CAARY

Our Online Privacy Practices

Your privacy is important to us and we value your trust.

This Online Privacy Code (this “Code”) describes the online privacy practices of Caary Capital Limited. (“CAARY”, “we” or “us”) and applicable to consumers who visit, use, or interact with our online services.

Our “online services” include CAARY branded websites, mobile applications (“mobile apps,” including those for use on tablets), electronic communications (such as email messages) with you and digital advertising campaigns.

This Code explains the following:

  • How we, directly or through service providers (including advertising partners), may collect information:
    • When you visit, use, or interact with us through any of our online services; and
    • Through our advertisements (“ads”) displayed via online services operated by us or third parties; and
  • How we, directly or through our service providers (including our advertising partners), may use or share information collected via our online services, and associate this information with other information about you.

Consent: By visiting or using any of our online services, responding to any electronic communications we may send you, or clicking on one of our ads, you agree to this Code.

Check the Effective Date: This Code may be revised from time to time, so we encourage you to periodically check the current version available. If we revise this Code in a material way, we will change the “Last Update” date shown at the top of this page and provide a conspicuous notice on our website before any changes take effect.

Important – Customers: If you have a financial product or service with us, we will use and share your personal information in accordance with the privacy notice that applies to your account. However, this Code may still be useful to you in describing our online services, and the options and choices described below are available to you as well.

What information do we collect

We may collect personal information from you through our online services, directly or through our service providers. For example, you may provide us with your name, mailing address, phone number, email address, account number and date of birth and that of the company that you are applying for when you fill out an online application form or survey, register, log into or update your account through our online services, register for a marketing offer or input financial or other information into one of our mobile apps or Web portals.

When you obtain one of our products or services online, or register for or use one of our online services, we may ask you to provide information about a previous financial transaction with another company (e.g., the amount of your monthly payment to a third party), and use that information to verify your identity (using information obtained from a third-party information service).

Types of information we collect

This information includes:

  • The make and model of the computer(s) or mobile device(s) you use to visit, use, view or interact with our online services, browser version, hardware, and operating system.
  • Your mobile phone number, mobile country code, unique device identifier, mobile advertising identifier (assigned by your mobile platform), information about the screen size of your mobile device(s), the date and time of your device use, and other mobile device-related information;
  • Your Internet Protocol (IP) address and related information, such as your internet service provider and general location and MAC address.
  • The precise location of your mobile device(s), if enabled on your device(s) (for example, when you register to receive location-based content, such as the location of the nearest ATM, through our mobile apps)
  • Your browsing habits on online services provided by us or third parties, such as search terms you entered on our websites, what websites and pages you visit, how long you stay and what actions you take;
  • Search terms that directed you to our websites and mobile apps, which websites you came from, and which websites you visit right after leaving one of our websites.
  • Which of our ads or other online content you view, access, or click on; and
  • Any actions you take in response to electronic communications that we send to you, such as opening the message or clicking an embedded link.
  • Photos and contacts stored on your mobile device(s) (when enabled in your mobile device settings).

Our service providers may also collect information about your browsing habits on online services offered by third parties and use it for the purposes described below.

Third-party information

We may use the information discussed above in several ways, to:

Deliver products and services to you, which includes:

  • Recognizing you when you return to our websites or use our mobile apps (and remembering your login user ID).
  • Verifying your identity.
  • Processing applications and transactions.
  • Using the location of your mobile device(s) for location-based services you request.
  • Using contacts stored on your mobile device to add new individuals and merchants to our BillPay service through our mobile apps at your direction.
  • Using photos stored on your mobile device to do the following through our mobile apps at your direction:
      1. Receipt capture.
      2. Pay bills through our BillPay service; and
      3. Autofill information on your driver’s license to open a new account
  • Managing your preferences (such as your language preference) and providing a more personalized experience.
  • Identify, fix, and troubleshoot bugs and errors
  • Understand how you use our products and manage operate and improve our services
  • Facilitating the operation of our websites and mobile apps; and
  • Providing you with updates on your accounts, products, and services.

