CUETS Financial
CUETS - personal, flexible, secure
FrancaisHomeAbout UsProducts & ServicesPartner With UsNewsContact UsLinks


Introduction

As a one of Canada's leading credit card organisations and a part of Canada's co-operative financial system, CUETS Financial strives to maintain the highest standards of professionalism and integrity. An important part of this is our commitment to maintaining the security, confidentiality and accuracy of all personal information we collect. We have a responsibility to be open and accessible, while at the same time demonstrating the greatest respect for protection of the personal privacy of individuals. The principles adopted in this Privacy Code apply to all personal information under CUETS Financial's control and/or management, including personal information managed by CUETS Financial*. These principles outline our continuing commitment to our customers and employees.

Principles

Ten interrelated principles form the basis of our Privacy Code. Each principle must be read in conjunction with the accompanying commentary.

  1. Accountability
    We are responsible for personal information under our control and/or management and have designated individuals who are accountable for our compliance with the principles of this code.

  2. Identifying purposes
    We always identify the purposes for which personal information is collected when or before we collect the information.

  3. Consent
    We ensure that individuals are informed about and consent to the collection, use or disclosure of personal information, with a few specific exceptions described in this code.

  4. Limiting Collection
    We do not collect personal information beyond that which is necessary for the purposes we identify. Information is always collected by fair and lawful means.

  5. Limiting Use, Disclosure and Retention
    We do not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. We retain personal information only as long as is necessary for the fulfilment of those purposes or as is required by law.

  6. Accuracy
    We take steps to ensure that personal information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

  7. Safeguards
    Personal information is protected by security safeguards appropriate to the sensitivity of the information. We apply the same standard of care as we do in safeguarding our own confidential information of a similar nature.

  8. Openness
    We have readily available specific, understandable information about our policies and procedures relating to the management of personal information.

  9. Individual Access
    Upon request, we will inform an individual of the existence, use, and disclosure of their personal information, and will provide them access to that information. An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.

  10. Compliance
    An individual may question our compliance with the above principles. We have policies and procedures in place to respond to an individual's questions and concerns. Such inquiries can be directed to the Privacy Officer at the following address:

CUETS Financial
2055 Albert Street
Regina, SK S4P 3G8
Telephone: 1-800-561-7849
E-mail: privacyofficer@cuets.ca

Principle 1: Accountability

1.0 We are responsible for personal information under our control and/or management and have designated individuals who are accountable for our compliance with the principles of this code.

1.1 Ultimate accountability for our compliance with these principles rests with CUETS Financial's Chief Executive Officer. A Privacy Officer is responsible for management of our privacy policies. Other individuals within our organisation may be accountable for the day-to-day collection and processing of personal information, or act on behalf of the Privacy Officer.

1.2 We have identified the Privacy Officer to our employees and will upon request identify the Privacy Officer to other individuals.

1.3 When personal information is processed by third parties, we ensure that the level of information security is comparable to our own.

1.4 We have privacy policies and practices in place, including:

(a) procedures to protect personal information;
(b) procedures to receive and respond to inquiries and complaints; and
(c) procedures to train staff to understand and follow CUETS Financial's policies.

Principle 2: Identifying purposes

2.0 We always identify the purposes for which personal information is collected when or before we collect the information.

2.1 We document the purposes for which personal information is collected before we collect the information.

2.2 We make reasonable efforts to ensure that individuals are aware of the purposes for which personal information is collected, including disclosure to any third parties.

2.3 We may collect personal information for the following purposes:

(a) to determine the financial situation of a customer or applicant;
(b) to disclose customer personal information to a credit bureau, credit insurer or other financial institution in order to maintain the accuracy of information used in determining creditworthiness;
(c) to provide customers with CUETS Financial services, which entails disclosing customer information to some people working for or with us;
(d) to provide customers with information and offers, where permitted by law, on our products and services, or those of others, that we believe may be of interest to the customers, unless they have already requested that their information not be used in this way;
(e) to share customer personal information, where permitted by law, with an affiliate, so that they can provide the customer with information and offers on their products and services that they believe may be of interest to the customer and so that we or they can fulfil any information requests customers may make about their products or services, unless the customers have already requested that their information not be used in this way;
(f) to detect and prevent fraud, and to safeguard customers' financial interests as well as our own;
(g) to assist in the evaluation of job applicants and employees including, without limitation, their creditworthiness.
(h) to perform necessary personnel functions; and
(i) to meet all applicable legal and regulatory requirements.

