TRANSFAAR WORLDWIDE INC PRIVACY AND DATA PROTECTION POLICY
TRANSFAAR WORLDWIDE INC PRIVACY AND DATA PROTECTION POLICY
Table Of Contents
Purpose
Scope
Data Collection Use and Consent
Data Storage and Security
Data Retention
Data sharing and Disclosure
Individual Rights
Breach Management
Training and Awareness
Policy Review
Accountability
Document History
Version
Policy Name
Owner
Date
Description
1.0
Privacy and Data Protection
CCO/CAMLO
02 Jan 2024
Initial creation
Document Approval
Version
Approved by
Date
1.0
CCO/CAMLO
02 Jan 2024
Related documents
Compliance Program and AML-CTF Policy
Compliance Policy
This Data Protection Policy outlines Transfaar’s commitment to protecting personal and sensitive data in compliance with applicable privacy laws and regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA). It applies to all employees, contractors, and third parties handling data on behalf of Transfaar.
1. Purpose
The purpose of this policy is to:
Ensure the protection of personal and sensitive data.
Maintain compliance with data protection laws and industry standards.
Build trust with clients and stakeholders through transparent data handling practices.
2. Scope
This policy applies to all personal data collected, stored, processed, or shared by TRANSFAAR in connection with its operations.
3. Data Collection, Use and Consent
Transfaar collects personal data only for specified, legitimate business purposes, including:
Client identification and verification (KYC)
Transaction monitoring and reporting obligations
Customer service and support
Marketing & Communications
3.1 How Do We Use Or Process Your Personal Data?
We will only use your personal data when the law allows us to.
We use your personal data to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
Sensitive Personal Data
We collect the following types of sensitive personal data:
Location Data: This information helps us monitor login activity and your interactions with our site to protect your account and identify suspicious or fraudulent activity.
Biometric Data: This includes your fingerprint, which you may use for login purposes, and face scan information from photos and videos you provide for identity verification. We also use this data to monitor login activity and your interactions with our site to protect your account and identify suspicious or fraudulent activity.
Important Information about Biometric Data Processing: Biometric data is processed locally on your device, and is never stored or transferred to our servers. We do not retain or sell your biometric data. Where required by law, we will obtain your explicit consent prior to the collection of any biometric information.
Security and Fraud Prevention
We use your personal data to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions, attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents, and harm to the rights, property, or safety of Remitly and our users, customers, employees, or others.
Comply with Applicable Laws
We use your personal data to comply with applicable laws and regulations, such as those relating to "know-your-customer," anti-money laundering requirements, sanctions legislation, and the various associated regulatory rules and guidance in relation to risk
investigation, risk scoring, fraud, counter terrorist financing, consumer protection and complaint handling.
To Provide Our Services
We use your personal data when you access or use our Services, including to process your Transaction(s), maintain and manage your account, deliver/fulfill promotional offers or rewards, and process payments.
Communicating With You
We use your personal data to communicate with you, such as to respond to and/or follow-up on your requests, inquiries, issues or feedback, and to provide customer service.
Marketing and Promotional Purposes
We use your personal data for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message or postal mail; to show you advertisements for products and/or services tailored to your interests.
Analytics and Personalization
We use your personal data to conduct research and analytics, including to improve our services and product offerings; to understand how you interact with our websites, mobile apps, advertisements.
4. Data Storage and Security
Transfaar ensures the secure storage of personal data by:
Implementing encryption for sensitive information
Restricting access to authorized personnel only
Regularly updating and patching IT systems
4.1 How Do We Protect Your Data
We use industry accepted technical and organizational measures to protect the information you submit to us. We protect your sensitive personal data such as name, address, date of birth, account details and government identification number using encryption in transit and encryption at rest. We leverage access controls to limit access to personal data to those with a need to know. We also require the use of security credentials (which may, for example, include a username and password) from each user who wants to access their information on our Site and/or our App.
5. Data Retention
Personal data is retained only for as long as required by law or for legitimate business purposes.
5.1 How Long Do We Retain Your Data
We are required by law to store some of your personal and transactional data beyond the closure of your account with us. Please note that by using our Services you expressly agree to us retaining your personal data (including data related to your Transactions and our collection and verification of your identity) for at least 7 years following the end of your legal relationship with us.
All records are securely destroyed after the retention period.(7 years after record was created or reported to FINTRAC whichever is later)
6. Data Sharing and Disclosure
Transfaar does not share personal data with third parties except:
With client consent
When required by law or regulatory bodies (e.g., FINTRAC)
To trusted service providers under strict data protection agreements
6.1 Who Do We Share Your Personal Data With?
We may share your personal data with third parties that we have partnered with to jointly create and offer a product, service, or joint promotion. We may also share your personal data with our banking or distribution partners in the event we suspect you are violating our terms or engaging in fraudulent behavior as it relates to our business. Their use of your information is not governed by this privacy policy, but by their own respective privacy policies.
We may disclose personal data in response to subpoenas, warrants, court orders, government inquiries or investigations, or to comply with relevant laws and regulations
7. Individual Rights
All Transfaar clients have the right to:
Access their personal data.
Request corrections to inaccurate or incomplete data.
Withdraw consent where applicable.
Lodge complaints with the relevant data protection authority.
7.1 What Are My Privacy Rights
Access Your Data
You may request that we provide you a copy of your personal data processed by us. This information will be provided without undue delay subject to certain exceptions or limitations, including if such provision adversely affects the rights and freedoms of others.
Correct Your Data
You have the right to request that we update and correct inaccuracies in your personal data. You can update certain information related to your account by logging into your account on our site or app, as applicable or otherwise contacting us at Transfaar
Data Deletion
You may request to erase your personal data, subject to applicable law. If you close your account, we will mark your account in our database as "Closed," but will keep certain account information for a period of time. This is necessary to deter fraud. However, if you close your account, your personal data will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Policy.
Object to the Processing of Data
You have the right to object to us processing or transferring your personal data under certain circumstances. You may object to any processing based on the legitimate interests ground when there is something about your particular situation where you feel processing on this ground impacts your fundamental rights and freedoms.
Unsubscribe from Direct Marketing
You have the right to ask us not to process your personal information for marketing purposes. You can exercise this right at any time by carrying out 'unsubscribe' actions which are made available to you (such as clicking on the 'unsubscribe' link in each promotional email we send you).
Withdraw Your Consent
You have the right to withdraw your consent for us to process data, where our lawful basis for processing is based on that consent. Note that withdrawal of consent does not affect the lawfulness of processing which may have taken place prior to withdrawal of consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
To exercise any of your privacy rights, please contact Transfaar by email or by chat or phone or the Office of the Privacy Commissioner
8. Breach Management
In the event of a data breach, Transfaar will:
Immediately investigate and mitigate the breach.
Notify affected individuals and regulatory bodies as required.
Document the breach and implement measures to prevent recurrence.
9. Training and Awareness
All employees receive mandatory data protection training upon hire and annually thereafter to ensure awareness and compliance with this policy.
10. Policy Review
This policy is reviewed annually or when significant changes occur in data protection laws or business operations.
11. Accountability
The Compliance Officer is responsible for overseeing the implementation of this policy and ensuring compliance with applicable data protection laws.
If you have any questions, comments, or requests regarding our privacy policy, you may reach out to compliance@transfaar.com.
If you think your concerns have not been addressed or any of your privacy rights have been violated, you can contact the supervisory authority
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec
K1A 1H3