At Interac Corp. (“Interac”, “we” or “us”) we respect your personal information and are committed to ensuring the proper use, protection and security of all personal information placed in our care.
This Privacy Notice explains our personal information collection, use and disclosure policies and practices in order to help you understand how we handle personal information you provide to us when you visit our websites (“Sites”), communicate with us by email or phone, and participate in our products and services. More detailed Privacy Notices for Interac verification service, Interac document verification service, and Interac sign-in service can be found here: Verification solutions – Legal. This Privacy Notice does not apply to and we are not responsible for any third-party websites, products, or services that may be accessible through links from our Sites. We urge you to review the privacy practices of those third-party site owners carefully before you submit any personal information.
Policy Notice Overview
To learn more about this Privacy Notice, please click through the following sections.
- What types of personal information we collect and why
- How we use your personal information
- Why we share your personal information
- How long we keep your personal information
- How we protect your personal information
- Your rights and choices over your personal information
- When we transfer your personal information
- Updates to this Privacy Notice
- How to contact us
1. What types of personal information we collect and why
We may collect and use different types of personal information related to you in the course of operating our Sites and providing our products and services. We do not sell personal information to anyone and only share it with third parties for the purposes set out in this Privacy Notice.
a. When you visit our Sites
When you visit our Sites we automatically store certain information, which may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, the browser and operating system you use, the date and time of your visit, the access status (e.g. your ability to access a website or receipt of an error message), website usage information (including the amount of data transferred, history of website pages you view) and sites you visit to access our Sites and those you will visit from our Sites. We may store your IP address for security reasons, in particular to help diagnose problems with our server, administer our website, analyze trends, prevent and detect attacks on our website or attempts at fraud. We also track visitor movements and gather broad demographic information to help us identify visitor preferences. We render all of this information anonymous (unless we are required or permitted to keep information in its original form by applicable law) and retain it in aggregate form to measure interest in Interac reports and usage of our Sites, including but not limited to the total number of visits, average time spent on our Sites, and pages viewed, both in real-time, and within a certain historical time frame. We use this aggregated information to improve the utility, security, content, and user experience of our Sites. More information about how information is collected from websites related to our Interac verification service, Interac document verification service, and Interac sign-in service, can be found here: Verification solutions – . Interac has a legitimate interest in understanding how our Sites are used. This understanding is derived from analytics including fraud and marketing analytics and helps us to provide additional products, services and content that are relevant to our users.
When you visit our Sites we may collect certain non-identifiable information via cookies, web beacons, and other similar tracking technologies to help us enhance your Site user experience. The types of information we may obtain include:
- Anonymized data relating to: (i) on-site behaviour; (ii) performance metrics; and (iii) targeted advertising; and,
Information on the cookies we use, and their functions can be found in our Cookie Notice.
We may use Google Analytics, specifically the Demographics and Interest Reporting component of Google Analytics as well as the DoubleClick Campaign Manager, together known as Google Analytics for Display Advertisers. These features are used to derive non-personally identifiable information to track and report our Sites traffic. For more information about Google Analytics, its privacy and terms, including how to opt out from having your information collected through Google Analytics please visit https://policies.google.com/technologies/partner-sites?hl=en-US.
b. Collection of personal information in connection with Interac products and performance of Interac services
To facilitate your use of Interac products and services, to protect you and other users of our products, services and Sites from fraud and other wrongful or illegal activity, to provide Interac services and to conduct our business, including to carry out our obligations arising out of any agreements entered into between you and us, between your financial institution and us, and between us and third parties, we may collect the following personal information.
- For Interac e-Transfer transactions, we collect information including sender name, email address, phone number (if provided) and bank account number, along with recipient name, email address or phone number (or both), and bank account information. In addition, we collect nick names and IP addresses of both sender and recipient, the payment amount, expiry date of the Interac e-Transfer transaction, name of the originating financial institution, current payment status, status history of the payment, unique device ID numbers and all messages associated with the transfer.