2.4 We specify the identified purposes to the individual from whom we collect the personal information. This may be done orally, electronically, or in writing. The identified purposes may, for example, be stated on service agreements, terms of operation or application forms.

2.5 When personal information that has been collected is to be used for a purpose not previously identified, we will identify the new purpose and obtain the individual's consent for the new purpose prior to use, unless the new purpose is required by law.

Principle 3: Consent

3.0 We ensure that an individual is informed about and consents to the collection, use or disclosure of personal information, with a few specific exceptions.

These exceptions include:

(a) Where clearly in the interests of the individual, and where consent cannot be obtained in a timely way;
(b) To avoid compromising information availability or accuracy and if reasonable to investigate a breach of an agreement or a contravention of the laws of Canada or a province;
(c) Where the information is considered to be in the public domain;
(d) To act in respect of an emergency that threatens the life, health or security of an individual;
(e) To investigate an offence under the laws of Canada, a threat to Canada's security, to comply with a subpoena, warrant or court order, or rules of court relating to the production of records, or otherwise as required by law;
(f) To collect a debt owed to us by an individual; and
(g) As otherwise permitted or required by law.

3.1 We make a reasonable effort to ensure that individuals are aware of the purposes for which the information will be used. To make the consent meaningful, we state the purposes in a way that should enable the individual to understand how we intend to use or disclose the information.

3.2 We do not, as a condition of the supply of a product or service, require an individual to consent to the collection, use or disclosure of information beyond that required to fulfil legitimate purposes that we explicitly specify.

3.3 We do not obtain an individual's consent through deception.

3.4 The way in which we seek consent may vary, depending on the circumstances and the type of information collected. In determining the form of consent to use, we take into account the sensitivity of the information.

3.5 An individual can give us their consent in many ways, including:

(a) in writing, such as when completing and signing an application;
(b) through inaction, such as failing to check a box indicating that they do not wish their personal information to be used for optional purposes;
(c) orally, such as when information is collected over the telephone or in person;
(d) by using a product or service, such as when the use of a bank card signifies the cardholder's acceptance of certain terms of operation;
(e) through an authorised representative, such as a legal guardian or a person having power of attorney.

3.6 An individual may withdraw their consent at any time, subject to legal or contractual restrictions, provided that:

(a) reasonable notice of withdrawal of consent is given; and
(b) consent does not relate to the disclosure of credit history information once credit has been granted.

We will inform the individual of the implications of such withdrawal.

Principle 4: Limiting Collection

4.0 We do not collect personal information beyond that which is necessary for the purposes we identify. Information is always collected by fair and lawful means.

4.1 We do not collect personal information indiscriminately. We specify both the amount and type of information collected, limited to that which is necessary to fulfil the purposes identified.

4.2 We do not collect any personal information by misleading or deceiving individuals about the purpose for which information is being collected.

Principle 5: Use, Disclosure, and Retention

5.0 We do not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. We retain personal information only as long as is necessary for the fulfilment of those purposes or as is required by law.

5.1 When we plan to use personal information for a new purpose, the purpose will first be documented and explained to the individual.

5.2 We have guidelines and procedures regarding the retention of personal information, including minimum and maximum retention periods, that are in accordance with legislative requirements. We retain personal information that has been used to make a decision about an individual long enough to allow the individual access to the information after the decision has been made.

5.3 Subject to any requirement to retain records, personal information that is no longer required to fulfil the purposes we have identified is destroyed, erased or made anonymous. We have guidelines and procedures to govern the destruction of personal information.

Principle 6: Accuracy

6.0 We take steps to ensure that personal information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. Generally, we rely on individual customers to provide updated customer information such as changes to customer addresses and other contact information.

