Neo Privacy Policy
Effective: August 1, 2024
Neo Financial Technologies Inc., Neo Mortgage Services Inc. and their subsidiaries and affiliates (collectively “Neo”, “us” and “we”) value your privacy. We are committed to safeguarding your personal information. This Privacy Policy sets out our policies and procedures for the collection, use, retention, and disclosure of your personal information.
This Privacy Policy applies to the privacy practices of Neo on our website, located at https://www.neofinancial.com and any subdomains (the “Website”) and our “Neo Financial” web and mobile application (the “App”, and together with the Website, the “Platform”), and to our other interactions with you.
Neo is accountable for the collection, use, and disclosure of your personal information. When you apply for financial products and services such as a credit card, a deposit account or an investment account, Neo Financial Technologies Inc. is accountable for the collection, use and disclosure of your personal information. When you apply for a mortgage, Neo Mortgage Services Inc. is accountable for the collection, use and disclosure of your personal information. Our Privacy Officer oversees the protection of your personal information and ensures our compliance with our Privacy Policy and applicable privacy laws. Please see the contact details for our Privacy Officer at the end of this Privacy Policy, in section 7.
What information is in this Privacy Policy?
This Privacy Policy covers the following topics:
- What Personal Information Do We Collect from You and How Do We Use It?
- a. Personal Information We Collect for Our Own Use and Purposes
- i. Information You Provide Us
- ii. Information We Collect Automatically
- ii. Information We Collect From Third Parties
- b. Personal Information We Process on Behalf of Third-Party Organizations
- Sharing of Personal Information
- Your Choices
- Safeguarding and Retention of Personal Information
- Information About Our Privacy Governance Policies and Practices
- Updates to our Privacy Policy
- Contact Us
1. What Personal Information Do We Collect From You and How Do We Use It?
The types of personal information that we collect, and how we process it, depends on whether we are processing personal information for our own purposes, or on behalf of our financial, co-brand or other third party partners, as set out below.A. Personal Information We Collect for Our Own Use and Purposes
We collect personal information about you to provide you with financial products and services you request. We do this by collecting information: (i) from you, when you provide us with your personal information directly; (ii) automatically, when you use the Platform; or (iii) from third parties, when you authorize us, or as otherwise permitted or required by applicable law.(i) Information You Provide to Us
We collect the personal information that you provide directly to us for the following purposes:
Signing-up for a Neo Profile. To access most financial products and services we offer you need to have a Neo profile. To create your Neo profile, we collect your email address, phone number, and a password that you select. We use this information to administer and authenticate your access to your Neo profile, to enable you to access products and services, and to update you about changes to the Platform, and to market products and services to you in accordance with this Privacy Policy.Applying for Financial Products and Services. If you have a Neo profile, you can apply for a variety of financial products and services through the Platform. The personal information that we collect from you depends on the financial product or service that you apply for. In general, and in addition to your Neo profile information, we may collect your full name, date of birth, mailing and home address, move-in date, and employment or educational information to confirm your identity, process and update you about your application, detect and prevent fraud, and comply with applicable legal and regulatory obligations (including those relating to money laundering, terrorist financing and financial dealings with certain sanctioned individuals).If you apply for financial products and services, we may collect additional information from you as follows:- Deposit Account: If you apply for a deposit account such as a Neo High Interest Savings Account (HISA), or Neo Everyday Account (and the associated Neo MoneyTM Card), we may collect additional information including your reason for opening the account, Social Insurance Number (“SIN”), whether you pay taxes outside of Canada, and your Tax Identification Number. We may also collect certain documents to verify your identity, as well as information from your identity documents, such as your name and the type of document. We use this information to comply with legal and regulatory obligations (including tax reporting).