Advertise and market our products and services, including:

  • Posting ads through our or third-party websites or mobile apps that may be of interest to you
  • Using your IP Address to display available product interest rates for your region or state; and

Contacting you with ads, promotions and offers that may be of interest to you (as permitted by law and consistent with any marketing preferences that we offer, and you have registered with us).

Prevent and detect fraud and enhance the security of your account and our online services.

Conduct market research, reporting and development, including to better understand our customers, website visitors and mobile app users, improve our online services, and improve our products and services; and

In other ways as required or permitted by law or with your consent.

Aggregated/anonymized information

We may also aggregate or anonymize information about you (so that it does not identify you individually). This aggregate or anonymized information is not subject to this Code, and we may use it as permitted by law.

We may also share aggregated or anonymized information (which does not identify you individually) for various business purposes as permitted by law, for example:

  • Third parties to help develop, market, and deliver products and services that are better tailored to our customers, website visitors and mobile app users; and
  • Our advertising partners for online advertising purposes.

Online Advertising

We may advertise our products and services and personalize content through online services offered by us, our affiliates and third parties that are not affiliated with us, by using cookies, the mobile advertising identifier of your device and other tracking technologies. Some of our advertising partners may collect data from your mobile device, such as your website and app browsing habits and your mobile advertising identifier, and use it for “online behavioral advertising” (also referred to as “OBA” or “interest-based advertising”).

Our personalized or tailored ads and content may include:

  • Pre-screened offers of credit.
  • Ads and content based upon your location (e.g., IP address or location of your mobile device), your computer(s) and mobile device(s), your visits to and use of online services offered by us or our affiliates, your customer relationship with us (e.g., contact information, and holdings, transactions, demographics and location) and other information described above;
  • Ads based upon the above information and your visits to and use of online services offered by non-affiliated third parties, which are referred to as “online behavioral advertising” (“OBA”) or “interest-based advertising;”
  • Relationship-based ads (e.g., “promoted posts”) on social media, search engine and webmail sites, based upon your contact information in our files; and
  • Ads on search engine websites based upon search terms that you enter on the search engine websites.

If you click on one of our ads, a cookie, the mobile advertising identifier of your device and other tracking technologies may be used to track the effectiveness of our advertising and to display tailored ads for our products or services.

We or our advertising partners may use non-cookie technologies to recognize your computer or mobile device and collect and record information about your web surfing activity including your activities on our websites. Please keep in mind that your web browser may not permit you to block the use of these non-cookie technologies, and browser settings that block cookies may have no effect on such technologies.

Consent

When you access our online services, we take explicit consent from you to receive electronic communication, you are agreeing to receive all Communications in electronic format, and that we may not be sending paper Communications to you, unless and until you withdraw your consent as described below. Your consent to receive electronic communications includes:  

  • the Cardholder Agreement and any related supplements or addendum to the Cardholder Agreement, Disclosure Agreement (Rates & Fees)
  • notices of any changes to the terms of the Cardholder Agreement;
  • the privacy policies and any notices of updates and changes to the privacy policies;
  • notices regarding insufficient funds or negative balances on your Card;
  • response to claims filed in connection with your Card;
  • any other information relating to your use of the Card and any related products and services, including any legal and regulatory disclosures and communications; and 
  • Changes to the credit limit based, rates and fees.
  • Changes to mandatory pre-authorized debits to your account.
  • Changes to your provided access to 3rd parties including your account balances via open banking APIs and your accounting systems or your usage our mobile applications and web applications systems.
  • Marketing related communication including but limited to offers, promotions, features and any other new products.

Method of Providing Communications to You in Electronic Form. All Communications that we provide to you in electronic form will be provided: 

  • via email to the email address, you have provided to us which may contain the Communication or a link through which you may view the Communication; or 
  • will be posted on the website https://www.caary.com or https://business.caary.com or https://card.caary.com.

