Source One Financial Corp. (“SOFC”) is committed to safeguarding the personal information entrusted to us by our customers. We manage personal information in accordance with The Personal Information Protection and Electronic Documents Act (“PIPEDA”) and other applicable laws.
This policy outlines the principles and practices we follow in protecting personal information. The policy also applies to any person providing services on our behalf. A copy of this policy is provided to any customer on request.
Personal Information Protection and Electronic Documents Policy
3.1 Defining Personal Information
Personal information means information (P.I.I.) about an identifiable individual. This may include, but not limited to, an individual’s name, home address, phone number(s), age, sex, marital or family status, financial information, employment history, etc.
3.2 Purposes for Which SOFC will Collect, Use, and Disclose Personal Information
We collect only the personal information that we need for the purposes of providing services to our customers including, without limitation, personal information needed to:
- Identify the customer;
- Understand the customer’s credit needs;
- Evaluate the customer’s eligibility for products and services – including credit;
- Deliver products and services;
- Refine and improve our current products and services;
- Develop new products and services;
- Protect the customer and SOFC against error, fraud, theft, and damage;
- Manage and operate SOFC’s business which includes, without limitation, engaging in business transactions with third parties;
- Carry out the sale of all or any portion of our business or company, the merger of our company with any other entity, and/or the acquisition by our company of any other entity; and
- Comply with legal and regulatory requirements.
We use and disclose customer personal information only for the purposes for which the information was collected, except as authorized by law. For example, we may use customer contact information to deliver goods. The law also allows us to use customer personal information for the purpose of collecting a debt owed to our organization, should that be necessary. If we wish to use or disclose personal information for any new business purpose, we will ask for consent.
We may disclose personal information to SOFC’s directors, officers, employees, representatives, consultants, and any third parties that SOFC does business with and may transfer accounts to, all of whom are required to maintain the confidentiality of such information.
If any of our representatives or consultants, or any third parties are located outside of Canada, such party will be bound by, and personal information may be used and disclosed by such party in accordance with, the laws of the jurisdiction in which such party is located.
3.3 How SOFC Collects Personal Information
We normally collect customer information indirectly from our OMVIC licensed and authorized dealers. We may also collect information from other persons with customer consent or as authorized by law.
We ask for consent to collect, use or disclose customer personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume consent in cases where the customer volunteers information for an obvious purpose. We typically will seek consent when we collect personal information. In certain circumstances, we require an authorized dealer to confirm the customer has consented to provide personal information to us for a specific purpose. We ask for express consent for some purposes and may not be able to provide certain services if the customer is unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask customers to provide their consent orally (in person or by telephone), in writing (by signing a consent form or credit application), or by checking a box on a form, or electronically (by clicking a button).
A customer may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfill our legal obligations. We will respect the Customer’s decision, but we may not be able to provide the Customer with certain products and services if we do not have the necessary personal information.
We may collect, use or disclose customer personal information without consent only as authorized by law. For example, we are not required to request consent when the collection, use or disclosure is reasonable for an investigation or legal proceeding, to collect a debt owed to our organization, in an emergency that threatens life, health or safety, or when the personal information is from a public telephone directory.
3.5 How Do We Safeguard Personal Information?
We make every reasonable effort to ensure that customer information is accurate and complete. We protect customer personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information. We use appropriate security measures when destroying customer personal information, including shredding paper records and permanently deleting electronic records. We retain customer personal information only as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.
We rely on our customers to notify us if there is a change to their personal information that may affect their relationship with our organization. If the customer is aware of an error in our information about them, they must contact us and we will correct it on request wherever possible. In some cases we may ask for a written request for correction.
3.7 Access to Records Containing Personal Information
Customers of SOFC have a right of access to their own personal information in a record that is in our custody or under our control, subject to some exceptions. For example, organizations are required under PIPEDA to refuse to provide access to information that would reveal personal information about another individual. Organizations are also authorized under PIPEDA to refuse access to personal information if disclosure would reveal confidential business information. Access may also be refused if the information is privileged or contained in mediation records. If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access applies, we may withhold that information and provide the Customer with the remainder of the record.
The customer may make a request for access to your personal information by writing to SOFC’s Privacy Officer. The customer must sufficient information in the request to allow us to identify the information being sought. The customer may also request information about our use of their personal information and any disclosure of that information to persons outside our organization. The customer may also request a correction of an error or omission in their personal information. We will respond to the request within 45 calendar days, unless an extension is granted. We may charge a reasonable fee to provide information, but not to make a correction. We will advise of any fees that may apply before beginning to process the request.
4.0 Questions and Complaints
If a customer has a question or concern about any collection, use or disclosure of personal information by SOFC, or about a request for access to their own personal information, they will be directed to contact SOFC’s Privacy Officer in the first instance at firstname.lastname@example.org (email); 1-877-564-8582 (telephone); or 1-888-624-6276 (Fax).
If the customer is not satisfied with the response received, they should contact the Information and Privacy Commissioner of Ontario (“IPC”). The IPC can be contacted as follows:
By Mail (Ontario):
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
IPC staff are available to assist the public in person Monday to Friday, 9:00 a.m. to 4:30 p.m.
Toronto Area – 416-326-3333
Long Distance – 1-800-387-0073 (within Ontario)
TDD/TTY – 416-325-7539
Customers should not send personal information by email for security reasons.
Outside of Ontario:
Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec K1A 1H3
Phone: (819) 994-5444
TTY: (819) 994-6591