INFORMATION ON OUR PRIVACY POLICY

Update - October 2023

At MICA, protecting your personal information and respecting your privacy are an integral part of our corporate culture. It's a constant priority! We ensure that robust security measures are in place to protect your personal information.

The personal information you entrust to us is essential to our business relationship with you. We know how valuable it is, and we are determined to do everything in our power to protect it.

In the following lines, we will explain to you, in full transparency, the reasons and purposes for which we collect your personal information, how we process it and how we protect it, in compliance with the Act respecting the protection of personal information in the private sector (LRQ Chapter P-39.1).

This document explains our practices regarding the collection, use and disclosure of personal information about individuals, as well as the measures we have put in place to ensure that this information is handled appropriately.

For any questions related to the protection of personal information, please contact our Privacy Officer at the following address:

MICAcabinets de services financiers
Chief Privacy Officer
7900 boulevard Pierre-Bertrand, Suite 300
Québec (Québec) G2J 0C5
prp@micasf.com

Here is a summary of the 6 key principles that guide the way we manage your personal information:

‍Weobtain your consent: We obtain your consent before collecting, using and sharing your personal information.

‍Welimit our collection to what is necessary only: We collect, use and disclose only the necessary information that allows us to fulfill the mandate entrusted to us by you.

‍Weensure the protection, security and confidentiality of your information: We put in place good management and protection practices to keep your personal information safe and supervise its use.

‍We aretransparent in our practices: We handle your personal information transparently, for example by clearly explaining why and how we collect it.

‍Weact responsibly: Our employees, suppliers, partners and consultants who act on our behalf must respect our privacy practices. We constantly strive to ensure that everyone complies with these requirements. Our awareness and training initiatives with them enable them to remain alert and sensitive to the protection of your information.

‍Werespect your rights: You have rights related to the personal information we hold about you. You can exercise these rights at any time by contacting us.

1. First of all, what is personal information?

Any information concerning a natural person (individual) that enables that person to be identified, either directly or indirectly.

Later in this document, you'll find concrete examples of what constitutes personal information.

2. Who is affected by our privacy policy?

Any individual who communicates with us, by whatever means, as well as any individual about whom we collect personal information in the course of our activities. Our policy continues to apply even after the purposes for collecting, using or disclosing personal information have been fulfilled. By way of example, if you fall into any of these categories of individuals, our privacy policy applies to you.

Examples :

  • You do business with MICA through one of its advisors (i.e., you're a customer);
  • You're a former customer;
  • Without being a customer, you are communicating with us;
  • You are browsing our websites;
  • You're applying for a job with us;
  • You are a trustee, mandatary or liquidator of a person who does business with us.
3. When do we collect your personal information?

Mainly during discussions and meetings held with you before and at the time we offer you products and services, open accounts, subscribe to an insurance product, as well as over time in order to serve you properly and keep your information up to date.

4. How do we obtain your consent for the collection, use and retention of your personal information?

Obtaining your consent

We will always obtain your consent, unless otherwise permitted by law.
We ask for your consent before collecting, using or disclosing your personal information. We may obtain consent directly from you, or through your advisor.

Your consent is valid for the time necessary to fulfill the purposes for which we requested it. It then remains valid to fulfill our retention obligations as described in the law and in our retention schedules. (unless you withdraw your consent. See the section below entitled "How do we respect your rights? ")

Your consent is valid only for the purposes we have declared to you. If we wish to collect, use or disclose your personal information for other purposes, we will ask for your consent again, except where we can do so without obtaining your consent.

We may ask for your consent in a number of ways:

  • in writing;
  • verbally;
  • by telephone, including by automated message;
  • electronically, digitally or by virtual video encounter.

When your consent is not required

We may use your personal information without obtaining your consent if the law allows us to do so, for example if the use is for your benefit or if it is compatible with the purpose of the collection.

We may also use or disclose your personal information without obtaining your consent to comply with our legal obligations. For example, we may

  • to comply with an order from a court or other body;
  • to prevent or detect fraud;
  • as part of an investigation.
5. How and from whom do we collect your personal information?

Primarily, we collect your personal information from you directly. Generally, with some exceptions, your personal information will be collected through your advisor, which will provide it to us.

We may collect your information directly from you when you communicate or interact with us or when you update your account preferences and settings. We may also collect your information indirectly from other sources. When required, we obtain your consent.

In certain situations, when necessary, we may also collect information from others, depending on the circumstances and the products or services you hold, such as, for example, from :

  • your employer;
  • professionals with whom you do business, such as accountants, tax specialists, notaries and lawyers;
  • public bodies;
  • our representatives;
  • personal references (job applicants);
  • intelligence and credit bureaus;
  • public and private databases that may hold information about you;
  • partners in the distribution of our products and services, such as product issuers or insurance companies;
  • a proxy to represent you;

We may collect your personal information in a variety of ways. For example, we may

  • by phone;
  • in person;
  • using our forms (paper or online) and our digital interfaces;
  • using technologies that collect personal information about you, such as cookies, when you visit our Web site.
6. What personal information do we collect?

We collect personal information that is necessary to achieve the purposes described below (see table). In other words, the information we absolutely need to carry out the mandate you have entrusted to us. We collect only the information necessary to serve you on a day-to-day basis and to meet our legal obligations.

Here are a few examples of the personal information we may collect, taking into account whether or not it is necessary to collect it, depending on the situation:

CATEGORIES OF INFORMATION

EXAMPLES

Identifying information

First and last name, date of birth, postal and e-mail address, telephone number, sex or gender, marital status, citizenship, country of birth, etc.

Authentication information

Numeric identifier and password, answers to authentication questions, government identifiers (passport number, driver's license number, social insurance number, etc.).

Health information

Health history, health status, lifestyle habits.

Information on your insurance file

Insurance quotes and applications, information on the insurance policies you hold, information on insured persons, prices, coverages, conditions and other benefits, information gathered in connection with claims and benefits, etc.

Financial information

Income, salary, balance sheet, investments, information on financial products you hold with us or elsewhere, investor profile, tax status, etc.

Employment information

Employment status, current employer, former employers.

Information about your products and services and your operations

Information and overview of your situation, including your profile, your needs and your objectives, information related to your transactions and operations (account or contract numbers, date and amount of transaction or operation, description, etc.), customer, product, policy or contract number, information on products held, persons authorized for the account, information about your insurance policies, insured persons and beneficiary names, etc.

Digital information

for more details about cookies, please click here

Information about your relatives

Name, age, financial situation and state of health of spouse, children or parents, first name and name of a support person.

Digital information (websites, applications, social media, portals, etc.)

IP address, location data, language preference, information about your device, operating system or browser, browsing preferences and habits.

Information about your communications with us

Reasons why you do business with us, recordings and telephone communications to improve your customer experience, written communications (for example, your letters or e-mails), notes, reports and histories of your communications with us, information on your requests for information, your dissatisfactions or complaints, preferences in terms of language of communication.

Other information

Information on persons other than yourself (e.g. mandatary, tutor, temporary representative, assistant, beneficiary, spouse, dependant or other insured person), information on your professional situation (e.g. education, occupation, association or professional order), residence and tax identification number, results of our checks, particularly with regard to money laundering, cybercrime and fraud.

7. Why do we collect your personal information?

We collect, use, disclose and retain your personal information only for the purposes identified below. We will inform you of these purposes no later than the time we collect your personal information.

We use the personal information we collect about you to serve you on a day-to-day basis and to meet our legal obligations. If we intend to use your personal information for purposes other than these, we will inform you, unless otherwise permitted by law.

The following purposes may be essential to our relationship with you, depending on the products and services you request:

OBJECTIVES

WHY?

Identify yourself, update your information and verify the accuracy of this information.

