Privacy Policy - Canada

Privacy

1. Introduction

  1. We at InDebted Canada Ltd (Corporation Number 1180527-4) (“InDebted”, “we”, “us” and “our” ) and our InDebted Group companies respect your privacy and want you to understand how we collect, use, and share personal information about you.
  2. The Personal Information Protection and Electronic Documents Act (“PIPEDA”) governs the way in which we must manage your personal information.
  3. PIPEDA generally applies to personal information held by private sector organizations such as InDebted and also the relevant privacy provincial laws may apply on how we handle your personal information (“Privacy Laws”), as our handling of your personal information crosses provincial and national borders. InDebted conducts business in the following Canadian provinces:
    1. Manitoba;
    2. New Brunswick;
    3. Newfoundland and Labrador;
    4. Northwest Territories;
    5. Nova Scotia;
    6. Nunavut;
    7. Ontario;
    8. Prince Edward Island;
    9. Saskatchewan;
    10. Yukon;
    11. Alberta;
    12. British Columbia; and
    13. Quebec.
  4. This Canadian Privacy Policy (“Privacy Policy”) covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal information. Personal information is data about an “identifiable individual”. It is information that on its own or combined with other pieces of data, can identify you as an individual (“personal information”).

2. What is “personal information”?

  1. Personal information can include:
  2. identifying information such as your name, date of birth, citizenship;
  3. mailing or residential address details;
  4. contact details such as telephone numbers, email addresses, social media platform username;
  5. age, marital status;
  6. education, occupation or employment history;
  7. government issued identifiers such as passport, driver’s license number, social security number etc.;
  8. financial information;
  9. signature, photograph, video or audio recording; and
  10. information relating to your health, biometric data, criminal history, religion, racial or ethnic origin.

InDebted’s employees and views and opinions about them is also considered personal information for the purposes of PIPEDA.

3. Certain information that we deem sensitive

  1. We generally do not collect certain information that we deem sensitive and we further restrict collection of such sensitive information to circumstances where we have either obtained your express consent or a permitted general situation exists.
  2. We deem sensitive information as personal information that includes information relating to your religion, racial or ethnic origin, criminal history, sexual orientation, health or biometric data.

4. Why we use Your Information

  1. We may obtain your personal information or information about your relatives and their telephone numbers from our clients who place your accounts with us for collection.
  2. We use your personal information only if we have a proper legal basis to do so and this includes sharing the information outside of the InDebted Group of companies. We may use your personal information on the following basis:
    1. where such processing is necessary for the performance of our contracts and compliance with our contractual arrangements with our clients including where we have contracts with our clients who place your accounts with us for collection;
    2. to provide and manage our services to you;
    3. the proper management of our client and customer relationships;
    4. to verify your identity and to authenticate you when you contact us;
    5. when we communicate with you by sending you mail, email, telephone, SMS, mobile applications and social media platforms,
    6. for legitimate business purposes;
    7. using your personal information helps us to operate and improve our business, website, systems and minimize any disruption to the services that we may offer to you;
    8. where we are processing information based on your consent;
    9. to comply with our legal and regulatory obligations;
    10. for the establishment, exercise or defence of legal claims, proceedings or in an administrative or out-of-court procedure;
    11. for the purposes of obtaining or maintaining insurance coverage, managing risks and operations or obtaining professional advice; or
    12. for the purpose of fraud, crime prevention, suppression, or detection.
  3. We may create statistical and anonymized reports, analysis and predictive models, rules and insights using information about you and other customers. Aggregated reports may also be shared with other businesses for business development and to provide insights into collection performance, identify customer demographics or behavioural insights and the information in these reports is not personal and cannot be used to identify you.

5. InDebted Employees

  1. Access to your information is restricted to authorized employees who have a legitimate business purpose for using it.
  2. Unauthorized use and or disclosure of client and customer information by an employee of InDebted is strictly prohibited. All employees are required to maintain the confidentiality of client and customer information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.

6. Providing your personal information to others

  1. We may disclose your personal information to any member of our InDebted Group of companies (this means our ultimate holding company (InDebted Holdings Pty Ltd ACN 635 375 165 (which is incorporated under the laws of New South Wales, Australia)) and all of its subsidiaries) insofar as reasonably necessary for the purposes of providing our services and managing our business and on the legal bases allowed under the Privacy Laws.
  2. We may disclose your personal information to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
  3. We may disclose personal information to our suppliers or subcontractors insofar as reasonably necessary for providing our services and managing our business.
  4. In addition to the specific disclosures of personal information set out in this section 6, we may disclose your personal information where such disclosure is necessary for compliance with a legal obligation in Canada or other jurisdictions that we operate in to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  5. We may also disclose your personal information when we have obtained your consent.

