Highlights
(i) We are processing the following categories of Personal Information:
- Identity Data
- Biometric Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Investment Data
- Technical Data
- Profile Data
- Usage Data
- Marketing and Communications Data
- Video and Voice Recordings
For detailed information on the specific pieces of Personal Information behind each category, please read carefully the table under Section 2 below.
(ii) The purposes for processing the Personal Information indicated above are determined by the ways you engage with us:
1. To register you as a new customer | 7. To manage, process, collect and transfer payments, fees and charges | 13. To deliver relevant website content and advertisements to you and measurement |
2. To carry out and comply with anti-money laundering requirements | 8. To collect and recover payments owed to us | 14. To use data analytics to improve our website, products/services |
3. To process and deliver our Services | 9. To obey applicable legislation and handle complaints | 15. To make suggestions and recommendations to you |
4. To prevent abuse of our Services and promotions | 10. To enable you to partake in a prize draw, competition or complete a survey | 16. To use the services of social media platforms or advertising platforms |
5. To manage our relationship with you (e.g. leaving a review, taking a survey and so forth) | 11. To gather market data for studying customers' behavior | 17. To use the services of financial institutions, crime and fraud prevention companies |
6. To keep our records updated | 12. To administer and protect our business | 18. To record voice calls for compliance and quality assurance |
For detailed information on the purposes and the categories of Personal Information, please read carefully the table under Section 6 below.
(iii) We may share your Personal Information with the following parties:
- companies and organizations that assist us in processing, verifying or refunding transactions/orders you make during your engagement with us;
- identity verification agencies to undertake required verification checks;
- fraud or crime prevention agencies to help fight against crimes including fraud, money- laundering and terrorist financing;
- anyone to whom we lawfully transfer or may transfer our rights and duties under the relevant terms and conditions;
- any third party because of any restructure, sale or acquisition of our group or any affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
- regulatory and law enforcement authorities, whether they are outside or inside of Canada, where the law allows or requires us to do so.
For detailed information on the purposes and the categories of Personal Information, please read carefully the table under Section 8 below.
(iv) risks of harm and other consequences.
In connection with the processing of Personal Information, there are potential risks of harm that include unauthorized access or misuse of financial information, identity theft, and potential financial loss due to security breaches. Additionally, individuals may experience reputational damage or discrimination if sensitive data is exposed. While we implement stringent security measures to protect personal data, these risks are inherent to any data processing activities.
Furthermore, some Personal Information we collect may be transferred outside of your province or country and processed in other countries. Such Personal Information may therefore be subject to courts, law enforcement and national security entities in such foreign countries.
1. Introduction
This Privacy Notice (“Privacy Notice”) describes how Foris DAX CAN ULC, Foris Inc., and their affiliates providing services to them with respect to their services to you (together, the “Company,” “we,” “us,” “our”), and other third parties engaged to perform services for us with respect to the services we provide to you handle your Personal Information when communicating with us or accessing or using any of our websites, platforms products, services, or applications (together, the “Services”). This Privacy Notice also describes your privacy rights and how you can exercise these rights with us. It is important that you read this Privacy Notice together with any other privacy notice, fair processing notice, or other notice that we may provide when we are collecting or processing Personal Information about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements but is not intended to override those other notices, if any.
This Privacy Notice applies to your Personal Information in our possession or under our control, including Personal Information in the possession of organizations which have engaged us to provide the services to you or the Personal Information in the possession of organizations which we have engaged to collect, use, disclose or process Personal Information for the purposes stipulated herein. The purpose of this Privacy Notice is to inform you about the types of Personal Information we collect, use, process, or disclose.
We ensure that all affiliates and other third parties that are engaged to perform services on our behalf, or at your request, that are provided with Personal Information observe and comply with the intent of this Privacy Notice and our privacy practices as well as the applicable laws including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and its regulations, and other applicable provincial privacy legislation and regulations.
Because our Services are provided through digital means, our websites and mobile applications may from time to time include links to other third-party websites, plug-ins, and applications ("Third-Party Sites"). These links are meant for your convenience only. Links to Third-Party Sites do not constitute sponsorship, endorsement or approval of such Third-Party Sites. Clicking on those links or enabling those connections may allow third parties to collect or disclose data about you. Please be aware that we do not control these Third-Party Sites and are not responsible for their privacy statements and practices. Any interaction with Third-Party Sites is between you and that Third-Party Site. We encourage you to read and be aware of the privacy notice of each and every Third-Party Site you visit or use.
