XpressPay Privacy Code

XpressPay has adopted the WFCU Credit Union Privacy Code for the protection of Personal Information. The Code incorporates the ten privacy protection principles set out in PIPEDA and provides additional direction to assist with ongoing management.

ACCOUNTABILITY

XpressPay is responsible for personal information under its control and has designated the Director, Compliance as the Privacy Officer who is accountable for XpressPay’s compliance with the principles of the Code.

XpressPay has developed policy, guidelines and procedures to protect personal information; receive and respond to concerns and inquiries; train staff regarding the policy, guidelines and procedures, and communicate the policy, guidelines and procedures to Members.

IDENTIFYING PURPOSES

XpressPay will communicate the purpose for which information is being collected, at or before the information is collected. XpressPay collects Member personal information for the following reasons only:

To verify a Member’s identity. To determine the suitability of the products and services for the Member or the eligibility of the Member for products and services. To develop, offer and manage products and services that meet the Member’s needs. To provide ongoing service. To detect and prevent fraud to both our Members and the credit union. To help safeguard the financial interests of the credit union and our Members. To meet legal and regulatory requirements.

CONSENT

XpressPay will obtain Member consent to collect, use or disclose any personal information except where detailed in the Privacy Code.
XpressPay will make reasonable efforts to ensure that Members understand how their personal information will be used and disclosed.

LIMITING COLLECTION

XpressPay will only collect personal information for the purposes identified, using fair and lawful means.

LIMITING USE, DISCLOSURE AND RETENTION

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the Member or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
If Member personal information is disclosed or exchanged with another party, such as a financial product or service provider, XpressPay will ensure that such party accepts and will comply with the provisions of the Privacy Code.
XpressPay shall maintain personal Member information as long as necessary to meet the identified purpose and to comply with legislated and regulatory requirements with respect to record retention.

ACCURACY

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. XpressPay relies on the Member to keep certain personal information, such as address information, is complete and up-to-date. Information shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the Member.

SAFEGUARDS

XpressPay will safeguard Member personal information by security and safeguards appropriate to the sensitivity of the information.
XpressPay will protect personal information against loss or theft as well as unauthorized access, use, copying, modification, disclosure or disposal. XpressPay will use care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

Third Parties are required to safeguard personal information disclosed to them in a manner consistent with the policy, guidelines and procedures of the Privacy Code.

OPENNESS

XpressPay shall make readily available to Members specific, understandable information about our personal information policy, guidelines and procedures.

INDIVIDUAL ACCESS

Upon written request to the Privacy Officer, a Member shall be informed of the existence, use and disclosure of their personal information and shall be given access to that information. A Member is entitled to question its accuracy, completeness and its use.

COMPLIANCE

A Member may direct questions concerning XpressPay’s compliance with the Privacy Code and its principles to XpressPay’s Privacy Officer by calling 1-888-767-9535 and asking for the Director, Compliance, or by sending an email to privacy@xpresspay.ca or by writing to the attention of the Privacy Officer, XpressPay, 3000 Marentette Avenue, Windsor, Ontario N8X 4G2.

XpressPay’s Privacy Officer is responsible for monitoring applicable legislation and ensuring that XpressPay and this Privacy Code, its policies, guidelines and procedures remain in compliance.