iFinance Canada, operating as Medicard ("Medicard", "we", "us" or "our"), and its subsidiaries and affiliates are committed to protecting the Personal Information ("Personal Information") you provide including the collection, use, and disclosure of "Personal Information" and when we share it with third parties. Medicard recognizes and respects the importance of protecting the security and confidentiality of the Personal Information we collect and maintain about our customers and takes steps to ensure we meet privacy principles and requirements with respect to Personal Information under applicable Canadian privacy legislation.
The purpose of this statement is to inform our customers and other individuals how we deal with ("you" and "your") Personal Information and how we collect, use, disclose, and protect your Personal Information. Personal Information is information that is identifiable as pertaining to an individual.
Our Principles of Privacy:
Principle 1: Establishing Accountability
Medicard is responsible for maintaining and protecting the customer information under its control.
Principle 2: Identifying the Purpose of Collecting Information
We will identify the purposes for which customer information is collected before or at the time the information is collected.
Principle 3: Obtaining Consent
We will require the knowledge and consent of the customer for the collection, use or disclosure of customer information except where required or permitted by law.
Principle 4: Limiting Collection of Personal Information
Customer information collected must be limited to those details necessary for the purposes identified by Medicard. Information must be collected by fair and lawful means.
Principle 5: Limiting Use, Disclosure and Retention of Personal Information
We may only use or disclose customer information for the purpose for which it was collected unless the customer has otherwise consented, or when it is required or permitted by law. We will retain customer information for the duration of our relationship with the customer, plus a reasonable period of time as required or permitted by law.
Principle 6: Keeping Information Accurate
We will maintain customer information in as accurate, complete and up-to-date form as is necessary to fulfill the purposes for which it is to be used.
Principle 7: Protecting Customer Information
Customer information must be protected by security safeguards that are appropriate to the sensitivity level of the information.
Principle 8: Maintaining Openness of Policies and Practices
Medicard will make information available to customers concerning the policies and practices that apply to the management of their information.
Principle 9: Providing Customer Access to Personal Information
Upon request, a customer shall be informed of the existence, use and disclosure of their information, and shall be given access to it, except when legally restricted. Customers may verify the accuracy and completeness of their information, and may request that it be amended, if appropriate.
Principle 10: Handling Customer Complaints and Questions
Customers may direct any questions or enquiries with respect to the privacy principles outlined above or about our practices by contacting our Privacy Officer.
Personal Information We Collect:
Medicard collects non-public Personal Information which can include: name, address, telephone number, e-mail address, bank account numbers, bank statements, credit report, credit card information, postal code, town or city, gender, job title, monthly income, birth date, SIN number, purchase history, click through activity, IP address, product or service preferences or instructions, other applicable information for personal identity verification and all other information you may provide and we collect through our on-line application, tablet or mobile applications, at point-of-sale, in our website, by telephone, fax, mail or e-mail or through the "Apply Online" features at a retailer's site or by other means.
We collect Personal Information in order to facilitate the services that are offered through the Site and by Medicard generally, including information about the products or services, the methods of financing those products and services, and the individuals to whom we provide financing. We may also put Personal Information to other use, which may include communicating information and offers to customers; to better understand, analyze, and respond to our customers' needs and preferences, and to subsequently develop, enhance, and/or provide products and services to meet those needs.
We also keep track of your product preferences and instructions and analyze that information. We may use Personal Information to contact you in order to conduct research about your opinion of current services or of potential new services that may be offered by Medicard, or to respond by e-mail to an inquiry that you posted online. Your Personal Information may also be used by us to contact you regarding other products or services which may be of interest to you. Your Personal Information may be combined with other Personal Information collected by us to provide aggregate statistical information about customers' service usage preferences. We reserve the right to access and/or disclose Personal Information where required to comply with applicable laws or lawful government requests or, in our reasonable opinion.
