Effective Date: September 13, 2023
Our App may access and read accounts, data and/or content on your device (personal computer, browser, laptop, tablet, mobile phone or other device), and change settings of your device, for the following reasons: (i) allowing to access and use the service (or its features and functions); (ii) saving app images and sound files and writing usage logs to the device; (iii) sending and receiving data needed for App operations; (iv) to provide you notice when you are not connected to a network; and (v) in connection with your service usage. You consent to these activities by installing the App or otherwise using the service. Your device settings enable you to disable, change or limit some of these activities and you can disable all of them associated with the App by uninstalling the App.
1. Collection and Use of Personal Information
We may collect and use personal information when you:
*Please note that certain products and/or services made available through our App have additional terms and conditions that may apply.
Information we collect
We collect and use several types of information from and about you, including:
We and other third parties collect Device Information (e.g. hardware model, IP address, other unique device identifiers, operating system version, and device settings you use to access our products and/or services) using the following technologies:
Please refer to the applicable third parties’ privacy policies for more information.
As with many online services, certain limited data is required for our App to function on/with your device. This data includes the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the App accessed our servers. In addition, we may use third party service providers to collect analytical information about your use of the App, such as the feature you use and/or time spent on the App, collectively for the purposes of helping us to improve the App experience for all users and to manage and analyze data in order to better understand our users.
We may also monitor use of our App, Site and services by our guests in order to detect, investigate or prevent any actual or potential violation of our terms and conditions.
We may generate aggregated, non-identifiable data and use such information to monitor and improve the performance, use and stability of the App, Site and our products and/or services.
How We Collect Information About You
We use different methods to collect your information, including through:
**We may also use these automated technologies to collect information about your online activities over time and across third party websites or other online services (behavioural tracking). The information we collect automatically is statistical information and may include personal information, and we may maintain it or associate it with personal information we collect in other ways that you provide to us, or receive from third parties. It helps us to improve our Site and to deliver a better and more personalized service.
When you contact us, we may collect information that identifies you (such as your name, email address, telephone number, address, etc.) along with any information we need to help us promptly answer your question or respond to your comment. We retain this information to assist you in the future and to help improve our customer service, products and/or services.
Email Marketing Communications:
If you sign up to receive email marketing communications from us about products, services, events, programs, promotions, and special offers that may interest you, you can unsubscribe at any time by clicking the “Unsubscribe” link included at the bottom of each email. Please note that you may continue to receive transactional or account-related communications from us.
In connection with a job application for employment at OneVest or related inquiry, you may provide us with certain personal information about yourself (such as that contained in a resume, cover letter, or similar employment-related materials). We use this information for the purposes of processing and responding to your application for current and future career opportunities.
Other information We Collect:
We may also collect and use other information about you, your device, or your use of our products and/or services in ways that we described to you at the point of collection or otherwise with your express consent.
We may offer you the opportunity to engage with our content on or through social networking websites and applications. When you engage with our content in this context, the third party social networking website/application will collect, use or disclose personal information for the purposes of enabling you to engage with our content and as otherwise set out in their privacy policies. We may also collect, use and disclose certain information made available through such websites and applications for the purposes of responding to your outreach, analyzing your interactions with our content and otherwise maintaining our social media presence.
From time to time, we may offer you the opportunity to participate in one of our surveys. The information obtained through our surveys is used in an aggregated, de-identified form. We use this information to help us understand our customers and improve our products and/or services.
How we use your personal information
We use information that we collect about you or that you provide to us, including any personal information:
We may also use your information to contact you about products and/or services that may be of interest to you, as permitted by law. If you do not want us to use your information in this way, please use the unsubscribe mechanism at the bottom of our emails or email us at firstname.lastname@example.org.
Why we collect your personal information
Collecting information helps us serve you better. OneVest collect personal information only for the following purposes:
2. Sharing your personal information
The following provides information about purposes for which we may share your personal information. Our privacy practices vary depending on the type of information and sharing mechanisms.
With our Employees
We will share your personal information to OneVest employees on a need-to-know basis. These employees require access in order to fulfill their job requirements and/or provide you with our products and/or services.
Since we are committed to raising awareness and building knowledge of privacy throughout OneVest, the following training and awareness initiatives will take place:
The Compliance department will ensure that all new employees have received, reviewed, and understood their obligation to protect nonpublic personal information. The Chief Compliance Officer (“CCO”) or delegate will also remind all employees of their privacy protection obligations in connection with OneVest’s annual compliance training.
