Last Updated: December 21, 2021
Privacy Commitment and Personal InformationWe collect, use and disclose personal information to operate our business and as permitted or required by law. Personal information is information about an identifiable individual, as defined in the Federal Personal Information Protection and Electronic Documents Act (PIPEDA) and in any applicable provincial legislation, such as the Alberta Personal Information Protection Act, the British Columbia Personal Information Protection Act, and the Quebec Act Respecting the Protection of Personal Information in the Private Sector.
AccountabilityOur Privacy Officer is responsible for ensuring that we comply with this Policy and applicable privacy laws. We are responsible for personal information in our possession or custody, as well as personal information transferred to a third party for processing. More details on our third parties are provided below under “Limiting Use, Disclosure and Retention”.
Information We Collect, and Limiting CollectionExcept where information is required to fulfill an identified purpose or as required by law, you get to decide what information you want to share with us.
Contact information and marketing preferences. We may collect information you provide, such as your name, phone number, address, city, email address, and marketing preferences if you visit or use our website or mobile application, register or apply for one of our products or services, interact with us through social media or online ads, participate in surveys, or engage with us in any way.
Identity information.If you apply or sign up for one of our products or services, depending on the product or service, we may collect identity information about you, including your name, date of birth, contact details, identification information, employment and occupation details, tax residency details, living situation, intended purpose of account, account objectives, risk capacity, funds time horizon, and financial information. If you give us your Social Insurance Number (SIN), we may use it for tax reporting. When you provide contact or identity information for another person or an authorized user, we expect that you have the authority to consent to its collection, use, and disclosure as outlined in this Policy.
Financial information.We may collect financial information that allows us to determine creditworthiness or eligibility for or appropriateness of products or services, such as income, employment history, net worth, credit reports and information from security provided for loans. We may collect and share information with credit reporting agencies and other outside sources to verify financial information about you, such as your employment and credit history. Information used to assess your creditworthiness may include: credit reporting agency data, income data,employment data, living situation, and housing costs.
Online information. We may collect information from your mobile and online activity; for example, information about your web browser, time zone, Internet Protocol (IP) address, mobile device ID, application and website use, and history. Cookies (small computer files that a website’s server places on your computer) collect information about your online behaviour. You can set your browser to reject cookies, but this may impair our ability to customize and test your experience, like remembering your preferred language or present location-specific information to you.
Transaction information. If you sign up for one of our products or services, depending on the product or service, we may collect information about your transactions, including purchases, account balances, fees, payment history, parties to transactions, card usage, account usage, and rewards redemption. If you consent and provide account details for card or bank accounts with other providers, we may also collect and store transaction information from these accounts.
Counterparty information. If you add authorized users or contacts to your account, we will collect and store their name, email address, and phone number. If you add business contacts to your account, we will collect and store the business name, nickname, and your account number with them.
Usage information. If you sign up for one of our products or services, depending on the product or service, we may collect information regarding the use of our website and mobile application, including screens visited and in-app behavior in order to monitor and improve the app.
Security credentials. If you create an account or sign up for one of our products or services, depending on the product or service, we may collect and store security credentials including your username, password, security questions, and card personal identification number.
Communication information. When you have a telephone or online chat conversation with one of our representatives, your call and chat may be recorded for quality and training purposes, as well as to resolve concerns. If you choose to contact us by email or mail, we may retain your email or mailing address, the content of your communication and our responses.
Third party information. We may collect information about you from third parties that we have contracted with, such as credit reporting agencies or affiliates. We may collect publicly available information about you from online sources, or from surveys that you participate in. You may also enter into various services, agreements and reward and loyalty programs operated by third parties. The privacy policies of such third parties will apply to such transactions with third parties, and not this Policy.
Identifying PurposesWe will clearly identify the purposes for which personal information is collected, used or disclosed prior to, or at the time of, collection, and as stated in our customer agreements and disclosures.
Contact. We may use your contact and identity information to contact you. This information allows us to contact you by various methods, including mail, email, SMS message, app push notification, and telephone at the contact points you’ve provided to us. We will contact you to respond to your questions, proactively provide you with information about your accounts with us, inform you about our products and services, and update you on changes to our website, mobile application, and other digital services we provide. We may use this information to send you important updates about your application status and account opening disclosures, and important or useful messages about your accounts. When you communicate online or by email, you should be aware that sending information over the internet isn’t secure, as it can be intercepted or manipulated and retransmitted.
