Skip to main content
Select Image

Privacy

 

We are committed to protecting your privacy and safeguarding your personal and financial information

While the Internet is revolutionizing the way that we do business — providing convenient access to financial services from your home or office — we also recognize that it may bring legitimate concerns about privacy and security.

To find out more, view our privacy notice.

Important terms

“Personal information”: Means any factual or subjective information, recorded or not about an identifiable individual. This includes but is not limited to financial, business, contact and other information that can identify an individual. This can also include information collected through your activities on our digital channels, such as your device information and IP address. Personal information does not include an individual’s business contact information that is used to communicate with the individual in relation to their business, employment, or profession.

FirstOntario, “we”, “our, “us”: Means collectively FirstOntario Credit Union Ltd. and our subsidiaries or affiliates such as Saven Financial and Creative Arts Financial.

Program Partners: Means the companies we have carefully selected to provide benefits, products, or services under, or to participate in, a FirstOntario partner program.

Our commitment

At FirstOntario Credit Union Ltd. (“FirstOntario”), we respect your privacy and take great care in protecting your personal information. As a leading provider of personal, business, and commercial banking services, we are a fully integrated financial institution that services credit union members, and visitors of our websites and mobile applications daily. Through these interactions, our members and stakeholders entrust us with their personal information. We adhere to the regulatory requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA).

Individuals rely on us to safeguard personal information and ensure responsible collection and use. To do so, we have committed to the following principles:

  1. We will be transparent about how we handle your personal information and our privacy practices;
  2. We will use your personal information to benefit and enhance your customer experience;
  3. We will protect your personal information and handle it responsibly.

Application

In this Notice, we describe what personal information we collect; how we use, share and manage it; how you can access, update and/or correct your personal information; and the privacy choices available to you.

This Notice describes how we handle your personal information specifically, what we collect, and how we collect it, use, share, protect and store it. We also explain your Privacy Choices and how you can exercise those choices.

This Notice applies to you when you visit one of our websites or premises, sign up to receive information from us, apply for any of our products, services, programs, promotions or events, express interest in FirstOntario, or enter into a contract with us.

This Notice applies for as long as FirstOntario holds your information, including after the end of membership. By providing us with your information, you are consenting to the collection, use or sharing of your information as set out in this notice. Our Privacy Notice serves the purpose of informing you about our data practices and your rights regarding your personal information.

Please note that additional terms and conditions may apply to how we use or manage your personal information when you engage with us under certain circumstances. For example, you are required to accept terms and conditions when you purchase insurance with FirstOntario. Those terms and conditions apply together with this Privacy Notice.

Types of information collected

We collect various types of personal information to service you, confirm your identity, satisfy legal or regulatory requirements, collect a debt to us, prevent fraud, maintain security, administer your accounts, or ensure your suitability and eligibility for products or services.

FirstOntario collects the following type of personal information:

Contact information

Such as your address, telephone number, email, social media, or other electronic address we may use to communicate with you.

Identity information

Such as your name, date of birth, citizenship, and employment information. This also includes government-issued identification and utility bills we may collect from you to establish and verify your identity.

Biometric information

Technology that enables verification of your identity, including unique physical and behavioral details such as your facial features and voice patterns.

Social Insurance Number (SIN)

Is collected for tax reporting purposes when you open or request a product that generates income. Your SIN may also be used to aid in verifying your identity to make sure we get accurate information from credit bureaus; however, providing us with your SIN for this purpose is optional. You may refuse to consent to the use of your SIN except for purposes required by the law, such as tax reporting.

Credit information

From credit reporting agencies, credit bureaus and other financial services databases when you apply for specific products. This information is collected during the application process, and on an ongoing basis, to review and ensure your suitability and eligibility for the product, and to prevent against fraud.

Other financial information

Such as your income, net worth, and transaction history to better understand your needs and ensure that the financial advice, investment products and services we provide are suitable and appropriate for you and your circumstances.

Marketing information

Such as your marketing preferences and responses to surveys and promotional offers is collected to help us understand your financial needs and activities better. This helps us inform you about relevant products and services, determine your eligibility for various promotions, conduct satisfaction surveys, and develop tailored products and services to meet your needs.

Other individuals’ information

Such as contact information of beneficiaries, spouse, dependents, or common law partners covered by an insurance product or service or named in a registered plan or trust. This information may be required by law or to provide certain protection to you. If you give us information about another person, we assume you have the right to give us their information and obtained their consent for us to collect, use and share their information according to our Privacy Notice.

