Scotiabank Privacy Agreement
Scotiabank recognizes the importance of your personal information and we never take for granted the trust that you - as a client or a business partner - have placed in us to protect that information.
Scotiabank values transparency. With this Privacy Agreement, along with our Digital Privacy and Interest-Based Advertising Policy, we are striving to provide you with a good understanding of why we collect and use your personal information, how your information is shared, retained and protected, and how you can exercise your personal choices. We will also explain how you can find out what personal information we hold about you. When you apply or sign-up for a product or service that requires further explanation about how we use your personal information, we will explain that to you.
Some of our affiliates and subsidiaries have their own privacy policies, but where that is not the case, this Privacy Agreement and our Digital Privacy and Interest-Based Advertising Policy apply to The Bank of Nova Scotia and the current and newly acquired members of the Scotiabank group of companies or any Scotiabank programs in Canada (“Scotiabank” or “we” or “us”).
We have established a privacy framework that sets out the structure and accountability for the secure and respectful treatment of personal information. Our privacy framework is overseen by a dedicated Privacy Office, led by our Global Privacy Officer. You can contact our Global Privacy Officer using the contact information at the end of this Privacy Agreement.
“Personal information” generally means any information that can be used, either alone or in combination with other information, to identify an individual. This includes information such as your name, mailing address, e-mail address, telephone number, or any other contact details. It may also include other types of more technical information, but only when this information can identify you as an individual, such as your IP address, the device you use to access our website or app and details on your usage of our website or app. Information that is anonymized and cannot be associated with an identifiable individual is not considered to be personal information.
We collect and use personal information to establish and manage our banking relationship with you, provide you with personalized products and services, manage our business, and comply with legal and regulatory requirements. We will give you some examples to explain each one of these purposes.
To establish and manage our banking relationship
We collect and use personal information to establish and maintain our relationship and provide you with the products and services you have requested.
We need to confirm who you are and verify the information you have provided to us: We will ask for your name, address, telephone numbers (including mobile), email address, and date of birth, and may ask for other forms of identification such as a valid driver’s license, passport or a recent utility bill. We may also ask for certain biometric information, like a fingerprint or a voiceprint to securely verify your identity. We may ask you for your SIN to confirm your identity and ensure we obtain accurate information from credit reporting agencies. Providing your SIN for these identity verification purposes is optional. To withdraw your consent for the use of your SIN for identity verification purposes, you may contact us under “How to refuse or withdraw your consent” as set out below. For corporate clients, we need to collect the signing officers’ names and other personal details.
We need to assess your eligibility and suitability for our products and services: When you apply for a product like a bank account, credit card, line of credit, mortgage, automotive financing or investment product, or agree to act as a guarantor, we may ask about your credit and payment history, education, employment, annual income, assets and liabilities. We may need information about how you intend to use the product or service and the source of any incoming funds or assets or the source of any down payment.
- We need to communicate with you: We may communicate with you by phone, fax, mail, email, SMS text message or other electronic means to provide you with information related to the products and services you hold with us, or to collect on a debt owed to us. You can also choose to sign-up to receive alerts (including push notifications) regarding your account, in addition to electronic alerts we may send you to comply with regulatory requirements.
We may need information about related parties to establish and manage our banking relationship with you: In some circumstances, we may need information about your spouse, legal guardian, beneficiaries or personal representatives.
We may need certain credit-related information: We obtain credit and other information about you from credit reporting agencies on an on-going basis. We use this information to assess your application, verify your identity and your current and ongoing creditworthiness, update our records, help us to determine your eligibility for other products and services (such as pre-approved credit products, credit limit increases and balance transfer offers), to manage and assess our risks and to help us help you manage your credit responsibly. Your consent is effective for as long as you have the product or service with Scotiabank. The information we obtain from credit reporting agencies may include the types and amounts of credit advanced to you, payment histories, collection actions, legal proceedings, previous bankruptcies and other information reported by your creditors.
We obtain your credit information from the following credit reporting agencies; you can contact them to access or rectify, or to obtain a copy of your credit report:
Equifax Canada Inc.: https://www.equifax.ca
TransUnion Canada Inc.: https://www.transunion.ca
- We may need additional information for insurance services: When you apply for or accept insurance offered by us (such as mortgage, line of credit, credit card, or loan protection, life or travel insurance), we collect additional personal information. We and our insurance providers require this personal information to assess insurance risk and to establish and administer the insurance coverage, including the assessment of claims. For certain insurance products and services, we may ask for some health information.
