For the purposes of applicable data protection laws, GFA is a data ‘controller’ in respect of Your personal data.
If You are a California resident, please see “Additional information for California residents: Your California privacy rights” below for information provided pursuant to the California Consumer Privacy Act.
The types of personal data we may collect and use
We may collect and process the following personal data about You:
(a) Information You provide to us. This might include:
Identity data – including full name, title, gender, employment information and job title;
Contact data – including email address, telephone numbers and location data; and
Marketing & communications data – including communication preferences.
Such information might be provided when You sign up for and use the Services, consult with our customer service team, send us an email, integrate the Services with another website or service, or communicate with us in any other way.
Usage data – including Website usage data; and
Technical data – including internet protocol (IP) address, account data and device data.
(c) Information that we obtain from third parties or other sources. We may obtain information about You from third party sources such as public websites (including social media platforms), publicly accessible databases or registers, third party data providers, and joint marketing partners.
Using Your personal data: the legal bases and purposes
Your personal data may be stored and processed by us for the following purposes:
Providing You with the Services;
Assessing the needs of Your business to determine or suggest suitable products;
Sending requested product or service information;
Responding to customer service requests;
Administering Your account;
Sending promotional and marketing communications and other advertising;
Responding to Your questions and concerns;
General business administration, including communicating with clients, communicating with service providers and counterparties, the administration of IT systems, and monitoring products; and
Compliance with legal, tax and regulatory obligations.
We are entitled to process Your personal data in these ways for reasons including:
If You are a client, You may enter into a contract with us and some processing will be necessary for the performance of that contract, or will be done at Your request prior to entering into that contract. The provision of certain personal data may be necessary to provide our Services.
Processing may be necessary to discharge a relevant legal or regulatory obligation.
The processing will, in all cases, be necessary for the legitimate business interests of GFA, such as:
carrying out the ordinary or reasonable business activities of GFA;
ensuring compliance with all legal, tax and regulatory obligations;
ensuring the security of information systems.
We may also process data where You have provided consent. In respect of any processing of sensitive personal data falling within special categories, we will only process such data based on Your explicit consent. You have the right to withhold consent or withdraw it at any time in the future.
How we may share Your personal data
In the event GFA goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, Your personal data will likely be among the assets transferred. You will be notified of any such change in data controllership.
You may contact us at any time to limit our sharing of Your personal information. Please note that any such request to limit sharing of information will apply solely to Your personal information and, unless otherwise requested, will not apply to other individuals in Your organization.
When You use our Websites or Service(s), we may store some information on Your computer. This information will be in the form of a “cookie” or similar file/technologies. Cookies are small pieces of information stored on Your hard drive, not on the Website.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of the Websites. They include, for example, cookies that enable You to log into secure areas of the Website.
Analytical or performance cookies. These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way the Websites work.
Functionality cookies. These are used to recognize You when You return to our website. This enables us to personalize our content for You, greet You by name and remember Your preferences (for example, Your choice of language or region).
Links to other websites
International data transfers
GFA is headquartered in the Province of Quebec, Canada and may work with customers and partners globally. Your personal information may be transferred to our affiliates or service providers in other provinces and countries that may not have a similar level of data protection or privacy laws as the country where You live. We take measures to protect Your data in transit and wherever it is stored.
Where we transfer Your personal data outside Your home country, we will take steps to ensure that Your personal data is protected as required under applicable data protection law (including, where appropriate, under an agreement on terms approved for this purpose by the European Commission or the relevant government or supervisory authority, as the case may be).
You can obtain more details of the protection given to Your personal data when it is transferred outside of Your home country by contacting us using the details set out under “Contacting Us” below.
Retention of personal data
How long we hold Your personal data for will vary. The retention period will be determined by various criteria, including the purposes for which we are using it. We generally retain personal data we process for as long as an account is active, as needed to provide the Service(s) or as required by legal or regulatory obligations. If You wish to terminate Your account or request that we no longer use Your data, please contact us by using the details set out under “Contacting Us” below.