Information collected from documents and statements and other sources:
- Contact information and copies of personal identification cards, such as driver's license, utility bill or any other applicable document for identification and to verify signature;
- Demographic information such as location the customer resides in, including address, and postal code;
- IP address, device information including but not limited to identifier, name and type, operating system, location, mobile network information and standard web log information such as your browser type, traffic to and from our Site, the pages you accessed on our website, and any other available information. This includes, but is not limited to, details of your purchases, content you viewed, event information, click stream information and cookies that may uniquely identify your browser or your account;
- Self-reported income levels, housing status, employment status, credit bureau files, bank account transaction history, social insurance numbers,
- billing information, credit card number(s) or other payment-method details;
- Information about you from any contact you have with any of our services or employees, such as, with our customer support team, in surveys, or through interactions with our affiliates;
- Information received on a bank statement including, but not limited to: bank information including your bank account number, bank name and address, employment and bank account transaction history;
- Banking information to take funds out at the time of repayment of loan in the form of PAD/PAP (Pre-Authorized Debit/Pre-Authorized Payment);
- Information about customer transactions and experiences with us and our affiliates such as customer account balance, billing and payment status and history; and
- Information we receive from consumer credit reporting agencies or other outside sources, such as information regarding customer creditworthiness and credit history.
Medicard will make reasonable efforts to ensure that all customers have an understanding of the purpose(s) for which Personal Information is collected, used or disclosed. Medicard will obtain consent to use and disclose Personal Information at the time the Personal Information is collected. Medicard may also obtain consent to use and disclose Personal Information after it has been collected, but prior to the Personal Information being used or disclosed for a new purpose.
The collection of Personal Information is limited to that which is related to the identified purposes and is collected with your consent except what is required by law. Most Personal Information will be collected directly from customers and by fair and lawful means. Medicard may collect Personal Information from sources such as credit bureaus, employers, personal references, or other third parties that represent they have the right to disclose such Personal Information.
Consent to the collection, use, and disclosure of Personal Information may be given by you in various ways and may be either expressed (expressed consent is given when we specifically ask you if it is acceptable to you that we gather certain information and you explicitly agree that it is; for example, orally, electronically, or on a form you may sign describing the intended uses and disclosures of Personal Information), or implied (implied consent occurs when you provide information that may be Personal Information without objection, for example, when you provide information necessary for a service you have requested, or in some circumstances where notice has been provided to you about our intentions with respect to your Personal Information and you have not withdrawn your consent for an identified purpose, such as by using an "opt-out" option). Consent may be given by your authorized representative (i.e.: legal guardian or a person having a power of attorney).
As we obtain only the information necessary to assist you with the transaction you require, we operate under the understanding that you have agreed to provide us with this Personal Information voluntarily and with knowledge of this Policy whenever you do so. Consent shall not be obtained through deception.
Medicard may be required or permitted under statute or regulation to collect, use or disclose Personal Information without the individual's knowledge and consent in certain circumstances. For example:
- When the collection, use, and disclosure is permitted or required by law or to comply with a court order;
- to comply with local, provincial, or federal regulations or a legally permitted inquiry by a government agency;
- When the collection, use and disclosure is clearly in the interests of the individual and consent cannot be obtained in a timely manner;
- When seeking the consent of the individual may defeat the purpose of collecting the information;
- When needed to collect a debt owed to us, to comply with a subpoena, warrant or other court order, or as otherwise required or authorized by law; and
- When information is publicly available.
An individual may withdraw consent at any time subject to legal or contractual restrictions and reasonable notice. Refusal or withdrawal of consent by a customer may prevent Medicard from providing a product or service to that customer. Medicard will not unreasonably withhold products or services from a customer who refuses or withdraws consent. But if the Personal Information is required to offer the product or service, Medicard may decline to deal with the customer who will not consent to the use of such Personal Information.
Use of Your Personal Information:
Medicard will identify the purposes for which Personal Information is collected at or before the time the information is collected. This information may be communicated orally, electronically or in writing.
Medicard collects, uses and discloses Personal Information for the following purposes:
- To provide financial services to our customers;
- To evaluate your application and determine your initial and ongoing eligibility for our financial products and services;
- To confirm your identity;
- To confirm details of your employment and income;
- To obtain credit information and credit reports from credit reporting agencies to assess credit history and credit worthiness and to confirm accuracy of information provided by individuals;
- To process billing and invoices, and manage, administer, and collect your payments for products or services;
- To maintain business records for reasonable periods and generally manage and administer our business;
- To collect debt that may become owed to Medicard by a customer;
- To maintain contact with you as permitted by law;
- To conduct marketing activities;
- To meet legal, regulatory, security, and processing requirements, or otherwise as permitted or required by law;
- To report account information, such as credit limit, balances and payment information, to credit bureaus;
- To extract certain information for the purpose of generating statistics for our internal purposes;
- To improve our financing products and services;
- To periodically send promotional emails about our products, special offers or other information which may interest the customer.