To provide you with personalized products and services
We collect and use personal information to provide you with personalized products and services and information about products and services that may be of interest to you.
We collect and use information to personalize your experience with us, including: to better understand your needs and preferences including through data analytics; to personalize your experience on our websites and mobile applications; to provide you with tailored communications and offers.
We collect and use information to provide you with marketing communications: We may contact you by phone, fax, mail, email, SMS text message or other electronic means about new products and services, offers, events and promotions. Our communications may be tailored based on information that we have about you. If you do not wish to receive these communications, you can withdraw your consent at any time by following the instructions under “How to update your marketing choices” below.
If you sign-up to receive electronic messages (such as emails and SMS text messages) from the Scotiabank group of companies, we will each send you communications about our products and services, offers, events, and other valuable information. We may also send you information about the products and services of Scotiabank’s trusted partners that may be of interest to you.
Scotiabank is present on social media platforms, such as Facebook, Instagram, and X (Twitter). When you interact with our social media accounts, for example, if you “like” our page or make comments, we may collect certain information about you, such as any information you may provide in the comments you publish on our account page and the direct messages you send us. The information we collect depends on what these social media platforms share with us based on the privacy settings you have selected. We suggest you consult the privacy policies of these social media platforms to learn more.
We may also use services provided by third-party platforms (such as social networking and other websites) to serve relevant Scotiabank advertisements on such platforms to you and others. We may provide a de-identified version of your email address to the platform provider for such purposes. To opt-out of the use of your information for these purposes, you can unsubscribe from receiving email marketing communications by following the instructions under “How to update your marketing choices” below.
- We collect and use information when you participate in a contest, survey, or promotion: If you participate in a contest, survey or promotion, we may collect your name, address, phone number, email address, and other information or responses you provide. We use this information to administer your participation in the contest or promotion and as otherwise described to you when you enter. The information obtained through our surveys is used in an aggregated form, unless you provide us with your consent. We use this information to help us understand our clients and to improve our products and services. If a contest or promotion is administered by a third party (such as a loyalty program partner), we may share information with the third party as described to you at the time of entry into the contest or promotion.
To manage our business
We collect and use personal information to operate and manage our business and business relationships.
We collect and use information to prevent and detect fraud and criminal activity and secure our premises: We may ask you for any additional information required to investigate matters, settle any claim or report a matter to the appropriate authorities. We also conduct video surveillance in and around branches, bank machines and other locations for the purpose of safeguarding our clients and employees and protecting against theft, fraud and vandalism.
We collect and use information when you contact us: We record telephone calls for training and quality assurance purposes. We will tell you when we are recording a call.
We collect and use cheque images provided via our Mobile Banking app (the front and back of deposited cheques).
We collect and use information to collect debts, enforce obligations and to manage and assess risk.
We collect and use information to manage our business relationships: For example, we collect personal information from employees or other representatives of our suppliers and contractors that is necessary for them to do business with us.
We use and analyze the information we collect to better understand our clients, improve our products and services, and to prevent and detect fraud.
To comply with legal and regulatory requirements
We are required to collect and use personal information to meet legal and regulatory requirements.
We collect and use personal information that may be required for anti-money laundering and “know your client” requirements and other applicable legal or regulatory requirements.
We also need to collect, use and disclose your SIN for income tax reporting purposes and to fulfil other regulatory requirements, as required by law.
The way we analyze your personal information may involve automated decisions. That is, we may process your personal information using software that can evaluate your personal circumstances and other factors to address risks or outcomes. We may use such methods to make decisions about you relating to credit checks, identity and address checks, monitoring your account for fraud or other financial crime, or for other reasons that we’ll disclose to you. We may use automated decision making if it’s necessary for us to provide you with a particular product (for example, we may use it to decide on the types of services that are suitable for you), to prevent fraud or financial crime, or if it’s reasonable to ensure that we’re treating our clients fairly.
Scotiabank may share your personal information with third parties for the purposes described below.
- We may share information with members of the Scotiabank Group of companies: We may share personal information with members of the Scotiabank group of companies who provide operational, administrative and support services on our behalf, to meet legal and regulatory obligations, for fraud prevention purposes, and to perform analytics.
