At General Bank of Canada (the “Bank”, “we”, “us”, “our”), we respect your privacy and value our relationship with you. This means we are committed to respecting and protecting your Personal Information.

This Privacy Policy is a statement of the principles that govern how we protect your Personal Information and describes our privacy practices for the collection, use, disclosure, and retention of your Personal Information, along with your rights to access your Personal Information. The Policy is based on our obligations under the Personal Information Protection and Electronic Documents Act (Canada), which is available at https://laws-lois.justice.gc.ca/PDF/P-8.6.pdf.

The Bank may update this Privacy Policy from time to time to ensure it accurately reflects our current practices. If we make a change to this Privacy Policy, we will post the revised Privacy Policy on our website and make it available to you upon your request to our Chief Privacy Officer. A printable copy of this Policy can also be downloaded here .

Last updated August 24, 2022.

What is Personal Information?

Personal Information”, as it relates to our customers, is any information that identifies you as an individual or can be used to identify you. It includes information in any form, such as:

  • name, age, physical mailing or email address, telephone number, date of birth, gender, residence status, nationality;
  • unique identification numbers (e.g. social insurance number (SIN), driver’s license number, birth certificate number, passport number); and
  • financial information, loan records and credit records (including credit history).

Personal Information does not include information used for the purpose of communicating with an individual in relation to their employment (for example, an employee’s name, title, business address, business telephone number or business email address), or anonymized, redacted, de-identified or aggregated information that cannot reasonably be associated with a specific individual.

Our Privacy Program

We are accountable and open about our privacy principles

The Bank is responsible for all Personal Information under its control, including any Personal Information the Bank transfers to its third parties. The Bank has implemented measures to ensure it complies with the privacy principles outlined in this Privacy Policy, along with any other applicable privacy legislation, including:

  1. implementing policies and procedures to protect Personal Information;
  2. training its staff on the Bank’s privacy policies, procedures, practices, and obligations; and
  3. designating one or more individuals within the Bank who are responsible to ensure the Bank complies with this Privacy Policy.

The Bank will make information about our policies and practices related to the management of Personal Information readily available. You may obtain such information with reasonable effort and/or without delay.

Information about our privacy policies and practices will be presented in clear and easy-to-understand language and will include:

  • the contact information for the person(s) responsible for the Bank’s compliance with this Privacy Policy;
  • the principles that govern our privacy practices;
  • how to request access to your Personal Information; and
  • how to complain to the Bank about any privacy-related issues or concerns.

Our Chief Privacy Officer is responsible to ensure the Bank complies with this Privacy Policy. Our Chief Privacy Officer may be contacted using the information provided in “How to Contact Us.”

Why we collect Personal Information

We identify the purpose for collecting Personal Information

The Bank will identify its purpose(s) for the collection of Personal Information, before, or at the time of, collection, either orally, electronically, or in writing. Except where permitted by law, if a new purpose for using your information develops (i.e., one that is not previously made known to you or currently outlined in this Privacy Policy), we will notify you, obtain your consent and/or let you opt out before we use your Personal Information for such new purpose.

You may request more information about the purposes for which we collect Personal Information by contacting our Chief Privacy Officer using the information provided in “How to Contact Us.” For further information on how we use the Personal Information we collect, please refer to “How we use your Personal Information.”

How we obtain consent

We obtain appropriate consent for the collection, use, or disclosure of Personal Information

Except where permitted by law, the Bank is required to obtain your consent for its collection, use, or disclosure of Personal Information. For example, the Bank may disclose Personal Information without your consent or knowledge to co-operate with organizations, such as law enforcement or regulators, in the investigation of breaches of agreements or contraventions of laws, and where it is reasonable to expect that obtaining consent would compromise the investigation.

To determine the appropriate form of consent, the Bank will consider the sensitivity of the Personal Information and the reasonable expectations of its clients. Depending on the situation, sensitivity, and type of Personal Information involved, we may obtain your consent in different ways, including verbally, online, in writing, or through your use of the Bank’s products or services.

The Bank will not require you to consent to the collection, use or disclosure of Personal Information as a condition to obtaining a product or service beyond that required to fulfil the purposes identified to you.

