Privacy Policy

At WFCU Credit Tech, operated by Maple Leaf Financial Group, we are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services, visit our website, or interact with us through various channels.

We understand that managing your financial information requires trust, and we take our responsibility to protect your data seriously. This policy complies with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws.

1. Information We Collect

We collect various types of information to provide and improve our services to you. The information we collect falls into several categories:

1.1 Personal Identification Information

When you register for our services or apply for financial products, we collect:

• Full legal name and any previous names
• Date of birth and place of birth
• Social Insurance Number (SIN) for tax reporting purposes
• Government-issued identification numbers (driver's license, passport)
• Residential address and mailing address
• Email address and telephone numbers
• Employment information and income details
• Citizenship and residency status

1.2 Financial Information

To provide our services effectively, we collect and maintain:

• Account numbers and transaction history
• Payment card information and banking details
• Credit history and credit scores
• Assets and liabilities information
• Income and expense documentation
• Tax information and related documents
• Records of financial products and services you hold with us

1.3 Technical and Usage Information

When you access our digital platforms, we automatically collect:

• IP address and device identifiers
• Browser type and version
• Operating system information
• Pages visited and time spent on our website
• Referring website addresses
• Click patterns and navigation paths
• Login times and session duration
• Geolocation data (with your consent)

1.4 Communication Records

We maintain records of your interactions with us, including:

• Customer service inquiries and responses
• Email correspondence
• Phone call recordings (with notice)
• Chat transcripts
• Survey responses and feedback
• Marketing preferences and communication history

2. How We Use Your Information

We use the information we collect for legitimate business purposes that enable us to serve you better and comply with legal obligations:

2.1 Service Provision and Account Management

• Opening and maintaining your accounts
• Processing transactions and payments
• Providing customer support and responding to inquiries
• Sending account statements and notifications
• Managing your relationship with us
• Verifying your identity and preventing unauthorized access

2.2 Product Development and Improvement

• Analyzing usage patterns to improve our services
• Developing new products and features
• Conducting market research and surveys
• Testing and optimizing our platforms
• Personalizing your experience with our services

2.3 Risk Management and Compliance

• Assessing creditworthiness and managing risk
• Detecting and preventing fraud and financial crimes
• Complying with anti-money laundering regulations
• Meeting know-your-customer (KYC) requirements
• Fulfilling regulatory reporting obligations
• Responding to legal processes and government requests
• Enforcing our terms and conditions

2.4 Marketing and Communications

• Sending promotional materials about our products and services
• Providing information about special offers and updates
• Conducting customer satisfaction surveys
• Inviting you to events and educational programs

Note:You can opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

3. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

3.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business. These may include:

• Payment processors and financial institutions
• Technology service providers and cloud hosting companies
• Credit reporting agencies
• Identity verification services
• Marketing and analytics providers
• Customer support platforms
• Professional advisors (lawyers, accountants, auditors)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal and Regulatory Requirements

We may disclose your information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to requests from government authorities
• Meet regulatory reporting requirements
• Cooperate with law enforcement investigations
• Protect our rights, property, or safety
• Prevent fraud or illegal activities

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and the choices you may have regarding your information.

3.4 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

4. Data Security Measures

We implement comprehensive security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

4.1 Technical Safeguards

• Industry-standard encryption for data transmission (TLS/SSL)
• Encryption of sensitive data at rest
• Secure authentication mechanisms and multi-factor authentication
• Regular security assessments and penetration testing
• Firewalls and intrusion detection systems
• Secure data centers with physical access controls
• Regular software updates and security patches

4.2 Administrative Safeguards

• Strict access controls limiting employee access to personal information
• Comprehensive employee training on privacy and security
• Background checks for employees with access to sensitive data
• Confidentiality agreements with all staff and contractors
• Incident response and breach notification procedures
• Regular privacy and security audits

4.3 Physical Safeguards

• Secure facilities with controlled access
• Surveillance systems and security personnel
• Secure disposal of physical documents containing personal information
• Locked storage for sensitive materials

5. Your Privacy Rights

Under Canadian privacy legislation, you have several important rights regarding your personal information:

5.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your information in a commonly used format within 30 days of your request.