Authentication. We may use your security credentials, contact, identity and financial information to authenticate you. We will share this information, with credit reporting agencies and third party identity verification providers to authenticate you when you apply for a product or service, to verify that it’s you we are speaking with when you call into our Customer Service to discuss your account, or identify you when you visit us online or on our mobile application.
Assess creditworthiness. We may use your contact, identity, financial, transaction and third party information to assess your creditworthiness and for products and services you apply for. With this information, we can assess your creditworthiness to determine your eligibility for financial products and services, and process your credit applications. This information is helpful for us to offer you financial product choices that are suitable for you. To do this, we will provide this information to, and collect information from credit reporting agencies (refer to section 7 (Limiting Use, Disclosure and Retention) for information on third party sharing).
Service. We may use your contact, identity, financial, online, transaction, counterparty, usage, and third party information to service you. This information may be used to open, maintain, service, process, analyze, audit and collect on your accounts. We may use this information to service your mobile account, optimize our website, perform business analytics, and provide you with a unique user experience. We may also send notifications and support mobile payments with this information. When we issue you a new card, we may provide your new account information to third parties to facilitate your payments, pursuant to industry standards (refer to section 7 (Limiting Use, Disclosure and Retention) for information on third party sharing).
Improvements. We may use your online, transaction and usage information to make improvements on our products and services, as well as our website and mobile application. We may use this information to evaluate existing products and services, develop new products and services, optimize our website, perform analytics, drive strategy, and improve the customer experience we offer. Information we collect is also valuable for our quality and servicing training programs.
Customization. We also customize our website and mobile applications based on online, financial, transaction and usage information collected, and use that information to understand and deliver products and services that you, and others who are similar to you, may find useful. This information may be used to better understand our website and mobile application activity, and how users interact with our digital sites. It is also used to monitor and improve our website and mobile applications.
Fraud prevention. We may use your security credentials, contact, identity, financial, online, transaction, counterparty, usage, and third party information to prevent fraud. We may use this information to assess fraud and other risks to you and us, and to protect consumers, applicants, customers and providers from identity theft, fraud and unauthorized account access. When investigating fraud, we may involve third party service providers and ask for identity information including identification documents (such as a Canadian driver’s licence, Canadian passport, birth certificate, utility bill or bank statement, etc.).
Identification. We may use your security credentials, contact, online, usage and contact information to identify you on third-party platforms you already use (such as Facebook and Twitter) and serve you ads through their marketing platforms. We may use this information to identify you on third-party platforms (such as Facebook and Google), and then use the algorithms of those platforms to find other people with similar characteristics.
Rewards. We may use your security credentials, contact, identity, online, usage and transaction information to identify you on our third-party platforms you already use (such as Neo’s partnered merchant platforms) to attribute rewards redemptions to your respective third-party account.
Reporting. We may keep the information described above along with other information about you in our records, even after your account is closed for the purposes of complying with legal and regulatory obligations. We may use your contact, identity, financial, transaction, counterparty and third party information to meet our legal and regulatory obligations including reporting tax, anti-money laundering and sanctions screening, and communicate this information to our banking partners, credit reporting agencies and governmental or regulatory agencies as permitted or required by law.
ConsentIf you apply for a product or service, communicate with us or provide personal information to us in any way, you acknowledge your consent for personal information collection, use and disclosure as set out in this Policy, applicable laws and industry standards. If we want to use your information for a purpose that was not disclosed at the time of initial consent, consent will be sought at the time of this new purpose.
Updating or withdrawing consent. Subject to legal and contractual restrictions, you can, with reasonable notice to us, withdraw your consent for use and disclosure of your personal information, other than that which is required for us to maintain your account and to provide services for which you were approved.
To opt out of our email marketing list after you have opted in, you may use the unsubscribe link provided in any email marketing material you receive. To update your privacy preferences outside of email marketing, please do so by emailing email@example.com.
Google Analytics & AppsFlyer. We use Google Analytics and Appsflyer which allows us to see information on user activities including, but not limited to, page views, source and time spent on our website and mobile application. You may opt out of our use of Google Analytics by visiting the Google Analytics opt-out page and of AppsFlyer by visiting the AppsFlyer opt-out page.
Opt out of cookies used for Online Behavioural Advertising (OBA). You can adjust your browser to reject cookies by clicking on the “AdChoices” link embedded in many of our ads. We subscribe to the Digital Advertising Alliance of Canada’s Self-Regulatory Principles for OBA. These principles promote consumers’ awareness and choice about how their information is used for OBA. You can opt out of the use of your browsing habits for OBA – just visit the AdChoices website provided by the Digital Advertising Alliance of Canada, and use the opt-out mechanisms provided. To opt out of interest-based Google advertisements, set your preferences using Google’s Ad Settings.