You must provide us with a current email address to receive electronic Communications. Even if you have consented to receive electronic Communications, in our discretion we may from time to time send paper copies of certain Communications to any mailing address we have for you in our records, either in addition to or in lieu of providing electronic versions. 

If you give us an incorrect email address or fail to keep it updated, you agree that any Communications we may make available or attempt to send through any of the methods described above will be deemed to have been provided to you in a timely manner. 

Communications that we post on the website will remain accessible for a period of time which we may establish in our discretion and which may vary with the type of Communication. 

How to Withdraw Consent. 

You may withdraw your marketing related consent to receive Communications in electronic form at any time by providing notification of your withdrawal in writing by email to [email protected]. If you do, we may send subsequent paper Communications to you in writing to the most current mailing address we have for you in our records. We will not impose any fee to process the withdrawal of your consent to receive electronic Communications. Any withdrawal of your consent to receive electronic Communications will be effective only after we have a reasonable period of time to process your withdrawal. While we process your withdrawal, you will continue to receive Communications in electronic form. We will send you a paper Communication to confirm that your withdrawal has been processed, and you will receive paper Communications after receiving such confirmation. If you withdraw your consent, the legal validity and enforceability of prior Communications delivered in electronic form will not be affected..

How to Update Your Records. 

It is your responsibility to provide us with a true, accurate and complete e-mail address, your contact information,and other information related to this Agreement and your Card, and to maintain and update promptly any changes to this information. You canupdate your information (such as your e-mail address) by updating the admin profile in https://business.caary.com  

System Requirements. 

To receive, access or retain electronic Communications, you will need a computer or other device with internet access, a compatible web browser and, for some types of Communications, a PDF file reader. Compatible browsers include the most current version (and typically one or more prior versions) of all major browsers in widespread use. You will also need access to a printer or the ability to download information to keep copies for your records. When you agree to receive electronic Communications, you are indicating that you have the capability to access the Communications electronically and to download or print copies for your records.  

Communications in Writing. 

All Communications in either electronic or paper format from us to you will be considered “in writing”. You should print or download for your records a copy of this policy and any other Communication that is important to you.  

Communications from You. 

This policy applies only to Communications you receive from us. Any notices or communications which you are required to send to us in writing, whether pursuant to our agreements with you or under applicable law, must still be sent in accordance with the instructions in those agreements.  

Termination/Changes.

We reserve the right, in our sole discretion, to discontinue the provision of your electronic Communications, or to terminate or change the terms and conditions on which we provide electronic Communications. We will provide you with notice of any such termination or change as required by law.  

Security

CAARY CAPITAL LIMITED is a PCI – DSS complaint company and maintain appropriate physical, electronic, and administrative safeguards to protect information we collected from our online services. We have placed appropriate Network Architecture, Firewalls  and Web Application Firewalls to control  the flow of information between CAARY‘s networks (internal) and untrusted networks (external), as well as traffic into and out of more sensitive areas within an entity’s internal trusted networks. CAARY examines all network traffic and blocks those transmissions that do not meet CAARY‘s specified security criteria. Furthermore, CAARY has created a DMZ (using appropriate configurations) to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment.

The cardholder data, plastic data, receipt data and other information collected or shared by the customer into our environment is an example of a more sensitive data which is maintain within our trusted network zone. 

CAARY is consistent with ISO standard 27001 (information security) and we have also addressed all PCI-DSS configuration requirements including but not limited to password requirements, log settings, File Integrity Monitoring, Anti-virus software etc. All CAARY’s system components are checked for all known security vulnerabilities which access the cardholder data network

The information collected pertaining to online usage and online systems is restricted only to CAARY’s Authorized personnel and no other 3rd party not authorized by CAARY can access this information. Furthermore, CAARY has also ensured that no unauthorized individual within the organization or a 3rd party vendor can physically access the personal card holder data.

Please contact us immediately if you believe that your personal data, usage data, or any other data shared with us has been stolen, lost or otherwise unsecure.

Data Retention

Subject to the proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations, CAARY must keep intended use of an account records for at least five years from the day the account is closed. All data retained is in encrypted format at all times including at rest or in transit.

