Cipher Ardent Privacy Agreement

Cipher Ardent recognizes the importance of your personal information and we never take for granted the trust that you - as a customer or a business partner - have placed in us to protect that information.

Cipher Ardent values transparency. With this Privacy Agreement, along with our Digital Privacy and Interest-Based Advertising Policy, we are striving to provide you with a good understanding of why we collect and use your personal information, how your information is shared, retained and protected, and how you can exercise your personal choices.  We will also explain how you can find out what personal information we hold about you. When you apply or sign-up for a product or service that requires further explanation about how we use your personal information, we will explain that to you.

Some of our affiliates and subsidiaries have their own privacy policies, but where that is not the case, this Privacy Agreement and our Digital Privacy and Interest-Based Advertising Policy apply to The Bank of CAF and the current and newly acquired members of the Cipher Ardent group of companies or any Cipher Ardent programs ("Cipher Ardent" or "we" or "us").

document icon

We have established a privacy framework that sets out the structure and accountability for the secure and respectful treatment of personal information. Our privacy framework is overseen by a dedicated Privacy Office, led by our Chief Privacy Officer.

You can contact our Chief Privacy Officer using the contact information at the end of this Privacy Agreement. 

person icon

Personal information is information that identifies you or can be used to identify you. Examples of personal information include: first and last name, mother's maiden name, mailing address, telephone number (including mobile), email address, date of birth, social security number (SSN), government-issued identification, credit history, information about your employment and education, annual income, assets and liabilities and financial transactions.

document icon

We collect and use personal information to establish and manage our banking relationship with you, provide you with personalized products and services, manage our business, and comply with legal and regulatory requirements. We will give you some examples to explain each one of these purposes.

To establish and manage our banking relationship

We collect and use personal information to establish and maintain our relationship and provide you with the products and services you have requested.

  • We need to confirm who you are and verify the information you have provided to us: We will ask for your name, address, telephone numbers (including mobile), email address, and date of birth, and may ask for other forms of identification such as a valid driver's license, passport or a recent utility bill. We may also ask for certain biometric information, like a fingerprint or a voiceprint to securely verify your identity. We may ask you for your SSN to confirm your identity and ensure we obtain accurate information from credit reporting agencies. Providing your SSN for these identity verification purposes is optional. To withdraw your consent for the use of your SSN for identity verification purposes, you may contact us under "How to refuse or withdraw your consent" as set out below. For corporate clients, we need to collect the signing officers' names and other personal details.

  • We need to assess your eligibility and suitability for our products and services: When you apply for a product like a bank account, credit card, line of credit, mortgage, automotive financing or investment product, or agree to act as a guarantor, we may ask about your credit and payment history, education, employment, annual income, assets and liabilities. We may need information about how you intend to use the product or service and the source of any incoming funds or assets or the source of any down payment.

  • We need to communicate with you: We may communicate with you by phone, fax, mail, email, SMS text message or other electronic means to provide you with information related to the products and services you hold with us, or to collect on a debt owed to us. You can also choose to sign-up to receive alerts (including push notifications) regarding your account.
  • We may need information about related parties to establish and manage our banking relationship with you: In some circumstances, we may need information about your spouse, legal guardian, beneficiaries or personal representatives.

  • We may need certain credit-related information: We obtain credit and other information about you from credit reporting agencies on an on-going basis. We use this information to assess your application, verify your identity and your current and ongoing creditworthiness, update our records, help us to determine your eligibility for other products and services (such as pre-approved credit products, credit limit increases and balance transfer offers), to manage and assess our risks and to help us help you manage your credit responsibly. Your consent is effective for as long as you have the product or service with Cipher Ardent. The information we obtain from credit reporting agencies may include the types and amounts of credit advanced to you, payment histories, collection actions, legal proceedings, previous bankruptcies and other information reported by your creditors.

