Payment Source is committed to keeping customers' personal information accurate, confidential, secure and private. The Payment Source Group Privacy Code builds on this commitment.
This Code is based on the Federal Personal Information Protection and Electronic Documents Act ('PIPEDA'). It describes how Payment Source subscribes to the principles of PIPEDA Privacy Principles throughout the company.
Payment Source encompasses all products, services, partners engaged in the following services to the public: purchase of prepaid products or services; cash payment services; Interac e-Transfer acquiring services; account loading; and bill payment services.
This Code describes the principles Payment Source will use to protect the privacy of individual customers' personal information in the carrying out commercial activities throughout the company, no matter how the information is collected, used or disclosed.
This Code applies to Payment Source as defined within this Code with respect to our operations
Payment Source is accountable for all personal information in its possession or custody, including any personal information disclosed to third parties for processing or other administrative functions. Payment Source has established policies and procedures to comply with this
Payment Source also oversees compliance with these policies and procedures through normal risk-based review, and through ongoing compliance policies and procedures reviews.
Payment Source will identify the purposes for which it collects the personal information, before or when the information is collected.
When a customer applies for a product or service provided by or through Payment Source, Payment Source will make sure the customer is made aware of:
purposes for which the information has been collected.
Payment Source will collect and use personal information for the following purposes:
Payment Source will identify the purposes for which it intends to use the personal information, in writing, orally in person or over the telephone, electronically or by any other alternative format or means it uses to communicate with its customers. Payment Source will use words that customers can easily understand when identifying these purposes.
Payment Source will distinguish the purposes
made aware of them. For instance, on an online application form, Payment Source may identify the purposes using bolder type or a box, or a confirmation box. Over the telephone,
Payment Source will identify the purposes as a distinct part of the conversation with respect to the personal information that is required as well as the purpose for gathering the information.
Payment Source staff, its affiliates, partners and other related parties who collect personal information will be able to explain the purposes to customers. Customers will also be able to ask for information about the purposes when they email, phone or write to Payment Source with respect to the use and collection of their personal information.
Payment Source will explain all the purposes for which personal information is collected including any purposes which may not appear to be as obvious as others. The purposes
Payment Source will make all reasonable effort to make sure customers understand how their personal information will be used by Payment Source. Payment Source will obtain consent from its customers before, when it
A customer's consent can be express, implied, or given through an authorized representative at Payment Source, its affiliates, or partners.
A customer can withdraw consent at any time, with certain exceptions.
Payment Source, however, may collect, use or disclose personal information without the customer's knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted or as required by law.
Generally, Payment Source will seek consent to use and disclose personal information at the same time it is collected. Sometimes, however, Payment Source may identify a new purpose and it will seek consent to use and disclose personal information for that purpose after the information has been collected.
Payment Source will not obtain consent through deceptive practices. It will explain to customers how personal information will be used before they give their consent, except where applicable laws do not require consent.
Customers can give consent orally, in writing or electronically. They can imply consent through action or inaction. They can also give consent through an authorized representative. Express consent is the preferred
Customers can grant consent:
Customers can grant implied consent by:
Customers can also give consent through an authorized representative, such as a legal guardian or a person with a power of attorney. This is necessary, for example, if Payment Source cannot obtain express consent from a customer who is a minor, seriously ill, or mentally incapacitated.
Before deciding what form of consent is appropriate, Payment Source will consider the type of personal information it needs, the reason for its use, and the type of customer contact that is involved.
Customers always have the option to withdraw consent to the use of personal information for marketing purposes.
Payment Source can collect or use personal information without the knowledge and consent of the customer in exceptional circumstances where such collection or use is permitted or as required by law.
For example, Payment Source will not ask for consent when personal information is collected used, or disclosed:
Payment Source can disclose personal information without the knowledge and consent of the customer in exceptional circumstances where such disclosure is permitted or required by law. For example Payment Source will not ask for consent when personal information is:
Subject to legal and contractual restrictions, customers can refuse or withdraw consent at any time as long as:
Payment Source limits the amount and type of personal information it collects. Payment Source will collect personal information for the purposes it identifies to the customer at
Payment Source collects personal information using policies and procedures which are fair and lawful.
Although Payment Source will collect personal information primarily from customers, it may
also collect personal information from external sources such as third party service providers, credit bureaus, government records, and partners as required by law or confirmation that the personal information collected is correct.
Payment Source will use or disclose personal information only for the reasons it was collected, unless consent is obtained from the customer to use or disclose the personal information for another reason, or is permitted/required by law.
Under certain exceptional circumstances, Payment Source has a legal duty or right to disclose personal information without customer knowledge or consent, including to protect Payment
Payment Source will keep personal information only as long as necessary for the identified purposes for which it was collected.
Payment Source may disclose personal information without consent where permitted/required by law. For example:
In these circumstances, Payment Source will protect the interests of its customers by making reasonable efforts to ensure that:
Payment Source may notify customers that an order has been
Payment Source may notify customers of such orders to the last known telephone, electronic mail, or letter.
Payment Source may want to use personal information to market products and services to its customers, either directly or through Payment Source or its affiliates. Payment Source will obtain the consent of the customer before using personal information for such purposes.
When a customer uses a Payment Source product or service and provides personal information, Payment Source will:
The first time a new type of Payment Source affiliate provides promotional information about its product or service, the Payment Source affiliate will:
Payment Source specifies in its policies and procedures the periods of time it will keep personal information. Some of these time periods are determined by legislation. If personal information has been used to make a decision about a customer, Payment Source will keep the personal information long enough for the customer to have access to it after the decision has been made, subject to any regulated record retention period.