Disclosure of Your Personal Information:
Reasonable efforts will be made to ensure that Personal Information is as accurate, complete and up-to-date as is necessary for the purposes for which it is used. Due to the nature of Medicard's business, Personal Information will be updated on an on-going basis as the customer utilizes Medicard's products and services.
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
As part of our commitment to our customers, we do not sell customer information to third parties (except as described below under sale of assets). We do not disclose any non-public Personal Information about our customer, or former customers, to non-affiliated third parties except as permitted by law or described below.
Medicard shares and stores customer personal and transaction information with affiliated companies of Medicard for the purposes listed in the identifying Purposes section above.
We may disclose all of the non-public Personal Information about the customer that we collect, as described above, to non-affiliated companies that perform services on our behalf, such as pre-authorized payment processing, contract administration and registration, insurance tracking, third party facilities that purchase loans in whole or in part (securitization) and credit reporting agencies. Before we disclose non-public Personal Information to a non-affiliated third party performing services on our behalf, we enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which we disclosed the information or as otherwise permitted by law.
Merchants: In the course of completing or partially completing a loan application with us and/or obtaining financial services from us, some of your Personal Information will be disclosed to the merchant(s) or service provider from whom you are applying to purchase services or products in connection with your application. This information may include, without limitation, your contact information and your available credit with us, even if you do not transact. The merchant may use this information to contact you.
Service Providers: We may transfer Personal Information to outside agents or service providers (for example, credit bureaus, billing service providers, collection agents, marketing agencies, or other lenders), in which case we will use contractual or other reasonable means to ensure that your Personal Information is protected and not used or disclosed for any purposes other than as directed by us.
We may disclose all of the non-public Personal Information about the customer that we collect, as described above, to non-affiliated companies that perform services on our behalf, such as pre-authorized payment processing, contract administration and registration, insurance tracking, third party facilities that purchase loans in whole or in part (securitization) and credit reporting agencies.
Lenders: In the event we transfer your Personal Information to another lender, regardless of whether the lender extends you an offer of financial services or not and whether you accept such an offer or not, the lender may use your Personal Information to conduct its own marketing activities, including by emailing you. You may opt out of receiving these communications after you receive one by responding directly to the lender.
We may also from time to time cooperate with suppliers, service providers, and partners for the purposes of providing you with additional services or products or for advising us on matters such as market research and data processing. Such parties will be given only the information required necessary to perform their services and are required to adhere to our privacy standards.
Financing Sources/Sale of Business: Your Personal Information may be used by us and disclosed to parties connected with the contemplated or actual financing, securitization, insuring, sale, assignment, or other disposal of all or part of our business or assets, including for the purpose of permitting such parties to determine whether to proceed or continue with such transaction, to fulfill reporting, inspection, or audit requirements or obligations to such parties. In the event that all or part of our business or assets to which your Personal Information relates is sold, assigned, or otherwise disposed of, your Personal Information will be used and disclosed by such parties for substantially the same purposes as described in this policy.
Legal/Compliance: We may otherwise disclose Personal Information as necessary to meet legal, regulatory, insurance, audit, and security requirements, or as permitted or required by law.
Security and Storage:
We operate secure data networks protected by industry standard firewall and password protected systems, and maintain physical, electronic and procedural safeguards to protect the integrity and privacy of these servers and of your Personal Information. Although we can't guarantee that there will never be a security problem, we and our agents that have access to your information, carefully guard against the loss, misuse or alteration of the information we collect on our Site.
We store the Personal Information you provide to us in our computer databases. We own, maintain and operate our computer servers containing our databases. We use firewalls and other security measures to protect our servers. Access to your information is provided to our employees and other parties only on a need-to-know basis. Authorized employees and agents of Medicard who require access to your Personal Information in order to fulfill their job requirements will have access to your Personal Information.
Your information may be stored by us on our own protected servers, or by other parties in electronic or physical files. Electronic files are stored on servers which may be located outside of Canada, including in the United States. In the event that such information is located outside of Canada, foreign governments, courts of law enforcement or regulatory agencies may be able to obtain disclosure of this information.
Medicard is committed to ensure that the customer information is protected by reasonable security safeguards. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from our customers. Reasonable security measures are used to the disposal of Personal Information.
