Skip to content

KONEK is currently in its commercial pilot release and is only available to select users if your financial institution sent you an invitation to sign up for KONEK. Stay tuned for more information as to when KONEK is available to all users.

KONEK Privacy Policy

Last Updated: October 31, 2024

At Interac Corp. (“Interac”, “we” or “us”) we respect your personal information and we take steps to ensure the proper use, protection and security of personal information placed in our care.


This Privacy Policy explains our personal information collection, use and disclosure policies and practices in connection with the KONEKTM service and associated sites (“KONEK”), in order to help you understand how we handle personal information you provide to us when you use KONEK. KONEK facilitates the simple, flexible and convenient fulfillment of e-commerce payments by allowing customers to pay for purchases made online through a website or mobile application, and pay for such purchases through their existing: (a) eligible bank accounts (which may include deposit accounts and line of credit accounts) at a Canadian financial institution participating in the KONEK service via Interac DirectTM ; (b) debit or credit cards (“cardbased payments”) through Visa, Mastercard or American Express; and (c) any other eligible payment methods. This Privacy Policy does not apply to and we are not responsible for, any third-party websites, products, or services. We urge you to carefully review the privacy practices of any third-party who you authorize to collect, receive, use, communicate, disclose or otherwise process your personal information.

Contents

To learn more about how your personal information is handled by Interac in connection with KONEK, please click through the following sections:

KONEK Privacy Policy

  1. What is personal information?
  2. What types of personal information we collect and why
  3. How we use your personal information
  4. Why we share your personal information
  5. How long we keep your personal information
  6. How we protect your personal information
  7. Your rights and choices over your personal information
  8. When we transfer your personal information
  9. Additional notices for Quebec users
  10. Updates to this Privacy Policy
  11. How to contact us

1.  What is personal information?

“Personal information” means any information, in any form, that is about an individual, who is identifiable using that information alone or in combination with other available information.   

2. What types of personal information we collect and why

We collect information about you from a variety of sources in connection with KONEK, including information provided to us by Your Financial Institution (as defined below) and participating merchants and information collected directly from you and your devices.

For clarity, Interac collects information about you on multiple occasions, over time, each time that you use KONEK to conduct a transaction. Without limiting the above, each time you use KONEK, Interac will automatically obtain an up-to-date list of accounts from Your Financial Institutions (account types and last four digits), as well as full account details for the account you select to make your payment for the particular transaction.

You should be aware that Interac relies on the accuracy of information provided to us by you, Your Financial Institution and merchants. You should take steps to ensure that such information is correct, including updating and verifying the information about you that is held by merchants and Your Financial Institution.

a. Information Collected from Your Financial Institution

When you use KONEK, you are choosing to pay for products and services using existing bank accounts and/or existing debit and credit cards that have been issued to you by one or more banks with which you have a relationship (collectively, “Your Financial Institution”). Your Financial Institution will provide us with the following information:

  • client identification number (e.g., eTransferID, FI user reference ID);
    • contact information, including full name, address, email address and phone number;
    • a list of accounts that you are authorized to use for KONEK transactions (i.e., account type and last four digits of each eligible account number);
    • full account number or payment card details (i.e., primary account number and card expiry date) for the account that you select to pay for your purchase; and
    • information about your use of other Interac products and services, including historical transactions via Interac e-Transfer® and Interac® Debit online payments, which will be used in connection with KONEK only for fraud detection and prevention, including:
      • Interace-Transfer sender names, email addresses, phone numbers (if provided) and bank account numbers;
      • Interace-Transfer recipient names, email addresses or phone numbers (or both), and bank account information;
      • Interac e-Transfer nick names and IP addresses of both senders and recipients;
      • Interace-Transfer payment amounts;
      • expiry dates of Interace-Transfer transactions;
      • names of the originating financial institutions for Interac e-Transfer;
      • current payment status of Interac e-Transfer transactions and status history of the payments;
      • unique device ID numbers; and
      • all messages associated with Interace-Transfer transactions.

Your Financial Institution may also provide us with information regarding complaints, disputes or other customer service issues related to a KONEK transaction.

