MCAP Privacy Code - Our Commitment To You
MCAP’s Privacy Philosophy
The MCAP Group of Companies is committed to fairly and lawfully collecting and maintaining accurate personal information and to protecting the confidentiality of all personal information that we collect, retain, use or disclose to others in the course of our business activities.
Our Continuing Commitment To You
Protecting the privacy and confidentiality of personal information has always been fundamental to the way we do business at MCAP. We strive to meet or exceed all the privacy standards established by federal, provincial and industry authorities in all our dealings with past, current and prospective customers.
We Live By It – Everyday
As a condition of their continuing employment, every MCAP employee annually signs a declaration acknowledging their agreement to be bound by the MCAP Code of Business Conduct, which includes both references to MCAP policies, such as this Privacy Code (the “Code”), and a confidentiality section obligating them to maintain the confidentiality of information both during and after their employment with MCAP.
MCAP has appointed a Privacy Officer and has established a Complaints Procedure to ensure compliance with this Code.
What Is Personal Information?
Personal information is information that identifies you as an individual. It includes your name and address, age and gender, also your personal financial records, identification numbers including your social insurance number, personal health information, personal references, and employment records.
What Is In This Code?
This Code has been developed to meet the standards set out in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and similar provincial legislation. The Code describes the principles MCAP will use to protect the privacy of personal information we possess about our clients, including sole proprietors and individuals carrying on business in a partnership, and establishes ethical and fair information management practices with respect to personal information collected, used or disclosed by the MCAP Group of Companies. The Code informs customers, be they borrowers, depositors or our investors, and our business associates, how personal information is handled within the MCAP Group of Companies.
Application Of This Code
This Code applies to all MCAP directors, officers, and employees with respect to any personal information in the possession or control of any of the MCAP Group of Companies, including MCAP Commercial LP, its general partner, 4223667 Canada Inc., MCAP Financial Limited Partnership, its general partner, MCAP Financial Corporation, MCAP Service Corporation, MCAP Leasing Limited Partnership, its general partner, MCAP Leasing Inc., and MCAP Corporation. Reference throughout this Code to “MCAP”, “the Group”, “we”, “our” and “us” includes all of the above entities.
This Code does not apply to information about business customers carrying on business as corporations, partnerships or in other forms of association. The confidentiality of information with respect to those entities is protected at MCAP by our adherence to the applicable laws, our contracts with our business customers, MCAP’s Code of Business Conduct and MCAP’s other internal policies. This Code does, however, apply to information about officers, staff or principals of corporate clients, such as those providing personal guarantees of corporate loans.
MCAP’s Relationships With Other Investors / Lenders
MCAP is in the business of providing various financial services to its customers. This includes originating, underwriting and funding mortgage loans or leases to borrowers, primarily with monies provided to MCAP from institutional lenders / investors, who contract for MCAP to provide those services and to administer, manage, and collect payments on those loans or leases on their behalf and to report to them on the status of those financial assets.
The vast majority of funding through MCAP actually comes from these other investors / lenders. Given our requirement to report to these beneficial owners of the loans, MCAP must be able to disclose to them various personal information relating to the loans. This is why our documentation, such as our applications and commitment letters, contain your acknowledgement and consent to so disclose. We do so based on that consent and in accordance with this Code.
The Reasonable Person Approach
PIPEDA is really about sound information management practices. It requires an ethical, common sense, “reasonable person” approach to requesting, validating and maintaining personal information as a part of our business activities. Confidentiality is a sensitive topic. Many Canadians have raised concerns about the privacy of their personal information. Within MCAP we strive to understand what customers, clients and investors deem to be reasonable and then apply the principles in this Code.
MCAP’s Privacy Principles
MCAP endorses and has adopted the privacy principals set out in full in Schedule 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA), and can be found here: Link. These privacy principles embody sound and prudent information management practices. These practices will provide the necessary assurances that personal information obtained and utilized by MCAP in the course of its business activities will be accurate, held in confidence and be retained in a secure environment.
Below is a brief summary of how MCAP will adhere to the PIPEDA Principles.
Principle 1 — Accountability
MCAP takes responsibility for protecting and maintaining personal information under its control and has appointed a Privacy Officer to ensure compliance with these principles and PIPEDA.
Principle 2 — Identifying the Purposes for Collecting Personal Information
MCAP will identify and disclose the reasons for which personal information is collected and used by MCAP at or before the time the information is collected.
Principle 3 — Consent
MCAP will obtain an individual’s informed consent for the collection, use or disclosure of personal information by MCAP, except as otherwise required or permitted by law.
Principle 4 — Limits to the Collection of Personal Information
MCAP will limit the amount and type of personal information collected to that, which is necessary for its intended purposes. Personal information will be collected by fair and lawful means.
