Privacy Statement

Moneris maintains a comprehensive privacy management program (the “Privacy Management Program”) applicable to Moneris and some of our subsidiaries, complete with policies, practices and standards addressing information security, and the collection, use, disclosure, storage, and destruction of Personal Information held by Moneris. This Privacy Management Program includes:

• Appropriate safeguards to protect the Personal Information that Moneris collects, stores, and uses.
• Established processes for the maintenance of appropriate data management including, classification, record keeping and disposal/destruction systems for Personal Information and their related uses.
• Established processes to receive and respond to complaints or inquiries about our handling of Personal Information, our compliance with this Privacy Statement and applicable privacy laws.
• Clearly established roles and responsibilities of business groups and individuals for the protection Personal Information, and an accountability framework which is further described below.
• Yearly employee privacy awareness training.
• Regular assessments, audits, and revisions of our privacy practices to ensure they meet or exceed applicable legislative requirements, internal policies, industry standards and best practices.
• A process for the maintenance of a privacy incident management and reporting methodology for incidents involving the unauthorized collection, use or disclosure of Personal Information.

Our Chief Privacy Officer has been delegated the responsibility of ensuring Moneris’ compliance with applicable privacy legislation. The Chief Privacy Officer oversees the Privacy Management Program and is responsible for the governance and management of matters relating to privacy and Personal Information at Moneris. The Chief Privacy Officer leads our Privacy Office, which, together with our Legal team, is responsible for carrying out day to day privacy matters, monitoring compliance, raising awareness on responsible data usage and privacy respectful practices across the organization, and responding to questions or concerns.  The Chief Information Officer, the Chief Risk Officer, and their respective teams also play key roles in Moneris’ Privacy Management Program by ensuring that appropriate safeguards to protect the Personal Information (and other data) that Moneris collects, stores and uses are in place and effective.

From Existing and Prospective Merchants, Partners, and Other Moneris Customers

Moneris may collect the following Personal Information from existing merchants, prospective merchants,  partners, and other Moneris customers, to open and manage accounts, and to provide various products and services: 

• names;
• roles or positions;
• financial information;
• mailing addresses;
• email addresses;
• telephone numbers;
• birth dates; 
• banking information;
• recordings of calls to our call center to better serve our customers, ensure quality control, and for training purposes; 
• information about complaints; and
• certain other information that Moneris may collect with appropriate consent. 
We may obtain consent to collect personal and credit information from a credit reporting agency (including credit score). In limited circumstances, Moneris may seek consent to collect social insurance numbers to confirm identities with credit reporting agencies. 

As a Service Provider to our Merchants, Partners, and Customers

When acting as service provider to merchants, partners, or other customers, Moneris may have access to the Personal Information of their end-users (e.g., their payment card data). In such circumstances, Moneris relies on its merchants, partners, and other customers to ensure that they have the necessary authority and consent required by applicable privacy laws to provide their end-user’s Personal Information to Moneris. If you are Moneris merchant or partner’s customer, please refer to the merchant or partner’s own privacy policy or reach out to the merchant directly for more information about their privacy practices.

From Website Visitors 

Moneris also collects information from visitors to our websites. These practices are described under the heading “Cookies, interest-based advertising, and website data” below.

From Job Applicants

Moneris collects Personal Information from Moneris job applicants, including the information that applicants may include in their application materials (e.g., cover letter and CV) which typically will include contact information, employment history, references, and other information. With the express consent of certain applicants, Moneris (or a service provider acting for Moneris), may conduct background checks, such as reference and credit checks and a criminal record check. 

Moneris may collect Personal Information in several ways.

• Information provided directly to Moneris: Moneris collects Personal Information through its websites (e.g., through cookies), as well as, information directly provided via email, in person, or by phone, including where a person contacts our customer service lines or submits an inquiry. Moneris also collects information as part of providing products and services, from applications for services by existing and prospective merchants, applications for employment opportunities, and in relation to adjudication and onboarding processes.
  