For the avoidance of doubt, Interac does not receive or have access to your login credentials (username, password, etc.) for the accounts you hold with Your Financial Institution.

b. Information Collected from Merchants

We will also receive information about the products and services you purchase from participating merchants using KONEK, together with certain information about the merchant and transaction type, as follows:

  • type of product, item or service purchased (the “item”), as well as the item reference number (if applicable), item description, quantity and price (including cost of the item, currency, taxes, and any fees charged in connection with your purchase of the item);
    • transaction type (i.e., whether it is a one-time purchase or a recurring payment) together with details of recurring payments where applicable (i.e., start date, end date, frequency, day of month/week, week of month, maximum number of payments, amount, variance, capped amounts, and recurring amounts); and
    • information about the merchant from which you are making a purchase, including the merchant’s name, industry, address and URL (if available and purchase is made on a browser).

In some cases, the merchant may also provide us with

  • your name and/or address, if you have provided this information to the merchant;
    • information on shipment type, digital shipping mode, shipping cost, and placement mode (e.g., express versus standard checkout);
    • your merchant customer identification number (if any); and/or
    • the date of your last transaction with the merchant via KONEK.

Merchants may also provide us with information regarding complaints, disputes or other customer service issues related to a KONEK transaction.

For the avoidance of doubt, Interac does not receive or have access to your merchant login credentials or passwords used on merchant sites.

c. Information Collected from You Directly

You may provide us with certain information directly from time-to-time, when you update or otherwise make changes to your KONEK profile, such as when you change your contact information, add a shipping address, or select (or change) your default payment option.

d. Information Collected from Your Devices

When you use KONEK, certain information is collected automatically from the device you use for the transaction, including through cookies, pixels, web beacons, and device fingerprinting, for identity verification, authentication, and fraud prevention purposes. Such information includes:

  • device ID and type; operating system type and version, and other operating system information; browser type and version and other information about your browser; raw user agent string; and other information about the device used to access KONEK and the use of such device;
    • internet protocol (IP) address; IP latitude and longitude; and the region or general location where your computer or device is accessing the internet (country, province, city, postal code); and
    • KONEK usage data, such as the date and time when you use KONEK, number and type of transactions conducted via KONEK, time spent conducting KONEK transactions, and access status (e.g. your ability to access KONEK or receipt of an error message).

The data described above may also be used to generate aggregate statistical data, for the purposes described below under “How we use your personal information”.

KONEK also uses Google Analytics, which provides Interac with certain aggregated, statistical data regarding the demographics of KONEK users, the number of people using KONEK, user profiles, payment methods, account types, payment types and purchases (e.g., merchant and item descriptions). The data collected by Google Analytics on KONEK includes data related to your device/browser, approximate geolocation based on your IP address, session statistics, de-identified transaction details, and certain KONEK usage data such as pages viewed, time per page, links clicked, and error messages on KONEK. The aggregated statistical data provided to Interac by Google may also be derived from information that Google collects from other sources in connection with its independent business activities, including (without limitation) demographic information such as age, language and gender, location information (city, country) and other information about your interests. For more information about Google Analytics, its privacy and terms, including how to opt out from having your information collected through Google Analytics and a more fulsome description of the data collected by Google Analytics, please visit Google Privacy & Terms and Google Help Centre.

Further information on the cookies we use, and their functions can be found in our Cookie Policy.

In addition to the above, if you create a KONEK profile and choose to enable biometric authentication, Interac or its service providers will receive confirmation of identity from the device that you use to access KONEK. For clarity, neither Interac nor its service providers will receive or have access to biometric information, but rather, such information will remain only on your device and only confirmation of identity verification (or notice of failure to authenticate identity) will be transmitted to Interac.

3. How we use your personal information

We will only use your personal information to provide the KONEK services and perform related activities, and for other purposes as required or permitted by applicable law, including to:

  • process payments for goods and services from participating merchants, and other KONEK transactions, including one-time purchases, recurring payments, split shipment purchases, pre-authorized payments, and refunds;
  • operate and facilitate your use of KONEK, including to verify your identity, authenticate you, create and maintain your KONEK profile (where applicable), respond to requests received, and provide authentication process recommendations to Your Financial Institution;
  • identify and authenticate return users in order to provide a more efficient check-out process;
  • tokenize payment information for security purposes;
  • prevent and detect fraud, unauthorized transactions, and otherwise protect you and other users of our products, services and websites from fraud and other wrongful or illegal activities, claims and other liabilities;
  • carry out our obligations that may arise from any agreements we have entered into with you, Your Financial Institution or relevant Payment Networks;
  • contact and correspond with you including (without limitation) emailing you to confirm your email address and sending communications regarding your KONEK profile (e.g., security alerts), where applicable;
  • investigate complaints, disputes or other customer service issues related to a KONEK transaction that you submit to Your Financial Institution or a merchant;
  • manage risk exposure with respect to the integrity and security of KONEK and our other products, including (without limitation) to help diagnose problems with our server, administer the KONEK website, analyze trends, prevent and detect attacks on our website or attempts at fraud;
  • comply with legal and regulatory requirements;
  • manage our business needs, such as monitoring, analyzing, testing and improving our products and services, KONEK performance and functionality, and the performance and functionality of our infrastructure; and
  • generate aggregate statistical data that will then be used to evaluate, improve and market KONEK, including to monitor and improve the utility, security, content, and user experience for KONEK users, and to develop additional products, services and content. Without limiting the above, anonymized and aggregated data may be used for the purposes of assembling statistical reporting for our participating financial institutions and governmental authorities, conducting market research respecting our products and services, and compiling statistical analysis of the behaviour of KONEK users or groups of users. For clarity, this aggregated data will not be used for specific targeted advertisements to you.

