KONEK™ is currently undergoing beta testing and is available by invitation-only at this time. Stay tuned for more information as to when KONEK is available to all users.
At Interac Corp. (“Interac”, “we” or “us”) we respect your personal information and we take steps to ensure the proper use, protection and security of personal information placed in our care.
To learn more about how your personal information is handled by Interac in connection with KONEK, please click through the following sections:
- What types of personal information we collect and why
- How we use your personal information
- Why we share your personal information
- How long we keep your personal information
- How we protect your personal information
- Your rights and choices over your personal information
- When we transfer your personal information
- Additional notices for Quebec users
- Updates to this Privacy Notice
- How to contact us
1. What types of personal information we collect and why
We collect information about you from a variety of sources in connection with KONEK, including information provided to us by Your Financial Institution (as defined below) and participating merchants and information collected directly from you and your devices.
For clarity, Interac collects information about you on multiple occasions, over time, each time that you use KONEK to conduct a transaction. Without limiting the above, each time you use KONEK, Interac will automatically obtain an up-to-date list of accounts from Your Financial Institutions (account types and last four digits), as well as full account details for the account you select to make your payment for the particular transaction.
You should be aware that Interac relies on the accuracy of information provided to us by you, Your Financial Institution and merchants. You should take steps to ensure that such information is correct, including updating and verifying the information about you that is held by merchants and Your Financial Institution.
a. Information Collected from Your Financial Institution.
When you use KONEK, you are choosing to pay for products and services using existing bank accounts and/or existing credit cards that have been issued to you by one or more banks with which you have a relationship (collectively, “Your Financial Institution”). Your Financial Institution will provide us with the following information:
- client identification number (e.g., eTransferID, FI user reference ID);
- contact information, including full name, address, email address and phone number;
- a list of accounts that you are authorized to use for KONEK transactions (i.e., account type and last four digits of each eligible account number);full account number or payment card details (i.e., primary account number and card expiry date) for the account that you select to pay for your purchase; and
- information about your use of other Interac products and services, including historical transactions via Interac e-Transfer and Interac Online Payments, which will be used in connection with KONEK only for fraud detection and prevention, including: Interac e-Transfer sender names, email addresses, phone numbers (if provided) and bank account numbers; Interac e-Transfer recipient names, email addresses or phone numbers (or both), and bank account information; Interac e-Transfer nick names and IP addresses of both senders and recipients; Interac e-Transfer payment amounts; expiry dates of the Interac e-Transfer transactions; names of the originating financial institutions for Interac e-Transfers; current payment status of Interac e-Transfers and status history of the payments; unique device ID numbers; and all messages associated with Interac e-Transfers).
Your Financial Institution may also provide us with information regarding complaints, disputes or other customer service issues related to a KONEK transaction.
For the avoidance of doubt, Interac does not receive or have access to your login credentials (username, password, etc.) for the accounts your hold with Your Financial Institution.
b. Information Collected from Merchants.
We will also receive information about the products and services you purchase from participating merchants using KONEK, together with certain information about the merchant and transaction type, as follows:
- type of product, item or service purchased (the “item”), as well as the item reference number (if applicable), item description, quantity and price (including cost of the item, currency, taxes, and any fees charged in connection with your purchase of the item);
- transaction type (i.e., whether it is a one-time purchase or a recurring payment) together with details of recurring payments where applicable (i.e., start date, end date, frequency, day of month/week, week of month, maximum number of payments, amount, variance, capped amounts, and recurring amounts); and
- information about the merchant from which you are making a purchase, including the merchant’s name, industry, address and URL (if available and purchase is made on a browser).
In some cases, the merchant may also provide us with
- your name and/or address, if you have provided this information to the merchant;
- information on shipment type, digital shipping mode, shipping cost, and placement mode (e.g., express versus standard checkout);
- your merchant customer identification number (if any); and/or
- the date of your last transaction with the merchant via KONEK.
Merchants may also provide us with information regarding complaints, disputes or other customer service issues related to a KONEK transaction.
For the avoidance of doubt, Interac does not receive or have access to your merchant login credentials or passwords used on merchant sites.
c. Information Collected from You Directly.
You may provide us with certain information directly from time-to-time, when you update or otherwise make changes to your KONEK profile, such as when you change your contact information, add a shipping addresses, or select (or change) your default payment option.