Principle 5 — Limits to the Use, Disclosure and Retention of Personal Information
MCAP will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual, or as required or permitted by law. Personal information will be retained only as long as it is necessary to fulfill those purposes.
Principle 6 — Accuracy
To minimize the possibility of inappropriate information being considered in its decision-making processes, MCAP will keep personal information as accurate, complete, and up-to-date as necessary for its intended purposes.
Principle 7 — Safety & Security
MCAP will maintain appropriate safeguards to protect personal information from loss or theft, unauthorized access, disclosure, copying, use or modification regardless of the format in which it is retained.
Principle 8 — Openness
MCAP will inform its customers, clients and employees about its policies and procedures regarding the management of personal information. MCAP will ensure that these policies and procedures are easily understood and readily available.
Principle 9 — Individual Access
Upon request, MCAP will inform an individual of the existence, use and disclosure of his or her personal information and will provide the individual access to that information to verify and or update its accuracy and completeness.
Principle 10 — Handling Inquiries
An individual will be able to direct an issue or concern regarding compliance with the above principles, or MCAP’s practices to MCAP’s Privacy Officer or to other accountable employees.
What Information Does MCAP Collect?
MCAP collects only the information that is needed for or related to the business purpose or product being requested.
MCAP obtains personal information about you primarily from you. MCAP may also obtain additional information from other sources with your consent. For example, when you apply for a mortgage, MCAP asks you to authorize us to obtain a credit bureau report on you (if you have not already so authorized your mortgage broker), and to collect and verify your personal information with the credit bureau, credit insurers, your employer, personal references, and other lenders. If you do not authorize us to obtain your credit bureau report, and to verify your personal information, our standard lending practices may not allow us to provide you with a positive response to your mortgage request. When you are applying for other products or services, such as a debenture, MCAP will also ask you for your social insurance number so we can report, for taxation purposes, interest earned.
Why And What Type Of Information Is Collected
MCAP wants to work with you to help you achieve your goals, to provide you with value-added service on an ongoing basis, and to establish a lasting relationship with you as your needs grow and change. The better MCAP knows you, the better we are able to serve you. MCAP therefore asks you for your personal information for the following purposes:
- to identify you, thereby protecting us both from error and fraud;
- to understand your needs;
- to determine the suitability of our products and services for you;
- to determine your eligibility for our products and services;
- to provide you with information and offers on our products and services, or those of our business associates, that MCAP believes may be of interest to you, and
- to comply with applicable laws.
There are some purposes, which are self-evident. For example, if you are applying for a mortgage, MCAP asks for information concerning your credit history and for personal references, which MCAP may use to verify the information you provided and to underwrite your loan application. MCAP may also obtain information about you from other sources in order to better understand and meet your needs and goals.
In general, you can choose not to provide us with some or all of your personal information. However, you must understand that if you make this choice, MCAP may not be able to provide you with the product, service, or information that you requested or that was or could be offered to you.
MCAP will make sure you are aware of the purposes for collecting information when you apply for any of our products or services. Self-evident purposes should be clear, but if you have any questions, just ask us. If a new purpose for using your personal information develops, MCAP will ask for your consent again.
Disclosure Of Personal Information Outside Of MCAP
MCAP has a strict policy of not releasing personal information about our customers, subject to the important exceptions discussed below.
The most common reason for release of your personal information is that you have given your consent. For example, when you apply for a mortgage and accept our commitment letter, you give your consent to the exchange of information about you with a credit bureau, other credit grantors, credit insurers including mortgage and portfolio insurers and other lenders who invest in or fund our mortgage and lease financing products.
Other reasons may include if we have a legal obligation, such as a court order, or if we need to protect assets (e.g. collection of overdue accounts) or the public’s interest. For example, we may release personal information about a customer to legal authorities in cases of criminal activity, or for the detection and prevention of fraud. If we release information for any of these reasons, we keep a record of what, when, why and to whom such information was released.
We do not keep a record of why your personal information is disclosed to third parties for routine purposes such as reporting to Canada Customs and Revenue Agency (T5 and other reports), regular update reports to a credit bureau, credit insurers and investors / lenders, and reporting to third parties when cheques are returned NSF (i.e. for insufficient funds).
Any health information that you may provide for credit insurance purposes (i.e. mortgage life insurance) is forwarded only to the insurer in question and is not used by us for any other purpose.
MCAP does not sell lists of our customers to others for their use, although institutional investors who have funded your loan and for whom MCAP provides mortgage administration services are entitled, as per your consent in our commitment letters, to receive your personal information.