Without limiting the above, we compile, analyze and combine different categories of data that we collect from all of the sources described in this Privacy Policy for the purposes of risk assessments and to provide authentication recommendations to Your Financial Institution, as well as to detect and prevent fraud. We may also use information collected in connection with KONEK to detect and prevent fraud across other Interac products and services (e.g., Interac e-Transfer), as well as to develop, maintain, and enhance our centralized fraud system.

In particular, KONEK uses technology that includes functions that allow you to be located, identified, and profiled for fraud purposes. This technology is activated when you consent to the collection, use and disclosure of your personal information in accordance with the KONEK Cookie Policy and Privacy Agreement, and will then be active whenever you use KONEK unless and until you withdraw your consent. Google Analytics may also use technology that includes functions allowing you to be located or profiled, which are activated when you visit a website that uses Google Analytics.  In addition, KONEK makes fraud and transaction approval decisions based exclusively on automated processing of information.

Interac will obtain your consent to collect, use or disclose your personal information for any purpose other than those described above, except where your consent is not required by applicable law.

4. Why we share your personal information

All of the information that we collect about you will be shared with Your Financial Institution, which is ultimately responsible for deciding whether to approve your KONEK transaction. In addition, certain information is shared with merchants to confirm your transaction and facilitate shipping of your products and communications with you. When you choose to make a card-based payment, , certain information is also shared with the relevant Payment Network.

We may also share your information with Your Financial Institution, merchants, or other third parties (such as Acquirers) for the purpose of assisting in the investigation and resolution of complaints, disputes or customer service requests that you have submitted to such third parties, which relate to a KONEK transaction.

Information disclosed to third parties will be outside Interac’s control and will be handled in accordance with the third party’s own privacy policies and procedures, which may differ from Interac’s. If you have questions about how Your Financial Institution, a Payment Network or a merchant will handle your personal information, you should contact them directly.

a. Financial Institutions

KONEK facilitates payments from existing accounts that you hold with Your Financial Institution. Accordingly, Your Financial Institution will receive or have access to all the information that is collected or received by Interac in connection with KONEK.

More particularly, when you select a financial institution from a list of available options to conduct a transaction using KONEK, Interac will share with that institution the information that it collects from merchants, your devices, and service providers in connection with that transaction (as described above under “What types of personal information we collect and why”).

Interac shares this information with Your Financial Institution for the primary purpose of allowing it to evaluate and facilitate processing of your transaction, including to confirm sufficient funds in your account, process payments, and detect and prevent fraud and other wrongful or illegal activities. However, Your Financial Institution may use your personal information for other purposes in accordance with its own policies and practices. We are not responsible for the actions or omissions of Your Financial Institution, including for any use or disclosure of your personal information (or failure to protect your personal information) by Your Financial Institution. As noted above, if you have questions about how Your Financial Institution will handle your personal information, you should contact them directly.

b. Participating Merchants

We will share your shipping address, email address and phone number with the merchant from which you make a purchase. We will also share information with merchants relevant to confirming and facilitating processing of your transaction, such as confirming consent for online checkout and approval for recurring transactions and providing payment token reference data.

Interac shares this information with merchants for the primary purpose of allowing merchants to complete your purchase, calculate shipping costs, ship your products, and communicate with you about your purchase. However, information disclosed to merchants is outside Interac’s control. We are not responsible for the actions or omissions of merchants, including for any use or disclosure of your personal information (or failure to protect your personal information) by a merchant. As noted above, if you have questions about how a merchant will handle your personal information, you should contact them directly.

c. Service Providers

We need the help of our service providers to be able to offer KONEK. We share your personal information with our service providers who perform services for the purposes described in this Privacy Policy. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and require these service providers by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require them to safeguard the security and confidentiality of the personal information they process on our behalf.