- For Interac e-Transfer Bulk Payables, in addition to the information we collect for Interac e-Transfer transactions, we collect information including the security question and answer associated with the transfer.
- For Interac Debit Chip and Pin and Interac Debit contactless transactions (formerly known as Interac Flash), we collect information including the transaction payment amount, name of the originating financial institution, current payment status and your debit card primary account number (PAN).
- For Interac transactions, in addition to the information we collect for Interac Debit, we collect the following information:
- For each Interac Debit through digital wallets provision, we collect the home country of the card, originating financial institution and cardholder billing address (if available); and
- We also collect device related information including , device identifier, model, operating system, IP address, language, location, device manufacturer, network operator, device serial number (last two digits), time zone, type, masked email address and user account ID hash (unique ID representing Apple ID / Google ID of the user).
- For Interac verification service, Interac document verification service, and Interac sign-in service a description of the information we collect can be found here: Verification services – Legal
- For Software Based Pin on Cots for Mobile point of sale transactions, in addition to the information we collect for Interac Debit, we collect information, including transaction payment amount, name of the originating financial institution, current payment status and your debit card PAN, as well as the geolocation of the transaction (i.e. the IP address of the merchant) and the unique identifier of the merchant’s Commercial Off the Shelf Device (i.e. phone, tablet).
c. When you contact us or request that we contact you
Through our contact channels you can contact us or ask us to contact you regarding questions, troubleshooting, comments, or complaints. When you do this, we collect the information that you communicate to us by filling out the applicable form, speaking with us in person, by calling or emailing us. Information we collect may include your contact details (such as your first name, last name, address and/or business information), the reason you are contacting us, your transaction reference number, your device type, your transaction amount, verification that you are not a robot and other information you provide to us. We will collect your contact information and any other information we need in order to further assist you and communicate with you. Sensitive information should not be included within such inquiries.
d. For our newsletter, events and marketing purposes
You can choose to sign up for our newsletter on our and to receive invitations to events. If you do so, you may authorize us to use your email for the purpose of contacting you to periodically send you email messages describing updates, new features, or promotional offers related to our Sites, products, services or events. You can choose to stop receiving these emails at any time. To do so simply follow the instructions included in your email, or send a reply stating your request to unsubscribe. If you do not explicitly choose to receive emails for marketing purposes, the only email messages you will receive from us will be to respond to email inquiries that you send us.
e. When you sign up/register for our Sites
You may also choose to register for our Developer Centre or participate in the Interac Hackathon or request help, support or information for merchants. If you do so, you may be asked to provide optional information such as the name of the business you work for and/or the industry you work in. We may collect your personal information in order to provide you access to the Developer Centre, operate the user forum, and facilitate management of Developer Centre users’ accounts. When you request merchant point of sale merchandise, we may also collect your personal information to fulfil your request. We render all of this information anonymous and retain it in aggregate form to measure interest in the Developer Centre Hub, usage of the Sites, including but not limited to the total number of visits, average time spent on the sites, and pages viewed, both in real-time, and within a certain historical time frame. We use this aggregated information to improve the utility, security, content and user experience of our Sites.
f. When you apply for a job with us
If you apply for a job at Interac on our career website, we may collect certain personal information from your job applications, including your contact information (including name, postal address, email address and phone number), resume, your citizenship/employment eligibility, desired salary, results of your behavioral or cognitive abilities testing and any other personal information you choose to submit along with your application.
2. How we use your personal information
We will only use your personal information when we have a legitimate basis, including to:
- Administer and perform our services, products and conduct our business;
- Evaluate employment candidates and respond to applicant correspondence;
- Carry out our obligations that may arise from any agreements we have entered into with you or your financial institution or other third parties;
- Operate and facilitate the use of our Sites (including responding to requests received) and to confirm Site content is useful and relevant;
- Manage our business needs, such as monitoring, analyzing, testing and improving our products and services, the Sites’ performance and functionality and the performance and functionality of our infrastructure;
- Contact and correspond with you, and respond to your inquiries and, when necessary, investigate complaints;
- Determine whether to grant access to certain special features of our Sites;
- Comply with legal and regulatory requirements;
- Prevent and detect fraud, unauthorized transactions, other wrongful or illegal activities, claims and other liabilities; and
- Manage risk exposure with respect to the integrity and security of our products, services and Sites.