Subject to any legal or contractual restrictions, you may withdraw consent at any time by providing the Bank with reasonable notice, and we will inform you of any implications of the withdrawal of consent. If you wish to withdraw your consent, please contact our Customer Service team using the information provided in “How to Contact Us” below.

What Personal Information we collect

We limit the collection of Personal Information

Personal Information will be collected by fair and lawful means. We limit the collection of Personal Information to that which is necessary for the purposes identified by us or permitted by law. These may include:

  • details about you and your background, including your name, address, contact information, date of birth, occupation, and other identification;
  • records that reflect your dealings with us; and
  • financial information and credit records (including credit history).

We collect Personal Information primarily from you, however, we may, with appropriate consent, collect Personal Information from external sources including credit bureaus, employers, personal references, financial institutions, law enforcement, or other third parties who properly represent that they have the right to disclose information.

The Bank will collect and treat your Personal Information in accordance with applicable privacy legislation and any written agreement between you and the Bank.

How we use your Personal Information

We use Personal Information for disclosed purposes

Without your consent or when permitted by law, your Personal Information will not be used for purposes other than those for which it was collected.

In accordance with applicable privacy legislation and only to fulfil our business relationship, our use of your Personal Information may include to:

  • verify your identify;
  • assess initially and ongoing, your eligibility for credit and for the Bank’s products and services;
  • transfer your Personal Information to a third party as permitted by any agreement between you and the Bank;
  • confirm ownership or description of any collateral;
  • service, monitor, or maintain your account, products, and services;
  • report any account irregularities to any credit reporting agency or other institutions as required or permitted by law;
  • help identify you with credit reporting agencies and other financial institutions to ensure the accuracy of information collected and reported for credit data-matching purposes;
  • provide you with notices that serve the interests of customers of the Bank; and
  • for any purpose related to the provision of products and services you request from the Bank.

Sharing your Personal Information

We will share Personal Information for disclosed purposes

Personal Information will not be disclosed for purposes other than those for which it was collected, except when you have otherwise consented, or as required or permitted by law.

Circumstances in which the Bank will disclose your Personal Information only in accordance with applicable privacy legislation, may include:

  • with your consent;
  • in response to a court order, search warrant or other demand or request, which we believe to be valid;
  • to meet requests for information from regulators, including self-regulatory organizations of which we are a member or participant;
  • to satisfy legal and regulatory requirements applicable to us;
  • to facilitate investigations by law enforcement, or disclosure to government agencies;
  • to third parties the Bank has contracted with to perform services on our behalf, to manage our relationship with you;
  • sharing it with credit reporting agencies, mortgage insurers, or other financial institutions to obtain credit bureau reports or verify your credit score;
  • to help us collect a debt or enforce an obligation owed to us by you; and
  • where permitted by law.

When we share Personal Information with third parties, we require them to protect the Personal Information in a way that is consistent with our privacy requirements.  Some of our service providers may store data outside of Canada. Personal Information held and controlled by a third party in another country may be subject to the laws of that jurisdiction, and may be collected, used, or disclosed without your knowledge or consent where required or permitted by the laws of that jurisdiction

Retaining Your Personal Information

We retain Personal Information only for as long as is necessary

The Bank will retain Personal Information only for as long as is necessary to fulfill the identified purpose(s) for collecting such information and in compliance with any legal requirements. We have a record retention policy and procedure in place for the retention of Personal Information in accordance with legal requirements. The Bank adopts appropriate risk management practices when Personal Information is no longer necessary or relevant for the identified purposes, nor required to be retained for a business purpose.

How we protect and maintain your Personal Information

We endeavor to ensure Personal Information is accurate and up to date

Personal Information will be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used. We may ask you to update your Personal Information, as and when is reasonably necessary.

We also ask that you help keep the Personal Information held by the Bank up to date through prompt notification to the Bank of changes to your telephone number, address, email address, or other information. You may ensure your Personal Information held by the Bank is accurate, complete, and up to date at any time by contacting our Customer Service team with the contact information provided in How to Contact Us.

The Bank will provide you with access to your Personal Information at your request, subject to legal restrictions. You may consult How to access your Personal Information for more information on how to request access to your Personal Information or write to our Chief Privacy Officer at the contact details provided in How to Contact Us.