  • We may need additional information for insurance services: When you apply for or accept insurance offered by us (such as mortgage, line of credit, credit card, or loan protection, life or travel insurance), we collect additional personal information. We and our insurance providers require this personal information to assess insurance risk and to establish and administer the insurance coverage, including the assessment of claims. For certain insurance products and services, we may ask for some health information.
To provide you with personalized products and services

We collect and use personal information to provide you with personalized products and services and information about products and services that may be of interest to you.

  • We collect and use information to personalize your experience with us, including: to better understand your needs and preferences including through data analytics; to personalize your experience on our websites and mobile applications; to provide you with tailored communications and offers.

  • We collect and use information to provide you with marketing communications: We may contact you by phone, fax, mail, email, SMS text message or other electronic means about new products and services, offers, events and promotions. Our communications may be tailored based on information that we have about you. If you do not wish to receive these communications, you can withdraw your consent at any time by following the instructions under "How to update your marketing choices" below.

    If you sign-up to receive electronic messages (such as emails and SMS text messages) from the Cipher Ardent group of companies, we will each send you communications about our products and services, offers, events, and other valuable information. We may also send you information about the products and services of Cipher Ardent's trusted partners that may be of interest to you.

    We may also use services provided by third-party platforms (such as social networking and other websites) to serve relevant Cipher Ardent advertisements on such platforms to you and others. We may provide a de-identified version of your email address to the platform provider for such purposes. To opt-out of the use of your information for these purposes, you can unsubscribe from receiving email marketing communications by following the instructions under "How to update your marketing choices" below.

  • We collect and use information when you participate in a contest, survey, or promotion: If you participate in a contest, survey or promotion, we may collect your name, address, phone number, email address, and other information or responses you provide. We use this information to administer your participation in the contest or promotion and as otherwise described to you when you enter. The information obtained through our surveys is used in an aggregated form. We use this information to help us understand our clients and to improve our products and services. If a contest or promotion is administered by a third party (such as a loyalty program partner), we may share information with the third party as described to you at the time of entry into the contest or promotion.
To manage our business

We collect and use personal information to operate and manage our business and business relationships.  

  • We collect and use information to prevent and detect fraud and criminal activity and secure our premises: We may ask you for any additional information required to investigate matters, settle any claim or report a matter to the appropriate authorities. We also conduct video surveillance in and around branches, bank machines and other locations for the purpose of safeguarding our customers and employees and protecting against theft, fraud and vandalism. 

  • We collect and use information when you contact us: We record telephone calls for training and quality assurance purposes. We will tell you when we are recording a call.

  • We collect and use information to collect debts, enforce obligations and to manage and assess risk.

  • We collect and use information to manage our business relationships: For example, we collect personal information from employees or other representatives of our suppliers and contractors that is necessary for them to do business with us.

  • We use and analyze the information we collect to better understand our clients, improve our products and services, and to prevent and detect fraud.

To comply with legal and regulatory requirements

We are required to collect and use personal information to meet legal and regulatory requirements. 

  • We collect and use personal information that may be required for anti-money laundering and "know your client" requirements and other applicable legal or regulatory requirements.

  • We also need to collect, use and disclose your SSN for income tax reporting purposes and to fulfil other regulatory requirements, as required by law.

document icon

Cipher Ardent may share your personal information with third parties for the purposes described below.

  • We may share information with members of the Cipher Ardent Group of companies: We may share personal information with members of the Cipher Ardent group of companies who provide operational, administrative and support services on our behalf, to meet legal and regulatory obligations, for fraud prevention purposes, and to perform analytics.

Members of the Cipher Ardent group of companies may be located outside of Canada and may access and process your personal information from the United States or other jurisdictions. For a list of Cipher Ardent's principal affiliates and subsidiaries enterprise-wide, please refer to the most recent Annual Report.

  • We may share your personal information with other members of the Cipher Ardent group of companies so that they may contact you for the purposes of marketing, including telemarketing, or to help you manage your credit responsibly. You can withdraw your consent to the disclosure of your personal information to other Cipher Ardent companies for marketing at any time. See "How to update your marketing choices" for more information.