In particular, we use service providers to facilitate identity verification and biometric authentication, as well as for data analytics and fraud analysis. We do not share any personal information that we collect from you, merchants, or Your Financial Institution with these service providers. However, they collect information from your devices in connection with providing their services to Interac. We also use third party data centers and customer service support, as well as third party software for event logging, IP traffic interception and network security.

d. Additional disclosures in connection with card-based payments

In addition, if you choose to make a card-based payment, your payment card details (i.e., Primary Account Number (PAN) and card expiry date) and associated information, and in some cases your email address, will be provided to token aggregators who will share your information with the relevant Payment Network – i.e., Mastercard, Visa or AMEX (“Payment Network”). The Payment Network will then share the information with the card issuer. The sharing of your information with these parties is required in order to tokenize your payment card details, for security purposes. However, information shared with Payment Networks and payment card issuers is outside Interac’s control. We are not responsible for the actions or omissions of Payment Networks or card issuers, including for any use or disclosure of your personal information (or failure to protect your personal information) by a Payment Network or card issuer. If you have questions about how a Payment Network or issuer will handle your personal information, you should contact them directly.

e. Fraud Investigations

To the extent permitted by applicable law, we disclose information that we, in good faith, believe is appropriate in investigations of fraud or other wrongful or illegal activity or to conduct investigations of violations of the terms and conditions for using our products and services. At our sole discretion, subject to any legal restrictions, we may report suspicious activity relating to fraud or other wrongful or illegal activities (in cooperation with Your Financial Institution) to the appropriate legal authorities, to our participating financial institutions and other third parties. For example, we may report suspicious activities where we believe those activities could result in physical harm or financial loss to any person. We may also report activities that we view as a pattern of fraudulent, wrongful or illegal behaviour. We also exchange certain information with Your Financial Institution to allow each of us to establish whether any particular transaction, or series of transactions, needs to be reported as required by applicable law.

f. Business Transfers

We may be involved in the sale, transfer or reorganization of some or all of our business at some time in the future. As part of that sale, transfer or reorganization, we may disclose your personal information to the acquiring organization, but will take any measures required by applicable law in connection with such disclosures.

g. Required or Permitted by Law; Dispute Resolution

We may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information, or where we are permitted to do so pursuant to applicable law and have reasonable grounds to believe the information could be useful in the investigation of unlawful activity, or to legal authorities, government officials or third parties where necessary to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. We may also disclose your personal information in order to comply with court rules and regulations regarding the provision of records and information or as otherwise permitted or required by law.

We may also disclose your personal information to other third parties (such as Acquirers) for the purpose of assisting with the investigation or resolution of complaints, disputes or other customer service issues related to KONEK transactions.

5. How long we keep your personal information

Your personal information is retained for as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Policy and in order to comply with Interac’s legal or regulatory obligations. When determining the retention period, we consider factors including the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact if we delete some information about you, mandatory retention periods, and statutory limitation periods. As always, once archived, your personal information is kept secure.

In particular, without limiting the above, your KONEK profile information (i.e., name, address, phone number, email address and default account for KONEK transactions) will be irrevocably deleted 12 months after you delete your KONEK profile or after 12 months of inactivity, if earlier.

6. How we protect your personal information

We take precautions to protect your personal information against unauthorized access, disclosure, inappropriate alteration, and misuse. We maintain appropriate physical, technological, organizational and administrative safeguards to help protect your personal information. We update and test our security technology, standards and processes on an ongoing basis.

Transmission methods used to transfer information over the Internet, or methods of electronic storage, are not 100% secure. Although we implement measures to protect your personal information, we cannot fully ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We cannot guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of our safeguards. In particular, we cannot eliminate the risk of unauthorized transactions, especially if: (a) you use KONEK on a public, work or shared device, (b) you share your KONEK profile or financial account login credentials (“Login Credentials”) with another person; or (c) an unauthorized person obtains access to your personal device or your Login Credentials.

You play a valuable part in security. After you have finished using KONEK, you should log out and exit your browser to prevent unauthorized users from returning to your online session. If you are accessing KONEK via a mobile device, you should ensure that your device’s privacy settings are set in accordance with your privacy preferences. If you believe your personal information has been compromised or that someone has improperly used or provided information to Interac about you that you did not authorize, please contact us as set out in this Privacy Policy.