Conducting Privacy Impact Assessments
In addition to these training and awareness initiatives, Privacy Impact Assessment(s) (“PIA[s]”) will also be conducted on new and modified activities or initiatives to help identify and mitigate risks to individuals’ privacy. A PIA is a risk management process that helps organizations ensure that they meet legislative requirements and identify the impacts that their programs and activities will have on individuals’ privacy.
A PIA is generally required if OneVest’s activity or initiative may have an impact on the personal information of individuals. If any of the following instances occur, this will trigger the need for OneVest to conduct a PIA:
The key employees who are involved in the PIA process include the following:
We may not need to engage all of the parties listed above for each PIA, however, at a minimum, OneVest will involve relevant program and privacy staff in any PIA process.
With our Business Partners and Service Providers
Our business partners and service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own marketing or other unrelated purposes. Our service providers may be located across Canada, in the U.S., or other foreign jurisdictions.
With Other Third Parties
For example, we use Google Analytics to help us understand how our customers use the Site - for more information, you can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. To prevent the storage and processing of this data (including your IP address) by Google, you can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.You can also obtain additional information on Google Analytics’ data privacy and security at the following links:
In Connection with a Commercial Transaction (when necessary)
OneVest does not generally conduct commercial transactions requiring the disclosure of personal information on an ongoing basis.
Also, depending on the purpose of the commercial transaction and the type of data being provided, additional consideration will be taken to ensure that all applicable regulatory requirements will be included in our PIA.
With Other Parties When Required or Permitted by Law, or As Necessary to Protect Our Guests and Services
We may also share your Personal Information:
Otherwise With Your Consent or at Your Direction
Consent may be provided orally, in writing, electronically, through inaction (such as when you fail to notify us that you do not wish your personal information to be collected, used or disclosed for various purposes after you have received notice of those purposes) or otherwise.
If you provide personal information to us about another individual (e.g. spouse, partner, beneficiary, etc.), you represent and warrant to us that you have the consent of that person to provide their personal information to us. We will only use their personal information for the purpose of contacting them as you have requested, and we will thereafter destroy their personal information as applicable, unless they give their consent for us to retain it.
3. Digital Advertising
Types of digital technologies we may use
We, along with third parties, also may use technologies called “beacons” (or “pixels”) that communicate information from your device to a server. Beacons can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon, and the IP address of your device. We and third parties use beacons for a variety of purposes, including to analyze the use of our Site and (in conjunction with cookies) to provide content and ads that are more relevant to you on and off our Site.
“Cookies” are small files that are placed on your computer or other device when you visit a website. Cookies may be used to store a unique identification number tied to your computer or device so that you can be recognized as the same user across one or more browsing sessions, and across one or more sites. Cookies serve many useful purposes such as:
Interest-based advertising involves the tailoring of ads you see based on your personal information, including your activity in our App or on our Site. We may use third parties to serve ads on our App, Site, and on other websites and digital platforms. These third parties may use digital technologies to collect and use information about your visits to our App or Site and other websites (including usage information, such as web pages or other content you interact with and your response to ads) to measure the effectiveness of our and our third party advertiser marketing campaigns, and to deliver ads that are more relevant to you and others, both on and off our App and Site. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. For example, we may provide a hashed version of your email address, device ID or other information to the platform provider to facilitate the delivery of tailored advertising. To learn more or to opt-out of having your information used for interest-based behavioural advertising purposes, please see Section 4 below, “Privacy and Access Choices Available To You”.
Local Storage & Other Tracking Technologies
We, along with third parties, may use other kinds of technologies in connection with our App and Site. These technologies are similar to the cookies discussed above in that they are stored on your device and can be used to store certain information about your activities and preferences. However, these technologies may make use of different parts of your device from standard cookies, and so you might not be able to control them using standard browser tools and settings.
4. Privacy and Access Choices Available to You
Choices With Respect To Interest-Based Advertising
You can manage your preferences regarding interest-based advertising (including opting out) by visiting the Preferences section of your account in the App. Please note that even if you opt out of interest-based advertising, tracking technologies may still collect data for other purposes including analytics and you will still see ads from us, but the ads will not be interest-based ads.
You can opt-out of several third party ad servers' and networks' cookies simultaneously by using the Digital Advertising Alliance of Canada Opt-Out Tool or the opt-out tool created by the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns. We do not control these third parties' tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
Choices With Respect To Digital Technologies
You may block digital technologies in your browser or device settings, as and if permitted by such device, but in some circumstances, disabling these features may interfere with your ability to access our products and/or services.
Managing Your Account
You may access, modify to a certain extent or delete your account on the settings or profile page contained in your account or by contacting the PO at email@example.com with a written request. Whichever way you contact us, we may ask that you confirm and verify your identity.
You may opt-out of receiving email and other electronic messages from us (excluding transactional messages) by following the instructions contained in those messages. You can also contact us as set out below.
Privacy by Default
OneVest will utilize the “privacy by default” approach. This means that your privacy settings and/or technological functions will be automatically adjusted to the highest level of confidentiality and privacy at all times. You may need to adjust these settings or functions in order for us to continue providing you with our products and/or services. We will also implement new processes to request user activation for specific functions if necessary.
Subject to certain exceptions prescribed by law, you may have the right to access, update, and correct inaccuracies in your personal information in our custody and control and withdraw your consent to our collection of your personal information.
You may request access, update and report corrections of inaccuracies in the personal information we have in our custody or control, withdraw your consent to the collection, use or disclosure of your personal information or exercise any additional privacy rights available to you by writing to us at the contact information set out below.
We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records. Please note that if you withdraw your consent to our collection, use or disclosure of your personal information, we may not be able to provide some or all of our products and/or services to you.
Accessing And Correcting Your Personal Information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law, you have the right to request access to and to correct the personal information that we hold about you.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, or erased in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
To make such a request, you may contact our PO at firstname.lastname@example.org
Withdrawing Your Consent
Where you have provided your consent to the collection, use, and disclosure of your personal information, you may have the legal right to withdraw your consent at any time, subject to legal, contractual and other restrictions, provided that you give us reasonable notice under certain circumstances. If you notify us that you would like to withdraw your consent, if applicable, contact us at email@example.com. Please note that if you withdraw your consent, we may not be able to provide you with a particular product and/or service. We will inform you of the likely consequences of that withdrawal, such as explaining the impact to you at the time to help you with your decision (i.e. our inability to provide certain products and/or services for which that information is necessary).
5. Data Security
OneVest cannot guarantee complete confidentiality or security for information that is transmitted electronically. By accessing the Site, you acknowledge that OneVest is not responsible for any damages or losses you may suffer as a result of your electronic transmission of confidential or sensitive information to us.
Data retention, destruction & deletion of records
We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.
Under securities legislation, we are required to retain your personal information for a minimum period of 7 years from the end of its fiscal year in which the last entry was made. After this time, we will ensure that the personal information in our custody and control will be destroyed and removed from our systems, premises, etc.
Any requests to modify the retention period of specified records are subject to the express written approval of the CCO. No records may be destroyed or deleted without the prior express written consent of the CCO.
OneVest shall not delete or destroy any business records relevant to any pending or imminent litigation or government investigation, or any audit in respect of OneVest or any advisory representative or associated person, until the matter is closed or legal counsel or delegate determines that disposal of such document is appropriate and in accordance with all applicable law.
In the event that OneVest becomes aware of any client proceeding or regulatory inquiry, the CCO or legal counsel shall immediately inform all affected departments to suspend the destruction of any relevant records.
Responding to Privacy Breaches
If any OneVest employee becomes aware of an actual or suspected privacy breach, including any improper disclosure of nonpublic personal information , that employee must promptly notify the CCO or delegate. Upon becoming aware of such a breach, the CCO or delegate will investigate the situation and take the following actions, as appropriate:
Transmission of Information via the Internet
We endeavour to incorporate commercially reasonable physical, organizational, and electronic safeguards to help protect and secure your personal information, including physical, organizational, and technological safeguards. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Because of these inherent risks and possible lack of confidentiality associated with the electronic transmission of information via the Internet or otherwise, OneVest does not guarantee the security and integrity of any electronic communications sent or received in relation to this engagement. Although we do our best to protect your personal information by checking its email correspondence with anti-virus software and other security software, we cannot guarantee: (1) that transmissions will be free from infection and (2) the security of your personal information transmitted to our Site. Any transmission of personal information is at your own risk. We accept no responsibility or liability for any damages as a result of communicating by means of the internet or other electronic media or for circumvention of any privacy settings or security measures contained on the Site.
6. Other Important Information
Applicable Law and Jurisdiction for Users within Canada
Automated Decision Making
Only with your explicit consent and to enable you to purchase and/or use any of our products and/or services as required will OneVest engage any automated decision making tool or algorithm.