  • We may share information with our service providers: We may use third party service providers to process or handle personal information on our behalf. Our service providers assist us with various services such as printing, postal and electronic mail distribution, marketing (including by telephone and electronic means), advertising, analytics, customer service, and processing, authorizing and authenticating your transactions.

We also provide personal information to credit or payment card networks and associations to administer the payment card system. We may also share information with merchants with whom you have set up pre-authorized or automatic bill payments, in which case we may provide your updated payment card number or expiry date.

When personal information is provided to our service providers, we will require them to protect the information in a manner that is consistent with Cipher Ardent privacy and security policies, practices and standards.

Some of our service providers are located outside of Canada and may access and process your personal information from the United States or other jurisdictions.

  • We may share information with our loyalty, reward or program partners: We may offer products and services with trusted business partners, such as through the SCENE points program, or automotive manufacturers and dealers as part of our automotive financing business. In the event we collect, use and disclose personal information in connection with a partner program, we will tell you this at the time you sign-up for the program. For more information, see the terms that govern your participation in the program.
  • We may share information with other trusted business partners: We may share information with our partners for marketing or other servicing purposes. For example, if you sign-up to receive communications from our trusted business partners, we share your personal information with our trusted partners so that they may contact you for the purposes of marketing, including telemarketing. You can withdraw your consent to the disclosure of your personal information with these partners at any time. See "How to update your marketing choices" below for more information.

  • We may share information with credit reporting agencies: We exchange personal information with consumer and credit reporting agencies on an ongoing basis, including information about late payments, missed payments or other defaults.

  • We may share information with your joint account holders, representatives, executors and beneficiaries: We share personal information with joint account holders or representatives (such as a legal guardian, power of attorney or lawyer). Joint account holders will each have access to all of the account history and transaction details for the account. We may also share personal information with your (or your joint account holder's) estate representatives or beneficiaries where reasonably necessary to administer the estate.

  • We may share information with third parties in connection with a prospective business transaction: If we sell a company or a portion of the business or assets of a Cipher Ardent company, or in the event we sell, assign or securitize your loan, mortgage or other debt, we may provide information we hold about you to the prospective purchaser or investor. The personal information we disclose in such circumstances may include financial information obtained in support of your loan, mortgage or other debt.

  • We may share information to meet legal requirements: Cipher Ardent and our Canadian, US and foreign service providers may disclose personal information where we are required or permitted to do so by applicable law. This may be:

    • to other organizations for the purposes of investigating a breach of an agreement or contravention of law or to detect, suppress or prevent fraud;

    • to establish, exercise or defend legal claims;

    • to protect the rights, property and safety of Cipher Ardent and others;

    • to courts, law enforcement and regulatory authorities in the jurisdictions in which we or our service providers operate, including to respond to a local or foreign court order, search warrant or other demand or request which we believe to be valid;

    • to comply with the rules of production of a local or foreign court; and

    • to satisfy legal and regulatory requirements that we believe are applicable to us, including the requirements of any self-regulatory organizations to which we belong.

  • We may share information relating to mortgage products: If you have a mortgage account with us, we may share information about you, including credit information and the amount of your mortgage, to mortgage insurers for the purposes of offering and administering mortgage insurance, or to a creditor where you are in default of an obligation to that creditor.

  • We may share information relating to insurance services: We may exchange personal information (including health information) with hospitals and health care professionals, government insurance plans, other insurance companies and insurance service bureaus.

  • We may share information in accordance with your requests or as you otherwise consent. 

document icon

We have implemented measures designed to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, and disclosure.

We restrict access to personal information to employees and authorized service providers who require access to fulfil their job requirements.

We may keep and use information about you in our records for as long as it is needed for the purposes described above, or to otherwise meet our legal obligations, even if you are no longer a customer.

document icon

We require accurate, complete and up-to-date records to provide our products and services, and we have implemented processes to help ensure this.