Limiting Use, Disclosure and RetentionWe limit use, disclosure and retention of personal information to the purposes we identify, and as required by applicable laws.
Third parties. We do not sell or rent customer lists or personal information to others. We may share your information with service providers who perform services on our behalf (such as credit reporting agencies, identity verification services, card manufacturers, print suppliers, payment processing businesses, marketing, research, call centres, collections agencies, and other services as required to service you). Additionally, we may share anonymized and aggregated information with our third party program merchants in order to provide insights and analytics on their respective rewards programs. We may also share your information with our co-brand card partners so that they can administer their rewards programs and deliver personalized offers and experiences to you. Our contracts with third parties include obligations to protect your personal information, and third parties must meet our privacy standards. When you engage with other companies directly, or contact us through their platforms, their use of the information they collect from you is subject to the terms of their privacy policies. We may share your information with regulators, courts or other institutions as required by law.
Savings accounts - We may share your contact, identity, financial, online, transaction and counterparty information with the providers of our savings accounts, including Concentra Bank, for the purposes of regulatory reporting and compliance and to inform if we can onboard you as a customer for our products.
Investment accounts - We may share your contact, identity, financial, online, transaction, counterparty and third party information with the providers of our investment accounts, including Onevest Wealth Management, for the purposes of regulatory reporting and compliance and to inform if we can onboard you as a customer for our products.
Mortgage products - We may share your contact, identity, financial, online, transaction, counterparty and third party information with the providers of mortgage products for the purposes of regulatory reporting and compliance and to inform if we can onboard you as a customer for our products.
Credit Reporting Agencies – We may share and exchange your security credentials, contact, identity, financial and transactional information with credit reporting agencies. Information shared may include the following: name; address; SIN; phone number; account numbers and terms; date of birth; transaction records; credit information; customer performance data, payment history, collections, or other information that the credit bureau has collected. We may collect, use and share this information to verify your creditworthiness, assess and manage our credit risks, establish credit and hold limits, qualify you for other products and services, detect and prevent fraud and other decisions about your account. In addition, we may share and confirm this information with credit reporting agencies on an ongoing basis in order for Neo and the credit reporting agencies to maintain accurate consumer credit information within their databases in accordance with applicable laws. These credit reporting agencies may, in turn, verify this information and disclose such information in its discretion to cooperate with local, provincial and national authorities in the investigation of unlawful, improper or fraudulent activities.
Payment Processors – We may share your identity, financial, transaction and counterparty information with our third party payment processors in order to generate credit card details and maintain access to the Mastercard network. Information shared may include the following: name; address; account numbers and terms; date of birth; transaction records; and payment records.
Third party verification providers – We may share your identity, financial, transaction and counterparty information with third party verification service providers, including those who maintain records relating to your telecommunications service providers, for the purposes of identity validation, risk assessment, and maintaining accurate contact details for your account. Information shared may include the following: name; address; SIN; phone number; device information; location information, identification details, and ‘selfie’ photos for identification validation purposes.
Plastic manufacturers – We may share your identity, financial and counterparty information with the plastic manufacturer to issue your credit cards. Information shared may include the following: credit card number and details; name; and address.
Print suppliers – We may share your identity, transaction and counterparty information with print suppliers to print letters and statements pertaining to your account. Information shared may include the following: last four digits of your credit card number; name; address; and previous period transactions.
Payment processing suppliers – We may share your identity, financial, online, transaction and counterparty information with our payments processing suppliers to process your transactions and payments. Information shared may include the following: transaction information; account number; bank from which monies were extracted; and the name on the account of the bank.
Collections and law firms – We may share your contact, identity, financial, transaction, counterparty, and third party information to help us collect a debt owed to us by you. Information shared may include the following: contact details, communication history, account details, and financial information.
Fraud detection services – We may use third parties to monitor your transaction information to identify fraudulent activity on your account.
Mastercard – As part of the payment network, and pursuant to the Mastercard Automatic Billing Updater (ABU), Identity Check, and SecureCode programs as amended from time to time, or pursuant to other industry standards, we may update or provide identity, financial and transaction information regarding your credit card or account. ABU facilitates the secure transmission of account updates to card-on-file and recurring payments merchants. ABU helps reduce the number of declined transactions due to card expirations, lost or stolen cards, and other account changes. SecureCode and Identity Check programs help verify purchases are yours through further authentication using passwords, one-time passcodes or biometrics.