5.2 Right to Correction

If you believe any information we hold about you is inaccurate or incomplete, you have the right to request corrections. We will update your information promptly and notify any third parties to whom we have disclosed the information.

5.3 Right to Withdraw Consent

Where we process your information based on consent, you may withdraw that consent at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal.

5.4 Right to Object

You have the right to object to certain types of processing, including:

• Direct marketing communications
• Processing based on legitimate interests
• Automated decision-making and profiling

5.5 Right to Deletion

In certain circumstances, you may request deletion of your personal information. However, we may need to retain some information to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
• Maintain business records as required by law

5.6 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider.

5.7 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer using the contact information provided at the end of this policy. We will respond to your request within 30 days and may require verification of your identity before processing your request.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and business requirements:

6.1 Active Account Information

While your account is active, we retain your information to provide ongoing services and maintain your account history.

6.2 Closed Account Information

After account closure, we retain certain information for:

• Seven years for financial records (as required by tax authorities)
• Six years for contractual documents (limitation period for legal claims)
• Indefinitely for records required by anti-money laundering regulations
• As long as necessary to resolve disputes or enforce agreements

6.3 Marketing Information

If you opt out of marketing communications, we retain your contact information to honor your opt-out preference.

6.4 Secure Disposal

When information is no longer needed, we securely delete or destroy it using methods that prevent unauthorized access or reconstruction.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze usage patterns:

7.1 Types of Cookies We Use

• Essential Cookies:Required for website functionality and security
• Performance Cookies:Help us understand how visitors use our website
• Functionality Cookies:Remember your preferences and settings
• Marketing Cookies:Track your browsing to deliver relevant advertisements

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our website. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block cookies from specific websites
• Block all cookies
• Delete all cookies when you close your browser

7.3 Third-Party Analytics

We use third-party analytics services to help us understand website usage. These services may collect information about your use of our website and other websites over time.

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

For accounts opened for minors (with parental consent), we take additional precautions to protect their information and limit data collection to what is necessary for account management.

9. International Data Transfers

Your information is primarily stored and processed in Canada. However, some of our service providers may be located in other countries, including the United States. When we transfer information internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by privacy authorities
• Adequacy decisions recognizing equivalent privacy protections
• Binding corporate rules for intra-group transfers
• Your explicit consent for specific transfers

Information transferred to other countries may be subject to access by law enforcement and government authorities in those jurisdictions.

10. Compliance with Financial Regulations

As a financial services provider, we comply with various regulations that govern the collection and use of personal information:

10.1 Anti-Money Laundering (AML) Compliance

We are required to collect and verify customer identification information under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. This includes:

• Verifying your identity when opening accounts
• Monitoring transactions for suspicious activity
• Reporting certain transactions to FINTRAC
• Maintaining records for specified periods

10.2 Credit Reporting

We may report your account information to credit bureaus and obtain credit reports to:

• Assess your creditworthiness
• Verify information you provide
• Manage and collect accounts
• Report account performance

10.3 Tax Reporting

We report certain information to the Canada Revenue Agency (CRA) as required by tax laws, including:

• Interest income
• RRSP contributions
• TFSA transactions
• Other reportable amounts

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Post the updated policy on our website with a new effective date
• Notify you by email or through your account dashboard
• Provide a summary of key changes
• Obtain your consent if required by law

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any personal information.

When you use third-party services integrated with our platform (such as payment processors), those services may collect information directly from you and are governed by their own privacy policies.

13. Privacy Complaints and Concerns

If you have concerns about how we handle your personal information or believe we have violated your privacy rights, we want to hear from you:

13.1 Internal Complaint Process

1. Contact Our Privacy Officer:Submit your complaint in writing using the contact information below
2. Investigation:We will investigate your complaint and respond within 30 days
3. Resolution:If we find a privacy breach occurred, we will take corrective action and notify you of the outcome

13.2 External Complaint Options

If you are not satisfied with our response, you may file a complaint with:

• Office of the Privacy Commissioner of Canada
  30 Victoria Street
  Gatineau, Quebec K1A 1H3
  Toll-free: 1-800-282-1376
  Website: www.priv.gc.ca
• Your provincial privacy commissioner (if applicable)

---