Payment Source will destroy or erase any personal information no longer needed for its identified purposes or for legal requirements.
Payment Source’s policies and procedures explain how Payment Source will destroy personal information so that unauthorized persons or organizations do not gain access to it.
Payment Source will keep personal information as accurate, complete and current as necessary for the identified purposes for which it was collected.
Customers may, in writing, challenge the accuracy and completeness of their personal information and request that it be amended as appropriate.
Payment Source will make reasonable efforts to minimize the possibility of using inaccurate, incomplete, or outdated personal information to make a decision about the customer.
Payment Source will update personal information only if it is necessary for the purposes for which it was collected.
Payment Source will make reasonable efforts to keep customers' personal information accurate and current if the information is used on an ongoing basis. This includes personal information disclosed to third parties for processing.
Payment Source will also rely on customers to keep certain personal information (such as customer addresses) accurate, complete, and current. If a customer shows that personal information is inaccurate, incomplete, out of date, or irrelevant, Payment Source will revise its records. If necessary, Payment Source will disclose the revised personal information to third parties which were provided with the information to revise their records as well.
If Payment Source does not agree to revise personal information as requested by the customer, the customer may challenge Payment Source’s decision. Payment Source will make a record of this challenge, and if necessary, disclose the challenge to the third parties who also possess the personal information, and advise the customer of the relevant complaint procedures.
Payment Source protects personal information with safeguards appropriate to the sensitivity of
the information. These safeguards include protecting personal information from loss or theft, from unauthorized access, disclosure, duplication, use, or modification.
Payment Source’s safeguards vary depending on the sensitivity, amount, distribution, format, and storage of
Payment Source safeguards personal information through security measures. For example:
Payment Source informs its staff regularly about Payment Source’s policies and procedures for
protecting customers' personal
Payment Source may disclose personal information to third parties for fraud screening,
Payment Source may, with the customer's consent, disclose personal information to businesses such
As referred to in Principle 5, Payment Source uses care when disposing of or destroying personal information, to prevent unauthorized access to the information.
Payment Source is open about the policies and procedures it uses to manage personal information. Customers have access to information about these policies and procedures. The information will be made available in a manner that is generally easy to understand.
Payment Source makes available to customers information about the policies and procedures it uses to manage personal information. Copies of this Code are available in printed format upon request.
Information about Payment Source’s policies and procedures has been written so that it is generally easy to understand and it is readily available to customers. Through printed format or other related documents, customers will be able to find out:
Payment Source makes information about its policies and procedures available in a variety of ways, depending on the nature of the service customers are using and the sensitivity of the personal information. For example, Payment Source may make printed format or other information available upon request, mail information to its customers, establish
If you have a question about Payment Source's privacy policies, please contact us
Alternatively, you may write to us at:
Payment Source Inc.
c/o Chief Privacy Officer
365 Evans Avenue
Suite 301 Toronto
ON M8Z 1K2
When customers make a request in writing, Payment Source will, within a reasonable time, inform them of what personal information Payment Source has, what it is being used for, and/or to whom it has been disclosed, depending on what details the customers have requested and that is not restricted by law, and/or from a contractual perspective.
When customers request it in writing, Payment Source will give them access to their personal information. Payment Source will respond to the written customer request within 30 days. In certain situations, however, Payment Source may not be able to give customers access to all their personal information. Payment Source will explain the reasons for this limitation on access and any recourse the customer may have, except where prohibited by law, and/or from a contractual perspective.
A customer has the right to know, by written request, what personal information is held by Payment Source. Customers have a right, upon written request, to access personal information, and to know to which third parties the information has been disclosed, except where prohibited by law, and/or from a contractual perspective.
Payment Source has policies and procedures for responding to customers' requests for access to personal information. When customers ask, Payment Source will make these policies and procedures known to the customers. To respond to a customer's request certain information may be required, for example, customers have to be specific about the type of personal information that may be held by Payment Source.
Payment Source will attempt to be as specific as possible about the persons from whom it collected the personal information, to whom it has disclosed the personal information, and how and when the information was disclosed. Payment Source will take this information from its records, and will provide it to the customer in a form that is generally easy to understand, providing explanations for abbreviations and codes. Payment Source will provide the information to the customer within 30 days following a written request, and for a cost commensurate with the effort to retrieve the information, or at no cost.
Payment Source will not charge the customer without first informing the customer of the cost of providing the requested information and giving the customer the option to withdraw the request.
Payment Source will, on request, give a customer who has a sensory disability, access to personal information to which the customer is entitled, in an alternative format if a version of the information already exists in the alternative format, or if conversion into that format is reasonable and necessary in order for the customer to access the personal information.
Payment Source will not provide the personal information that is in its control if:
Payment Source will not record in customers' individual files when personal information was disclosed to third parties for routine purposes. For example:
If Payment Source denies the customer's request for access to personal information, Payment Source will explain the decision to the customer, except where prohibited by law. The customer may then challenge Payment Source’s decision (See Principle 10).
A customer may challenge the reasonableness of the cost of providing personal information.
Payment Source will inform customers of these policies and procedures, which are generally easy to understand and use. The complaint resolution process and the appropriate contact person are part of these policies and procedures.
Payment Source will investigate all complaints received in writing and if it finds a complaint justified, Payment Source will try to resolve it. If necessary, Payment Source will take appropriate measures, including changing its policies or procedures, to ensure that other customers will not experience the same problem.
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Phone: (819) 994-5444
Fax: (819) 994-5424