We may also use information you provide in anonymized and aggregated form for the following legitimate purposes:
- Assemble statistical reporting for our participating financial institutions and governmental authorities;
- Conduct market research respecting our products and services; and
- Compile statistical analysis of the behaviour of users or groups of users.
3. Why we share your personal information
We consider your personal information strictly confidential and we do not sell or rent it to others. We will not share any of your personal information with third parties, except in the limited circumstances described herein or with your express permission. Any third parties to whom we disclose any of your personal information are limited by law or by contract from using that information for any purpose beyond the purposes for which the information is collected. We may disclose your personal information in the following circumstances.
a. Interac service providers
We need the help of our service providers to be able to offer you our Sites, products, and services. We share your personal information with our service providers who perform services for the purposes described in this Privacy Notice. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and require these service providers by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require them to safeguard the security and confidentiality of the personal information on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding their employees and contractors.
b. Financial Institutions
We offer payment products and services in association with participating financial institutions. Agents and customer service representatives at your financial institution have access to certain stored information we have. The personal information we share with your financial institution allows them to respond to your inquiries, trace payments, view a customer’s transaction history and access payment details. Additional information regarding our information sharing practices with financial institutions in relation to our Interac verification service, Interac document verification service, and Interac sign-in service, can be found here: Verification solutions – Legal. Payment memos attached to an Interac e-Transfer transaction between the sender and recipient will not be disclosed to your financial institution and will only be disclosed when we are required or permitted to do so by applicable law.
c. Fraud Investigations
We disclose information that we, in good faith, believe is appropriate in investigations of fraud or other wrongful or illegal activity or to conduct investigations of violations of the terms and conditions for using our products and services. At our sole discretion we may report suspicious activity relating to fraud or other wrongful or illegal activities, (in cooperation with your financial institution) to the appropriate legal authorities, to our participating financial institutions and other third parties. For example, we may report suspicious activities where we believe those activities could result in physical harm or financial loss to any person. We may also report activities that we view as a pattern of fraudulent, wrongful or illegal behaviour. We also exchange certain information with these financial institutions to allow each of us to establish whether any particular transaction, or series of transactions, needs to be reported as required by applicable law.
d. Business transfers
We may be involved in the sale, transfer or reorganization of some or all of our business at some time in the future. As part of that sale, transfer or reorganization, we may disclose your personal information to the acquiring organization, but will take all reasonable measures to ensure that the acquiring organization agrees to protect your personal information in a manner that is consistent with this Privacy Notice.
e. Required by law
We may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information or where we have reasonable grounds to believe the information could be useful in the investigation of unlawful activity or to legal authorities, government officials or third parties where necessary to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. We may also disclose your personal information in order to comply with court rules and regulations regarding the provision of records and information or as otherwise permitted or required by law.
f. Third party websites
Our Sites may include links to other third-party websites and social media tools, including cookies, that permit sharing web content including IP address, with third parties and social media providers. For example, you may share an article from the Interac Newsroom via Facebook, LinkedIn, or Twitter. These websites may learn of your visit and treat the collection, use and disclosure of personal information differently than we do. For any linked websites or features you visit or use that are not owned or controlled by Interac, please review their own privacy notices or policies before disclosing your personal information. We are not responsible for the collection, use and disclosure practices of companies or organizations to which our sites may provide links.
4. How long we keep your personal information
Your personal information is retained for as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Notice and in order to comply with Interac’s legal or regulatory obligations. When determining the retention period, we consider factors including the type of products and services, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact if we delete some information about you, mandatory retention periods, and the statutory limitations. We will maintain your transaction history and information provided to us by third parties. As always, once archived, your personal information is kept secure.