CAARY shall be keeping all information in our system including but limited to:

  • Signature Card as defined by Fintrac.
  • certificate of incumbency.
  • The articles of incorporate or the bylaws of the corporation that set out the officers duly authorized to sign on behalf of the corporation, such as the president, treasurer, vice-president, comptroller, etc.
  • If there are changes to the articles or bylaws that relate to the power to bind the corporation regarding the account and these changes were in effect at the time the account was opened, then the board resolution stating the change would be included in this type of record.
  • The name, address and telephone number of every account holder of a credit card of the account.
  • When the credit card account is opened in the name of an individual, their name, address, date of birth and the nature of their principal business or occupation.
  • When the credit card account is opened in the name of an entity, other than a corporation, the entity’s name, address, telephone number and the nature of its principal business.
  • When the credit card account is opened in the name of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of the credit card account.
  • The date of birth of every holder of a credit card for the account, if the information is known after taking reasonable measures to obtain it.
  • Every credit card application that you receive from a client in the normal course of business.
  • A copy of every credit card statement that you send to a client.
  • Suspicious transaction report (STR)
  • Services data including transaction details, merchants, merchant categories, receipts, SKU level data and account related information including but limited to GL categories etc.

Cross Border Data Transfer

We may from time to time use third party service providers to facilitate our provision of services to you. As a result, your personal information may be accessed, administered or stored by such third parties to the extent reasonably required for them to perform such services. Some service providers may be located in other jurisdictions that do not have privacy legislation similar to that found in Canada, and information in such jurisdictions may be accessed pursuant to the laws of those countries.

In addition to service providers based in Canada we also currently use service providers based in the United States and Australia.

Third-party sites and services

Our online services may contain links to websites and other online services operated by third parties, which are not governed by this Code. We encourage you to learn about the privacy and security practices of third parties. We are not responsible for the privacy or security of websites and other online services operated by third parties, nor the online collection, use, association or sharing of personal or other information by third parties.

Updating your information (Customers)

The accuracy of your account information is important to us. If you have a financial product or service with us and you find that any personal information we have or have reported to another party does not appear to be accurate, please contact us through our mobile application or website. It is your responsibility to provide us with a true, accurate and complete e-mail address, your contact information, and other information related to this Agreement and your Card, and to maintain and update promptly any changes to this information. You can update your information (such as your e-mail address) by updating the admin profile in https://business.caary.com  

Social media

CAARY participates in social media platforms, such as Facebook®, Twitter®; and LinkedIn®, which enable online sharing and collaboration among their users. Any information or other content you post on these platforms, such as pictures, opinions or personal information, is subject to the platforms’ terms of use and privacy and security policies; please refer to their policies to better understand your rights and obligations with regard to such content.

Contact us

If you have any questions, comments or want to request personal information, please contact us:

Send a Letter to :

CAARY CAPITAL INC
Attention: Chief Operating Officer
186 Bartley Drive
Toronto, Ontario.
M4A 1E1

Or email us [email protected]

Method of Requesting Person information

In order to request personal information collected, please send an email from your registered email address to above mentioned email address and must include the following details.

Name:
Card Number:
Telephone Number:
Registered DOB:
Company Incorporation Number:
Company Registered Address:

OPC Contact

The Office of the Privacy Commissioner of Canada (OPC) can help individuals and organizations identify, address and report concerns related to possible mishandling of personal information. There are numerous ways to connect with the OPC if you need to:

To find out more information as to how OPC can help resolve your concerns pertaining to CAARY, please visit.

https://www.priv.gc.ca/en/contact-the-opc/

SPAM Contact

CAARY takes spamming very seriously and we will never spam our partners or customers. You can always un-subscribe from Caary communications services using the below email address

email us [email protected]

The Office of the Privacy Commissioner of Canada (OPC) can help individuals and organizations identify, address and report concerns related to SPAM. You can report your concerns to OPC by:

Send emails to: [email protected]