MCAN is committed to fairly and lawfully collecting and maintaining accurate personal information and to protecting the confidentiality of all personal information that we collect, retain, use or disclose to others in the course of our business activities.
Protecting client privacy and the confidentiality of personal information has always been fundamental to the way we do business at MCAN. We collect, use, and disclose personal information only in compliance with applicable privacy legislation, and strive to exceed all the privacy standards established by the federal, provincial, and industry authorities in all our dealings with past, current, and prospective clients.
Personal Information means information about an identifiable individual. It includes an individual’s name, residential address and telephone number, e-mail address, age and gender, personal financial records, identification numbers including their social insurance number, personal health information, and personal references.
Publicly available information, such as business contact information or a public directory listing of individuals’ names, addresses, and telephone numbers, or information that is aggregated and not associated with a specific individual, including demographic information and statistics, is not considered to be personal information.
The Personal Information Protection and Electronic Documents Act (PIPEDA), and similar provincial legislation (currently in British Columbia, Alberta and Quebec) is based on the 10 principles of PIPEDA, to which MCAN must adhere to. These practices will provide the necessary assurances that personal information obtained and utilized by MCAN will be accurate, held in confidence and be retained in a secure environment.
The main compliance obligations under PIPEDA include the following privacy principles:
A Privacy Officer has been designated by MCAN to be responsible for compliance with PIPEDA and provincial privacy legislation. Accountability for the organization’s compliance with the principles rests with the designated Privacy Officer, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within the organization may be delegated to act on behalf of the Privacy Officer.
We will obtain consent to collect, use or disclose personal information unless we are permitted or required by law to collect, use or disclose personal information without consent. Consent may be given orally, in writing, or electronically, and may be express or implied. We will ensure that the form of consent that we use is appropriate in the circumstances, and will take into account, how sensitive the personal information is, the circumstances in which the information is being collected, and the reasonable expectations of the person from whom is being collected in determining which form of consent to use. We will always obtain express consent when we are collecting, using, or disclosing sensitive personal information.
We collect, use and disclose different types of personal information in respect of our clients. We only collect, use, and disclose personal information in accordance with applicable privacy legislation.
A client may choose not to provide us with some or all of their personal information. This may, however, severely restrict the products that MCAN can then provide. The client may also withdraw their consent to our use of their personal information at any time upon providing reasonable notice, as long as all of the following conditions are met:
When a client indicates that they wish to withdraw their consent to our use of their personal information, we will explain the implications of this withdrawal to them.
We may collect personal information for the following purposes:
We will only collect, use, and disclose as much personal information as we require to fulfill the purposes for which the personal information is being collected, unless we are required or permitted by law to collect additional information.
In circumstances where MCAN is required by law to collect SINs, for example in respect of term deposit accounts, we will require clients to provide their SINs. In all other circumstances, for example to assist us to verify clients’ credit related information, provision of SINs is optional, though in some circumstances alternative information may be required to verify identity or may otherwise be required in order to provide a particular product or service.
In addition, we may collect personal information in connection with our mortgage financing or other financial services through the use of a mortgage commitment letter or a credit application during the credit application and review process.
We will notify the individual from whom we are collecting information of the purpose or purposes for which we are collecting the information at or before the time that we collect the personal information so that they may choose whether to provide us with their personal information for those purposes. We may provide this notice either orally or in writing.
If a client refuses to provide us with certain personal information, we will not refuse to provide them with a product or service unless we are unable to provide it without this information.
If we intend to use the personal information that we have collected for a new purpose that we have not previously disclosed, we will communicate the new purpose prior to using the information for the new purpose, unless we are required or permitted by law to use the information for this new purpose without consent.
Other than as required or permitted by law, clients’ personal information will not be used for any other purpose without consent.
We collect personal information when it is provided to us. MCAN may collect personal information directly from the person to whom the personal information relates. MCAN also collects personal information from third parties, such as brokers, or individuals that are opening an account to be operated on behalf of a third party, in accordance with anti-money laundering legislation, and provided that such third parties have obtained consent from the individual to whom the information relates to provide this personal information to us. In most circumstances where the personal information that we collect is collected from a third party, we will obtain client permission before we seek out this information unless we are authorized by law to collect this information without a client’s consent. If we do not obtain client permission, we take reasonable steps to ensure that such third parties have the right to share such personal information with us.
From time to time, we may utilize the services of third parties in our business. For example, we may use third party suppliers to print statements, conduct telemarketing, collect accounts, or process transactions on our behalf. We select third party suppliers carefully and ensure through contractual means that they have privacy and security standards that meet MCAN’s requirements, and comply with applicable privacy laws. Similarly, payment transactions may be processed through payment systems operated by others and we may share personal information with these operators on a confidential basis to process transactions, provide client service, and for other reasonable purposes. These third parties will only be provided with as much personal information as they need to provide services to us. In some cases, these third parties may be located outside of Canada, and therefore personal information that has been collected by us may be processed and stored outside of Canada. Under the laws of foreign jurisdictions, in certain circumstances foreign courts, government authorities, regulators, or law enforcement agencies may be entitled to access this personal information without notice. Clients will always be notified of this fact, and will be made aware that by submitting their personal information to us, they agree to this transfer, storing, or processing.