7. Your rights and choices over your personal information

Under certain circumstances and in accordance with applicable privacy laws, you are entitled to certain rights over your own personal information, as listed below. Please refer to section 11, “How to contact us”, to exercise these rights.

  • Right of Access: You have the right to be informed of the existence, use and disclosure of your personal information by us, including a listing of the third-party organizations with whom the information has been shared. You can also access your information and may be entitled to receive a copy of your information.
  • Right to challenge accuracy: You have the right to challenge the accuracy, completeness and currency of your personal information in our possession.
  • Right to rectification of Errors: When you demonstrate the inaccuracy or incompleteness of your personal information held by us, we must correct the inaccuracies and/or add a notation to the information, as appropriate.
  • Right to limit use of personal information: As a condition of providing you access to KONEK we cannot require that you allow us to process your personal information beyond that which is required to fulfil the explicitly specified and legitimate purposes.
  • Right to withdraw consent: You have the right to withdraw consent at any time, subject to certain requirements and limitations under applicable law. We must inform you of the implications of such withdrawal.
  • Right to make a complaint: You have the right to be able to address data protection issues with our Privacy Office and you also have the right to make a complaint to the relevant data protection authority such as the Office of the Privacy Commissioner of Canada.

There are some exceptions to these rights. For example, without limitation, some information may not be accessed or deleted if it contains personal information of other persons or if we are required by law to keep it. In addition, you may have other rights pursuant to applicable laws in the province or territory where you are located, including in connection with automated processing of your personal information and/or automated decision-making.

If you wish to exercise your rights described above or require further information regarding your rights or circumstances that may limit the rights you can exercise, please contact us as set out in this Privacy Policy.

8. When we transfer your personal information

Some of the information you provide to us may be shared with our service providers that are located outside of Canada. Such service providers are subject to contractual requirements and restrictions governing their processing of personal information, including obligations to safeguard the security and confidentiality of such personal information. Google Analytics data may also be collected, processed and stored outside Canada. You should be aware that information that is transferred or stored outside Canada may be accessible to courts, law enforcement and national authorities in other countries.

9. Additional notices for Quebec users

Your information may be communicated outside Quebec. More particularly, most of your information will be kept in Ontario, and if you choose to make card-based payments, your payment card details will be transferred to the United States. Some of our service providers that collect information about you in connection with their services are also located in the United States. Google Analytics data may also be communicated to other provinces and countries.

Your information will be accessible to Interac’s customer service, fraud operations, and fraud and data analytics teams, who have a need to access such information to perform their duties. In addition, certain insights derived from your information will be available to other Interac personnel.

You may find more information regarding the roles and responsibilities of Interac personnel with respect to personal information at Roles and Responsibilities of Interac Personnel Throughout the Lifecycle of Personal Information.

10. Updates to this Privacy Policy

Interac may review this Privacy Policy periodically to reflect changes in privacy regulations and in our practices. We will post a prominent notice of any relevant and material changes to this Privacy Policy when they occur and indicate when the Privacy Policy was most recently updated. We will obtain consent to any material changes to how we collect, use, share or otherwise process your personal information when required by applicable law.

11. How to contact us

At Interac, the person in charge of the protection of personal information is Rebecca Ma, Chief Privacy and Compliance Officer.

In the event that you:

  • Have any questions about this Privacy Policy, our privacy policies or practices, or about the collection or handling of your personal information in connection with KONEK (including if you have questions about the collection, use, disclosure or storage of your personal information by our service providers outside Canada, or want to obtain written information about such service providers);
  • Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
  • Want to access, update, or correct your personal information, or exercise any other rights you may have under applicable laws; or
  • Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,

please feel free to contact our Privacy Office by email at [email protected], or write to us at:

Privacy Office Interac Corp.

Royal Bank Plaza, North Tower, P.O. Box 45 200 Bay Street, Suite 2400

Toronto, Ontario M5J 2J1 Canada

More information regarding the process for making inquiries or complaints with respect to your personal information can be found at Process for Handling Inquiries and Complaints.

You may also contact the Office of the Privacy Commissioner of Canada to resolve your privacy concern:

30 Victoria Street
Gatineau, Quebec
K1A 1H3
Toll-free: 1-800-282-1376

Online: https://www.priv.gc.ca/en/report-a-concern/

Copyright © 2024, Interac Corp. All rights reserved.

Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.

Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1

®,™: Trademark of Interac Corp.