Medicard follows generally accepted industry standards to protect your Personal Information using physical, electronic, or procedural security measures appropriate to the sensitivity of the information in our custody or control, which may include safeguards to protect against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure; therefore, we cannot guarantee its absolute security. Medicard will update and review the reasonableness of the security safeguards as needed on an ongoing basis.
Our Website and the Internet:
Visiting our Website
We operate the website Medicard.com which provides information about your accounts, and allows you to request further information, to request customer support, or to make other inquiries. Like most websites, this Site gathers traffic patterns which may be linked to their Internet Protocol or "IP" addresses (which are unique Internet "addresses" assigned to all Internet users by their internet service providers), Site usage information, type of operating systems, time and duration of visit, and pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are only collected and used on an aggregate basis in order to evaluate our visitors' preferences and the effectiveness of our Site. This aggregate usage data does not identify you individually. We may share anonymous, aggregated statistics about visitors to our Site with others outside our company, or we may allow third-parties to collect aggregate data through our Site.
Personal Information provided by you online is used to respond to your inquiries and fulfill your requests. Personal Information that you voluntarily provide in response to our online questionnaires and surveys are used to help us learn more about your interests and preferences, and may be used to send you periodic information about our products and services (if you have chosen that option).
Cookies and Other Features
Unless a visitor specifically provides their identity to us (e.g., by providing information through an online form or sending us correspondence from the website), cookie information is anonymous and we will not know who the individual visitors are. Information gathered from cookies is only used on an aggregate basis. You can disable cookies using your internet browser's settings. Please consult your browser's help function for information on how to disable cookies. Note: if you disable cookies, certain features of our website may not function properly. Our website may also use a technology called "tracer tags" or "web beacons". This technology allows us to understand which pages you visit on our website. These tracer tags are used to help us optimize and tailor our website for you and other future visitors to our website.
Our Web pages also contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our Site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
Our Site may include links to other websites that are provided as convenience only and whose privacy practices and policies may differ from those of Medicard and, accordingly, we have no responsibility for such third-party websites. When customers submit Personal Information to any of those sites, their information is governed by third party privacy statements. We encourage our customers to carefully review the privacy statements and policies of any third-party websites they visit.
Text Message Communications
We may contact you by SMS text using the telephone number you have provided to us to verify your identity, provide you with links to apply for a loan, or notify you of payment transactions. Any information you provide by text will be handled by us in accordance with the terms of this Privacy Statement.
Your telephone conversations with our authorized employees and representatives may be monitored and/or recorded for quality control, internal training and recordkeeping purposes. We, and our affiliates and third parties with whom we share your Personal Information in accordance with this Privacy Statement, may contact you by telephone using the telephone number you have provided to us.
Customer Access to Personal Information:
We will advise you on request about what Personal Information we have collected about you, as well as how it has or will be used. If you provide a written request for this information, we will provide it to you within a reasonable time following confirmation of your identity and may charge a reasonable cost (e.g. photocopying, mail charges) to the individual making the request. We will inform you whether or not we hold Personal Information about you and, when possible, the source of the Personal Information, its use, and any parties to whom it may have been disclosed. You may be required to provide sufficient proof of your identity at this time to ensure the safety and security of the Personal Information we hold and that it is provided to individuals in accordance with this Policy. We reserve the right to decline to provide access to Personal Information where the information requested would disclose: Personal Information of another individual or of a deceased individual; it is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information; it does not exist, is not held, or cannot be found by us; it could reasonably result in serious emotional harm to the individual or another individual, or serious bodily harm to another individual; or it may harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by statute to perform such functions. We will not respond to repetitious or vexatious requests for access.
We may establish and maintain a file of your Personal Information for the purposes described above, and which will be accessible at our Corporate Office in Toronto, Ontario. If you wish to request access or correction of your Personal Information in our custody or control, or if you wish to make inquiries or complaints or have other concerns about our Personal Information practices, you may contact our Privacy Officer by calling 1‑888‑689‑9876 or emailing us at firstname.lastname@example.org, Attention: Privacy Officer. Your right to access or correct your Personal Information is subject to applicable legal restrictions.
If you wish to make further enquiries, access the information that we have about you, or obtain further information about our privacy policies, or the privacy practices of Medicard or its affiliates, please contact us by:
Sending an email to: email@example.com
Writing to us at:
Attn: Privacy Officer
55 Bloor Street West
P.O. Box 19645