies for a variety of applications: marketing and advertising, compiling statistics about usage and response rates, recognizing your device, fraud detection as well as prevention and security.
c. Third-Party Widgets
Zag Bank’s website, online and mobile platforms may contain third-party widgets from reputable firms (for example, buttons leading to Twitter, Facebook, etc.) that allow us to easily share information on another platform. When you click a third-party widget, you access an external website that is not subject to Zag Bank’s privacy and confidentiality policies.
Except where permitted by law, Zag Bank will only collect your personal information from external sources if you have consented to such collection. These sources may include:
d. Social Media Platforms
Zag Bank may collect information when you access our social media pages such as Facebook, Twitter, or if you participate in a Zag Bank contest or Zag Bank survey.
e. Credit Agencies
Zag Bank may obtain information from credit agencies to verify your identity before opening your first account, or to verify your payment history and creditworthiness when you apply for certain products or services.
f. Other Financial Institutions
Zag Bank may request information from other financial institutions in order to deliver products or services to you (for example, when you transfer your RRSP or TFSA accounts to Zag Bank).
g. Other Sources
Zag Bank may obtain information about you, as permitted by law, from other sources for marketing, advertising and other purposes, including direct marketing agencies and consumer organizations.
Limiting the Use, Disclosure and Retention of Your Personal Information
Zag Bank will not sell or rent client lists or personal information to other organizations. However, Zag Bank may disclose your information under specific circumstances as outlined below:
1. Our Employees
Your information is made available to Zag Bank employees who need the information to perform their duties and on a “need to know” basis only. All Zag Bank employees are subject to strict confidentiality policies and procedures and have undergone thorough background checks before being offered employment.
2. Our Affiliates
Zag Bank will share information with its affiliate companies only for the purpose of delivering the products and services that you have requested (for example, credit insurance).
3. Service Providers
Zag Bank outsources certain activities such as statement issuing, card distribution, research, marketing, mail distribution, and data processing. We require our service providers to enforce confidentiality and privacy practices as stringent as our own when handling or processing your personal information. When needed, Zag Bank provides the service providers with the personal information as necessary to execute their mandate. All providers are subject to privacy regulations. Some of our service providers are located in the United States and other countries. Information may be transmitted through or stored in a country outside of Canada.
4. Third Parties
When necessary, Zag Bank provides third parties with personal information as necessary to execute their mandate. We will only share your personal information with a third party:
- When legally obligated to do so (such as to comply with legislation, subpoenas, court orders, or when formally requested by law enforcement);
- to execute a request from you (for example, you wish to close your Zag Bank account or investment and transfer it elsewhere);
- to help prevent fraud;
- to protect the personal safety of employees, clients or other third parties dealing with Zag Bank.
Zag Bank will retain your personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose. We will destroy, erase or make anonymous any personal information no longer needed for its identified purposes or for legal requirements.
Keeping Your Personal Information Accurate and Up to Date
Zag Bank is committed to maintaining the accuracy of your personal information for as long as it is being used for the purposes set out in this Policy and we will take reasonable steps to ensure that your personal information is accurate. You can play an active role in keeping us up-to-date, and we will ask you to update us if any of your personal information changes. Prompt notification by you of any changes, for example, to your address or telephone number, will help us provide you with the best possible service. We will update your personal information only if it is necessary for us to do so to fulfill the purposes for which the information was collected.
You are always free, upon review of your personal information, to request amendments be made under the terms set out in this Policy. If the request is reasonable, we will make the amendment as soon as we reasonably can, and will notify any third party to which we have disclosed this information of the amendment.
If we do not agree to make the amendments that you request, we will notify you of this in writing, and will keep a record of the requested amendments. You may challenge our decision. We will make a record of this challenge, which will be kept on file.
Safeguarding Your Personal Information
When Zag Bank requests personal information, you always have the choice to provide it or not. But many of our products require your personal information in order to comply with tax rules or government regulations and laws. For example, we need your SIN in order to report your contributions to an RRSP or TFSA account and to report your earned interest on savings.