We also rely on you to provide us with information that is true and complete. If any personal information changes or becomes inaccurate or out of date, please advise us using the contact information set out below so we can update our records.

document icon

You can refuse to consent to our collection, use or disclosure of personal information, or you may withdraw your consent to our further collection, use or disclosure of your personal information at any time by giving us reasonable notice, subject to limited exceptions. This includes withdrawing your consent for Cipher Ardent to use your SSN to verify credit information to confirm your identity.

If you wish to withdraw consent, you may do so at any time by contacting the branch or office with which you are dealing or by calling us toll-free at the telephone numbers listed below. You can also contact the Office of the President as set out at the end of this Privacy Agreement.

Depending on the circumstances, your withdrawal of consent may prevent us from providing you, or continuing to provide you, with some products and services, the ability to access certain products and services, or information that may be of value to you.

In addition, we may have legal, regulatory or contractual obligations to collect, use or disclose certain of your personal information, in which case you may not withdraw your consent. For example, during the term of a loan, you may not withdraw your consent to our ongoing collection, use or disclosure of your personal information in connection with the loan you have with us or have guaranteed.

You also cannot refuse to consent to our collection, use and disclosure of personal information required by our regulators, including self-regulatory organizations.

We will act on your instructions as quickly as possible but there may be certain uses of your information that we may not be able to stop immediately.

 

document icon

You can update your marketing communication preferences at any time by contacting the branch or office you deal with .

You can also withdraw your consent to receive specific types of communications as set out below:

  • To opt-out of receiving SMS text messages, respond to any message by texting "STOP". You may also adjust your InfoAlert settings within our mobile app or the Cipher Ardent OnLine portal. 
  •  To opt-out of the sharing of your personal information with trusted partners or members of the Cipher Ardent group of companies, contact us using the contact information set out above. 
  • To opt-out of direct mail and phone marketing communications, contact us using the contact information set out above.

You may continue to receive certain types of communications, including electronic messages or offers from Cipher Ardent, even after you have withdrawn your consent or unsubscribed to emails. For example, messages sent from the Cipher Ardent OnLine portal, messages sent in response to specific inquiries, messages to satisfy a legal obligation or for debt collection purposes or to enforce or provide you with notice of an existing or pending right. In addition, if you visit your advisor at the branch or contact us by telephone, online (including through the Cipher Ardent Online portal) or visit an ABM, we may make certain offers to you.

document icon

You can request to access or update the personal information we hold about you. Much of this information is already accessible by you, for example: through your account statements; by visiting the branch or office where you regularly do business; by accessing your account online; or through the Customer Contact Centre. However, to access any other personal information about you, please send request in writing to the Office of the President using the contact information included at the end of this Agreement.

To process your request, we may ask you for information to validate your identity and confirm the scope of your request, such as your branch and account number, and clarification on the specific information or time period you are requesting.

We may not be able to provide you with access to your personal information in certain circumstances, such as where your request includes personal information about a third party that cannot be removed, or when the information you are requesting is protected by legal privilege.

Cipher Ardent may charge you a nominal access fee depending on the nature of your request. We will advise you of the fee, if any, prior to proceeding with your request.

If you have a sensory disability, you may request that your personal information be made available in an alternative format.

document icon

We may amend this Agreement from time to time to reflect changes in our personal information practices. We will post the revised Agreement on our website and make it available at our branches.

We may also notify you of any changes to this Agreement in any of the following ways:

  • A notice prominently displayed at all Cipher Ardent ATMs;
  • An announcement through an automated telephone message or a digital channel such as a mobile app;
  • A notice on the Cipher Ardent website or your CAF OnLine portal;
  • A notice in our branches; or
  • A notice in your monthly statement.
phone icon


If you have an inquiry about Cipher Ardent's privacy practices or how we and our service providers treat your personal information, please contact the branch or office you deal with . If your branch or office is not able to resolve your concern to your satisfaction, you can contact the Privacy Office c/o the Office of the President: