Privacy Agreement

Effective Date: 1 July 2026

1. Who We Are and How to Contact Us

Our organization is made up of:

  • Equitable Bank,
  • Equitable Trust,
  • Concentra Bank,
  • Concentra Trust,
  • President’s Choice Bank, and,
  • PC Financial Insurance Agency Inc. and PC Financial Insurance Broker Inc. (“PC Insurance”)

(collectively, “EQB”, “we”, “us”, or “our”).

EQ Bank is a trade name of Equitable Bank,

We are accountable for the Personal Information under our control. We have appointed a Chief Privacy Officer (CPO) to oversee our privacy program and ensure our compliance with applicable privacy laws and regulations.

If you have any questions or complaints about how we handle your Personal Information, please contact the Chief Privacy Officer at:

EQ Bank / Equitable Bank / Equitable Trust / Concentra Bank / Concentra Trust/ President's Choice Bank/ PC Insurance — Privacy Office
EQ Bank Tower, 2200-25 Ontario Street, Toronto, Ontario M5A 0Y9
Tel: (416) 515-7000 | Toll Free: 1-866-407-0004
Email: privacyoffice@eqbank.ca

2. Scope of this Notice

This Privacy Notice (“Notice”) applies to Personal Information collected from customers, prospective customers, applicants, guarantors, joint accountholders, powers of attorney, estate representatives, and other individuals who interact with our products and services—including our websites, mobile applications, and online banking. This Notice does not apply to information about employees, contractors, or applicants for employment.

3. Key Definitions

Personal Information” means information about an identifiable individual, including information that identifies you or could reasonably be associated with you.

you” and “your” means each customer, prospective customer, guarantor, power of attorney, or other individual whose Personal Information is governed by this Notice.

4. When and How We Collect Personal Information

We collect Personal Information throughout the prospective customer, applicant and customer lifecycle, including:

  • Directly from you, when you communicate with us (e.g., by mail, email, and over the telephone), visit our in-person locations, apply for a product or service with us, use our products and service and interact with us digitally;
  • From third parties such as credit reporting agencies, payment networks, mortgage insurers, employers, public registries, identity verification and fraud prevention providers, payment networks, loyalty partners, analytics providers, advertising partners, insurance information bureaus, from the insurance companies that underwrite the insurance products available to you, and provincial government bodies that regulate transportation for insurance-related products;
  • Electronically, when you interact with our websites, email, mobile applications, social media accounts, online advertising, or through third party technologies; and
  • In person, using technologies present at our in-person locations, including video surveillance and other types of technologies.

5. What Personal Information We Collect

We limit the personal information we collect about you to what is reasonably necessary to fulfill the purpose for which it is collected. Depending on the products and services from us you use, some examples of Personal Information we collect include, but are not limited to:

  • Identity Information: name, date of birth, addresses, email, phone number, occupation, employer, marital status, and government-issued identification;
  • Authentication and Security Information: usernames, passwords or passcodes, knowledge-based credentials, device identifiers, cookies, multi-factor authentication data;
  • Communications and Support Information: call recordings, emails, chats, and correspondence with us (for training, quality, security, and dispute resolution);
  • Device and Online Activity Information: browser type, device model, IP address and approximate physical location, app settings, and device usage/interaction data;
  • Financial Information: account numbers, balances, payment history, credit limits, credit scores and credit reports, income, assets, liabilities, and employment information;
  • Transactional Information: purchases, refunds, merchant names and locations, amounts, dates, methods of payment, and other transaction metadata associated with products you use from us and our partners; and
  • Insurance Information: current and previous home and/or auto insurance coverage (including claims history), driving record, driver’s license number, vehicle identification number; and information collected through your interactions with our products and services.

The information we collect may include your Personal Information, as well as the Personal Information of other individuals, such as those who may also be covered by insurance (for example, your spouse or dependents). If you provide us with Personal Information about another individual, please ensure that you have their knowledge and consent to do so. By submitting this information, you confirm that you are authorized to provide it and that the individual has consented to its collection, use, and disclosure for the purposes described in this Notice.

5.1 Social Insurance Number (SIN)

We collect, use, and disclose your SIN when required by law (for example, for income tax reporting on interest-bearing products). If we request your SIN for other products or services, providing it is optional. When provided, we may use your SIN to match, verify, and report information to credit reporting agencies and to help distinguish you from other customers, which supports the accuracy and integrity of your information. We may also use your SIN to retrieve anonymized credit reporting information to develop and improve our financial and credit risk models, including after you are no longer a customer. When we request your SIN for optional purposes you may choose not to provide it; however, you may not refuse or withdraw consent for uses required by law.

5.2 Biometric Information

We may collect biometric information (e.g., facial geometry, voiceprints, or fingerprints) to verify your identity, prevent fraud, or enhance account security.