Your interaction with us

Such as recordings of telephone calls or electronic communication with us, record of your usage of our products and services along with the relevant transaction and payment history. This will be collected to ensure mutual protection, process your inquiries, and improve our services. We may also use video recording in and around our physical premises and ATMs to ensure your safety and ours and to prevent against fraud and other illegal activities.

How do we collect personal information?

We limit the collection of personal information to what is reasonably required to fulfill the purposes for which it was collected. We collect personal information in a variety of ways, including directly from you; from technologies used at our branches; from third parties who we engage to promote and support our business; and when you are interacting with us online or through our mobile applications.

We collect personal information in the following ways:

Directly from you

You may provide personal information to us on site when you visit one of our branches, on the phone or via email when you express interest in our products or services, through our websites or mobile applications, forms, and documents you provide, our online banking system, or in any other direct manner.

From other sources including third parties

We may receive personal information from other sources or if the law requires or permits us to do so. We may also collect your personal information from payment card networks, government agencies, insurance companies, law enforcement authorities or other financial institutions with knowledge of your personal information.

From technologies used at our properties

We may collect personal information through various types of technologies used across our branches, such as: video surveillance used for security purposes, to protect against theft, to prevent damage to our locations and to prevent fraud; and any devices used to collect information from branch office walk-ins.

Through our websites and mobile applications

We may collect certain types of information electronically when you interact with our websites and mobile applications, email, social media accounts, online advertising, or through the use of our or a third party’s technologies which include cookies. See What is a Cookie for more information on cookie technology.

Cookies and other tracking technologies

We may use cookies and similar tracking technologies to enhance your experience on our website and to gather information about how you interact with our online services. A cookie is a small information token that is stored on the device you use to access a website or when you use an app. The cookies distinguish you from other users and can be used to track and record your browsing activity and to personalize your online experience.

Specifically, we use two kinds of cookies — session cookies and persistent cookies.

  • A session cookie exists only for the length of your browsing session and is deleted when you close your browser. We use a session cookie to maintain the integrity of your online account session. With each page you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from many others that may be happening at the same time. Our session cookies never store any personal information, such as your name, date of birth, or financial information such as accounts and balances. The information collected may include your location, IP addresses, information about your operating system, web browser, or internet connection.
  • A persistent cookie stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date. We use persistent cookies to help verify you as our member, to remember your preferences, and to help block unauthorized attempts to access your Personal Information. Persistent cookies store information on your hard drive and can be reread when you return to the site that placed them on your hard drive.

Most recent browser versions allow you to set some level of control over which cookies are accepted and how your browser uses them. For example, it may be set to notify you when it is receiving a cookie so you accept cookies from only known, reliable sites such as the FirstOntario website. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review the help section of your browser to learn more about its specific control features. You may delete or disable cookies at any time via your browser. However, if you do so, you may not be able to use some of the features on our websites or mobile applications. To learn more about the privacy choices available to you, please visit How Do I Change My Privacy Choices?

How do we use personal information?

We use your personal information to provide you with our products, and services, to manage our business operations, to communicate offers and information we think might interest you, to enhance your member experience with us, and as permitted or required by law.

We use your personal information for the following purposes:

Providing you with exceptional service

We use your personal information to provide our products and services, which include:

  • Understanding your needs and responding to inquiries or requests for information;
  • Verifying your identity and the information you or a third party provides to us;
  • Evaluating and processing your applications, claims, and transactions; and
  • Determining your eligibility and suitability for select financial products and services.

Managing our business

We use your personal information for many business reasons, which include:

  • Utilizing and managing our information technology applications and systems, including our websites, mobile applications and databases/systems;
  • Maintaining the safety and security of our members, employees and branches (e.g., through authentication checks and video surveillance and other monitoring technologies);
  • Assessing and managing risk, including detecting, and preventing fraud or error, such as identity theft;
  • Collecting debts owed and enforcing agreements between you and FirstOntario;
  • Monitoring and investigating incidents and
  • Meeting our legal and regulatory obligations.

Communicating with you

We use your personal information to communicate with you for a variety of reasons, such as:

  • Establishing a relationship with you, providing support, reminding you of upcoming appointments or events, as well as communicating updates to products and services, or other FirstOntario news; and
  • Informing you in a variety of ways (e.g., email, telephone, SMS, direct mail) about programs, products, services, special offers, promotions or events that may be of interest to you.