Members of the Scotiabank group of companies may be located outside of your province of residence or outside of Canada and may access and process your personal information from the United States or other jurisdictions. For a list of Scotiabank’s principal affiliates and subsidiaries enterprise-wide, please refer to the most recent Annual Report.
We may share your personal information with other members of the Scotiabank group of companies so that they may contact you for the purposes of marketing, including telemarketing, or to help you manage your credit responsibly. You can withdraw your consent to the disclosure of your personal information to other Scotiabank companies for marketing at any time. See “How to update your marketing choices” for more information.
We may share information with our service providers: We may use third party service providers to process or handle personal information on our behalf. Our service providers assist us with various services such as printing, postal and electronic mail distribution, marketing (including by telephone and electronic means), advertising, analytics, client service, and processing, authorizing and authenticating your transactions.
We also provide personal information to credit or payment card networks and associations to administer the payment card system. We may also share information with merchants with whom you have set up pre-authorized or automatic bill payments, in which case we may provide your updated payment card number or expiry date.
When personal information is provided to our service providers, we will require them to protect the information in a manner that is consistent with Scotiabank privacy and security policies, practices and standards.
Some of our service providers are located outside of your province of residence or outside of Canada and your personal information may be accessed or processed in the United States or other jurisdictions.
- We may share information with our loyalty, reward or program partners: We may offer products and services with trusted business partners, such as through the Scene+ points program, or automotive manufacturers and dealers as part of our automotive financing business. In the event we collect, use and disclose personal information in connection with a partner program, we will tell you this at the time you sign-up for the program. For more information, see the terms that govern your participation in the program.
We may share information with other trusted business partners: We may share information with our partners for marketing or other servicing purposes. For example, if you sign-up to receive communications from our trusted business partners, we share your personal information with our trusted partners so that they may contact you for the purposes of marketing, including telemarketing. You can withdraw your consent to the disclosure of your personal information with these partners at any time. See “How to update your marketing choices” below for more information.
We may share information with credit reporting agencies: We exchange personal information with consumer and credit reporting agencies on an ongoing basis, including information about late payments, missed payments or other defaults.
We may share information with your joint account holders, representatives, executors and beneficiaries: We share personal information with joint account holders or representatives (such as a legal guardian, power of attorney or lawyer). Joint account holders will each have access to all of the account history and transaction details for the account. We may also share personal information with your (or your joint account holder’s) estate representatives or beneficiaries where reasonably necessary to administer the estate.
We may share information with third parties in connection with a prospective business transaction: If we sell a company or a portion of the business or assets of a Scotiabank company, or in the event we sell, assign or securitize your loan, mortgage or other debt, we may provide information we hold about you to the prospective purchaser or investor. The personal information we disclose in such circumstances may include financial information obtained in support of your loan, mortgage or other debt.
We may share information to meet legal requirements: Scotiabank and our Canadian, US and foreign service providers may disclose personal information where we are required or permitted to do so by applicable law. This may be:
to other organizations for the purposes of investigating a breach of an agreement or contravention of law or to detect, suppress or prevent fraud;
to establish, exercise or defend legal claims;
to protect the rights, property and safety of Scotiabank and others;
to courts, law enforcement and regulatory authorities in the jurisdictions in which we or our service providers operate, including to respond to a local or foreign court order, search warrant or other demand or request which we believe to be valid;
to comply with the rules of production of a local or foreign court; and
to satisfy legal and regulatory requirements that we believe are applicable to us, including the requirements of any self-regulatory organizations to which we belong.
We may share information relating to mortgage products: If you have a mortgage account with us, we may share information about you, including credit information and the amount of your mortgage, to mortgage insurers for the purposes of offering and administering mortgage insurance, or to a creditor where you are in default of an obligation to that creditor.
We may share information relating to insurance services: We may exchange personal information (including health information) with hospitals and health care professionals, government insurance plans, other insurance companies and insurance service bureaus.
We may share information in accordance with your requests or as you otherwise consent. In some cases, your consent may be “implied”, meaning that your agreement is assumed based on your action or inaction at the point of processing your personal data. You may withdraw your consent to our collection, use or disclosure of your personal information under “How to refuse or withdraw your consent” as set out below.
We have implemented measures designed to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, and disclosure.
We restrict access to personal information to employees and authorized service providers who require access to fulfil their job requirements.