We implement safeguards to protect Personal Information

The Bank protects Personal Information through security safeguards appropriate to the sensitivity of the information. These safeguards employed to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, include:

  • Physical safeguards (e.g. locked filing cabinets, restrictions on building access, alarm security);
  • Organizational safeguards (e.g. privacy audits, policies, and procedures); and
  • Technological safeguards (e.g. password use, encryption).

All our staff are required to keep all Personal Information to which they have access, private and confidential. As a condition of employment, all our staff are required to participate in periodic privacy training and follow the Bank’s policies and procedures concerning the safety and security of Personal Information.

The Bank will protect Personal Information shared with third parties through a variety of means, including incorporating clauses in contracts that specify the confidentiality, privacy and security of information and the authorized purpose(s) for which it is to be used and disclosed. When we contract with third parties, the third parties are only given the information necessary to perform the services set out in the contract.

The Bank regularly reviews its practices to ensure Personal Information is safeguarded, including as and when new technologies or risks emerge

How to access your Personal Information

We grant access to Personal Information if requested, subject to legal restrictions

You have the right to access the Personal Information that the Bank holds about you, subject to legal restrictions. Upon written request and proof of identity, the Bank will confirm the existence, use, and disclosure of your Personal Information, and subject to any legal restrictions but in a timely manner, provide access to that information. You will be able to challenge the accuracy and completeness of the information, and have it amended as appropriate.

The Bank may charge you a small fee for requesting copies of Personal Information and may not be able to provide access to certain information in all circumstances. For example, some situations where the Bank may not be able to provide access to Personal Information include where that information:

  1. contains references to other individuals;
  2. cannot be disclosed for legal, security, or commercial propriety reasons; or
  3. is subject to solicitor-client or litigation privilege.

If you request access to Personal Information which the Bank cannot provide, we will provide you with the reasons for denying access to the information.

To request access to your Personal Information, please write to our Chief Privacy Officer using the information provided in How to contact us.

How to contact us

Chief Privacy Officer

If you have questions about this Privacy Policy or our privacy practices, you may contact our Chief Privacy Officer by:

Mail:

Attention: Chief Privacy Officer (CPO)
#100 LeMarchand Mansion
11523 – 100 Avenue NW
Edmonton, AB T5K 0J8

Email:

privacy@generalbank.ca

Opting Out or Withdrawing Consent

To discuss opting out or withdrawing consent for the collection, use, or disclosure of your Personal Information, please contact our Customer Service team at:

Telephone:

1.780.443.5626

Email:

info@generalbank.ca

Raising Concerns

If you have a complaint about our privacy practices, you can raise it directly with the privacy regulator, or on our website following our Complaint Handling Procedure outlined at www.generalbank.ca/complaint-procedure/.

We have processes in place to review and respond to complaints about the Bank’s policies and practices related to the handling of Personal Information and will investigate all complaints. If justified, the Bank will take appropriate measures to resolve the complaint, including, if necessary, amending our policies and practices. If a privacy complaint is not resolved to your satisfaction, you may follow our Complaint Handling Procedure outlined on our website for escalation.

Privacy Regulator

If you remain dissatisfied with the steps taken to resolve your concern through our Complaint Handling Procedure, you may also contact our Privacy Regulator, the Office of the Privacy Commissioner of Canada:

Mail:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3

 Telephone:

Toll-free: 1-800-282-1376

 Website:

www.priv.gc.ca

Digital Privacy

We collect information on our website using Google Analytics, to help us understand how visitors use and engage with our website and help us to improve it. We collect this information from the computer or device used to access our website, including the IP (Internet Protocol) address or other device identifier, pages viewed, and date and time of your use. This information is logged as a “cookie.” A cookie is a piece of data that a web browser creates when you visit a website and includes information about how and when you use a website. It is placed on your device in the form of a small text file. This is automatically shared with Google to provide us with summary reports on website activity and internet usage.

You may opt out of Google Analytics from websites by installing Google’s opt-out browser add-on.

For more information on Google Analytics, and how Google may use this information, please visit How Google uses information from sites or apps that use our services and Google Analytics – Safeguarding your data.

We do not use data collected on our website for marketing purposes.