  
• Information about Moneris merchants or potential merchants received through third parties: Moneris collects Personal Information that we receive from third parties, such as credit reporting agencies, financial institutions and references provided by its merchants as part of onboarding and offering merchants products and services, including to continue to understand our credit risks. Moneris also receives information about prospective and existing merchants from its partners, including sales and referral partners.
  
  
• Information received through Moneris merchants, partners and other customers about their customers: As a service provider to Moneris merchants, partners and other customers, Moneris may have access to Personal Information that we receive from merchants, partners, and other customers as part of a credit or debit transactions and related value-added services.
  
  
• Information about job applicants from third parties: Moneris collects the Personal Information of certain job applicants from their references and from service providers performing background checks such as credit and criminal record checks.

Moneris uses Personal Information for the following purposes:

• to provide products and services (including support) for our merchants, partners, and other customers;
• to assess the financial situation and credit risk rating of our merchants by collecting credit and other financial information from credit reporting agencies, financial institutions, and from references provided by our merchants (as part of the onboarding process and in relation to the ongoing provision of products and services);
• to meet obligations related or owed to credit and debit card issuers, payment card network associations (e.g., Visa, MasterCard, and Interac) or regulators (e.g., Bank of Canada, Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), or the Financial Consumer Agency of Canada (FCAC));
• to safeguard our products, services, systems, data and otherwise protect merchants, partners, and other customers in their dealings with Moneris;
• to detect and investigate potentially fraudulent or otherwise questionable activities linked to merchant accounts or use of other Moneris services;
• to respond to customer inquiries and investigate disputes;
• to communicate with Moneris merchants, partners, and other customers (e.g., via email or text message) to offer additional products and services that Moneris believes might interest them, including from our shareholder banks, Royal Bank of Canada and Bank of Montreal.
• to evaluate applications for employment at Moneris;
• to create aggregated, de-identified or anonymized data;
• to maintain quality customer service; and
• as otherwise required or permitted by applicable laws and regulations.

Before Moneris discloses Personal Information to a third party, Moneris ensures that the information will be safeguarded by appropriate information security practices, contractual provisions, and considers the legal framework of the jurisdiction where the Personal Information resides, in addition to other practices and considerations designed to protect Personal Information. Further, Moneris only discloses Personal Information to the extent required for third parties to perform their designated functions and those third parties are not authorized to use or disclose that Personal Information for their own purposes (e.g., marketing).

Third Party Service Providers

Moneris may disclose Personal Information to third party service providers to provide merchants, partners, other customers with a variety products and services. In some cases, our third party service providers may provide Moneris with services, in other cases, they may provide services on behalf of Moneris. Moneris may disclose Personal Information in relation to the following services:

• Technology services: Moneris may disclose Personal Information to certain providers of technology software and services, including cloud providers (e.g., for email, infrastructure, webhosting and storing data including call recordings), customer relationship management solutions, advertising, analytics and marketing providers, and call center solution providers (among others).

• Financial services: Moneris may disclose Personal Information to certain financial service providers such as collection agencies, debit and credit card issuers, payment card network associations and their members (e.g., Visa, Mastercard, or Interac), banks, credit bureaus, other financial bodies, and other participants in the payments ecosystem, to for example, provide payment services, evaluate credit worthiness, and in relation to requirements to comply with card brand rules, such as MATCH. 

• Advisory and other services: Moneris may also disclose Personal Information to lawyers, accountants, auditors, financial advisers, consultants, and other Moneris representatives. 


Affiliates and Partners

Moneris may disclose Personal Information to its subsidiaries and affiliates (e.g., information required by Moneris Services Corporation to service a merchant’s devices). In addition, Moneris may disclose Personal Information to its shareholder banks, Royal Bank of Canada and Bank of Montreal and their affiliates, as well as with our partners. 

Regulators, Courts, and Law Enforcement

Moneris and our Canadian, US and other foreign service providers may disclose Personal Information in response to a search warrant, other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement, contravention of law, or detecting, suppressing or preventing fraud, or as may otherwise be required or permitted by applicable Canadian, U.S. or other law or legal process. This includes disclosing Personal Information to regulators (e.g., Bank of Canada, Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), and the Financial Consumer Agency of Canada (FCAC)) and may also include lawful access by US or foreign courts, law enforcement or other government authorities. 

In addition, Moneris may also disclose Personal Information where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.

Corporate Restructuring and Financial Events 
Moneris may disclose Personal Information in connection with a proposed or completed merger, acquisition, sale (including as part of insolvency or bankruptcy proceedings) involving all or part of Moneris, as part of a corporate reorganization, or in relation to other changes in corporate control.

In providing services to merchants, partners, and other customers, Personal Information may be collected, stored, accessed, used or disclosed by Moneris or our service providers outside of the home province of the individual to which the information belongs, including outside of the Province of Quebec, and in countries outside of Canada (e.g., the United States, the United Kingdom, the European Union, India or the Philippines), for any of the purposes identified above. 
Moneris will continue to maintain protection of Personal Information in accordance with this Privacy Statement. 

Moneris has a dedicated Information Security team responsible for the implementation of physical, technical, and administrative safeguards to protect Moneris' information assets, including Personal Information. Moneris maintains policies and standards which provide direction for our information security practices, including by establishing clear roles and responsibilities for the protection of information. Moneris’ information security policies and standards align with relevant industry standards and frameworks including the Payment Card Industry (PCI) Standards, the National Institute of Standards and Technology Cyber Security Framework (NIST CSF), and other information security requirements specific to Moneris’ operations. Our security practices are periodically reviewed and updated, as are the technological tools we leverage to protect the confidentiality and privacy of Personal Information.

Moneris maintains its Payment Card Industry Data Security Standard (PCI DSS) compliant Level 1 service provider status and our compliance is reported to all major debit and credit card associations on an annual basis. While the PCI DSS and related standards are focused on safeguards for payment card data, they require additional protection measures of general application, such as password updates, malware protection, physical and logical access controls based on business need-to-know requirements, ongoing employee training and physical access measures all of which benefit the security of Personal Information in addition to payment card data.

Cookies

Moneris uses automatic data collection tools including cookies and web beacons (e.g., tracking pixels) on our websites. Web beacons allow us to determine whether a user accessed content on a webpage. A cookie is small piece of data that a website may store on your computer that a website may later retrieve to recognize a user’s computer or device when they return. As explained below, some cookies are set by Moneris while others are set by third parties on our behalf. For privacy purposes, Moneris uses the term “cookie” to refer to all of the technologies described above (including web beacons). 
Cookies may also be used by Moneris on its portals or in its products, and on Moneris hosted payment solutions (including on Moneris Check Out, Moneris GO products and services, Moneris Online and PAYD Pro Plus). 
Moneris uses cookies for the following purposes:

● Strictly necessary cookies. These are cookies that are required for the operation of our websites. They include, for example, cookies that enable you to log into secure areas of our website.

● Functionality cookies. These cookies are used to recognize you when you return to our websites. These cookies also help us better understand your browsing habits and behaviors so that we can personalize your experience on our website (for example, by remembering your choice of language or region) and show you content that is relevant to you. 

● Analytical cookies. Moneris may use third party cookies such as Google Analytics to help us gather and analyze information about the areas visited on the websites (e.g., the pages most read, time spent, search terms and other engagement data) to evaluate and improve the user experience and the websites. For more information or to opt-out using the Google Analytics opt-out browser add-on, see “How Google uses information from sites or apps that use our services” (https://policies.google.com/technologies/partner-sites).

● Advertising cookies. These cookies help us make the advertising displayed to you more relevant to your interests and help us measure the effectiveness of our advertising on other websites. Moneris works with third parties such as advertising networks that use their own cookies on our website and other websites to build a profile of your interests and provide you with tailored ads across the Internet. This common marketing practice is typically referred to as interest-based or online behavioural advertising. These advertising networks may collect information about your activity on our websites and other websites to make predictions about your preferences and deliver ads that are relevant to you on other websites (including on social media platforms). This information may also be used to evaluate our online advertising campaigns.
For more information about interest-based advertising and to understand your options, including how you can opt-out of receiving interest-based ads from third party advertising companies participating in the Digital Advertising Alliance of Canada (DAAC) Self-Regulatory Program for Online Interest-Based Advertising, please visit the DAAC website at: http://youradchoices.ca/choices.

● Other cookies. As part of a product or service that we offer to merchants, partners, and other customers, we, or our third parties, may also use cookies, for example, for risk management tools, such as Kount^®, or other add-on services offered by Moneris. 

How to Adjust Your Cookie Preferences

When you first visit a Moneris website, a cookie notice will appear and require you determine which cookies you wish to allow. You can adjust your cookie preferences at any time by clicking on the cookie icon located in the bottom left corner of your browser anytime you are on a Moneris webpage. 

You can customize your cookie preferences by enabling or disabling categories of cookies, or you can choose not to accept cookies by adjusting your browser settings. Should you choose not to accept cookies, some areas of the websites or our services may not function properly or optimally.

If you opt-out of interest-based advertising on our website, you will still see ads from us but the ads may be less relevant to you and your interests. In addition, various tracking technologies may still collect data for other purposes, including for analytics. To successfully opt-out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each computer you use. Once you opt-out, if you delete your browser’s saved cookies, you will need to opt-out again. If you are connecting from Quebec, you will be opted out unless you explicitly opt-in.

Website Data

Moneris collects the Internet Protocol (IP) addresses of all visitors to our websites and other information such as page requests, browser type, operating system and average time spent on our website. We use this information to help us understand our website activity and to improve our websites.

Marketing Communications

If you are a Moneris merchant, partner, other customer, have made an inquiry with us, have been referred to us by one of our partners, or have opted to receive marketing, promotional, and other commercial messages from Moneris, we may send you electronic messages (such as emails or text messages). If you prefer not to receive these types of electronic messages you may opt-out, or update your email preferences by clicking the “Unsubscribe” link contained in any such message or you can click here (https://www.moneris.com/en/forms/unsubscribe-form).  

From time to time, Moneris may contact existing and potential merchants and customers to offer products and services that may be of interest. If you do not wish to receive such calls or would like more information about these calls, click here (https://www.moneris.com/en/about-moneris/do-not-call).

Right to Access, Correct, and Rectify Personal Information

If Moneris has your Personal Information, you may request to access, update, or rectify that information by contacting us using the contact information set out at the bottom of this page. In some cases, we may refer your request to the relevant merchant, partner or third party. Please note that the right to access, update or rectify certain information may, by law, be subject to exceptions or restrictions.

Moneris strives to keep Personal Information accurate, complete, and up to date to fulfill the purposes which were disclosed to you when you consented. We will rectify information that is inaccurate or incomplete. To do so, we must collect Personal Information for the purposes of verifying your identity. 

If you are a Moneris merchant, you can log into your Merchant Direct account to access, update or correct some of your information. Otherwise, to obtain more information about your account or to access, update or correct some of your information, you can contact our customer services lines at 1-866-319-7450.

Withdrawing Consent

You have a right to withdraw consent for the collection, use, and disclosure of your Personal Information at any time, subject to legal and contractual restrictions, and on providing Moneris with reasonable notice. If you choose to withdraw your consent, Moneris may be unable to offer you some or all our products and services.

Moneris will update this Privacy Statement from time to time to reflect changes in our Personal Information practices. Any changes to our Privacy Statement are effective as of the modification date noted above, unless otherwise stated. 

If you have a question, concern or complaint related to this Privacy Statement, Moneris' Personal Information processing practices (including our use of service providers outside of your jurisdiction), or wish to exercise applicable rights relating to Moneris’ collection, use or disclosure of your Personal Information, please contact Moneris’ Privacy Office at:

Moneris Chief Privacy Officer
3300 Bloor Street West
Toronto, ON M8X 2X2
Phone: 1-844-663-2948
Email: [email protected]