2. PERSONAL DATA WE COLLECT ABOUT YOU
3. PURPOSES FOR WHICH WE WILL USE PERSONAL DATA
4. SHARING PERSONAL DATA
5. PERSONAL DATA STORAGE AND RETENTION
6. MONITORING OF COMMUNICATIONS
7. TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES
8. PERSONAL DATA SECURITY
9. YOUR PRIVACY CHOICES
10. ACCESSING PERSONAL DATA
11. UPDATING PERSONAL DATA
12. PRIVACY CONCERNS
13. CHANGES TO THIS POLICY
SCHEDULE A - SPECIFIC LEGAL DISCLOSURES FOR THE EU and UK
This policy describes the personal data that CanDeal collects from and about you when you access any of our products or services, visit CanDeal’s website, contact us, or request further information regarding a CanDeal product or service. It also describes how your personal data is used and processed by CanDeal and the purposes for which we process such data.
We will collect, use, store, and transfer different categories of personal data from and about you as follows:
CanDeal relationship data. This is data we obtain from our human interactions with you and includes details of any calls you have made to our support desk, visits made to you by our staff, marketing materials you have received, your e-mail communication with our staff, data about your preferred activities for marketing events or the CanDeal events you have attended, and your preferences with regard to your interactions with CanDeal or its products and services.
Contests, surveys. This is data you provide to us when you participate in our contests, promotions, or surveys.
De-identification and analytics. We may de-identify and anonymize your personal data by removing identifiable information such as your name, address, and account numbers. This information may be aggregated with other information and used for business purposes such as analytics and reporting, developing, and improving our products and services and understanding and predicting client needs and preferences.
Identity data. This includes your name and job title, and for certain CanDeal services accessed by you within the EU and UK, will also include date of birth, nationality, and national ID (for example, your passport number).
Personal data collected from third parties. This is data we obtain from third parties, including for example know-your-client information regarding your employment status and the results of any regulatory-screening processes, and could also include public databases and social media platforms.
Professional contact data. This is the data that allows us to contact you, and includes your business e-mail address, postal address, and telephone number.
Professional profile data. This is data that you may provide to us about your job role, function, and business focus.
Product or subscription usage data. This is data we obtain about your usage of our products and services, including when and which products and services you have used, subscribed for, or are enabled to access, and the content and functionality you have used in those products and services.
Publicly available information. This includes data we obtain from directories, websites, public records, or media sources.
Referrals. As Tradeweb Markets LLC (“Tradeweb”) is CanDeal’s third-party technology provider, we obtain personal data from Tradeweb or Tradeweb clients. We also obtain personal data from Tradeweb as Tradeweb’s client-facing entity for Canadian regulatory purposes. Referrals also include data from other CanDeal companies or other CanDeal clients.
Web technology derived data via cookies. Some pages on the CanDeal website use a technology called “cookies”. A cookie is a token that a server gives to your browser when you access a website. Cookies can store many types of data. Cookies help provide additional functionality to the website or help us analyze website usage more accurately. In all cases in which cookies are used, we will not collect personally identifiable information except with your permission. With most Internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.
Please note that if you do not provide the personal data that we are required to collect by law, or under the terms of a contract that we have in place with you, we may not be able to provide our products and services to you.
We process and use personal data for the following purposes:
Account setup and administration. We use personal data in order to set up your access to a product or service that you have subscribed for and to manage invoicing and payments.
Provision of service. We use the personal data we collect about you to provide you with our products and services, and to assist you in your use of these products and services. This includes providing you any necessary operational assistance, support, and training, and alerting you to product changes or maintenance periods.
Product development and improvement. We will occasionally use the personal data that we collect about you to ask you to participate in surveys and questionnaires to improve, customize and enhance our products and services. In addition, we can use the data, combined in aggregate form with the personal data we have collected about other users of our financial products, for statistical purposes, or to plan and implement developments of, and enhancements to, our products and product range.
Compliance checks and regulatory recordkeeping. We also use personal data to conduct know-your-client (KYC) and other compliance checks on our clients and conduct system monitoring, which CanDeal is required by law to carry out. We also need to retain certain personal data for regulatory recordkeeping purposes.