When you use KONEK, certain information is collected automatically from the device you use for the transaction, including through cookies, web beacons, and device fingerprinting, for identity verification, authentication, and fraud prevention purposes. Such information includes:
- device ID and type; operating system type and version, and other operating system information; browser type and version and other information about your browser; raw user agent string; and other information about the device used to access KONEK and the use of such device;
- internet protocol (IP) address; IP latitude and longitude; and the region or general location where your computer or device is accessing the internet (country, province, city, postal code); and
- KONEK usage data, such as the date and time when you use KONEK, number and type of transactions conducted via KONEK, time spent conducting KONEK transactions, and access status (e.g. your ability to access KONEK or receipt of an error message).
The data described above may also be used to generate aggregate statistical data, for the purposes described below under “How we use your personal information”.
Further information on the cookies we use, and their functions can be found in our Cookie Notice.
In addition to the above, if you create a KONEK profile and choose to enable biometric authentication, Interac or its service providers will receive confirmation of identity from the device that you use to access KONEK. For clarity, neither Interac nor its service providers will receive or have access to biometric information, but rather, such information will remain only on your device and only confirmation of identity verification (or notice of failure to authenticate identity) will be transmitted to Interac.
We will only use your personal information to provide the KONEK services and perform related activities, and for other purposes as required or permitted by applicable law, including to:
- process payments for goods and services from participating merchants, and other KONEK transactions, including one-time purchases, recurring payments, split shipment purchases, pre-authorized payments, and refunds;
- operate and facilitate your use of KONEK, including to verify your identity, authenticate you, create and maintain your KONEK profile (where applicable), respond to requests received, and provide authentication process recommendations to Your Financial Institution;
- identify and authenticate return users in order to provide a more efficient check-out process;
- tokenize payment information for security purposes;
- prevent and detect fraud, unauthorized transactions, and otherwise protect you and other users of our products, services and websites from fraud and other wrongful or illegal activities, claims and other liabilities;
- carry out our obligations that may arise from any agreements we have entered into with you, Your Financial Institution or relevant Payment Networks;
- contact and correspond with you including (without limitation) emailing you to confirm your email address and sending communications regarding your KONEK profile (e.g., security alerts), where applicable;
- investigate complaints, disputes or other customer service issues related to a KONEK transaction that you submit to Your Financial Institution or a merchant;
- manage risk exposure with respect to the integrity and security of KONEK and our other products, including (without limitation) to help diagnose problems with our server, administer the KONEK website, analyze trends, prevent and detect attacks on our website or attempts at fraud;
- comply with legal and regulatory requirements;
- manage our business needs, such as monitoring, analyzing, testing and improving our products and services, KONEK performance and functionality, and the performance and functionality of our infrastructure; and
- generate aggregate statistical data that will then be used to evaluate, improve and market KONEK, including to monitor and improve the utility, security, content, and user experience for KONEK users, and to develop additional products, services and content. Without limiting the above, anonymized and aggregated data may be used for the purposes of assembling statistical reporting for our participating financial institutions and governmental authorities, conducting market research respecting our products and services, and compiling statistical analysis of the behaviour of KONEK users or groups of users. For clarity, this aggregated data will not be used for specific targeted advertisements to you.
In particular, KONEK uses technology that includes functions that allow you to be located, identified, and profiled for fraud purposes. This technology is activated when you consent to the collection, use and disclosure of your personal information in accordance with this KONEK Privacy Notice, and will then be active whenever you use KONEK unless and until you withdraw your consent. In addition, KONEK makes fraud and transaction approval decisions based exclusively on automated processing of information.
Interac will obtain your consent to collect, use or disclose your personal information for any purpose other than those described above, except where your consent is not required by applicable law.
3. Why we share your personal information
All of the information that we collect about you will be shared with Your Financial Institution, which is ultimately responsible for deciding whether to approve your KONEK transaction. In addition, certain information is shared with merchants to confirm your transaction and facilitate shipping of your products and communications with you. When you use Interac Card-Based Payments, certain information is also shared with the relevant Payment Network.
We may also share your information with Your Financial Institution, Merchants, or other third parties (such as Acquirers) for the purpose of assisting in the investigation and resolution of complaints, disputes or customer service requests that you have submitted to such third parties, which relate to a KONEK transaction.