Depending on Your jurisdiction, You may have a number of legal rights in relation to the personal data that we hold about You. These rights include the following:
The right to obtain information regarding the processing of Your personal data and access to the personal data that we hold about You.
In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and the right to request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to personal data which You have provided to us.
The right to withdraw Your consent to our processing of Your personal data at any time. Please note, however, that we may still be entitled to process Your personal data if we have another legitimate basis (other than consent) for doing so;
The right to request that we rectify Your personal data if it is inaccurate or incomplete.
The right to request that we erase Your personal data in limited circumstances. Please note however that there may be circumstances where You ask us to erase Your personal data but we are legally entitled to retain it or such erasure is prohibited by law;
The right to object to, and the right to request that we restrict, our processing of Your personal data in certain circumstances. Please note that there may be circumstances where You object to, or ask us to restrict, our processing of Your personal data but we are legally entitled to continue processing Your personal data and/or to refuse that request.
The right not to be subject to solely automated decision-making, including profiling, which have a legal or similarly significant effect on You.
You can exercise Your rights by contacting us by using the details set out under “Contacting Us” below. We may ask You to verify Your identity to help us respond efficiently to Your request.
You also have the right, at any time, to lodge a complaint about our processing of Your personal data with the relevant body regulating data protection in Your state or country as it may apply. In Quebec, GFA’s jurisdiction, the data protection authority is La Commission québécoise d’accès à l’information (section 42 LRQ c. P 39.1). In the UK, the data protection authority is the UK Information Commissioner’s Office. A list of the EU data protection authorities and contact details is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
Additional information for California residents: Your California privacy rights
If You reside in California, You have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email, or write to us at the address listed below. Indicate in Your letter that You are a California resident making a “Shine the Light” inquiry.
If You reside in California, You can make the following more specific requests with respect to Your personal information:
Access – You can request that we disclose to You the categories of personal information we collected about You, the categories of sources from which we collected the personal information, the categories of personal information we sold or disclosed, our business or commercial purpose for collecting and sharing the personal information, the categories of third parties with whom we shared the personal information, and the specific pieces of personal information we collected about You over the past 12 months.
Deletion – You can request that we delete Your personal information that we maintain about You, subject to certain exceptions.
GFA will not discriminate against You because You made any of these requests.
California residents can make these requests by using the details set out under “Contacting Us” below. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted bylaw. Except as otherwise provided by applicable California law, note that for purposes of these requests under this Section, personal information does not include information about job applicants, employees and other of our personnel; information about employees and other representatives of third-party entities we may interact with; or information we have collected as a service provider to our clients.
We will take reasonable steps to verify Your identity prior to responding to Your requests. For example, we may utilize a third-party verification provider to assist with verifying Your identity. The verification steps may vary depending on the sensitivity of the personal information and whether You have an account with us.
California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent.
We may collect, use, and disclose for our business and commercial purposes, categories of personal information as set forth in applicable California law, including: identifiers; payment and customer records information; characteristics of protected classifications under California or federal law (such as demographic information like age or gender); commercial information; professional or employment information; internet or other electronic network activity information; and geolocation data. See above for additional detail.
We collect these categories of personal information from the sources described above.
Our websites and Services are not intended for children
Our websites and our Services are meant for adults. We do not knowingly collect personal information from children under 18. If You are a parent or legal guardian and think Your child has given us information, You can contact us by using the details set out under “Contacting Us” below.
We use standard security measures
We value the security of Your data and take reasonable measures to keep Your data secure, but we cannot promise that Your use of our Websites or Services will be completely safe. Any transmission of Your data to us or our Website is at Your own risk. We encourage You to use caution when using the Internet.
Americas Financial Group (GFA) Inc.
1002-3030 boulevard Le Carrefour,
Laval, QC, H7T 2P5
Last Updated: 28 November 2022