- Credit Card: If you apply for a Credit Card, including, but not limiting to, the Neo Credit Card, Neo Secured Card, Neo World Elite® Mastercard, Tims® Mastercard powered by Neo or Hudson‘s Bay Mastercard powered by Neo, or Cathay World Elite® Mastercard powered by Neo, we collect additional financial information, including income related information, living situation (i.e., move-in date, and whether you rent, own or live with family), housing costs, living expenses (e.g., utilities) (and, for residents of Quebec, we may collect name of employer, monthly credit or loan payments, and source of income) to assess your creditworthiness, and to confirm your eligibility for our credit products. With your consent, we will run a credit check to help assess your eligibility for a credit card and the credit limits. Please note that a Neo profile is not required for the Tims® Mastercard powered by Neo.
- Neo Mortgages: If you apply for a Neo Mortgage, we collect additional information, including your address history, employment history, financial and transaction information, and SIN to confirm your identity, prevent fraud, confirm the status of your mortgage, conduct a credit check and to comply with applicable legal and regulatory obligations (including those related to mortgage suitability). We may also collect biometric information (such as an image of your government-issued identification) in certain cases. Providing your SIN for identity verification purposes is optional. In addition to this information, we collect income information (e.g. banking statements), tax information, living situation, housing costs, information regarding your assets and liability, information about the property you intend to purchase, and transaction information (e.g. payment history and parties to transactions) to process your mortgage application, assess your creditworthiness, and confirm which mortgage products and services are most suitable for you. Please note that a Neo profile is not required to apply for a Neo Mortgage.
- Neo Invest: If you apply for an investment account provided by our investment account provider, we collect additional information, including your desired investment account type (i.e., TFSA, RRSP, or personal), and SIN in order to confirm your identity, prevent fraud, and comply with legal and regulatory obligations (including regulations relating to investment suitability and tax reporting). We also collect information about your account objectives, risk capacity, and investment timelines in order to comply with applicable legislation.
(ii) Information We Collect Automatically
We collect the following personal information automatically when you use the Platform.
Neo Website. In general, you can visit our Website without telling us who you are. We may use information about your web browser, time zone, application and Website use, Internet Protocol (IP) address, mobile device ID, search and Website history, and screens visited, to evaluate existing products and services, develop new products and services, optimize our Website, perform analytics, and improve the customer experience we offer.- Cookies: We use “cookies”, which are small computer files that a website‘s server places on your computer so that we can recognize your computer or device when you return. You can set your browser to notify you when you receive a cookie or to reject cookies, but this may impair our ability to customize and test your experience, like remembering your preferred language or present location-specific information to you.
- Analytics: The Website also uses web analytics services such as Google Analytics to help us gather and analyze information about the areas visited on the Website (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the Website. For more information or to opt-out using the Google Analytics opt-out browser add-on, see “How Google uses data when you use our partners' sites or apps”and “Google Analytics and Privacy”.
- Third-Party Links: Our Website may contain links to other websites that Neo does not own or operate. We provide links to third-party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the privacy policy of every third-party website you visit.
- Location Information: If you consent, we collect your location information by accessing your device‘s GPS coordinates so that we can provide you with location-based services, including information about nearby Neo Rewards partners. You can opt-out of location tracking at any time by turning off your location services for the App in the settings of your mobile device.
- Push Notifications: If you provide your consent to receive push notifications, we may display push notifications on your mobile device such as welcome messages, product features and promotional offers. If you wish to stop receiving push notifications from us, you can turn off push notifications for the App in the settings of your mobile device.
- App Usage Information and Analytics: As with many applications, certain limited data is required for the App to function on your device. This data includes the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the App accesses our servers. We use this information to help us understand the activity on the App, to monitor and improve the App, and to tailor your in-App experience. In addition, we may use third party service providers to collect analytical information about your use of the App, such as the App features used and time spent on the App, to help us tailor your in-App experience, improve our products and the quality of our App, and to manage and analyze data in order to better understand our users.
- Additional Information: We will use commercially reasonable efforts, given the limitations imposed upon us by third party providers such as Apple and Google, to clearly disclose what, if any information is collected by the App, how it is used, and with whom it is shared. Please note, certain practices are outside of our control, for example, tracking by Google or Apple or your telecommunications carrier. We are not responsible for the actions of such third parties. You should always read and understand the policies of any third-party provider, such as Google with respect to Android apps and Apple with respect to iOS apps, and your telecommunications carrier, before making any purchase or downloading any app.
(iii) Information We Collect from Third Parties
We collect personal information about you from third parties in the following circumstances:
Identity Verification. When you apply for certain financial products and services offered by Neo, we may use service providers to verify your identity. We may collect information from telecommunications providers, including name, phone number, and device information, to confirm your identity and prevent fraud. We will share your identity information, such as name, address and date of birth, with our service provider to complete a credit file identity verification and we will collect information from this verification, such as your name, date of birth, address and credit information. Our service providers may also collect and use biometric information (such as an image of your government-issued identification along with a real time image or video) to verify your identity. We collect the final result of the identity verification process (i.e., verified or not verified) as well as information from your identification, such as the ID number, in order to confirm your identity, prevent fraud, and comply with applicable legal and regulatory obligations (including those relating to money laundering, terrorist financing and financial dealings with certain sanctioned individuals).Anti-Money Laundering and Sanctions Checks. When you apply for financial products and services offered by Neo, we use service providers to meet our regulatory obligations regarding anti-money laundering and sanctions. We review the final result of anti-money laundering checks (i.e., clear or not clear) in order to comply with applicable legal and regulatory obligations (including those relating to money laundering, terrorist financing and financial dealings with certain sanctioned individuals).Credit Checks. When you apply for certain financial products and services offered by Neo, such as the Neo Credit Card, Neo World Elite® Mastercard, Tims® Mastercard powered by Neo, Hudson‘s Bay Mastercard powered by Neo, Cathay World Elite® Mastercard powered by Neo, or a Neo Mortgage, we collect identity information and financial and transactional information from credit reporting agencies, such as TransUnion and/or Equifax. We use your name, address, SIN, and date of birth to obtain certain credit, financial, personal, and business information contained in your credit report, to the extent provided by a credit bureau, for the purposes of verifying your creditworthiness, assessing and managing our credit risks, establishing credit and hold limits, qualifying you for other products and services, and detecting and preventing fraud and other decisions about your account. We may also share information with credit reporting agencies on an ongoing basis in order for Neo and the credit reporting agencies to maintain accurate credit information within their databases, in accordance with applicable laws. We may also collect this information about you on an on-going basis to assist in determining your ongoing creditworthiness, update our records, and help us determine your eligibility for other products and services (such as pre-approved credit products, credit limit increase, and other offers).Third Party Accounts. If you consent and provide account details for bank accounts with other financial services providers in order to fund your account, we collect information about this bank account, including financial institution name and number, account number, transit number, and account balances from a service provider, such as Flinks, to facilitate these transactions.Credit Cards Partners. If you apply for certain credit products through our partners, such as the Tims® Credit Card on the Tim Hortons platform, we collect information about you from our partners, such as TDL Group Corp. (“TDL”), in order to process your credit card application, including your name, email address, phone number, date of birth, mailing address, and employment status (including field of study, occupation type, role, time at job, living arrangements, monthly housing expenses, annual income and, for residents of Quebec, name of employer and source of income) for the purpose of assessing your application, determining your eligibility, detecting and preventing fraud and setting your credit limit for this service. We also collect the age of your rewards account and information regarding your rewards points balance for the purposes of assessing fraud risk and determining credit limit.New Rewards/Store. When you use an eligible Neo product such as a Neo Credit Card, Neo World Elite® Mastercard, or Neo Prepaid Mastercard with one of our network merchants, you receive cashback for a percentage of the purchase, or make progress towards a reward. We collect the details of your purchase on third-party platforms you already use (such as Neo‘s partnered merchant platforms) so that you may earn Neo Rewards for your Neo Rewards account. We may also use this information to open, maintain, service, process, analyze, market, audit, collect or fulfill products or packages related to Neo Rewards™, Neo Premium Rewards Package or the Neo Store.B. Personal Information We Process on Behalf of Third-Party Organizations
In addition to personal information that we collect and use for our own purposes, we sometimes act as a service provider to third-party partners to assist them in processing certain personal information on their behalf. For example, we may act as a service provider to entities that own your mortgage.Where we process personal information on behalf of our partners, we rely on such third-party organizations to comply with applicable privacy laws when collecting, using, or disclosing personal information, including by obtaining appropriate consent to collect, use, and disclose personal information. We require third parties to ensure that they have obtained all authority to provide personal information to us in accordance with applicable privacy laws. If you have any questions regarding the personal information we process on behalf of one of our partners, we encourage you to first contact the partner directly and/or review their applicable privacy policy.2. Sharing of Personal Information.
We do not sell, rent or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law. When you engage with other companies directly, or contact us through their platforms, their use of your personal information is subject to the terms of their privacy policies.A. Service Providers
Your personal information will be transferred to, collected by, or otherwise made available to certain third parties that provide services on our behalf. We may use service providers that provide the following services:- Customer support: to provide support services to customers that reach out to us with questions about Neo or our products or services, including our financial, co-brand, or third party partners.
- Mortgage processing services: to administer your mortgage, including processing or servicing of mortgages, mortgage insurers, consumer reporting agencies, title custodian, and title insurance providers, we may share identity, transaction, financial and biometric information, such as an image of your government-issued identification.
- Fraud detection services: to monitor your transaction information and identify fraudulent activity, we may share identity and transaction information, and behavioural characteristics, including typing patterns, keystroke movements, mouse navigations, or touchscreen interactions.
- Credit reporting agencies: to obtain information regarding your creditworthiness, where you have provided us with your consent to run a credit check.
- Sanctions screening providers: to ensure that you are not a sanctioned person subject to prohibitions under applicable money laundering, terrorist financing or other regulatory restrictions.
- Marketing and research companies: to understand and deliver products, services and offers that you, and others who are similar to you, may find useful or block offers you won‘t find useful, we may share your online, transaction, usage, and third party information or anonymized and aggregated information to digital affiliates and companies like Google and Facebook.
- Collections and law firms: to help us collect a debt owed to us by you, we may share your contact, identity, financial, transaction, counterparty, and third party information with our external legal representatives and debt collection providers.
- Payment processing businesses: to process your transactions and payments, we may share transaction information, account number, bank from which monies were extracted, and the name of the account holder.
- Plastic manufacturers: to issue card products to you, we may share your identity, and financial information with the plastic manufacturer to print your card, including your card number and details, name and address.
- Print suppliers: to print letters and statements pertaining to your account, we may share your name, address, and transaction information.
- Referral program partners: to administer our rewards referral program we may share your full name and account status information (i.e. whether your application was completed).
- Insurance product providers: to administer certain insurance products or other benefit perks associated with your Neo product.
- Cloud Service Providers: to store personal information and other data.
B. Products and Services Offered by Neo Financial
Your personal information may be disclosed to certain third parties as part of specific financial products or services that you apply for, are approved for, and participate in.- Neo deposit accounts: When you apply for or open a Neo deposit account, such as a Neo High Interest Savings Account, or Neo Everyday Account, we may share your contact, identity, financial, transaction, online, counterparty, and third-party information with the provider of the account and the principal issuers of our Prepaid Mastercards. We provide this information to applicable account providers to open your account and for regulatory reporting and compliance purposes. Issuers may collect, use, disclose and otherwise handle your personal information in their role as the issuer of the card. The account providers‘ and issuers‘ handling of your personal information is subject to its own privacy policy and is not governed by this Privacy Policy. We encourage you to review the privacy policy of the account providers and issuers as follows:
- Neo Everyday Account and High Interest Savings Account: Peoples Bank of Canada (Privacy Agreement)
- Tims® Mastercard powered by Neo: We may share your information with TDL Group Corp. (“TDL”) so that they can administer their rewards programs and deliver personalized offers and experiences to you. In addition, Neo may share account-related information, transaction history, financial statements, and similar information with TDL to facilitate the displaying of this information through the Tim Hortons iOS and Android applications. We may share information about transactions processed using a Tims® Financial service for the purposes of assisting TDL with administering the Tims® Rewards program. Neo may share transaction information with TDL for the purpose of TDL, with your consent, personalizing your Tims® Financial marketing experience. We may share other information with TDL as described to you at the point of collection or otherwise with your consent. For more information about the privacy practices of TDL in relation to Tims® Financial, please see the Tims® Financial Privacy Policy..
- Hudson‘s Bay Mastercard powered by Neo: If your card is a Hudson‘s Bay Mastercard powered by Neo, you understand and agree that Hudson‘s Bay may collect, use, disclose and maintain your personal information, including your contact, account, transaction, credit, reward redemption, statement information, demographic and date of birth information, so that they can administer your membership in the Hudson‘s Bay Rewards Program, perform customer analytics, deliver personalized offers and experiences to you, provide you with goods and services, comply with legal and regulatory requirements, and as otherwise permitted by law. For date of birth information, Hudson‘s Bay may also use it to identify you if necessary. Visit the Hudson‘s Bay Company website for the most up-to-date version of the Hudson‘s Bay Company Privacy Policy..
- JA Money Card powered by Neo: We may share anonymized information with Junior Achievement Canada (“JA”) including demographic, transaction, and account information, so that they can analyze the performance of the JA Money Card.
- Cathay World Elite® Mastercard® powered by Neo: We may share your full name and transaction details with Cathay Pacific to maintain your Cathay loyalty membership and points rewards program. Cathay may collect, use, disclose and maintain your personal information including your full name, phone number, email address and locale, IP address, gender, country and membership ID to establish, administer and maintain your membership in the Cathay loyalty and points rewards programme. Visit Cathay Pacific‘s website for the most up-to-date version of the Cathay Pacific Privacy Policy.
- Neo Invest: When you apply for a Neo Invest account, we share your contact, identity, financial, transaction, online, counterparty, and third-party information with the portfolio manager, Onevest Wealth Management. We provide this information to the portfolio manager to open your account, and for regulatory reporting and compliance purposes. The portfolio manager‘s handling of your personal information is subject to its own privacy policy and is not governed by this Privacy Policy. We encourage you to review OneVest Wealth Management‘s Privacy Policy.
- Neo Mortgages: With your consent we may disclose your personal information, including personal information provided in connection with your mortgage application (as well as other information we receive from third parties, such as your credit history), to a prospective mortgage lender (e.g., a financial institution) for the purpose of processing your mortgage, including administering and servicing your mortgage, preparing documentation, verifying your identity, protecting you and Neo from fraud and error, and complying with legal and regulatory requirements. We may also disclose such personal information to any assignee or proposed assignment of the mortgage commitment, to an entity that funds, purchases, invests, or takes an assignment of all or part of your mortgage loan, including to facilitate such sale, to mortgage insurers, to consumer reporting agencies, to the title custodian, or to title insurance providers.
- Neo Rewards/Store: We may share your contact, identity, financial, online, transaction, counterparty and third party information with certain third parties as part of Neo Rewards™, Premium Rewards Package and Neo Store products for the purposes of providing rewards, products, attribution and fulfillment. To provide insights and analytics on rewards programs, we may share anonymized and aggregated information with third party merchants within our cashback program.
- Mobile Wallet Providers: If you choose to load your card into a mobile wallet, we may share your information with the wallet provider, Mastercard, and other service providers. Please see the Mobile Wallet Terms and Conditions
C. Legal and Compliance
In response to a search warrant to other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise required or permitted by applicable Canadian, U.S. or other law or legal process, we, and our Canadian, U.S., and other foreign service providers may share your information with regulatory bodies, courts, law enforcement, or other government institutions or payment networks. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.3. Your Choices.
Subject to limited exceptions under applicable law, you have the right to access, update, correct inaccuracies in, or port your personal information in our custody and control, to withdraw consent to our collection, use and disclosure of your personal information and request deletion of your personal information. You may do so by contacting our Privacy Officer at the address set out below at section 7. We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records.Neo strives to keep your personal information as accurate and complete as possible, based on the most recent information available to us. We will make reasonable efforts to minimize the use of inaccurate, incomplete or outdated personal information when making a decision about you. In order to ensure the accuracy of your personal information we may regularly review or update your information and keep records of when your personal information was changed or updated. We may verify the accuracy of your information when you contact us about your accounts.If your personal information changes, is inaccurate or incomplete, you have the right to correct or amend the personal information we have about you, subject to exceptions prescribed by law. You may find and amend your personal information through our Platform, or you can contact Neo‘s Customer Experience team at the number located on the back of your card, at https://www.neofinancial.com/contact, or by writing to our Privacy Officer using the contact details at the end of this Privacy Policy, in section 7. If necessary, we will disclose the revised personal information with third parties to whom we had disclosed inaccurate information.Where required and subject to exceptions by applicable law, upon your request, Neo will disclose what personal information we have in our possession, what it is being used for, and to whom it has been disclosed. To request this information, please contact our Privacy Officer using the contact details at the end of this Privacy Policy, in section 7.4. Safeguarding and Retention of Personal Information.
We use industry standard security practices and procedures to safeguard your personal information.
We use procedures, practices, and reasonable administrative, technical and physical measures appropriate to the sensitivity of personal information, to protect against loss, theft, unauthorized access, disclosure, duplication, use or modification.We restrict access to your personal information to those individuals and parties on a need-to-know basis and we regularly train our employees on best information-security and privacy practices.We use secure technical and physical security measures such as passwords, encryption, multiple step authentication, security monitoring software, and secure cloud storage and restricted access to our offices.When we transfer personal information to third parties for processing, we contract with these third parties to ensure that they safeguard personal information in a way that is consistent with our privacy principles, procedures, and practices. Third parties are given only the information necessary to perform the services set out in the contract.We limit retention of your personal information.
Except as otherwise permitted or required by law, your personal information will be retained for so long as is reasonably necessary to fulfill the purposes for which it was collected. We may keep your personal information along with other information about you in our records, even after your account is closed, for the purposes of complying with legal and regulatory obligations.5. Information About Our Privacy Governance Policies and Practices.
We are committed to protecting personal information and have implemented a comprehensive set of policies and practices that govern our treatment of personal information. These policies and procedures include, among other things, the following:- We have implemented policies and procedures to protect personal information in our custody and control from unauthorized access, use or disclosure.
- We follow a SOC 2 compliance program to ensure that our systems and infrastructures are securely controlled and effectively operated. Controls are reviewed regularly to ensure operating effectiveness and security.
- We regularly redact data when transmitting outside of secure segments or applications within our private network. We use encryption where necessary to further secure our data both at rest and while in transmission. In the event of a data breach, encrypted data cannot be viewed or otherwise used, and keys cannot be exported (i.e., stolen, breached, etc.) from our key management service by design.
- We have implemented processes to respond to data subject requests and complaints in a timely and effective manner.
- We have implemented a framework for the retention and destruction of personal information to ensure compliance with legal obligations, and to securely destroy personal information once no longer required.
- We have implemented a privacy framework that defines the roles and responsibilities for our employees with respect to the treatment of personal information. While all Neo employees share the responsibility of keeping your personal information safe, we have identified key internal leaders who are responsible for data within our business.
- We have designated a Privacy Officer who is responsible for overseeing Neo‘s compliance with privacy legislation, for advising Neo about our personal information and data protection obligations, as well as monitoring compliance. Our Director of Cybersecurity is responsible for the technical controls in place to manage your data and keep it safe. Our Director of Infrastructure is responsible for implementing information security systems and data storage.
- We provide our employees with regular privacy training and awareness.