To know to whom we are providing products and services by verifying that you are who you say you are (identifying yourself and validating your identity).

To ensure that your personal information is accurate, complete and up-to-date before using it. However, it is your responsibility to inform us of any changes concerning you.

To respect your choices regarding your personal information, i.e. to provide you with personalized recommendations and offers.

To carry out our day-to-day activities and operations.

To deal with your requests for information, dissatisfactions and complaints.

To communicate with you using the contact details you have provided.

To provide you with products and services that are adapted to your situation and that suit you.

Interact with you.

Contact you if you ask and answer your questions.

Understand your situation, profile, needs and objectives.

Analyze your requests for products or services.

Evaluate whether you are eligible for the products and services requested.

Offer you services and products that meet your expectations and objectives.

Ensure proper administration of your file and follow-up.

Process your requests.

Meeting our legal obligations

Verify transactions.

Detect, prevent and contain fraud as well as unauthorized or illegal activities, such as money laundering and cyber threats.

Conduct investigations as required.

Monitor business practices to ensure that they constitute sound business practices that comply with requirements.

Properly train our employees and representatives.

Meet our legal obligations and the requirements of courts, regulatory authorities or self-regulatory organizations.

Respond to requests and orders from courts, governmental and regulatory bodies.

Fulfill our obligations to tax authorities.

Comply with the U.S. Foreign Account Tax Compliance Act (FATCA), which requires us to report accounts held by U.S. citizens to the U.S. government.

Fulfill our legal obligations to combat money laundering and terrorist financing in Canada.

Fulfill our record-keeping obligations.

8. To whom may we disclose your personal information?

First of all, please be assured that we do not and will never sell your personal information to anyone.

In the normal course of business, we may disclose your personal information to our affiliates and other persons, organizations or companies, if this is necessary to achieve the objectives and in order to carry out the mandate entrusted to us by you.

In this context, here are some examples of with whom we may disclose your personal information:

  • External partners supplying financial products and services, such as investment product issuers and insurance companies;
  • External partners offering transactional services that enable us to carry out your transactions;
  • Courts, government agencies or regulatory authorities;
  • Websites and applications belonging to other people and organizations;
  • Companies offering technology, reprographics or document dispatch services;
  • Service providers with whom we have agreements for the storage of your personal information;
  • A person acting on your behalf or at your request;
  • A person who holds an account jointly with you or who is otherwise involved in your relationship with us;
  • Service providers we use to perform certain tasks, such as producing and printing account statements.

It is important to know that we only entrust our suppliers and external partners (third parties) with the personal information they need to perform their tasks, functions and contractual obligations with us.

We also ensure that these external partners (third parties) have good information security and privacy practices.

We mainly store the personal information under our responsibility in Quebec or Canada. We do and may do business with external (third-party) suppliers who are based elsewhere, so that we may communicate your personal information to another country or province. They are then subject to the laws of that country or province. Of course, we ensure that they have good information security and privacy practices in place before we disclose your personal information to them.

9. How do we protect your personal information?

First and foremost, by putting in place a governance framework that establishes the roles and responsibilities of everyone within our company with regard to the protection of personal information.

We apply very strict security measures to protect your personal information against any incident, regardless of the format in which we hold it. We continually strive to adapt our security measures to technological advances.

Here is an overview of the measures we have put in place to protect your personal information:

Types of safety measures

Examples of resources

Physical safety measures

Physical checks of visitors to our administrative premises upon arrival;

Restricted access to our administrative premises and to the premises where our servers are located;

Backup and archiving of personal information in an emergency backup system;

Other security measures.

Technological safety measures

Multi-factor authentication for access to most of our various systems;

Encryption of data when required for storage or communication outside the organization;

Digital certificates;

Antivirus and firewall;

Logging of access to various systems;

Other security measures.