5.3 Personal Information About Minors (Ages 12-Age of Majority)

We may collect personal information about minors (ages 12 to the age of majority) only when reasonable, necessary, and proportionate to provide a requested product or service, support account operation, meet legal or regulatory obligations, or otherwise comply with applicable law. We may obtain express (explicit) consent from a parent or legal guardian where required or appropriate, or from a minor who has the capacity to reasonably understand the nature, purpose, and consequences of the processing. We may not use certain minors’ personal information for unrelated purposes, for profiling, or for automated decision‑making that may significantly impact a minor without clear justification and explicit consent. Parents/guardians (and, where appropriate, the minor) may request access, correction, withdrawal of consent (subject to legal or contractual limits), and deletion where information is no longer required.

6. How We Use Personal Information

We use Personal Information to:

  • Provide you with quotes, determine your eligibility, and process your application for a product or service;
  • Validate your contact and other personal information, including through third party providers;
  • Assess credit risk and creditworthiness at the time of application and on an ongoing basis;
  • Create, administer and maintain your accounts;
  • Assist underwriters to assess risk, determine pricing and issue policies for insurance products;
  • Verify your identity and authenticate access to prevent fraud;
  • Communicate with you, including providing you with statements, information and updates about our products and services; responding to your inquiries; and taking or verifying instructions from you;
  • Process and/or investigate purchases, refunds, disputes, claims, and other transactions;
  • Facilitate your enrolment in and use of payment tools and other services provided by our partner(s), such as payment networks and wallet providers;
  • Meet legal, regulatory, audit, and risk management obligations;
  • Protect you, your accounts, and other third parties from errors and fraud;
  • Improve and develop our products, services, websites, and mobile applications;
  • Collect debts and enforce our terms, including curing defaults and working with collection agencies, law firms, and other third parties;
  • Develop and maintain our financial and credit risk models and policies;
  • Provide marketing and offers, promotions and contests, including interest‑based advertisements for our products and services;
  • Conduct market research by tracking and analyzing current or previously collected information; and
  • Conduct data analytics or research for business purposes. This includes understanding customer needs and preferences and measuring the effectiveness of our marketing.

When we use your Personal Information for analytical, modelling or research purposes, wherever possible, we use aggregated, anonymized or de-identified information and minimize the risk of re-identification.

7. Interest-Based Advertising and Media

We may use cookies, pixels, software development kits, and similar technologies to understand your interactions with our websites and apps and to present advertisements that may be more relevant to you.

8. Automated Decision-Making (ADM)

We use automated tools and processes to help provide our products and services, manage our operations, and protect against fraud and security risks. In some cases, decisions may be fully automated (for example, certain aspects of processing credit applications, assessing credit risk, or fraud monitoring). When we make a decision about you that is based solely on automated processing and that produces legal or similarly significant effects, we may notify you of the automated nature of the decision and provide you with a way to contact us learn more about the automated decision where required by law.

9. How We Share Personal Information

We share Personal Information as permitted or required by law. We do not sell your Personal Information, except if we sell or transfer a part of our business.

9.1 With Other People

If you use a product or service that involves another person (e.g. a joint bank account, or a credit card with an authorized user), we may share your personal information with that person as necessary and in connection with that product or service. We will identify the information shared with or available to those other persons at the time you apply for or request that product or service.

9.2 Within Our Group of Companies

We may share Personal Information within our corporate group for operational purposes described in this Notice and in accordance with applicable law. We will share detailed financial information within the group only where necessary to provide services, with your consent, or as required or permitted by law.

9.3 With Service Providers

We use service providers to support our business operations, technology systems, internal procedures, infrastructure, marketing, risk management, and analytics, as well as to help us meet our legal and regulatory obligations. These providers assist with services such as card and statement production and delivery, communications, customer service, fraud prevention, analytics, advertising and media, payment processing, identity verification, data storage, audit, legal, collections, payments, and other services. We require service providers to limit their access and use of Personal Information to what is required to provide their services, and to maintain appropriate administrative, technical, and physical safeguards that are proportionate to the sensitivity of the information.

9.4 With Our Partners and Third Parties

We disclose Personal Information to third parties:

  • With credit reporting agencies, to verify your identity, confirm eligibility for a product or service or to process transactions, and to detect and prevent fraud. For example, we may share identity and financial information with credit reporting agencies both during the application process and on an ongoing basis to assess and update your identify and credit-worthiness, make decisions about whether to approve (or pre-approve) you for certain products and features, and to maintain the integrity of the credit reporting system;
  • With loyalty and benefits partners, to facilitate your enrolment and participation in third party loyalty and other benefits programs associated with the products and services we provide to you. This may include identity, contact and transactional information shared to operate the program (link or create accounts, issue points, redeem rewards), analyze program data to understand member behaviour, measure effectiveness and improve the program, and tailor marketing, promotions, and offers to you;
  • For insurance products, with underwriting insurance companies to obtain quotes, issue and administer policies, assess risk, and determine pricing for insurance products. We may also share information with governmental agencies or other companies for the purpose of assisting in fraud investigations or in preventing fraudulent activities related to insurance claims;
  • With collections agencies, originating brokers, subsequent mortgages and other third parties, if a credit facility you hold with us (or that you have guaranteed) is in default, or if an unauthorized overdraft occurs, as necessary to assist in collecting the debt. The information we share may include identity, contact and financial information and is limited what is reasonably necessary to facilitate collection;
  • With payment networks, to operate and analyze the payments systems associated with the products and services we offer, detect and prevent fraud, and develop and improve the network and related products and services;
  • With providers of third party services (such as online payment tools, digital wallet providers, account linking services and identity verification services), including device and online activity information, to facilitate your enrolment in these services, operate these services, make improvements, and manage fraud and security.