Information we collect from visitors to our Sites is retained only in aggregate form for the purposes outlined in this Privacy Notice.
Once we have responded to any specific inquiries we receive from individuals, we destroy, erase or render anonymous personal information no longer required for the purpose(s) for which it was collected, subject to any legal or business requirement to retain it.
5. How we protect your personal information
We are committed to securing your personal information and have taken precautions to protect such information against unauthorized access, disclosure, inappropriate alteration, and misuse. We maintain appropriate physical, technical and administrative safeguards to help protect your personal information. We update and test our security technology, standards and processes on an ongoing basis.
Transmission methods used to transfer information over the Internet, or methods of electronic storage, are not 100% secure. We cannot ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We cannot guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards.
You play a valuable part in security. After you have finished visiting our Sites, you should log out and exit your browser to prevent unauthorized users from returning to your online session. If you are accessing our mobile Sites, you should ensure that your device’s privacy settings are set in accordance with your privacy preferences. If you believe your personal information has been compromised or that someone has improperly used or provided information to Interac about you that you did not authorize, please contact us as set out in this Privacy Notice.
6. Your rights and choices over your personal information
Under certain circumstances and in accordance with applicable privacy laws, you are entitled to certain rights over your own personal information, as listed below.
- Right of access – You have the right to be informed of the existence, use and disclosure of your personal information by us, and have access to that information (including a listing of the third-party organisations with whom the information has been shared).
- Right to rectification of errors – When you demonstrate the inaccuracy or incompleteness of your personal information held by us, we must correct the inaccuracies and/or add a notation to the information, as appropriate.
- Right to challenge accuracy – You have the right to challenge the accuracy, completeness and currency of your personal information in our possession.
- Right to limit use of personal information – As a condition of providing you access to an Interac product or service we cannot require that you allow us to process your personal information beyond that which is required to fulfil the explicitly specified and legitimate purpose.
- Right to withdraw consent – You are able to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. We must inform you of the implications of such withdrawal.
- Right to object to marketing – You must consent to our collection, use or disclosure of your personal information for marketing purposes.
- Right to complain to the relevant data protection authority(ies) – You have the right to be able to address data protection issues with our Privacy Office and you also have the right to make a complaint to the relevant data protection authority.
There are some exceptions to these rights. Some information may not be accessed or deleted in certain circumstances, for example, if it contains personal information of other persons or if we are required by law to keep it.
If you wish to exercise your rights described above or require further information regarding circumstances that may limit the rights you can exercise, please contact us as set out in this Privacy Notice.
7. When we transfer your personal information
Some of the information you provide to us may be shared in encrypted form with our service providers that are located outside of Canada, over communication systems in order to facilitate the routing of such information in the course of providing Interac services. For such service providers, we will require them by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require that service providers safeguard the security and confidentiality of the personal information that they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding their employees and contractors.
8. Updates to this Privacy Notice
Interac may review this Privacy Notice periodically to reflect changes in privacy regulations and in our practices. We will post a prominent notice of any relevant and material changes to this Privacy Notice when they occur and indicate when this Privacy Notice was most recently updated.
At Interac, the person in charge of the protection of personal information is Conni Gibson, Chief Legal Officer and Corporate Secretary.
In the event that you:
- Have any questions about this Privacy Notice, our privacy policies or practices, or about the handling of your personal information;
- Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
- Want to access, update, or correct your personal information; or
- Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,
please feel free to contact our Privacy Office by email at firstname.lastname@example.org, or write to us at:
Royal Bank Plaza, North Tower, P.O. Box 45
200 Bay Street, Suite 2400
Toronto, Ontario M5J 2J1
Copyright © 2022, Interac Corp. All rights reserved.
Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.
Interac Corp., by publishing this document, does not guarantee that any information contained herein is and will remain accurate. Interac Corp., its agents and employees shall not be held liable to or through any user for any loss or damage whatsoever resulting from reliance on the information contained herein.
Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1
®,™: Trade-mark of Interac Corp.