Information disclosed to third parties will be outside Interac’s control and will be handled in accordance with the third party’s own privacy policies and procedures, which may differ from Interac’s. If you have questions about how Your Financial Institution, a Payment Network or a merchant will handle your personal information, you should contact them directly.
a. Financial Institutions
KONEK facilitates payments from existing accounts that you hold with Your Financial Institution. Accordingly, Your Financial Institution will receive or have access to all the information that is collected or received by Interac in connection with KONEK.
More particularly, when you select a financial institution from a list of available options to conduct a transaction using KONEK, Interac will share with that institution the information that it collects from merchants, your devices, and service providers in connection with that transaction (as described above under “What types of information we collect and why”).
Interac shares this information with Your Financial Institution for the primary purpose of allowing it to evaluate and facilitate processing of your transaction, including to confirm sufficient funds in your account, process payments, and detect and prevent fraud and other wrongful or illegal activities. However, Your Financial Institution may use your personal information for other purposes in accordance with its own policies and practices. We are not responsible for the actions or omissions of Your Financial Institution, including for any use or disclosure of your personal information (or failure to protect your personal information) by Your Financial Institution. As noted above, if you have questions about how Your Financial Institution will handle your personal information, you should contact them directly.
b. Participating merchants
We will share your shipping address, email address and phone number with the merchant from which you make a purchase. We will also share information with merchants relevant to confirming and facilitating processing of your transaction, such as confirming consent for online checkout and approval for recurring transactions and providing payment token reference data.
Interac shares this information with merchants for the primary purpose of allowing merchants to complete your purchase, calculate shipping costs, ship your products, and communicate with you about your purchase. However, information disclosed to merchants is outside Interac’s control. We are not responsible for the actions or omissions of merchants, including for any use or disclosure of your personal information (or failure to protect your personal information) by a merchant. As noted above, if you have questions about how a merchant will handle your personal information, you should contact them directly.
c. Service providers
In particular, we use service providers to facilitate identity verification and biometric authentication, as well as for fraud analysis. We do not share any personal information that we collect from you, merchants, or Your Financial Institution with these service providers. However, they collect information from your devices in connection with providing their services to Interac. We also use third party data centers and customer service support, as well as third party software for event logging, IP traffic interception and network security.
d. Additional disclosures in connection with Interac Card-Based Payments
In addition, if you choose to make a card-based payment , your payment card details (i.e., PAN and card expiry date) and associated information, and in some cases your email address, will be provided to token aggregators who will share your information with the relevant Payment Network – i.e., Mastercard, Visa or AMEX (“Payment Network”). The Payment Network will then share the information with the card issuer. The sharing of your information with these parties is required in order to tokenize your payment card details, for security purposes. However, information shared with Payment Networks and payment card issuers is outside Interac’s control. We are not responsible for the actions or omissions of Payment Networks or card issuers, including for any use or disclosure of your personal information (or failure to protect your personal information) by a Payment Network or card issuer. If you have questions about how a Payment Network or issuer will handle your personal information, you should contact them directly.
e. Fraud Investigations
To the extent permitted by applicable law, we disclose information that we, in good faith, believe is appropriate in investigations of fraud or other wrongful or illegal activity or to conduct investigations of violations of the terms and conditions for using our products and services. At our sole discretion, subject to any legal restrictions, we may report suspicious activity relating to fraud or other wrongful or illegal activities (in cooperation with Your Financial Institution) to the appropriate legal authorities, to our participating financial institutions and other third parties. For example, we may report suspicious activities where we believe those activities could result in physical harm or financial loss to any person. We may also report activities that we view as a pattern of fraudulent, wrongful or illegal behaviour. We also exchange certain information with Your Financial Institution to allow each of us to establish whether any particular transaction, or series of transactions, needs to be reported as required by applicable law.
f. Business transfers
We may be involved in the sale, transfer or reorganization of some or all of our business at some time in the future. As part of that sale, transfer or reorganization, we may disclose your personal information to the acquiring organization, but will take any measures required by applicable law in connection with such disclosures.
g. Required or permitted by law; dispute resolution
We may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information, or where we are permitted to do so pursuant to applicable law and have reasonable grounds to believe the information could be useful in the investigation of unlawful activity, or to legal authorities, government officials or third parties where necessary to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. We may also disclose your personal information in order to comply with court rules and regulations regarding the provision of records and information or as otherwise permitted or required by law.