7. Outside Service Suppliers

  1. We may use service providers to perform specialized services on our behalf. Our service providers may at times be responsible for processing or handling personal information. They are provided only the information necessary to perform the services.
  2. In addition, we require them to protect the information in a manner that is consistent with our privacy policies and security practices.
  3. Any disclosure to third parties will be done pursuant to agreements setting out the requirements for use, safeguarding, retention and disposal of such information, or as required by law.

8. Countries to Which We Transfer Your Information

  1. Your personal information may be transmitted through, stored or processed in countries other than your home country, in which case the information is bound by the laws of these countries.
  2. InDebted and its Group companies operate in:
    1. Canada;
    2. United States of America;
    3. Australia;
    4. New Zealand;
    5. Philippines; and
    6. United Kingdom.
  3. We made an “adequacy decision” with respect to the privacy laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely:
    1. with respect of any disclosure to our InDebted Group companies that they will comply with this privacy policy and have the same or similar obligations that we have under the Privacy Laws and will be done pursuant to agreements setting out the requirements for use, safeguarding, retention and disposal of such information, or as required by law;
    2. with respect of any of our service providers:
      1. the overseas recipient does not breach the Privacy Laws; or
      2. the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the protection under the Privacy Laws; and
      3. any disclosure will be done pursuant to agreements setting out the requirements for use, safeguarding, retention and disposal of such information, or as required by law; or
    3. you have consented to us making the disclosure.

9. Retaining and deleting personal information

  1. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  2. We will retain your personal information for as long as legally required and when we no longer are legally required or have a legitimate purpose to retain it, we will either destroy it, desensitize it or anonymize it.
  3. Notwithstanding the other provisions of this section 9, we may retain your personal information where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

10. Security of personal information

  1. The security of your personal information is important to us. We will take appropriate technical and organisational precautions to secure your personal information and to prevent the loss, misuse, unauthorized access, disclosure or alteration of your personal information.
  2. We will store all your personal information on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
  3. Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside of Australia.
  4. Some information we hold about you will be stored in paper files.
  5. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold. For example:
    1. access to our information systems is controlled through identity and access management controls;
    2. employees and our contracted service providers are bound by internal information security policies and are required to keep information secure;
    3. all employees are required to complete training about privacy and information security; and
    4. we regularly monitor and review our compliance with internal policies and industry best practice.
  6. You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet and you do so at your own risk. Our website links to external websites and we take no responsibility for the privacy practices or the content of these other sites.
  7. You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password (except when you log in to our website).
  8. We will not sell your personal information to other companies or organisations.

11. Your Right to Access Your Personal Information

  1. In this section 14, we have summarised the rights that you have under the Privacy Laws. Some of the rights fall under PIPEDA and some under the provincial privacy laws and not all of the details have been included in our privacy policy. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
  2. The summary of your principal rights under Privacy Laws are:
    1. to request, at any time, for us to inform you of the personal information we hold about you;
    2. the right to access;
    3. the right to rectification;
    4. the right to restrict or object to processing (where we have no legitimate right or business requirements to retain your personal information);
    5. the right to withdraw your consent (where we have no legitimate right or business requirements to retain your personal information); and
    6. the right to complain to the Office of the Privacy Commissioner of Canada and the respective provincial privacy authorities.
  3. You may exercise any of your rights in relation to your personal information by contacting us. If you have a question or complaint about how your personal information is being handled by us, our affiliates or contracted service providers, please contact us first on the following email: privacy@indebted.co.
  4. To avoid delays in obtaining your information, please provide sufficient detail to permit us to identify you and the specific information that you are requesting.
  5. Please note that there may be instances where access may be restricted as permitted or required by law. To the extent that we can, we will advise you of the reasons for restricting access subject to any legal or regulatory limitations.
  6. If you have any questions about our privacy policy and how they relate to you please contact us.

12. Amendments

  1. We may update this policy from time to time by publishing a new version on our website www.indebted.co.
  2. You should check this page occasionally to ensure you are happy with any changes to this policy.

13. Our details

  1. This website is owned and operated by InDebted Holdings Pty Ltd ACN 635 375 165 (which is incorporated under the laws of New South Wales, Australia) on behalf of its InDebted Group companies including InDebted Canada Ltd (Corporation Number 1180527-4).
  2. You can contact us by email: Attention to the Privacy Officer, email: privacy@indebted.co
  3. This Canadian Privacy Policy is Version 1.0 dated 24 September 2020.