From time to time, we may make changes to this Privacy Notice. The Privacy Notice is effective as of the “last update” which appears at the top of this page. We will treat Personal Information in a manner consistent with the Privacy Notice under which it was collected and our current privacy practices, unless we have your consent to treat it differently. This Privacy Notice applies to any Personal Information we collect or receive about you, from any source.
2. Definition of Personal Information
“Personal Information” is any factual or subjective information about you as an identifiable individual. Personal information does not include de-identified information where your identity cannot be ascertained from the data.
We may also collect, use, store, and transfer different kinds of Personal Information about you from our own analysis of your use of the Services or from third parties who provide information about you to us.
Depending on the nature of your interaction with us, the following table summarizes the major categories of Personal Information that we may collect or process. Note that the table is not intended to be a precise or comprehensive list of every data point we collect or use, but rather a reasonably complete representation of this information to aid you in understanding our data practices.
Category of personal Information | Examples of specific pieces of personal data |
Identity Data |
|
Biometric Data |
|
Social Identity Data |
|
Contact Data |
|
Financial Data |
|
Transactional Data |
|
Investment Data |
|
Technical Data |
|
Profile Data |
|
Usage Data |
|
Marketing and Communications Data |
|
Video and Voice Recordings |
|
We also collect, use, and share information that has been anonymized or de-identified, including statistical or demographic data, for any purpose (“Aggregate Consumer Information”). Aggregate Consumer Information may be derived from your Personal Information but is not treated as Personal Information because it does not reveal your identity in a reasonable manner. Please note that business contact information – including an employee’s name, title, business address, telephone number facsimile number or email addresses – which we collect, use, process or disclose solely for the purpose of communicating with a person in relation to their employment, business or profession does not qualify as Personal Information under the PIPEDA.
If you refuse to provide certain data when requested, we may not be able to fulfill our obligations to you or offer Services to you. We may also have to cancel or stop providing Services we provide to you that rely on your provision of that information.
3. Data Protection Officer
A Data Protection Officer (“DPO”) is responsible for overseeing questions in relation to this Privacy Notice. If you have any comments, questions, concerns, or complaints regarding your Personal Information or our privacy practices, please feel free to send in details of the same to the Data Protection Officer’s team as follows:
By written notice:
Data Protection Officer
Mr. K. Cvetkov
1700, 421 7TH AVENUE SW, CALGARY, T2P 4K9, Canada
By email:
[email protected]
We take all comments, questions, concerns, and complaints very seriously and will respond as soon as reasonably practicable upon receiving the same.
4. Client Consent
We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations you might have in the circumstances. Please note that if you wish to indicate preferences regarding your consent, you may do that via contacting [email protected] or by following a dedicated URL as provided in a relevant communication.
Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you refuse to provide that information when requested or you withdraw already provided consent, we may not be able to perform the contract we have or are trying to enter with you – for example, to provide you Services. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
5. Collection of Information
We collect information from you when you access or use the Services, or when you interact with our website or mobile applications, including without limitation during your account registration process, when you make deposits, withdrawals, transfers, or trades on your account, when you access or use the Services, sign up to receive email updates, fill out any forms, complete surveys, interact with customer service, or when you otherwise communicate with us.
In addition to the above, if you are using the Services on behalf of a corporation or other legal entity, we will collect all the information you provide to us.
We generally do not collect or process your Personal Information unless:
a) it is provided to us voluntarily by you or by organizations which have engaged us to provide the services to you or via a third party who has been duly authorized by you to disclose your Personal Information to us (your “authorized representative”) after you (or your authorized representative) or the organization which have engaged us to provide the services to you:
i. have been notified of the purposes for which the Personal Information is collected or processed, and
ii. have provided written consent to the collection, processing and usage of your Personal Information for those purposes, or
b) collection, processing and use of Personal Information without consent is permitted or required by PIPEDA, other applicable provincial privacy legislation and regulations or other laws.
We use different methods to collect information from and about you:
A. Direct interactions
You may give us your Personal Information by filling in forms, providing your biometric information via the Services, by email, or otherwise. This includes Personal Information you provide when you:
- apply or register for our products or the Services;
- create an account;
- subscribe to our Services or other publications;
- make use of any of our Services;
- request or indicate that marketing materials may be sent to you;
- enter a competition, promotion, or survey; or
- give us feedback or communicate with us.
