Scotiabank will use or disclose personal information only for the reasons it was collected, unless a customer gives consent to use or disclose it for another reason, or it is permitted or required by law.
Under certain exceptional circumstances, Scotiabank has a legal duty or right to disclose personal information without customer knowledge or consent, including to protect Scotiabank’s or the public interest.
Scotiabank will keep personal information only as long as necessary for the identified purposes for which it was collected.
5.1 Scotiabank may disclose personal information without consent when required by law. For example:
5.2 In these circumstances, Scotiabank will protect the interests of its customers by making reasonable efforts to ensure that:
Scotiabank may notify customers that an order has been received, if the law allows it.
Scotiabank may notify customers of such orders by telephone, electronic mail or by letter to the customer's last known address.
5.3 Scotiabank may want to use personal information (except for personal health information) to market products and services to its customers, either directly or through Scotiabank or affiliates. Scotiabank will obtain the consent of the customer before using personal information for this purpose.
When a customer applies for a product or service and provides personal information, Scotiabank will:
The first time a new type of Scotiabank affiliate provides promotional information about its product or service, the Scotiabank affiliate will:
5.4 If Scotiabank is involved in the provision of an insurance product it will collect personal health information only for specific purposes. It will not disclose personal health information to other Scotiabank affiliates, and vice versa. For example, the Bank will not use or have access to another Scotiabank affiliate’s customer personal health information to help assess a loan application.
5.5 Scotiabank specifies in its policies and procedures the periods of time it will keep personal information. Some of these time periods are determined by legislation. If personal information has been used to make a decision about a customer, Scotiabank will keep the personal information long enough for the customer to have access to it after the decision has been made, subject to any regulated record retention period.
5.6 Scotiabank will destroy or erase any personal information no longer needed for its identified purposes or for legal requirements.
Scotiabank’s policies and procedures explain how Scotiabank will destroy personal information so that unauthorized persons or organizations do not gain access to it.