If you no longer wish to receive commercial electronic messages, please let us know by following the unsubscribe directions provided in any promotional messages sent by FirstOntario. For more information see How Do I Change My Privacy Choices?

How do we share personal information?

We may share your personal information within our group of companies or with our program partners and other third parties for the purposes described in this Notice and in accordance with applicable law. Additionally, if you authorize us to share information with a third party (for example if you add household members to your FirstOntario account), we may do so as necessary and in connection with your relationship to us.

We do not sell your personal information to any organization or person; the only exception to this would be if we sell or transfer any part of our business.

There are circumstances where a disclosure without consent is justified or permitted, for example in the context of a legal investigation or a request from law enforcement authorities, or where FirstOntario believes, upon reasonable grounds, that the disclosure is necessary to protect the rights or safety of an identifiable person or group.

We will not share your personal information outside of our group of companies, except as indicated below.

Service providers

In the course of providing our programs, products, services, promotions and events, we may share personal information with our service providers. These service providers help us operate our business, technology systems and applications, internal procedures, infrastructure, advertising, marketing, risk mitigation, and analytics capabilities as well as assist us with meeting our legal and regulatory obligations. We require these service providers to limit their access to and/or use of personal information to what is required to provide their services and to comply with our privacy requirements.

Third parties

In the course of providing certain programs, products and services, we may do so through arrangements with third parties. As a result, your personal information may be collected, used and shared by us and the applicable third party. For example, we may share personal information with a limited list of approved program partners with whom we work to provide a full range of financial services to you. These third parties may have their own privacy policies and terms and conditions, which will govern their use of your personal information.

Sale or transfer of business or other transaction

We may decide to sell or transfer all or part of our business to a related company or to a third party, to merge with another entity, to insure or securitize our assets, or to engage in another form of corporate or financing transaction, corporate reorganization, share sale, or other change in corporate control. If your personal information is required in connection with any such business transactions, we will comply with the legal requirements for the disclosure of personal information.

Other permitted reasons

Canadian law permits or requires the use, sharing, or disclosure of personal information without consent in specific circumstances. These circumstances include situations where use, sharing, or disclosure is necessary to protect FirstOntario, our employees, our customers, or others. If this happens, we will not share more personal information than is reasonably required to fulfill that particular purpose.

With your consent

Other than the purposes listed above, we may, with your implied or express consent, share or disclose your personal information outside of our group of companies, in accordance with applicable law.

How do we manage consent?

Unless otherwise permitted or required by law, FirstOntario shall not use or disclose personal information for any new purpose that is not outlined in this Notice without first identifying and documenting the new purpose and obtaining the consent of the individual. In some cases, your consent may be “implied” i.e. your permission is assumed based on your action or inaction at the point of collection, use or sharing of your personal information.

An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. You are always given the ability to opt out of receiving promotional electronic messages from FirstOntario by using the available unsubscribe link.

For information on how to manage your privacy preferences, please see How Do I Change My Privacy Choices.

We obtain your consent for the collection, use, and disclosure of your personal information, except where permitted or required by law. Your consent may be obtained in different ways depending on the sensitivity of the information and the purposes for which it is being collected, used, or disclosed. Express consent may be obtained verbally, electronically, or in writing from you or your authorized representative (such as lawyer, agent or broker). Implied consent may be inferred from your actions such as your use or continued use of a product or service or from the circumstances of a situation. There may be exceptions to consent requirements in certain limited circumstances such as:

  • When information is being collected for the detection and prevention of fraud or for law enforcement.
  • For legal, medical or security reasons where it may be impossible or impractical to seek consent.
  • When the individual is a minor, seriously ill, or mentally incapacitated, seeking consent may be impossible or inappropriate. In these situations, consent may have to be obtained from a legal guardian (in the case of minors), an attorney acting on behalf of the individual (under a Power of Attorney arrangement), or from the Office of the Public Guardian and Trustee.
  • When we are fulfilling contractual obligations such as payment or collection of debt.

While consent is primarily written, in some cases, we may rely on express verbal consent.

We will not, as a condition of the supply of a product or service, require you to consent to the collection, use or disclosure of information beyond that required to fulfill explicitly specified and legitimate purposes.