We may share your personal data as described below:
CanDeal group of companies. We may share personal data with other companies within the CanDeal group of companies to manage and provide our services, and for other legitimate business purposes.
Third-party service providers. We may share personal data with our service providers who assist us in serving you and who have agreed to appropriate contractual provisions regarding the protection of personal information in accordance with applicable law. The term “service providers” includes, but is not limited to licensors, suppliers, information providers or other third parties that provide or administer, from time to time, any data, information, content, software, technology, application, tool, or service to CanDeal. For example, we use:
- technology providers, such as Tradeweb to provide operational and system administration services.
- providers of content to which you have subscribed, where it is necessary for them to confirm that a user is entitled to access their content and to evaluate and manage how that content is used in our services.
- customer-relationship management software providers, such as Salesforce, to assist with the provision of our services and to contact you.
- financial communications service providers, such as Paragon Public Relations LLC, for public relations, marketing, and strategic communications support.
Your employer. We will provide your employer with reports containing the product usage data of its employees, for example performance reports.
Professional advisers. Our professional advisers, including lawyers, auditors and insurers could have access to your personal data during the course of the performance of their professional services to us.
Disclosure for legal purposes. We provide access to your personal data when legally required to do so, including, without limitation, to cooperate with competent regulatory and other government investigations or other legal proceedings.
We will retain your personal data for as long as necessary, reflecting our need to provide our products and services, respond to queries and regulatory requests and resolve problems, and to comply with applicable law. For these reasons, we may retain your information subject to this policy after the termination of your product or service agreement with us. Depending on the nature of the personal data, it may be stored in our computer systems or record storage facilities or those of our service providers.
When your personal data is no longer required, we have established internal policies to securely dispose of it or make it anonymous in accordance with our legal and regulatory obligations.
We may monitor some e-mail and other communications between you and individuals at CanDeal. The reasons we may do this are related to the security of the relevant CanDeal company, its staff and others, or regulatory compliance. In the case of e-mails, we may reject, delay, or remove content from e-mails which have a nature, content or attachments which may disrupt our systems or because they may pose security issues such as viruses, malware, or other computer threats.
Emails identified as potentially containing a threat may undergo further analysis and any personal or financial information contained in the email may be incidentally accessed by individuals investigating and addressing the threat. We may also filter out e-mails which contain certain content on the basis that content is offensive or the e-mail is unwanted or spam. In certain circumstances, this may unfortunately result in ‘innocent’ communications being affected but we do try and reduce such occurrences.
Telephone calls to our help desks or customer relations may also be recorded for quality control, security, regulatory, and monitoring purposes.
We may use service providers to perform specialized services on our behalf. As a result, your personal data may be stored and processed in any country or province of Canada where we have service providers. For example, as Tradeweb is CanDeal’s third-party technology provider, we share personal data with Tradeweb which involves transferring it to different countries, including the United Kingdom (“UK”), and United States.
These countries may provide different data protection rules. This means your personal data may be securely used, stored, or accessed in other countries and be subject to the laws of those countries. For example, your personal data may be shared in response to valid requests or demands from government authorities, courts, and law enforcement officials in those countries.
If you are located in the European Union (EU) or the UK, your personal data will be transferred on the basis set out more specifically in Schedule A to this policy.Transfers of personal data outside of the EU or the UK
If you are located in the EU or the UK, the personal data that we collect from you will be transferred to and processed in Canada and in the United States by Tradeweb and may also be held on servers by some of our service providers, for example Tradeweb and Salesforce, both in the United States.
We ensure that any personal data which is transferred outside of the EU and the UK is appropriately safeguarded, including by using the appropriate legal mechanisms: the transfers of personal data are based on the European Commission’s standard contractual clauses for the transfer of personal data to third countries.Your legal rights in connection with your personal data if you are based in the EU or UK
You have certain rights afforded to you under European or UK data protection laws in relation to our processing of your personal data if you are based in the EU or the UK. These rights include:
- Access: the right to request access to your personal data and to find out how we use it and with whom it is shared.
- Correction: the right to request correction of the personal data that we hold about you or to have incomplete personal data completed.
- Erasure: the right to request that we erase the personal data that we hold about you in certain circumstances prescribed by EU and UK law. Your request for erasure will be balanced against our legitimate requirements to process your personal data.