Administrative safety measures

Security checks for certain types of employment;

Control of access rights to personal information to limit them to what is strictly necessary;

Log all copying and exporting of personal information as part of our day-to-day activities;

Constant monitoring of our facilities to detect suspicious activity;

Regular staff training and awareness of security and privacy policies, practices and procedures;

Verification of the identity of anyone wishing to obtain personal information, whether online, by telephone or in person;

Other security measures.

10. Do we keep your personal information forever?

Of course not! We destroy your personal information once we have fulfilled our obligations.

That said, we retain your information for as long as necessary to :

  • Achieve the goals for which we collected them, and;
  • Comply with the obligations imposed on us by the various laws and regulations that apply to our activities.

And even if you no longer do business with us, we still need to retain your personal information for a certain period of time to meet our legal and regulatory obligations and to protect our rights in the event of a dispute.

We have established retention schedules to make these limits clear. Once the retention period has expired, we permanently destroy your personal information.

We may anonymize certain personal information before destroying it and retain a copy. Once anonymized, this information can no longer be used to identify you and is therefore no longer considered personal information. Among other things, we use it for internal statistical purposes and to establish performance indicators.

Destruction and anonymization are carried out in a safe and secure manner, in accordance with existing best practices.

11. How do we respect your rights?

Right to change your consent

You can review and change your consent preferences for the collection, use and disclosure of your personal information at any time. Please note, however, that we will no longer be able to offer you our products and services if you withdraw your consent, which is essential to our relationship with you and to our ability to offer you our products and services. Our contractual and legal obligations require us to retain certain personal information in order to continue to serve you.

Right to access your personal information

You may at any time access the personal information we hold about you.

To do so, you must submit a written request to our Privacy Officer, explaining the reasons for your request so that it is clearly understood and so that we can identify the documents containing the personal information to which you wish to have access.

We will process your request within 30 days of receiving it, unless there are special circumstances. We will inform you if there is a charge for transcription, reproduction or transmission.

We will send you a written reply. We will send you our reply and the information you wish to access in a structured, frequently used technological format (e.g. PDF file).

Among other things, you can ask us :

  • If we hold personal information about you;
  • How your personal information is collected, used and disclosed;
  • If another person or organization holds your personal information for us;
  • To consult the personal information we hold about you.

Important note: We cannot provide you with information that would reveal information about another person.

Right to amend, correct or rectify your personal information

If you wish to amend any information we hold about you, for example following a change of address or a change in your personal circumstances, it is your responsibility to contact us or your advisor.

If you wish to rectify inaccurate or incomplete information we hold about you, you must contact us to make the request and provide us with the necessary information justifying your request.

Right to request deletion of your personal information

You may ask us to delete your personal information. However, our response may vary depending on the situation.

In some situations, we may not be able to delete your personal information due to our legal and regulatory obligations. If this is the case, we will explain the reasons why we cannot do so.

In some cases, deleting your personal information will mean that we will no longer be able to serve you or offer you our products and services.

12. Updates or modifications to this document

We may periodically make changes to this document to take account of regulatory and legislative developments and changes.

When we make changes to this document, we will update it and the amended version will replace the previous version.

In the event of significant changes, we will inform you in a timely manner by any appropriate means.

13. How to reach us

Our Privacy Officer ensures that we comply with the rules described in this document as well as with our obligations imposed by law.

If necessary, you can contact us in writing at the coordinates below to :

  • Request assistance, send us a comment or ask any question related to the protection of your personal information;
  • Request consultation, correction or deletion of your personal information;
  • File a complaint related to the management of your personal information.

Please provide us with all the information we need to respond to your request and follow up on it. (Please provide us with your first and last name, e-mail address or mailing address and telephone number, as well as the exact nature of your question or request).

For any questions or comments related to the protection of personal information, requests for access, requests for rectification or for any complaints, please contact:

‍MICAfinancial services firms
Chief Privacy Officer,
7900 boulevard Pierre-Bertrand, Suite 300
Québec (Québec) G2J 0C5
prp@micasf.com