Withdrawing consent

You can withdraw your consent to our collection, use and sharing of information at any time by giving us reasonable notice, in writing to the Privacy Officer, subject to legal, business, or contractual requirements. However, withdrawing your consent may limit or prevent us from providing you with specific products and services. For example, if you don’t give us your SIN, we can’t provide you with any product where the collection of a SIN is required under tax law, such as an interest-bearing account. If you withdraw your consent to exchange personal information with credit bureaus, we will not be able to provide you with certain credit products. In some circumstances, you can’t withdraw your consent. For example, you can’t withdraw your consent if the collection, use and sharing of information without consent is:

  • Permitted or required by law
  • Required to ensure we have correct and up-to-date information about you, such as current address, or
  • Necessary to manage our business and risks, comply with legal and regulatory obligations or assign our rights to others for business transactions

How do I manage my privacy choices?

We want you to clearly understand your choices and make informed decisions about your privacy options. There are several options available to manage your privacy preferences, including, contacting us directly; navigating through the cookie banner, changing your browser settings on your device; and/or, where available, using third-party unsubscribe functionality.

Direct marketing

You may opt-in to receiving email communications when you register for our programs, products, or services, enter our promotions or any time thereafter when you interact with us. You may opt out of:

  • Receiving email or communications from the sender, by clicking unsubscribe within any marketing email you receive;
  • Receiving surveys by following the unsubscribe instructions provided in the email; or
  • Receiving interest-based advertisements or other communications from us.

Please note that even if you have opted out of receiving marketing communications from us, we may still contact you for transactional purposes, in compliance with applicable laws (e.g. for customer service, pertinent information about your property or service or reminder notices). We may also need to contact you with questions or information regarding your contract with FirstOntario.

It may take some time for all of our records to reflect changes in your preferences (e.g., if you request that you not receive personalized marketing communications from FirstOntario, your preference may not be captured for a promotion already in progress).

Managing your browser or device settings

We use technologies to enhance your customer experience and present offers to you. You may delete or disable certain technologies at any time via your browser. However, if you do so, you may not be able to use some of the features of our websites.

Please refer to your browser instructions or help screen to learn more about how to block, delete and manage cookies on your computer or mobile device.

You can also manage access to your location information through your device settings. We collect and use location information from your mobile device only if the location services, such as GPS, geolocation, or proximity technologies, are enabled.

Social Insurance Number (SIN)

We may ask for your Social Insurance Number to aid us in identifying you and to make sure we get accurate information from credit bureaus. Sharing your Social Insurance Number for this purpose is optional. If you choose to not provide consent, it will not stop you from applying to our non-interest-bearing products and services. However, it may impact our ability to verify the information obtained from credit bureaus which may lead us to draw incorrect conclusions and affect your eligibility for certain products or services.

Credit bureau information

When you apply for a credit product with FirstOntario, we run a credit check and exchange your information with credit bureaus. We continue to exchange information with them for as long as you hold the product and for a reasonable time after you close the product. Consent is required when requesting any lending product. If you are not requesting a lending product, you may opt out of a credit bureau check. However, opting out may impacts our ability to approve and service the products applied for.

How do we protect and store personal information?

We take the security of your personal information very seriously and are committed to protecting your privacy by using a combination of administrative, physical, and technical safeguards. These measures include multi-factor authentication, masking, encryption, logging and monitoring, as described below. We store your personal information for as long as it is necessary to provide you with our programs, products, and services and for a reasonable time thereafter, or as permitted or required by law.

In addition, we recommend you do your part in protecting yourself from unauthorized access to your FirstOntario accounts. FirstOntario is not liable for any unauthorized access to your personal information that is beyond our control. Visit our Protecting Yourself page for tips on personal data security to help you better protect your information. Keep in mind only you know your Personal Access Code (PAC), which is needed to access online banking. FirstOntario employees do not have access to your PAC and will never ask you to reveal it. If someone asks you to provide your PAC, refuse to do so and contact us immediately.

We employ a range of security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include physical, technical, and administrative safeguards designed to maintain the confidentiality and integrity of your information.

Credit union safeguards

We implement security controls such as passwords and encryption, firewalls, access controls, and regular security assessments to safeguard personal information stored on our systems and networks. We also take physical measures such as locked filing cabinets and restricted access to offices. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution and format of the information and the method of storage.

Third party agents/suppliers safeguards

Third party agents or suppliers are required to safeguard personal information disclosed to them in a manner consistent with the Privacy Notice of FirstOntario. We use contractual agreements or other means with these parties to ensure they handle personal information in compliance with applicable privacy laws and our privacy standards.

Confidentiality obligations

We restrict access to your personal information to only the employees, contractors and service providers who need to know that information to provide the required products or services to you. Our employees, contractors and service providers are bound by confidentiality obligations that restrict them from using the information for any unauthorized purposes.

Training

All FirstOntario employees are required to complete mandatory training on privacy and information security upon being hired and annually on an ongoing basis.

What are your rights in relation to your personal information?

Under Canadian privacy law, you have the right to request access to, correction, and deletion of the personal information we hold about you, or make a complaint, subject to any legal restrictions. Upon your request, FirstOntario will inform you of what personal information we hold, how your personal information was collected, how it has been or is being used, and who your personal information has been shared with.

With respect to written requests for access to your personal information, we will respond within 30 days, unless an extension of time is required. However, there may be contexts where access is refused or only partial information is provided, for example, in the context of an ongoing investigation or where another individual’s personal information or identity must be protected.

We may also need to verify your identity to protect your privacy. If there is a reason we can’t fulfill your request, you will be informed in writing.

If you are not satisfied with a response from FirstOntario with respect to your privacy concerns or our response to data subject rights you have exercised, you have a right to contact the relevant privacy regulator.

You have the right to request access to your personal information held by us and to request to make updates or corrections if you believe any information is inaccurate or incomplete. You may review or verify your personal information by accessing your account through our online banking services, through telephone banking and by contacting your branch or local office.

You may also make an access to information request by visiting the branch or office where your account is held. Upon request, you shall be informed of the existence, use and disclosure of your personal information. You must provide adequate proof of your identity, and sufficient information to allow us to locate the requested information.

Although we take care to keep your personal information accurate and up to date, we rely on you to inform us of any changes that need to be made. If you find any inaccuracy or incompleteness in our information about you, please inform us and submit the request to make the necessary amendments. If we agree with your request, we will make the required amendments and make sure they are conveyed to anyone we may have misinformed.

Exceptions to accessing information

In certain situations, we may not be able to provide access to all the personal information it holds about you. The exceptions include the following:

  • The information sought would reveal personal information about a third party who has not provided consent for the disclosure.
  • The information sought cannot be disclosed for legal, security, or commercial proprietary reasons.
  • The information sought is subject to solicitor/client privilege or litigation privilege.

If we refuse a request for access to personal information in whole or in part, our response to the Access to Information Request will provide the reasons for refusal. We may refuse to confirm or deny the existence of personal information collected as part of an investigation.

Fees for access and correction

We provide information access and correction services free of charge unless the request requires a disproportionate amount of effort. In that case, we will inform you of any applicable fees before proceeding with your request.

You can request access or correction, deletion, request a review of certain automated decisions, or make a privacy complaint by contacting our Privacy Office, through email or postal address (for contact information, see Who Do I Contact with Privacy Questions?). If the Privacy Office is unable to address your concern to your satisfaction, you may bring the matter to the attention of the appropriate Privacy Commissioner. Most of our activities are subject to the jurisdiction of Office of the Privacy Commissioner of Canada; other activities are subject to the jurisdiction of the Privacy Commissioner of your province or territory of residence.

How do I know if there are changes to the privacy notice?

We may make changes to this Notice from time to time. Any changes we make will become effective when we post a modified version of the Notice on this webpage. If we make any material changes to the Notice, we will post a notice on our websites or notify you directly . By continuing to participate in our programs, and/or use our services or purchase our products after being notified of such changes, you are accepting the changes to the Notice, subject to any additional requirements which may apply. If you do not agree to the changes in our Notice, it is your responsibility to stop participating in our programs and contact FirstOntario. It is your obligation to ensure you read, understand, and agree to the latest version of this Privacy Notice. The “Effective Date” at the top of this page indicates when it was last updated.

Who do I contact with Privacy Questions?

We have appointed a dedicated Privacy Officer who is responsible for overseeing our privacy program and ensuring compliance with applicable privacy laws and regulations. If you have any questions about how we handle your personal information, please contact us. If you are using a tool or service or are participating in an event that is offered by us with a third party, the third party may hold your personal information. If you have any questions or concerns, we will direct you to the appropriate party so you can make enquiries as to that party’s privacy policies and practices. For all privacy related questions, contact our Privacy Office:

Privacy Officer

FirstOntario Credit Union Ltd.
301 – 970 South Service Road
Stoney Creek, ON L8E 6A2
Tel: 905- 643-8473
Privacy.Officer@FirstOntario.com

Note that general email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly recommend you do not include personal financial information (such as account numbers) within the email as we cannot guarantee its confidentiality enroute to us.