We may keep and use information about you in our records for as long as it is needed for the purposes described above, or to otherwise meet our legal obligations, even if you are no longer a client.
When you fill out an application through any of our online portals, your progress is automatically saved as a draft for 30 days. This means if you can't complete a form or need to switch devices, you don’t have to start over the next time you open the form. After that period, however, the information you entered will be deleted.
We require accurate, complete and up-to-date records to provide our products and services, and we have implemented processes to help ensure this.
We also rely on you to provide us with information that is true and complete. If any personal information changes or becomes inaccurate or out of date, please advise us using the contact information set out below so we can update our records.
You can refuse to consent to our collection, use or disclosure of personal information, or you may withdraw your consent to our further collection, use or disclosure of your personal information at any time by giving us reasonable notice, subject to limited exceptions. This includes withdrawing your consent for Scotiabank to use your SIN to verify credit information to confirm your identity.
If you wish to withdraw consent, you may do so at any time by contacting the branch or office with which you are dealing or by calling us toll-free at the telephone numbers listed below. You can also contact the Escalated Customer Concerns Office as set out at the end of this Privacy Agreement.
Scotiabank 1-800-4SCOTIA
ScotiaMcLeod, Scotiatrust and Private Investment Counsel 1-866-437-4990
Scotia Wealth Insurance Services 1-800-986-5458
Scotia Insurance 1-866-725-0428
Scotia iTRADE® 1-888-872-3388
Depending on the circumstances, your withdrawal of consent may prevent us from providing you, or continuing to provide you, with some products and services, the ability to access certain products and services, or information that may be of value to you.
In addition, we may have legal, regulatory or contractual obligations to collect, use or disclose certain of your personal information, in which case you may not withdraw your consent. For example, during the term of a loan, you may not withdraw your consent to our ongoing collection, use or disclosure of your personal information in connection with the loan you have with us or have guaranteed.
You also cannot refuse to consent to our collection, use and disclosure of personal information required by our regulators, including self-regulatory organizations.
We will act on your instructions as quickly as possible but there may be certain uses of your information that we may not be able to stop immediately.
You can update your marketing communication preferences at any time by contacting the branch or office you deal with or call us toll free at 1-800-4SCOTIA.
You can also withdraw your consent to receive specific types of communications as set out below:
- To opt-out of email communications, click on the “unsubscribe” link included in each of our communications or click here for The Bank of Nova Scotia in Canada or here for Scotiabank Global Wealth Management senders.
- To opt-out of receiving SMS text messages, respond to any message by texting “STOP”.
- You may also adjust your InfoAlert settings within our mobile app or the Scotiabank OnLine portal (note we may still send you electronic alerts to comply with regulatory requirements).
- To manage preferences regarding interest-based advertising, see our Digital Privacy and Interest-Based Advertising Policy.
- To opt-out of the sharing of your personal information with trusted partners or members of the Scotiabank group of companies, contact us using the contact information set out above.
- To opt-out of direct mail and phone marketing communications, contact us using the contact information set out above.
You may continue to receive certain types of communications, including electronic messages or offers from Scotiabank, even after you have withdrawn your consent or unsubscribed to emails. For example, messages sent from the Scotiabank OnLine portal, messages sent in response to specific inquiries, messages to satisfy a legal obligation or for debt collection purposes or to enforce or provide you with notice of an existing or pending right. In addition, if you visit your advisor at the branch or contact us by telephone, online (including through the Scotiabank Online portal) or visit an ABM, we may make certain offers to you.
You can request to access or update the personal information we hold about you. Much of this information is already accessible by you, for example: through your account statements; by visiting the branch or office where you regularly do business; by accessing your account online; or through the Customer Contact Centre. However, to access any other personal information about you, please send request in writing to the Escalated Customer Concerns Office using the contact information included at the end of this Agreement.
To process your request, we may ask you for information to validate your identity and confirm the scope of your request, such as your branch and account number, and clarification on the specific information or time period you are requesting.
We may not be able to provide you with access to your personal information in certain circumstances, such as where your request includes personal information about a third party that cannot be removed, or when the information you are requesting is protected by legal privilege.
Scotiabank may charge you a nominal access fee depending on the nature of your request. We will advise you of the fee, if any, prior to proceeding with your request.