Sharing Your Personal Information
Your personal information is shared, to the extent permitted by law, and to the extent necessary to provide you with the best service, within the MCAP Group of Companies and our institutional business affiliates in order to provide mortgages, debentures, insurance and other products and services. This sharing is limited to a “need to know” basis. With our various departments having a more comprehensive understanding of your requirements, we are better able to meet your needs as they grow and change.
MCAP routinely collects and collates anonymous, non-personal information that is not traced back to a specific individual or business client. This includes individual and cumulative transaction and settlement records with our various investors. This type of information is considered necessary and consistent with the MCAP business activity.
Exceptions To The “No Collection, Use Or Disclosure Without Consent” Rules
The limited exceptions, applicable to MCAP, relating to obtaining consent for the collection, use or disclosures of personal information include the following:
MCAP is authorized by PIPEDA to collect personal information without the knowledge or consent of the individual where:
- collection of the personal information is clearly in the interests of the individual and consent cannot be obtained in a timely manner;
- it is reasonable to expect that collection of the personal information with the knowledge or consent of the individual would compromise the availability or accuracy of the information and the collection is reasonable for purposes of investigating a breach of an agreement or contravention of federal or provincial law; or
- the information is publicly available and is specified by regulations issued by federal legislation.
MCAP is authorized by PIPEDA to use personal information, without the knowledge or consent of the individual, in circumstances including where:
- the personal information was originally collected without consent, express or implied, and collection was clearly in the interests of the individual and consent could not be obtained in a timely manner;
- the information was originally collected without consent, express or implied, in circumstances where collection with the knowledge and consent of the individual would compromise the availability or accuracy of the information and the collection was reasonable for the purposes of investigating a breach of an agreement or a contravention of federal or provincial law;
- MCAP has reasonable grounds to believe the information could be useful in the investigation of a contravention of federal, provincial or foreign law, that has been, is being, or is about to be committed, and the information is used for the purpose of investigating that contravention;
- it is used with respect to an emergency that threatens the life, health or security of an individual;
- it is used for statistical, or scholarly study or research purposes, under limited conditions approved by the Privacy Commissioner; and/or
- the information is publicly available and is specified by the Regulations to PIPEDA.
PIPEDA authorizes MCAP to disclose personal information without the knowledge or consent of the individual in circumstances including if such disclosure:
- is made, within the Province of Quebec, to an advocate or notary or, in any other province, a barrister or solicitor who is representing MCAP;
- is for the purpose of collecting a debt owed by the individual to MCAP;
- is required to comply with a subpoena or warrant issued, or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;
- is made to a government institute that has identified its lawful authority to obtain the information, and which has indicated
- it suspects the information relates to national security, the defense of Canada, or the conduct of international affairs, or
- disclosure is requested for the enforcement of federal, provincial or foreign law, carrying out an investigation relating to such enforcement, or gathering intelligence for the purpose of such enforcement, or
- disclosure is requested for the purpose of administering a federal or provincial law;
- is made to an investigative body or government institution on the initiative of MCAP, and relates to a breach of an agreement or a contravention of federal, provincial or foreign law; or where MCAP suspects the information relates to national security, the defense of Canada or the conduct of international affairs;
- is made because of an emergency that threatens the life, health or security of an individual and MCAP informs the individual without delay of the disclosure; and/or
- is made for statistical or scholarly study and research purposes, under limited conditions, approved by the Privacy Commissioner.
Safeguarding Of Personal Information
Your personal information is secure within MCAP. We have comprehensive security controls to protect against unauthorized use, alteration, duplication, destruction, disclosure, loss or theft of, or unauthorized access to, your personal information.
MCAP may use other companies to provide services to you on our behalf, such as the printing of correspondence, storage of your files in a secured environment or to conduct customer satisfaction surveys on our behalf. In such cases, we will have contracts in place holding these companies to the same high standards of confidentiality by which we are governed and requiring that any information provided by us must be kept strictly confidential and used only for the purposes of the contract.
MCAP also has agreements in place with credit insurers and other institutional investors / lenders, which also require that any information provided by us must be maintained in strict confidence.
MCAP ensures the physical, organizational and electronic security of your personal information through the use of secure locks on filing cabinets and doors, and restricted access to our information processing and storage areas. MCAP limits access to relevant information to authorized employees only, and through the use of pass keys and computer passwords and, where necessary, the encryption of electronically transmitted information.
MCAP has procedures in place when destroying, deleting or disposing of personal information when it is no longer required for the purposes as set out in this Code, or by law, to prevent unauthorized access to such personal information.
Retention Of Your Personal Information
MCAP only keeps your personal information for as long as we need it to meet the purposes set out in this Code. The length of time we retain your personal information is also affected by: (1) the type of product or service you have from us, and (2) any legal requirements we may have to meet such as regulatory file retention periods or for being able to respond to any concerns you may have even if you are no longer a customer of ours.