B. Automated technologies or interactions
As you interact with us via our websites or mobile application, we will automatically collect certain Personal Information about your equipment, browsing actions, transactions, feedback, responses, and patterns of use. We collect this Personal Information by using cookies, server logs, and other similar technologies. We may also receive Personal Information about you if you visit other websites employing our cookies. On our main website you will be informed about how we use cookies and the control that you can exercise through the Cookie Settings.
C. Third parties or publicly available sources
We may also obtain information about you from third parties who provide identity verification and anti-fraud services, or who verify that you are not limited in your ability to use the Services by any applicable laws. This includes (but is not limited to) periodically making “soft” inquiries on your credit reports solely for the purpose of verifying and periodically re-verifying your identity in accordance with our compliance policies and legal obligations. Where express consent for such inquiries is required under applicable provincial law, we will seek and obtain your express consent before making such inquiries; otherwise, your consent for periodic re-verification inquiries is implied from your choice to continue to do business with us. Such “soft” inquiries will not impact your credit score.
6. Use and Handling of Information
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use. Generally, we may collect, process and/or use your Personal Information for any or all of the following purposes (the “Purposes”):
Purpose and/or activity | Categories of Personal Information |
To register you as a new customer |
|
To carry out and comply with anti-money laundering requirements |
|
To process and deliver our Services and any App features to you, including to execute, manage and process any instructions or orders you make |
|
To prevent abuse of our Services and promotions |
|
To manage our relationship with you which will include asking you to leave a review, take a survey or keeping you informed of our company's business and product development |
|
To keep our records updated and to study how customers use our products/services |
|
To manage, process, collect and transfer payments, fees and charges |
|
To collect and recover payments owed to us |
|
To obey applicable legislation and handle complaints, including:
|
|
To enable you to partake in a prize draw, competition or complete a survey |
|
To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business |
|
To administer and protect our business, our Site, App(s) and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data |
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
|
To use data analytics to improve our website, products/services, marketing, customer/user relationships and experiences |
|
To make suggestions and recommendations to you about goods or services that may be of interest to you |
|
To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes |
|
To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies, which will use the personal data they receive for their own purposes in their capacity of independent controllers |
|
To record voice calls for compliance, quality assurance and training purposes |
|
Roles and Responsibilities in the Lifecycle of Personal Information
We have established clear roles and responsibilities for our personnel throughout the entire lifecycle of Personal Information, from collection to secure destruction. These roles are designed to ensure compliance with applicable privacy laws, including the Quebec privacy framework:
- Data Collection: Our front-line teams, such as customer service and onboarding personnel, are responsible for collecting your Personal Information in accordance with the purposes stated in this policy. They ensure that only the necessary information is collected, and that all consents are properly obtained.
- Data Usage: Teams within the organization use the data as per their job requirements, such as for processing transactions, fulfilling service requests, or conducting analysis. Marketing teams will only use information for communications if you have provided explicit consent.
- Data Security: Our Security team oversees the protection of your Personal Information. They implement technical and organizational safeguards, including encryption, access controls, and regular audits, to protect the data from unauthorized access, loss, or breach.
- Data Retention and Destruction: Our compliance, legal and privacy teams are responsible for ensuring that Personal Information is retained in line with regulatory and contractual obligations, and securely destroyed when no longer needed. They monitor our data retention schedules and oversee secure deletion or anonymization processes.
Through this structured approach, we ensure that your Personal Information is handled with the utmost care and in full compliance with applicable privacy regulations.
7. Cookies
We use cookies on our website to optimize your experience when browsing our website or using our online Services. Your browser may have settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or our website may become inaccessible or function improperly. Our website may from time to time use cookies to analyze website traffic and help us provide a better website visitor experience. On our main website, we explain how we use cookies and the control that you can exercise through the Cookie Settings.
8. Disclosure of Information
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
We may disclose your Personal Information and other information we collect with our affiliates and unaffiliated third parties as follows or as otherwise described herein or to you:
a. where such disclosure is required for performing obligations in the course of or in connection with the provision of the Services requested by you;
b. to organizations which have engaged us to perform any of the functions or Purposes above for and on their behalf pursuant to your request; or
c. to our employees, officers, third-party service providers, agents, subcontractors, and other associated organizations, our group companies and affiliates in so far as reasonably necessary for the purposes set out herein including to complete tasks, provide the Services to you on our behalf, and otherwise fulfill our obligations.
If we do disclose, we will require such employees, officers, third-party service providers, agents, subcontractors, and other associated organizations, our affiliates to respect the security of your Personal Information and to treat it in accordance with the applicable law.
Type of third parties | Types of information shared | Purpose for sharing |
Identity verification providers, Know-Your-Customer (KYC) service providers | Identity Data, Biometric Data, Contact Data | To verify your identity |
Fraud detection services, anti-money laundering (AML) monitoring services, regulatory compliance services | Financial Data, Transactional Data, Social Identity Data | To detect and prevent fraud, money laundering, terrorist financing, and other financial crimes and illicit activities |
Companies that assist us in providing any of the Services that you have requested and in processing, verifying or refunding transactions/orders you make | Contact Data, Financial Data | To facilitate the provision of services and relevant business operations to support our delivery of the Services and related aspects to you |
IT consultants, cybersecurity firms, software development companies, analytics providers | Technical Data, Usage Data | To improve our information, technology, and security systems including websites and mobile applications |
Customer support platforms, call center service providers, communication service providers | Profile Data, Contact Data, Video and Voice Recordings | To provide customer service |
Marketing agencies, social media platforms, content management platforms | Social Identity Data, Marketing and Communications Data | To promote our products or Services if you submit a product review or post content on public areas of our product, Services, or social media accounts |
Legal advisors, corporate restructuring service providers, financial institutions | Identity Data, Financial Data | To transfer our rights and duties under the relevant terms and conditions governing the use of any Services (to the extent allowed) |
Legal counsel, regulatory authorities, law enforcement agencies, compliance monitoring services | Identity Data, Financial Data, Transactional Data, any other category of data to the extent required by law | To comply, in our sole discretion, with a legal request or to protect or enforce our rights, including to comply with an applicable law or regulation, or in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability, and to protect the rights, property, and safety of us or others |
Mergers and acquisitions advisors, auditors, potential buyers, legal and financial advisors | Financial Data, Transactional Data | To evaluate, effectuate, or otherwise transfer your Personal Information as part of a proposed or actual sale, merger, restructuring, transfer, or exchange of all or a portion of our assets to another company |
Categories of Individuals with Access to Personal Information
Within our organization, access to your Personal Information is restricted to those employees or service providers who require such information to fulfill their job responsibilities and assist in delivering our services. This includes, but is not limited to:
- Customer service representatives who manage account inquiries and provide support
- Information security personnel responsible for maintaining and securing our systems
- Compliance and legal teams who ensure adherence to regulatory obligations
- Marketing personnel who process consented information for communications
- Payments teams handling transactions and payment processing
All individuals with access to Personal Information are bound by confidentiality obligations and are trained on the importance of protecting your privacy. We ensure that only the necessary personnel have access to your data in accordance with their role and function.
Transfer of Personal Information Outside of Canada and Quebec
Your Personal Information may be transferred to and processed in countries outside of Canada. Accordingly, such Personal Information may be accessible (by lawful order) to courts, law enforcement or national security entities in such foreign countries.
When we transfer your Personal Information to service providers or affiliates located outside of Canada, we ensure that appropriate safeguards, such as contractual obligations, are in place to protect your information in accordance with applicable privacy laws. These transfers are necessary for the purposes outlined in this Privacy Notice, including providing our services.
If you are located in Alberta, and have any questions about the processing or storage of your Personal Information by our affiliates or service providers outside of Canada, or if you would like to receive further written information about our service providers or affiliates outside of Canada, please contact our DPO at [email protected].
For residents of Quebec, in compliance with the Act respecting the protection of personal information in the private sector (Quebec's privacy law), please be informed that your Personal Information is transferred outside Quebec to the USA, Europe and Singapore, any risks associated with the transfer of your Personal Information is covered through compliance with the applicable state laws and through contractual measures.
9. Storage and Retention of Information
We may keep a record of your Personal Information, correspondence, or comments, in a file specific to you. We will utilize, disclose, or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected or as otherwise permitted or required by law. We have implemented a retention schedule to establish the retention period for certain types of information. Once this period has passed, we destroy your Personal Information permanently and securely.