We may also disclose your personal information to other third parties (such as Acquirers) for the purpose of assisting with the investigation or resolution of complaints, disputes or other customer service issues related to KONEK transactions.
4. How long we keep your personal information
In particular, without limiting the above, your KONEK profile information (i.e., name, address, phone number, email address and default account for KONEK transactions) will be irrevocably deleted 12 months after you delete your KONEK profile or after 12 months of inactivity, if earlier.
5. How we protect your personal information
We take precautions to protect your personal information against unauthorized access, disclosure, inappropriate alteration, and misuse. We maintain appropriate physical, technological, organizational and administrative safeguards to help protect your personal information. We update and test our security technology, standards and processes on an ongoing basis.
Transmission methods used to transfer information over the Internet, or methods of electronic storage, are not 100% secure. Although we implement measures to protect your personal information, we cannot fully ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We cannot guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of our safeguards. In particular, we cannot eliminate the risk of unauthorized transactions, especially if: (a) you use KONEK on a public, work or shared device, (b) you share your KONEK profile or financial account login credentials (“Login Credentials”) with another person; or (c) an unauthorized person obtains access to your personal device or your Login Credentials.
6. Your rights and choices over your personal information
Under certain circumstances and in accordance with applicable privacy laws, you are entitled to certain rights over your own personal information, as listed below. Please refer to section 10, “How to contact us”, to exercise these rights.
- Right of access – You have the right to be informed of the existence, use and disclosure of your personal information by us, including a listing of the third-party organisations with whom the information has been shared. You can also access your information and may be entitled to receive a copy of your information.
- Right to challenge accuracy – You have the right to challenge the accuracy, completeness and currency of your personal information in our possession.
- Right to rectification of errors – When you demonstrate the inaccuracy or incompleteness of your personal information held by us, we must correct the inaccuracies and/or add a notation to the information, as appropriate.
- Right to limit use of personal information – As a condition of providing you access to KONEK we cannot require that you allow us to process your personal information beyond that which is required to fulfil the explicitly specified and legitimate purposes.
- Right to withdraw consent – You are able to withdraw consent at any time, subject to certain requirements and limitations under applicable law. We must inform you of the implications of such withdrawal.
- Right to make a complaint – You have the right to be able to address data protection issues with our Data Privacy Office and you also have the right to make a complaint to the relevant data protection authority.
There are some exceptions to these rights. For example, without limitation, some information may not be accessed or deleted if it contains personal information of other persons or if we are required by law to keep it. In addition, you may have other rights pursuant to applicable laws in the province or territory where you are located, including in connection with automated processing of your personal information and/or automated decision-making.
7. When we transfer your personal information
Some of the information you provide to us may be shared with our service providers that are located outside of Canada. Such service providers are subject to contractual requirements and restrictions governing their processing of personal information, including obligations to safeguard the security and confidentiality of such personal information. However, you should be aware that information that is transferred or stored outside Canada may be accessible to courts, law enforcement and national authorities in other countries.
8. Additional notices for Quebec users
Your information may be communicated outside Quebec. More particularly, most of your information will be kept in Ontario, and if you choose Interac Card-Based Payments, your payment card details will be transferred to the United States. Some of our service providers that collect information about you in connection with their services are also located in the United States.
Your information will be accessible to Interac’s customer service, fraud operations, and fraud analytics teams, who have a need to access such information to perform their duties. In addition, certain insights derived from your information will be available to other Interac personnel. You may find more information regarding the roles and responsibilities of Interac personnel with respect to personal information at Roles and Responsibilities of Interac Personnel Throughout the Lifecycle of Personal Information.
9. Updates to this Privacy Notice
10. How to contact us
At Interac, the person in charge of the protection of personal information is Conni Gibson, Chief Legal Officer and Corporate Secretary.
In the event that you:
- Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
- Want to access, update, or correct your personal information, or exercise any other rights you may have under applicable laws; or
- Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,
please feel free to contact our Data Privacy Office by email at [email protected], or write to us at:
Data Privacy Office Interac Corp.
Royal Bank Plaza, North Tower, P.O. Box 45 200 Bay Street, Suite 2400
Toronto, Ontario M5J 2J1 Canada
You may also find more information regarding the process for making inquiries or complaints with respect to your personal information at Process for Handling Inquiries and Complaints.
Copyright © 2023, Interac Corp. All rights reserved.
Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.
Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1
®,™: Trade-mark of Interac Corp.