If you have a sensory disability, you may request that your personal information be made available in an alternative format.
We may amend this Agreement from time to time to reflect changes in our personal information practices. We will post the revised Agreement on our website and make it available at our branches.
We may also notify you of any changes to this Agreement in any of the following ways:
- A notice prominently displayed at all Scotiabank ATMs;
- An announcement through an automated telephone message or a digital channel such as a mobile app;
- A notice on the Scotiabank website or your Scotia OnLine portal;
- A notice in our branches; or
- A notice in your monthly statement.
We have established and implemented governance policies and procedures approved by the Global Privacy Officer and owned by the Enterprise Privacy Office regarding personal information to ensure its protection. These documents provide a framework for the retention and destruction of the information, define the roles and responsibilities of personnel, and provide a process for responding to inquiries regarding the protection of the information. A list of the policies and procedures is below:
1. Privacy Risk Management Framework - Provides an overview of the key governance components for the oversight and management of Privacy Risk. Serves as an overarching framework for material elements of Privacy Risk management activities and is a source document to which all other Privacy Risk policies and procedures are aligned.
2. Privacy Risk Management Policy - Provides a description of the general policies and principles applicable to Privacy Risk Management. It is part of the effective management and mitigation of Privacy Risk.
3. Roles and Responsibilities Matrix of the Privacy Risk Management Program - This tool identifies roles and responsibilities associated with tasks.
4. Access to Personal Information Procedures – Sets out the framework for handling access requests and requests to amend personal information pursuant to applicable laws. The Procedures are part of the Privacy Risk Management Program.
5. Privacy Case Management Tool Governance Procedures – A privacy case management tool is a system used to track privacy-related incidents in a centralized location and to report that data to the relevant personnel. The governance procedures outline the structure and process for decision-making, accountability, and control relating to the relevant privacy-related incidents tracked by the tool.
6. Guidelines for Use of PII in Digital Initiatives - Provides an overview of the privacy implications that must be considered when devising a digital initiative involving personal information. These Guidelines assist employees to distinguish between permissible and impermissible uses of personal information.
7. Incident & Breach Management Procedures – Provides steps for handling Privacy Concerns that impact the Bank and its clients, employees or other individuals.
8. Privacy Impact Assessment Procedures - Outlines the processes involved to complete a Privacy Impact Assessment. These Procedures are part of the Bank’s Privacy Risk Management Program.
9. Employee Privacy Policy - Sets out how the Bank collects, uses, discloses and otherwise manages personal information of its employees while administering and managing the employment relationship.
10. Enterprise Records Management Policy—Establishes foundational principles applied across the Bank to facilitate the creation, retrieval, use, maintenance, retention, and disposition of records in a manner consistent with the Bank’s business priorities and applicable legal and regulatory requirements.
For more information on how we protect your information, please refer to our Cyber Security and Fraud Hub and Code of Conduct
If you have an inquiry about Scotiabank's privacy practices or how we and our service providers treat your personal information, please contact the branch or office you deal with or call us toll free at 1-800-472-6842. If your branch or office is not able to resolve your concern to your satisfaction, you can contact the Privacy Office c/o Escalated Customer Concerns Office:
Telephone: 1-877-700-0043
Email: escalatedconcerns@scotiabank.com
Letter: Privacy Office c/o Escalated Customer Concerns Office, Scotiabank
44 King Street West
Toronto ON M5H 1H1
Scotiabank has policies and procedures to receive, investigate, and respond to your privacy complaints and questions. We will investigate all complaints we receive and if we find a complaint justified, we will try to resolve it.
If you are not satisfied, you may file a complaint with the Office of the Privacy Commissioner of Canada:
30, Victoria Street
Gatineau, Quebec
K1A 1H3
Toll-free: 1-800-282-1376
Phone: (819) 994-5444
TTY: (819) 994-6591
www.priv.gc.ca
Quebec Residents Only / Résidents du Québec seulement: You acknowledge that the French and English versions of this agreement were remitted to you. You expressly request and agree to be bound exclusively by the English version of this agreement and that all related documents, including any notices, be drafted in English only. Vous reconnaissez que les versions française et anglaise de cette convention vous ont été remises. Vous demandez et acceptez expressément d'être lié exclusivement par la version anglaise de cette convention et que tous les documents qui s’y rattachent, y compris tous avis, soient rédigés en anglais seulement.