Call centres and quality assurance providers – We may share access to your contact, identity, financial, transaction, counterparty and third party information maintained on our financial systems, with call centres to service your account and provide you with customer support. We may share your customer experience with a third party to evaluate how we are doing, and ensure we are complying with applicable laws and regulations.
Marketing and research companies – We may share your online, transaction, usage, and third party information or anonymized and aggregated information to understand and deliver products, services and offers that you, and others who are similar to you, may find useful. We may also share your information to block offers that you won’t find useful. This includes digital affiliates and companies like Google and Facebook.
Program Merchants – We may share anonymized and aggregated identity, financial and transaction information such as spend, reward redemption, and demographic information to deliver personalized offers and experiences to you. We may also share your identifying information with third party program merchants to attribute rewards to your account in their platforms. We contractually require our third party program merchants to only use personal information in accordance with the terms of such offers and experiences and their privacy policies. Please consult the privacy policies of our third party program merchants for any offers and experiences offered by such merchants through our services, as those privacy policies and not this Policy will apply with regard to the merchant.
Regulators, courts, law enforcement and other government institutions and payment networks – We may share your information to resolve concerns and as required by law and payment network requirements.
Mobile Wallet Providers - If you choose to load your Neo Mastercard into a Wallet, we may share your information with the Wallet provider, Mastercard, and other Service providers as outlined in Neo’s Mobile Wallet Terms and Conditions.
Co-brand card partners
Assignees. We may, at any time, sell, transfer or assign any or all of our rights to our Canadian business, including our interests, rights or obligations regarding your accounts with us. If we do so, we may share your personal information with prospective purchasers, transferees or assignees. In such circumstances, we will contractually require any such purchaser, transferee or assignee to only use your information for the purposes specified herein, and to safeguard your information appropriate to the sensitivity of personal information.
Information processed outside Canada. Your personal information may be stored and processed with approved third parties within Belgium, Germany, Ireland, the Netherlands, the United Kingdom, and the United States. If a third party processes or stores information outside Canada, foreign governments, courts, law enforcement or regulatory agencies may therefore be able to access such personal information through the laws of the foreign jurisdiction.
We take steps to ensure that your personal information is as accurate, complete and up to date as is necessary for the purposes for which it is to be used.
If you believe that the personal information we have about you isn’t accurate or complete, please contact us by updating your information through our website or mobile application, by calling the customer service number on the back of your card, or by writing to the Privacy Office (see section 10 (Openness, Individual Access and Challenging Compliance) below). If you move, change your phone number, or change your email address, you are required to update your information with us.
We use procedures and practices appropriate to the sensitivity of personal information to protect against loss, theft and unauthorized access. Access to your information is restricted to those individuals and parties who require access.
For example, we have physical security (such as restricted access to our offices and secure storage), electronic protection (such as passwords and encryption) and safe business practices (such as customer authentication when you call us). We also train our staff on how to safeguard personal information.
While we take all reasonable measures to protect data, there is always inherent risk when providing personal information. You can help us safeguard your information too. If you contact us through email or social media, you should avoid sending sensitive information, such as your banking information or full credit card number. If someone purporting to represent us contacts you and requests your personal or financial information, and you are suspicious, you can always contact us to confirm that the request was legitimate before providing any such information. We also recommend that you use unique and strong passwords for your online accounts and that you don’t share your passwords with anyone.
Except as otherwise permitted or required by law, your personal information will be retained for so long as is reasonably necessary to fulfil the purposes for which it was collected. We may keep your personal information along with other information about you in our records, even after your account is closed for the purposes of complying with legal and regulatory obligations.
Openness, Individual Access and Challenging Compliance
You can write to our Privacy Office to request access or to make corrections to the personal information we have on file for you. We will provide you with the personal information we have, subject to certain considerations specified by law. Some of the information we have on you, like your contact information and transactions, is available on your account statements.
You can contact Customer Service for general privacy inquiries or concerns at:firstname.lastname@example.org
For more information about our Policy, or to raise a privacy concern, please contact our Privacy Office at the following address:
Attention: Privacy Officer
Neo Financial Technologies Inc.
200 - 632 Confluence Way SE
Calgary, AB T2G 0G1
If you have a concern that is not able to be resolved by our Privacy Office you may consider contacting the Office of the Privacy Commissioner of Canada:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, QC, K1A 1H3