Zag Bank will securely store your information and limit its access to a need to know basis only. When the information is no longer needed, we will destroy it or convert it to an anonymous form as per industry best practices. However, we are required to retain some information in order to comply with regulatory and legal requirements.
- implementing physical security, such as secure locks on filing cabinets and restricted access to offices;
- establishing organizational security, such as controlled entry in data centres and limited access to relevant information;
- using electronic security, such as passwords, personal identification numbers and encryption;
- ensuring that orders or demands for your personal information appear to comply with the laws under which they were issued.
Whenever Zag Bank transfers personal information to third parties for processing, including printing of cheques or statements, market research, data processing services, collection, government guarantors, service agents or for other goods and services, Zag Bank will require these third parties to safeguard all personal information in a way that is consistent with Zag Bank’s measures and/or as regulated by law.
Whenever Zag Bank contracts with third parties, they are given only the information necessary to perform the services as set out in the contract. The third parties are prohibited from storing, analyzing or using the personal information transferred by Zag Bank for any other purpose. The third parties are required to protect personal information transferred by Zag Bank in a manner that is consistent with privacy policies and practices established by Zag Bank.
Making Information about Privacy Related Policies and Procedures Readily Available
Zag Bank will only collect, use, or disclose personal information in the ways in which we have disclosed in this Policy. Therefore, changes to our policies and personal information handling practices of Zag Bank will result in amendments to this document from time to time. This Policy will be reviewed by the CPO at least annually. Zag Bank may add, delete or modify sections at its discretion.
Giving You Access to Your Personal Information
To help us deliver excellent service and protect your privacy, make sure that your information on file with Zag Bank is up-to-date and accurate. You can review the information in your online banking profile. You can also request your personal information that we have on file by getting in touch with us at 1-844-Zag-Bank (1-844-924-2265).
Addressing Your Questions and Concerns
Zag Bank is accountable for all personal information that is in our custody or control, and we have designated a Chief Privacy Officer (“CPO”) who is ultimately responsible for the handling of this information, and for ensuring that we are complying with this Policy. The contact information for the CPO is set out below.
If you have privacy questions, concerns or complaints, we want them to be answered satisfactorily or resolved as quickly as possible and ask that you follow the two steps outlined below, in the suggested order. However, we will make contact information for the CPO readily available to you so that you may contact the CPO at first instance, should you choose to do so.
First: You should direct your complaints and/or questions in writing to Zag Bank’s CPO at:
Chief Privacy Officer
500-11 King Street West
Toronto ON M5H 4C7
Or by email at:
Second: You may also call our Client Care Department and speak to a representative. If Client Care is unable to resolve the matter to your satisfaction, you should advise them that you wish the matter to be reviewed by the Chief Privacy Officer who will contact you to resolve the issue.
If, upon completion of a review by Zag Bank’s CPO, your concerns are not resolved to your satisfaction, those concerns may be reviewed by the Privacy Commissioner of Canada, or one of the provincial Privacy Commissioners, if applicable. You may contact the Privacy Commissioner of Canada by writing to:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau QC K1A 1H3
By telephone, toll free, at 1-800-282-1376
By fax at 819-994-5424
We will also notify you that you may also contact the Commissioner at any time during the resolution process.
National 'Do Not Call' List
This service allows you to manage the number of telemarketing calls you receive by registering your residential, wireless, fax or VoIP telephone number on the National Do Not Call List. You can also make your marketing choice by logging into Zag Online.
Zag Bank will not make unsolicited calls to numbers registered on the Do Not Call List except under the following circumstances:
- It is a business.
- We have an existing business relationship.
- We have received express consent to contact that number.
If you do not wish to be contacted for marketing purposes, please refer to Marketing choices to find out what type of information you can allow us to collect and use.
From time to time, Zag Bank will send you product and marketing offers we think you will like by email, mail and/or telephone. You can limit how we contact you or if we contact you with these offers. To update your marketing choices, please unsubscribe directly in the communication you received by clicking on the "unsubscribe" link.