- Objection: the right to object to our processing of your personal data where we are relying on a legitimate interest and your specific situation means that you wish to object to processing on this ground as you feel that it impacts your fundamental rights and freedoms. You may also object to our processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms.
- Portability: the right to receive the personal data that we collect from you in a structured, commonly used and machine-readable format, and the right to request that we transfer such personal data to another party.
- Withdraw consent: where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time.
You may at any time submit a personal data query, a request to exercise any of your above rights, or a complaint by contacting us by e-mail at: email@example.com or by post at: 50 Bay Street, Suite 1200, Toronto, Ontario Canada M5J 3A5 Attention: CanDeal Privacy Office
We maintain appropriate administrative, technical, and physical safeguards to protect against loss, misuse or unauthorized access, disclosure, alteration, or destruction of the personal data you provide to us. We also limit access to your personal data to those employees, agents, and contractors and other third parties who have a business need to access your data. They will only process your information in accordance with our instructions and standards and are subject to a duty of confidentiality.
Personal data may be shared with or accessed by service providers so that they can perform services on our behalf. Service providers are required to have privacy and security standards that meet our requirements. We use contracts and other measures to establish these standards.
You can withdraw your consent to us collecting, using, and sharing personal data at any time by giving us reasonable notice, subject to legal, business, or contractual requirements.
However, withdrawing your consent may limit us from providing you with, or being able to continue to provide you with, specific products and services. In certain circumstances your consent cannot be withdrawn. For example, you may not withdraw your consent where our collection, use and sharing are permitted or required by law.
You may also request that we cease using your personal data for marketing purposes. If you do not wish to receive marketing e-mails or material materials from CanDeal about the products and services we provide, please let us know by calling 1-866-422-6332 or e-mailing at firstname.lastname@example.org.
You have the right to access the personal data you provide to us. We require you to put your request in writing so you can provide us with enough specific details to help us understand your request and conduct our search for your data. We will also need to verify your identity before we begin our search for your data and provide you access.
Your right to access your data is subject to certain limits such as legal privilege. Once we receive your request, verify your identity, and understand the scope of your request, we will provide you a written response within the timeframe set by applicable privacy law. To initiate your request, please call us at 1-866-422-6332 or e-mail us at email@example.com
We make every reasonable effort to keep the personal data in our records as accurate, complete, and up to date as necessary for the purpose for which it is used. However, we also rely on you to tell us when your data changes, so please notify us of any changes to your personal data during your relationship with us.
If any of your contact details are incorrect, please let us know by calling us at 1-866-422-6332 or e-mailing us at firstname.lastname@example.org.
If you have any questions, concerns or complaints about this policy or our privacy practices, let us know so we can address your issue. Please call us at 1-866-422-6332 or e-mail us at email@example.com. Our Privacy Office is led by our Chief Privacy Officer and is responsible for overall privacy governance. If you need to escalate a privacy complaint, you may escalate to the CanDeal Chief Privacy Officer:
CanDeal Group Inc.
Attention: Chief Privacy Officer
50 Bay Street, Suite 1200 Toronto
ON M5J 3A5
If you have concerns with our adherence to applicable privacy legislation or this policy, you have the right to contact the relevant EU Data Protection Authority or the UK Information Commissioner’s Office or the Office of the Privacy Commissioner of Canada.
This Schedule A sets out specific disclosures regarding CanDeal’s processing of personal data, as applicable to residents and citizens of the UK or EU, relating to the type of personal data, the purpose for which the data is processed, and the lawfulness of the data’s processing under the General Data Protection Regulation (GDPR).
|Purpose for processing||Type of personal data||Lawfulness of basis for processing|
|Account set up and administration||
Performance of a contract with you
Necessary to comply with a legal or regulatory obligation, or court order
|Provision of service||
Performance of a contract with you
|Sales and marketing||
Necessary for our legitimate interest (to develop our products or services and grow our business)
|Product development and improvement||
Performance of a contract with you
Necessary for our legitimate interests (to study how customers use our products or services, to develop them, to grow our business and to inform our marketing strategy)
|Compliance checks and regulatory recordkeeping||
Necessary to comply with a legal or regulatory obligation, or court order