Complaints Handling Procedures for Privacy Issues
For more information on our complaint handling procedures for non-privacy related complaints, please refer to www.onevest.com/legal/complaint-resolution.
Compliance with Canadian Anti-Spam Legislation (“CASL”)
Compliance with CASL, which affects commercial electronic messages (“CEMs”), is important to OneVest. We will only send you CEMs if we have obtained your express opt-in consent to receive CEMs from OneVest. The CEMs that you will receive will only relate to the specific purposes for which you have granted. You may withdraw your consent and opt-out or unsubscribe from receiving CEMs at any time by following the “unsubscribe” instructions that are contained in our CEMs or that are available through our Site. All requests to unsubscribe or opt-out of receiving CEMs will be processed promptly. From time to time, we may update our Site and request that you download software, plug-ins, etc. in order to continue using our products and/or services. We will not install any software to your device without your consent.
Compliance with General Data Protection Regulation “GDPR”
GDPR is another privacy regulation set forth by the European Union (“EU”). This set of rules are created for data protection and privacy for all individuals and organizations within the EU. GDPR protects the data of any individual, regardless of their nationality, and any organization (regardless of where their headquarters are located) who has their data collected while they are within the borders of an EU country. Conversely, GDPR does not apply to the data of EU citizens if the data is collected outside of the EU’s borders.The EU member states are Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK and any individual or organization who/which transmits or shares data within these countries must comply with the GDPR. OneVest has reviewed GDPR requirements against applicable Canadian regulations and have seen an overlap between these various legislation. With this in mind, we have taken the most prudent approach by complying with the most stringent requirements that were set forth by the different privacy laws and standards applicable to us.
We are headquartered in Canada however, please be aware that information you provide to us or that we obtain as a result of your use of our products and/or services may be collected in your jurisdiction and subsequently transferred to, maintained and/or processed outside of your jurisdiction (including for residents of the province of Quebec, outside of Quebec), including another jurisdiction by us or our service providers for the purposes mentioned above, in accordance with applicable law.
Personal information processed and stored in another country by our third party service providers and agents who are not located or headquartered in Canada may be subject to disclosure or access requests by the governments, courts or law enforcement or regulatory agencies in that country according to its laws. In the United States, this means that if applicable, your personal information may be subject to U.S. disclosure obligations.
Please note that products and/or services of OneVest are only offered in jurisdictions where they may be lawfully offered for sale.
Links to Third Party Sites
Our App and Site may link to third party websites and services that we do not operate and are outside of our control. For example, ads appearing in the App or on our Site may direct you to third parties. We are not responsible for the security or privacy of any information collected by other websites or other services. We are not responsible for the products or services offered by any third parties. Please exercise caution and review the privacy statements applicable to the third party websites and services you use.
The Site is not intended for individuals under the age of majority (as specified by their province/territory of residence) without parental/guardian consent and no one under the age of majority may provide any personal information through the Site. If we learn that we have collected or received personal information from an individual under the age of majority without verification of parental consent, we will use reasonable efforts to dispose of that information in accordance with applicable laws and regulations. If you are the parent/guardian and you believe that your minor child has provided us with personal information,or we might have any information from or about an individual under the age of majority, please contact us at firstname.lastname@example.org
In cases where certain products and/or services (RESPs, etc.), the authorized parent/guardian who provides the child’s/children’s personal information are excluded from this requirement. However, if OneVest learns that the child’s/children’s personal information was illegally obtained/provided, we will investigate further and may have to place a temporary hold or perhaps close the account if there is evidence of fraud, a breach of trust or other illegal activity.
Privacy By Default
OneVest may set your privacy settings to what we believe are the highest level of confidentiality by default, without any intervention from you. However, please note that browser cookies are exempt from this “privacy by default” requirement.
Privacy Rights for Quebec Users
If you are a resident of the province of Quebec, you have the following rights in relation to your personal information:
Except in connection with permitted uses disclosed above, neither OneVest nor any of their employees or associated persons shall:
Attention: Privacy Officer (OneVest), PO Box 1145, STN Central, Calgary, AB, T2P 2K9.
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy, please contact our PO using the contact information listed above. Whichever way you elect to contact us, we may ask that you confirm and verify your identity.
*An “Affiliate” is an organization that directly or indirectly controls another entity, or has common control alongside another entity. An “Affiliate” could be a parent company or a subsidiary company. In our case, One Wealth Technologies Inc. is OneVest Management Inc.’s parent company and therefore is considered an “Affiliate”.