Privacy Policy

Online Advertising

We may advertise our products and services and personalize content through online services offered by us, our affiliates and third parties that are not affiliated with us, by using cookies, the mobile advertising identifier of your device and other tracking technologies. Some of our advertising partners may collect data from your mobile device, such as your website and app browsing habits and your mobile advertising identifier, and use it for “online behavioral advertising” (also referred to as “OBA” or “interest-based advertising”).

Our personalized or tailored ads and content may include:

• Pre-screened offers of credit.
• Ads and content based upon your location (e.g., IP address or location of your mobile device), your computer(s) and mobile device(s), your visits to and use of online services offered by us or our affiliates, your customer relationship with us (e.g., contact information, and holdings, transactions, demographics and location) and other information described above;
• Ads based upon the above information and your visits to and use of online services offered by non-affiliated third parties, which are referred to as “online behavioral advertising” (“OBA”) or “interest-based advertising;”
• Relationship-based ads (e.g., “promoted posts”) on social media, search engine and webmail sites, based upon your contact information in our files; and
• Ads on search engine websites based upon search terms that you enter on the search engine websites.

If you click on one of our ads, a cookie, the mobile advertising identifier of your device and other tracking technologies may be used to track the effectiveness of our advertising and to display tailored ads for our products or services.

We or our advertising partners may use non-cookie technologies to recognize your computer or mobile device and collect and record information about your web surfing activity including your activities on our websites. Please keep in mind that your web browser may not permit you to block the use of these non-cookie technologies, and browser settings that block cookies may have no effect on such technologies.

Consent

When you access our online services, we take explicit consent from you to receive electronic communication, you are agreeing to receive all Communications in electronic format, and that we may not be sending paper Communications to you, unless and until you withdraw your consent as described below. Your consent to receive electronic communications includes:  

• the Cardholder Agreement and any related supplements or addendum to the Cardholder Agreement, Disclosure Agreement (Rates & Fees)
• notices of any changes to the terms of the Cardholder Agreement;
• the privacy policies and any notices of updates and changes to the privacy policies;
• notices regarding insufficient funds or negative balances on your Card;
• response to claims filed in connection with your Card;
• any other information relating to your use of the Card and any related products and services, including any legal and regulatory disclosures and communications; and 
• Changes to the credit limit based, rates and fees.
• Changes to mandatory pre-authorized debits to your account.
• Changes to your provided access to 3^rd parties including your account balances via open banking APIs and your accounting systems or your usage our mobile applications and web applications systems.
• Marketing related communication including but limited to offers, promotions, features and any other new products.

Method of Providing Communications to You in Electronic Form. All Communications that we provide to you in electronic form will be provided: 

• via email to the email address, you have provided to us which may contain the Communication or a link through which you may view the Communication; or 
• will be posted on the website https://www.caary.com or https://business.caary.com or https://card.caary.com.

You must provide us with a current email address to receive electronic Communications. Even if you have consented to receive electronic Communications, in our discretion we may from time to time send paper copies of certain Communications to any mailing address we have for you in our records, either in addition to or in lieu of providing electronic versions. 

If you give us an incorrect email address or fail to keep it updated, you agree that any Communications we may make available or attempt to send through any of the methods described above will be deemed to have been provided to you in a timely manner. 

Communications that we post on the website will remain accessible for a period of time which we may establish in our discretion and which may vary with the type of Communication. 

How to Withdraw Consent. 

You may withdraw your marketing related consent to receive Communications in electronic form at any time by providing notification of your withdrawal in writing by email to [email protected]. If you do, we may send subsequent paper Communications to you in writing to the most current mailing address we have for you in our records. We will not impose any fee to process the withdrawal of your consent to receive electronic Communications. Any withdrawal of your consent to receive electronic Communications will be effective only after we have a reasonable period of time to process your withdrawal. While we process your withdrawal, you will continue to receive Communications in electronic form. We will send you a paper Communication to confirm that your withdrawal has been processed, and you will receive paper Communications after receiving such confirmation. If you withdraw your consent, the legal validity and enforceability of prior Communications delivered in electronic form will not be affected..

How to Update Your Records. 

It is your responsibility to provide us with a true, accurate and complete e-mail address, your contact information,and other information related to this Agreement and your Card, and to maintain and update promptly any changes to this information. You canupdate your information (such as your e-mail address) by updating the admin profile in https://business.caary.com  

System Requirements. 

To receive, access or retain electronic Communications, you will need a computer or other device with internet access, a compatible web browser and, for some types of Communications, a PDF file reader. Compatible browsers include the most current version (and typically one or more prior versions) of all major browsers in widespread use. You will also need access to a printer or the ability to download information to keep copies for your records. When you agree to receive electronic Communications, you are indicating that you have the capability to access the Communications electronically and to download or print copies for your records.  

Communications in Writing. 

All Communications in either electronic or paper format from us to you will be considered “in writing”. You should print or download for your records a copy of this policy and any other Communication that is important to you.  

Communications from You. 

This policy applies only to Communications you receive from us. Any notices or communications which you are required to send to us in writing, whether pursuant to our agreements with you or under applicable law, must still be sent in accordance with the instructions in those agreements.  

Termination/Changes.

We reserve the right, in our sole discretion, to discontinue the provision of your electronic Communications, or to terminate or change the terms and conditions on which we provide electronic Communications. We will provide you with notice of any such termination or change as required by law.  