MCAN has a strict policy of not disclosing personal information about our clients, subject to the important exceptions discussed below, and in the section “Sharing Personal Information”.
The most common reason for release of a client’s personal information is that the client has given consent. We will not release a client’s personal information without consent unless we are permitted or required to do so pursuant to applicable laws.
We also may be authorized or required by law to release personal information, such as pursuant to a court order, or we may need to protect our assets, or the public’s interest. For example, we may release personal information about a client to legal authorities in cases of criminal activity, or for the detection and prevention of fraud. If we release information for any of the reasons described in this paragraph, we shall keep a record of what, when, why, and to whom such information was released.
We do not keep a record of why a client’s personal information is disclosed to third parties for routine purposes, such as reporting to Canada Customs and Revenue Agency (T5 and other reports) and reporting to third parties when cheques are returned NSF for insufficient funds.
MCAN does not sell or rent lists of our clients or any other personal information to others for their use.
If we wish to disclose a client’s personal information for a purpose that has not previously been consented to, we will ask for the client’s consent before disclosing their personal information for that purpose, unless we are permitted or required by law to disclose this information without consent.
We may also share our clients’ personal information with certain of our business partners who provide us with products and services in the course of our business with the client.
Personal information is only shared with business partners to the extent permitted by law, and to the extent necessary to provide the client with the best service pertaining to account due diligence and general account administration. We only share as much personal information with our business partners as they require to fulfill the purposes for which the personal information is being shared. In some cases, these business partners may be located outside of Canada, and therefore personal information that has been collected by us may be transferred outside of Canada. Under the laws of foreign jurisdictions, in certain circumstances foreign courts, government authorities, regulators, or law enforcement agencies may be entitled to access this personal information without notice.
We require our business partners to protect the personal information that we share with them in a manner that is consistent with this Policy, and any other MCAN policy and/or procedure that relates to the collection, use, and disclosure of personal information that is in effect from time to time.
We will not collect, use or disclose personal information without consent unless we are authorized or permitted by law to do so. The limited exceptions to the requirement to obtain consent for the collection, use, or disclosures of personal information are set out in applicable privacy legislation.
We are committed to maintaining the accuracy of our clients’ personal information for as long as it is being used for the purposes set out in this Policy and we will take reasonable steps to ensure that your personal information is accurate. A client can play an active role in keeping us up-to- date, and we will ask clients to update us if any of their personal information changes. Prompt notification by the client of any changes, for example, to the client’s address or telephone number, will help us provide the client with the best possible service. We will update clients’ personal information only if it is necessary for us to do so to fulfill the purposes for which the information was collected.
Clients are always free, upon review of their personal information, to request amendments be made under the terms set out in this Policy. If the request is reasonable, we will make the amendment as soon as we reasonably can, and will notify any third party to which we have disclosed this information of the amendment.
If we do not agree to make the amendments that a client requests, we will notify the client of this in writing, and will keep a record of the requested amendments. The client may challenge our decision. We will make a record of this challenge, which will be kept on file.
We use appropriate safeguards to secure and protect personal information that is in our custody and/or control. We use physical, technical, and procedural safeguards that are appropriate to the sensitivity of the personal information in question. We ensure that we have comprehensive security controls and other safeguards to protect against unauthorized use, alteration, duplication, destruction, disclosure, loss or theft of, or unauthorized access to clients’ personal information.
MCAN may use other companies to provide services to our clients on our behalf, such as the printing of correspondence, storage of information files in a secured environment, or to conduct client satisfaction surveys. In such cases, we have contracts in place, holding these companies to the same high standards of confidentiality by which we are governed and requiring that any information provided by us must be kept strictly confidential and used only for the purposes of the contract.
MCAN ensures the physical, organizational and electronic security of a client’s personal information through the use of secure locks on filing cabinets and doors, and restricted access to our information processing and storage areas. MCAN limits access to relevant information to authorized employees and business partners only, and through the use of pass keys and computer passwords and, where necessary, the encryption of electronically transmitted information.
MCAN has procedures in place when destroying, deleting, or disposing of personal information when it is no longer required for the purposes as set out in this Policy, or by law, to ensure that personal information is securely disposed of and to prevent unauthorized access to such personal information.
MCAN only keeps a client’s personal information for as long as it is needed to meet the purposes for which it was collected, unless we are required pursuant to applicable laws to retain this information for a different period of time. The length of time we retain personal information is affected by: (1) the type of product the client has from us, and (2) any legal requirements we may have to meet such as regulatory file retention periods or for being able to respond to any concerns the client may have even if the client is no longer a client of ours. Personal information that has been used to make a decision that directly affects an individual shall be kept for at least one year after it has been used.
