Privacy Code


Introduction

Scotiabank is committed to keeping customers' personal information accurate, confidential, secure and private. The Scotiabank Group Privacy Code builds on this commitment.

This Code is based on the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information (CAN/CSA-Q830-96), the Federal Personal Information Protection and Electronic Documents Act ('PIPEDA'), and the Organisation for Economic Co-operation and Development’s (OECD) Privacy Principles. It describes how Scotiabank subscribes to the principles of the CSA Model Code, PIPEDA and OECD Privacy Principles enterprise-wide.

The Scope of this Code

Scotiabank encompasses all enterprise-wide companies, subsidiaries and joint ventures (otherwise referred to as ‘affiliates’) engaged in the following services to the public: deposits, loans and other personal financial services; credit, charge, debit and payment card services; full-service and discount brokerage services; mortgage loans; trust and custodial services; insurance services; investment management and financial planning services; and mutual funds investment services.

This Code describes the principles Scotiabank will use to protect the privacy of individual customers' personal information in the carrying out commercial activities enterprise-wide, no matter how the information is collected, used or disclosed.

This Code applies to Scotiabank as defined within this Code with respect to their operations enterprise-wide. Where Scotiabank is subject to laws or industry regulation or self-regulatory requirements which impose greater or additional obligations with respect to the protection of personal information, Scotiabank also complies with those additional obligations.

Principle

1. Scotiabank's Accountability

Scotiabank is accountable for all personal information in its possession or custody, including any personal information disclosed to third parties for processing or other administrative functions. Scotiabank has established policies and procedures to comply with this Code, and has designated one or more persons to be accountable for compliance.
Get more details

2. Identifying the Purposes of Collecting Personal Information

Scotiabank will identify the purposes for which it collects the personal information, before or when the information is collected. Get more details

3. Getting the Customer's Consent

Scotiabank will make a reasonable effort to make sure customers understand how their personal information will be used by Scotiabank. Scotiabank will obtain consent from its customers before or when it collects or uses the personal information. Scotiabank will not attempt to deceive a customer into giving consent.
A customer's consent can be express, implied, or given through an authorized representative. A customer can withdraw consent at any time, with certain exceptions. Scotiabank, however, may collect, use or disclose personal information without the customer's knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted or as required by law. Get more details

4. Limits for Collecting Personal Information

Scotiabank limits the amount and type of personal information it collects. Scotiabank will collect personal information for the purposes it identifies to the customer. Scotiabank collects personal information using policies and procedures which are fair and lawful.
Get more details

5. Limits for Using, Disclosing and Keeping Personal Information

Scotiabank will use or disclose personal information only for the reasons it was collected, unless a customer gives consent to use or disclose it for another reason, or it is permitted or required by law.
Under certain exceptional circumstances, Scotiabank has a legal duty or right to disclose personal information without customer knowledge or consent to protect matters which include Scotiabank’s or the public interest.
Scotiabank will keep personal information only as long as necessary for the identified purposes for which it was collected. Get more details

6. Keeping Personal Information Accurate

Scotiabank will keep personal information as accurate, complete and current as necessary for the identified purposes for which it was collected.
Customers may, in writing, challenge the accuracy and completeness of their personal information and request that it be amended as appropriate.
Get more details

7. Safeguarding Personal Information

Scotiabank protects personal information with safeguards appropriate to the sensitivity of the information. Get more details

8. Making Policies and Procedures Available to Customers

Scotiabank is open about the policies and procedures it uses to manage personal information. Customers have access to information about these policies and procedures. The information will be made available in a manner that is generally easy to understand. Get more details

9. Customer Access to Personal Information

When customers make a request in writing, Scotiabank will within a reasonable time tell them what personal information Scotiabank has, what it is being used for, and to whom it has been disclosed.
When customers request it in writing, Scotiabank will give them access to their personal information. Scotiabank will respond to the written request in a timely fashion. In certain situations, however, Scotiabank may not be able to give customers access to all their personal information. Scotiabank will explain the reasons for this lack of access and any recourse the customer may have, except where prohibited by law. Get more details

10. Handling Complaints and Questions

Customers may challenge Scotiabank’s compliance with this Code. Scotiabank has policies and procedures to receive, investigate, and respond to customers' complaints and questions. Get more details


Changes

Our Privacy Code may change from time to time. We will not reduce your rights under this Privacy Code without your explicit consent. We will post any Privacy Code changes on this page and, if the changes are significant, we will provide a more prominent notice.