Security

CAARY CAPITAL LIMITED is a PCI – DSS complaint company and maintain appropriate physical, electronic, and administrative safeguards to protect information we collected from our online services. We have placed appropriate Network Architecture, Firewalls  and Web Application Firewalls to control  the flow of information between CAARY‘s networks (internal) and untrusted networks (external), as well as traffic into and out of more sensitive areas within an entity’s internal trusted networks. CAARY examines all network traffic and blocks those transmissions that do not meet CAARY‘s specified security criteria. Furthermore, CAARY has created a DMZ (using appropriate configurations) to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment.

The cardholder data, plastic data, receipt data and other information collected or shared by the customer into our environment is an example of a more sensitive data which is maintain within our trusted network zone. 

CAARY is consistent with ISO standard 27001 (information security) and we have also addressed all PCI-DSS configuration requirements including but not limited to password requirements, log settings, File Integrity Monitoring, Anti-virus software etc. All CAARY’s system components are checked for all known security vulnerabilities which access the cardholder data network

The information collected pertaining to online usage and online systems is restricted only to CAARY’s Authorized personnel and no other 3^rd party not authorized by CAARY can access this information. Furthermore, CAARY has also ensured that no unauthorized individual within the organization or a 3^rd party vendor can physically access the personal card holder data.

Please contact us immediately if you believe that your personal data, usage data, or any other data shared with us has been stolen, lost or otherwise unsecure.

Data Retention

Subject to the proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations, CAARY must keep intended use of an account records for at least five years from the day the account is closed. All data retained is in encrypted format at all times including at rest or in transit.

CAARY shall be keeping all information in our system including but limited to:

• Signature Card as defined by Fintrac.
• certificate of incumbency.
• The articles of incorporate or the bylaws of the corporation that set out the officers duly authorized to sign on behalf of the corporation, such as the president, treasurer, vice-president, comptroller, etc.
• If there are changes to the articles or bylaws that relate to the power to bind the corporation regarding the account and these changes were in effect at the time the account was opened, then the board resolution stating the change would be included in this type of record.
• The name, address and telephone number of every account holder of a credit card of the account.
• When the credit card account is opened in the name of an individual, their name, address, date of birth and the nature of their principal business or occupation.
• When the credit card account is opened in the name of an entity, other than a corporation, the entity’s name, address, telephone number and the nature of its principal business.
• When the credit card account is opened in the name of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of the credit card account.
• The date of birth of every holder of a credit card for the account, if the information is known after taking reasonable measures to obtain it.
• Every credit card application that you receive from a client in the normal course of business.
• A copy of every credit card statement that you send to a client.
• Suspicious transaction report (STR)

• Services data including transaction details, merchants, merchant categories, receipts, SKU level data and account related information including but limited to GL categories etc.

Cross Border Data Transfer

We may from time to time use third party service providers to facilitate our provision of services to you. As a result, your personal information may be accessed, administered or stored by such third parties to the extent reasonably required for them to perform such services. Some service providers may be located in other jurisdictions that do not have privacy legislation similar to that found in Canada, and information in such jurisdictions may be accessed pursuant to the laws of those countries.

In addition to service providers based in Canada we also currently use service providers based in the United States and Australia.

Third-party sites and services

Our online services may contain links to websites and other online services operated by third parties, which are not governed by this Code. We encourage you to learn about the privacy and security practices of third parties. We are not responsible for the privacy or security of websites and other online services operated by third parties, nor the online collection, use, association or sharing of personal or other information by third parties.

Updating your information (Customers)

The accuracy of your account information is important to us. If you have a financial product or service with us and you find that any personal information we have or have reported to another party does not appear to be accurate, please contact us through our mobile application or website. It is your responsibility to provide us with a true, accurate and complete e-mail address, your contact information, and other information related to this Agreement and your Card, and to maintain and update promptly any changes to this information. You can update your information (such as your e-mail address) by updating the admin profile in https://business.caary.com  

Social media

CAARY participates in social media platforms, such as Facebook®, Twitter®; and LinkedIn®, which enable online sharing and collaboration among their users. Any information or other content you post on these platforms, such as pictures, opinions or personal information, is subject to the platforms’ terms of use and privacy and security policies; please refer to their policies to better understand your rights and obligations with regard to such content.

Contact us

If you have any questions, comments or want to request personal information, please contact us:

Send a Letter to :

CAARY CAPITAL INC
Attention: Chief Operating Officer
186 Bartley Drive
Toronto, Ontario.
M4A 1E1

Or email us [email protected]

Method of Requesting Person information

In order to request personal information collected, please send an email from your registered email address to above mentioned email address and must include the following details.

Name:
Card Number:
Telephone Number:
Registered DOB:
Company Incorporation Number:
Company Registered Address:

OPC Contact

The Office of the Privacy Commissioner of Canada (OPC) can help individuals and organizations identify, address and report concerns related to possible mishandling of personal information. There are numerous ways to connect with the OPC if you need to:

To find out more information as to how OPC can help resolve your concerns pertaining to CAARY, please visit.

https://www.priv.gc.ca/en/contact-the-opc/

SPAM Contact

CAARY takes spamming very seriously and we will never spam our partners or customers. You can always un-subscribe from Caary communications services using the below email address

email us [email protected]

The Office of the Privacy Commissioner of Canada (OPC) can help individuals and organizations identify, address and report concerns related to SPAM. You can report your concerns to OPC by:

Send emails to: [email protected]