6.1 We do not routinely update personal information, unless such a process is necessary to fulfil the purposes for which the information was collected.

Principle 7: Safeguards

7.0 Personal information is protected by security safeguards appropriate to the sensitivity of the information. We apply the same standard of care as we do in safeguarding our own confidential information of a similar nature.

7.1 Our safeguards protect personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification-regardless of the format in which it is held.

7.2 What specific safeguards we use depends on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information is safeguarded by a higher level of protection.

7.3 The methods of protection include:
(a) physical measures, including locked filing cabinets, and restricted access to floors and offices;
(b) organisational measures, including security clearances, training in handling confidential information, and limiting access to a "need-to-know'' basis; and
(c) technological measures, including the use of passwords and encryption.
7.4 We periodically remind employees, officers and directors of the importance of maintaining the confidentiality of personal information. Employees are required to sign an oath of ethical conduct upon beginning their employment, in addition to annually signing a commitment to keep personal information in strict confidence.
7.5 We exercise care in the disposal or destruction of personal information, to prevent unauthorised parties from gaining access to the information.

Principle 8: Openness

8.0 We have readily available specific, understandable information about our policies and procedures relating to the management of personal information.

8.1 We are open about privacy policies and procedures with respect to the management of personal information and make them readily available in a form that is generally understandable.

8.2 Available information includes:

(a) the title and address of the person who manages our privacy policies and procedures and to whom complaints can be forwarded;
(b) the means of gaining access to the personal information we hold;
(c) a description of the type of personal information we hold, including a general account of its uses;
(d) what personal information we make available to related organisations, such as affiliates or other service providers;
(e) brochures that explain our policies;
(f) a copy of this code; and
(g) relevant procedures for making an inquiry or filing a complaint.

Principle 9: Individual Access

9.0 Upon request, we will inform an individual of the existence, use, and disclosure of their personal information, and will provide them access to that information. An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.
There are certain situations where we may not provide an individual access to their personal information. Examples of these situations include:

(a) When the information is prohibitively costly to provide;
(b) When the information contains references to other individuals;
(c) When the information cannot be disclosed for legal, security or commercial proprietary reasons; and
(d) When the information is subject to solicitor-client or litigation privilege.

9.1 We will, upon receipt of a written request by an individual, provide an account of the existence, use and disclosure of the individual's personal information. This will include an account of the use that is being made of this information along with a list of third parties to which it has been or may have been disclosed.

9.2 We will provide this information within a reasonable time and at a reasonable cost to the individual, and ensure that the information is provided in a form that is generally understandable. Information that is available for a fee will be provided only if the individual has first been advised of and agreed to pay the relevant fees.

9.3 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, we will amend the information as required. When appropriate, we will transmit the amended information to third parties who have access to the information.

9.4 When a challenge is not resolved to the satisfaction of the individual, we will record the substance of the unresolved challenge, and, when appropriate, transmit the existence of the unresolved challenge to third parties who have access to the information in question.

Principle 10: Compliance

10.0 An individual may question our compliance with the above principles. We have policies and procedures in place to respond to an individual's questions and concerns. Such inquiries can be directed to the Privacy Officer at the following address:

CUETS Financial
2055 Albert Street
Regina, SK S4P 3G8
Telephone: 1-800-561-7849
E-mail: privacyofficer@cuets.ca

10.1 The name of the Privacy Officer responsible for the management of our privacy policies and procedures has been made known to staff. Information on how to contact the Privacy Officer is readily available.

10.2 We have procedures in place to receive and respond to questions or concerns about our policies and practices relating to how we handle personal information. These procedures are easily accessible and simple to use.

10.3 Individuals who have questions or concerns about the way in which we handle personal information will be informed of relevant complaint procedures.

10.4 We investigate all complaints. If a complaint is found to be justified, we will take appropriate measures, including any necessary amendments to our policies and practices.

 

Français |  Home |  About Us |  Products & Services |  Partner With Us |  News |  Contact Us |  Links
Terms of Use  |  Copyright  |  Privacy