Opt Out Policy
You can choose not to provide us with some or all of your personal information. This may, however, severely restrict the products and services MCAP can then provide. You can also withdraw your consent to our use of your personal information, as long as you give us notice in writing, addressed to:
“MCAP Privacy Information”
Suite # 400 200 King Street West
Toronto, ON M5H 3T4
- withdrawing your consent does not result in our or your inability to fulfill your financial (mortgage / debenture / lease) contract already in place with us; and
- your consent does not relate to a credit product we have granted to you, where we are required to collect and exchange some or all of your personal information on an ongoing basis, with credit insurers, other investors / lenders, or a credit bureau or to maintain the integrity of the credit-granting system and the completeness of information held by a credit bureau.
How You Can Help Us Protect Your Personal Information
If you want to review or verify your personal information, or find out to whom we have disclosed it as permitted by this Code, you can call and speak to one of our service representatives. At that time, if it is not something that can be simply answered over the phone, we will provide you with a form to sign and will help you complete the specific information we will need from you to enable us to search for, and provide you with, the requested personal information we hold about you. We may charge you a fee to do this and will advise you of the fee in advance.
There are a few instances where we will not be able to provide the personal information we hold about you that you request. Some of these instances include, if:
- it contains references to other persons;
- it is subject to solicitor-client or litigation privilege;
- it contains our own proprietary information that is confidential to us;
- it has already been destroyed due to legal requirements or because we no longer needed it for the purposes set out in this Code;
- it is too costly, in our determination, to retrieve;
- we are prohibited by law from disclosing to you.
If we are unable to provide you with access to your personal information, we will explain the reason why.
Remember that in most provinces you have the right to access and verify the personal information held about you by a credit bureau. To do so, you must speak directly to the appropriate bureau.
Keeping Your Personal Information Accurate
We are committed to maintaining the accuracy of your personal information for as long as it is being used for the purposes set out in this Code. You play an active role in keeping us up-to-date. Prompt notification of any changes, for example to your address or telephone number, will help us provide you with the best possible service. Should you discover, upon review of your personal information, that amendments are required, please advise us.
If we do not agree to make the amendments that you request, you may challenge our decision. We will make a record of this challenge, which will be kept on file.
Do You Have Questions Or Concerns?
If you have privacy questions, concerns or complaints, we want them to be answered satisfactorily or resolved as quickly as possible and ask that you follow, in order, the following three steps.
Talk to a Customer Service Agent. All pertinent numbers and email addresses can be found on our “Contact Us” page on our website or by following this link. They can usually handle most questions or concerns immediately over the phone.
If the Customer Service Agent is unable to resolve the matter to your satisfaction, advise them that you wish the matter to be reviewed by the department manager who will contact you to resolve the issue. You may be asked to put your concern or complaint in writing.
If you are still not satisfied, contact MCAP’s Privacy Officer at:
MCAP Privacy Officer
Suite # 400 200 King Street West
Toronto, ON M5H 3T4
Upon completion of review by MCAP’s Privacy Officer, if the above steps fail to resolve your concern to your satisfaction, your issue may be reviewed by the Privacy Commissioner of Canada who you may contact at any time in this process, by writing to:
The Privacy Commissioner of Canada
30 Victoria Street Gatineau, Quebec K1A 1H3
Or by telephone, toll free, at 1 800 282 1376 or by TTY at 1 819 994 6591
Any MCAP employee who believes personal information is not being handled in accordance with this Policy should immediately so advise their manager and the Privacy Officer.
Department Managers required to resolve privacy issues (as per the second step in our privacy question and complaint handling process) shall maintain appropriate records of the same and shall report them to the Privacy Officer.
Department Managers are responsible for oversight of this Policy within their department, including establishing, implementing and regularly reviewing the necessary procedures and standards to give effect to this Policy and to train their staff accordingly. MCAP’s Director – Privacy & Security, and the Corporate Secretary are responsible for providing advice and assistance to the Privacy Officer and the Department Managers on appropriate compliance programs and for reviewing the effectiveness of such programs.
The Privacy Officer shall act as a resource to Department Managers in the handling of disputes and shall present a summary report annually to the Corporate Secretary with respect to unresolved privacy disputes, the nature and number of privacy issues reviewed and any recommendations with respect to privacy strategies, oversight and policies.
The Privacy Officer will assist Department Managers with developing procedures, standards, guidelines and interpretations, promoting awareness of privacy issues and developing staff training programs.
Keeping This Privacy Code Current
Changes to this Code and the information handling practices of MCAP will result in amendments to this document from time to time. The Code will be reviewed by the Privacy Officer at a minimum, annually. MCAP may add, delete or modify sections at its discretion.