The July 1st Access Credit Union merger is now complete. In order to perform integration activities leading up to the formal merge date, member personal information has been shared between the three entities in strict accordance with section 7.2(1) of PIPEDA as it relates to business transactions.
To help you understand how we collect, use, disclose and protect your personal information, please read through the information on these pages.
Our privacy statement may change over time, so we encourage you to check back here for the most recent version.
Why we ask for your information
We collect personal information when you become a member, as well as ongoing throughout our relationship to provide you with financial products and services, serve you effectively and meet regulatory requirements. We collect your personal information to:
- Verify your identity
- Establish you as our member
- Understand your needs and provide the financial products and services you request
- Determine your eligibility for products and services
- Communicate with you and respond to your inquiries
- Promote products and services that may be of interest to you
- Safeguard the financial interests of the credit union and its members by detecting and preventing fraud and other criminal activity
- Develop products and services
- Meet regulatory and legal requirements
What personal information we collect
For you to become a member and for every product or service requested, we require basic information like your name, address, and identification. We will only collect the information required and use it for the purpose(s) explained to you.
This is the information we require and why:
We ask for identity information including government-issued identification and utility bills to establish your identity and meet regulatory requirements.
We collect your mailing address to assist in establishing your identity and to send you information about your accounts. We ask for your phone number as another way to communicate with you and provide information in a timely matter. You may also provide us with your email address as an alternate form of communication.
Social insurance number (SIN)
We are required to collect your SIN for all products that earn investment income, if you open an RRSP, RRIF, or TFSA plan, and for tax residency self-certification to meet Canada Revenue Agency’s (CRA) reporting requirements. We also ask for your SIN to conduct personal investigations such as credit bureau inquiries. Providing your SIN for any purpose other than CRA reporting requirements is optional.
This helps us to identify you. We also use this information to determine your eligibility for products or services that are designed for a particular age group.
If you request credit products we ask for your financial information to determine your eligibility. We may also use this information to help us identify and offer other products and services to meet your financial needs.
We require health information to determine your eligibility for certain insurance products you request.
We request the following information from you to meet our regulatory requirements under the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). FINTRAC is Canada’s financial intelligence unit, whose mandate is to facilitate the detection, prevention, and deterrence of money laundering and the financing of terrorist activities.
If your legal address is different from your mailing address, we’re required to collect it.
Occupation, employer name, and address
Collecting this information helps us to determine your expected transactional activity. If you apply for credit products we also ask for this information to determine your eligibility.
Purpose of relationship and intended use
When you open a membership we’ll ask you why you chose Sunova and the type of transactions we can expect on your accounts. Knowing how you intend to use your accounts protects you and helps us monitor for fraudulent or illegal activities.
Politically exposed person or head of an international organization
We must determine whether you are a politically exposed person (PEP), head of an international organization (HIO), or a family member or close associate of someone who is a PEP or HIO.
When you open an account we’ll ask you if the account will be used by a third party. A third party is another individual who you are acting on behalf of or taking instructions from.
We ask you to complete a Canada Revenue Agency (CRA) declaration of tax residency when you open a membership or have a change of circumstances. We must attempt to determine the tax residency of our members to remain onside the Foreign Tax Compliance Act (FATCA) and Common Reporting Standards (CRS).
Accurate and complete information allows us to provide the best possible service. We will make a reasonable effort to keep your information accurate, current, and as complete as necessary for the purposes it was collected. We also rely on our members to ensure that certain information such as your name, address, and telephone number is accurate. If your information requires updating, please contact us so that we can make the changes in a timely manner.
We require your knowledge and consent to collect, use, or disclose your personal information, except as permitted or required by law. How you give consent may vary depending on the product or service requested and the information required. Express consent is most often given in writing when you sign applications or forms. You can also give express consent orally or electronically in certain circumstances. Implied consent is when we assume you have given consent based on an action you take or decide not to.
Consent may also be given through an authorized representative, such as a legal guardian or a person having power of attorney.
Limiting or withdrawing consent
You may limit or withdraw your consent at any time, subject to legal or contractual restrictions. Please be advised that by failing to provide consent or withdrawing your consent, we may not be able to provide the products and services requested or continue existing services.
Please contact us to discuss the consequences of withdrawing consent. We will provide the request form for you to complete and forward your written request to our Privacy Officer. We require a reasonable time period to process your request.
Members who provide their email, whether in-branch or online, may also give consent to receive our marketing emails. This is optional and you can unsubscribe at any time.
If you wish, members may opt-out of receiving promotional information from Sunova Credit Union (excluding promotional material sent with your statement) by completing our Privacy Exception Form and sending it to our privacy officer. For additional information, please contact your local branch.
How we collect information
Most of the information we collect comes directly from you and from product and service arrangements you make with or through us. We may also collect personal information from third parties such as credit reporting agencies, other financial institutions, public records, government registries or from references you provide.
These are some ways we collect personal information:
- On applications, agreements, and forms
- Through your ongoing interactions with us in branch, by phone, email, or chat
- If you submit a contact or appointment request on our website
- From affiliates or third parties
Telephone calls with our Help HQ representatives are recorded for quality assurance and training purposes.
When we use and share information
Sunova does not sell member lists or personal information to others. However, we may release personal information to parties outside Sunova in limited circumstances.
These are some examples of when we may share information:
- Within Sunova to manage your relationship with us
- With consent, we may disclose your credit history with us to other lenders if you apply for credit at another financial institution or to credit reporting agencies as part of the credit process
- With others who share ownership or liability for a product or service you have with us, such as a joint account holder or guarantor on a loan
- With your legal representatives
- In response to a valid subpoena, warrant, court order, or other legal demand or request. We will only disclose the information required or permitted by law.
- To comply with legal and regulatory requirements
- To help us collect a debt owed to us by you
- To an organization to prevent, detect or investigate fraud
- During an emergency that threatens the life, health or security of an individual
- To investigate an offence under the laws of Canada or another jurisdiction
- In order to complete a business transaction such as a merger with another credit union
- To a government institution or an individual’s next of kin or authorized representative when there is reason to believe a member has been, is, or may be the victim of financial abuse
- When permitted or required by law
In the course of doing business, personal information may be shared with affiliates, external agents or service providers that perform services on our behalf. We choose reputable companies, provide only the minimum amount of information necessary and use contracts and other measures to provide a comparable level of protection and compliance while information is being sent to or processed by them.
These services could include but are not limited to data processing, cheque orders, secondary support, marketing and administrative services. Service providers are not allowed to use your personal information for any unauthorized purpose.
In some cases, service providers may be located outside Canada. Personal information processed by these service providers is subject to legal requirements in Canada. Please note, personal information may be subject to and accessed under the laws of the jurisdictions in which these service providers operate.
What happens if your personal information is compromised
If there is an unauthorized disclosure of your personal information, we will notify you as soon as possible after completing our assessment and due diligence. If our assessment determines the breach creates a real risk of significant harm, we will report it to the Office of the Privacy Commissioner of Canada. Depending on the circumstances, we may also notify law enforcement, insurers, business partners, and other regulatory bodies in order to reduce the risk of harm. We may request assistance from credit reporting agencies, other financial institutions, or credit card companies if necessary to mitigate risk to the individuals affected.