Individuals will have access, as permitted by law, to their personal information that is in our custody or control, and information provided will be clear and in a format that is easy to understand. Individuals will also be able to request that corrections and/or updates be made to their personal information.
MCAN ensures that individuals have reasonable means of accessing their personal information. MCAN does so by:
We will only collect, use, or disclose personal information in the ways in which we have disclosed in this Policy. Therefore, changes to our policies and personal information handling practices of MCAN will result in amendments to this document from time to time.
Any MCAN employee, who believes personal information is not being handled in accordance with this Policy, should immediately advise their Department Manager and the Privacy Officer.
Any Department Manager required to resolve privacy issues (as per the second step in our privacy question and complaint handling process) shall maintain appropriate records of any issue brought forward, and the steps taken in their resolution, and shall report them to the Privacy Officer.
MCAN is accountable for all personal information that is in our custody or control, and we have designated a Privacy Officer that is ultimately responsible for the handling of this information, and for ensuring that we are complying with this Policy. The contact information for the Privacy Officer is set out below.
If a client has privacy questions, concerns or complaints, we want them to be answered satisfactorily or resolved as quickly as possible and ask that the client follow, in order, the following two steps.
First: The client should direct his or her complaints and/or questions in writing to MCAN’s Privacy Officer.
MCAN Mortgage Corporation
200 King Street West, Suite 600
Toronto, ON M5H 3T4
Second: The client may also call our Customer Service Centre and speak to a representative. If the Customer Service Representative is unable to resolve the matter to their satisfaction, the client should advise them that they wish the matter to be reviewed by the department manager who will contact them to resolve the issue. You can reach MCAN Customer Service by calling:
Telephone (toll free): 1-855-213-6226
If, upon completion of a review by MCAN’s Privacy Officer, the client’s concerns are not resolved to his/her satisfaction, those concerns may be reviewed by the Privacy Commissioner of Canada, or one of the provincial Privacy Commissioners, if applicable. The client may contact the Privacy Commissioner of Canada by either of the following methods:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Telephone (toll free): 1-800-282-1376
We will also notify the client that they may also contact the Commissioner at any time during the resolution process.
A Cookie is a small text file that is placed on the browser or device you are using. Cookies allow us to tailor the Site to better match your interests and preferences. With most Internet browsers, you can erase Cookies from your computer hard drive, block the creation of Cookies, or receive a warning before a Cookie is stored, although doing so may affect your use of the Site and your ability to access certain features of the Site.
Our Site may use Web beacon, gif, or other technologies. When you access certain of our web pages, a non-identifiable notice of that visit is generated. These technologies usually work in conjunction with Cookies. If you don’t want your Cookie information to be associated with your visits to these pages, you can set your browser to turn off Cookies. If you turn off Cookies, Web beacon and other technologies will still detect visits to these pages, but the notices they generate cannot be associated with other non-identifiable Cookie information and are disregarded.
We may use third-party advertising companies to serve ads when you visit our web site. These companies may use non-personally identifiable information about your visits to this and other web sites to provide advertisements about good and services of interest to you on this or other websites. You can learn more about targeted advertising, its benefits and how you can opt out of targeted advertising through the Digital Advertising Alliance of Canada’s website at http://youradchoices.ca/choices/.
The website allows you to:
We collect certain non-personal information which is recorded by the standard operation of our internet servers on an anonymous basis, such as your IP address, the operating system you are using, the sections of the Site you visit, and the Site pages read and images viewed. This non-identifiable information is used on an aggregate basis and in a non-personally identifiable form, including: (i) for Site and system administration purposes, (ii) to improve the Site, (iii) to conduct internal reviews of the number of visitors to the Site (iv) to help us better understand visitors’ use of our Site; (v) to respond to specific requests from our visitors; and (vi) to protect the security or integrity of our Site when necessary. We do not use your IP address to identify you.
Security can be defined as freedom from, or resilience against, potential harm from external forces. Understanding some key threats and the simple precautions you can take can help protect you from being a victim of crimes such as identity theft and fraud.
What is identity theft?
Identity theft is a criminal act in which an imposter obtains key pieces of someone else’s personally identifiable information to impersonate the victim and commit a crime. Among other things, identity thieves may use the stolen information to gain access to your financial accounts and computer files; make purchases; apply for mortgages, personal loans and credit cards; obtain passports; and hide their criminal activities.
Identity thieves are generally looking for the following information:
What is mortgage fraud?
Mortgage fraud is a criminal act that occurs when there is a deliberate misrepresentation of information to obtain mortgage financing that would not have been granted if the truth had been known. This can include:
Mortgage Fraud: Preventative tips
To protect yourself and your family from becoming victims of, or accomplices to mortgage fraud, be an informed consumer. This means:
Reporting Identity Theft and Fraud
If you suspect that you or know that you are a victim of identity theft or mortgage fraud, you should contact The Canadian Anti-Fraud Centre Toll-free line: 1-888-495-8501
We won’t share your email address and you can opt-out at any time.