These third parties often have their own privacy policies and terms and conditions, which govern their collect and use of your Personal Information. You will be informed upon signing up for the relevant product or service of the third-party arrangement, so that you can review the relevant privacy policies that apply.

9.5 Regulatory, Legal, Fraud, and Safety

We may share information with regulators, law enforcement, courts, and other parties as required or permitted by law. We may also share information where we believe you may be a victim of fraud, financial abuse, or other illegal activity, or where we reasonably believe your interests can best be served by taking action. We may share information with appropriate authorities, your next of kin, or other appropriate parties to protect your interests.

9.6 Business Transactions

We may transfer Personal Information as part of a sale, assignment, or other transfer of all or part of our business or assets (including sales of mortgages). Our successors and assigns may use the information for similar purposes as those described in this Notice.

9.7 Other Permitted Reasons

In some cases, Canadian law permits the sharing or disclosure of Personal Information without consent. These include where sharing or disclosure is necessary to protect our employees, customers, or others (such as investigating and preventing suspected or actual illegal activities, including fraud, or assisting government and law enforcement agencies). If this happens, we will not share more Personal Information than is reasonably required to fulfill that particular purpose.

9.8 With Your Consent

Other than the purposes listed above, we may, with your implied or express consent, share or disclose your personal information outside of our group of companies, in accordance with applicable law.

10. How We Manage Consent

Your consent can be withdrawn at any time, except in limited circumstances, including where withdrawal of consent is restricted by legal or regulatory requirements or as a result of your contractual obligations with us.

If you choose not to provide us with certain personal information or if you withdraw your consent, where such withdrawal is available, we may not be able to provide you with the products, services, offers, promotions, or information that you requested or that could otherwise be provided to you.

11. Your Privacy Choices

There are several options available for you to manage your privacy preferences:

  • If you have an account with us, you can update your preferences where customer preference options are available through the relevant product or service, such as via our online banking platform or mobile applications;
  • You can opt-out of receiving marketing communications, promotions, and surveys by email or SMS, by clicking “unsubscribe” within any marketing email you receive, texting “STOP” within any SMS marketing you receive, or through your online account (if you have one).

If you have opted out of receiving marketing communications from us, we may still contact you for transactional purposes, in compliance with applicable laws (e.g., for customer service, product information, service or reminder notices).

12. Cookies and Online Tracking

We use cookies and similar technologies to enhance site functionality and security, support login sessions, measure performance, and show relevant advertisements. You can manage or delete many of these technologies at any time through your browser or device settings. You can also adjust your advertising preferences with certain third parties, such as Google, through their own opt-out tools.

13. How We Protect Personal Information

We take the security of your Personal Information seriously and are committed to protecting your privacy using a variety of methods.

13.1 Safeguards

We apply administrative, technical, and physical safeguards designed to protect Personal Information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Safeguards we use are commensurate with the sensitivity of the information and are periodically reviewed and enhanced in line with industry practices and regulatory requirements. These safeguards also apply when we dispose of or destroy your Personal Information.

Examples of safeguards we may use, where appropriate, include but are not limited to:

  • Passkeys, a secure authentication mechanism that is bound to your device;
  • Multi-Factor Authentication, which is a method of confirming your identity by using more than one way to authenticate you;
  • Personal Identification Numbers (PINs) and passwords, unique access codes that are kept private and confidential; and
  • Techniques designed to protect Personal Information in transit and at rest, including masking, de-identification, anonymization, and encryption.

13.2 Data Governance

We maintain policies and practices which ensure the protection of your personal information. Depending on the volume and sensitivity of the information, the purposes for which it is used and the format in which it is stored, we implement a combination of measures to protect your personal information, including:

  • Internal policies and procedures that govern our privacy and Personal Information handling practices, including responding to privacy complaints or inquiries, investigating potential incidents and Personal Information retention and destruction;
  • A designated Chief Privacy Officer to monitor our compliance with applicable laws;
  • Regular employee privacy and security training; and
  • Contractual protections and other measures to ensure that services providers with whom we share personal information maintain adequate privacy protections and standards.

13.3 Cross-Border Transfers and Safeguards

Your Personal Information may be stored, processed or accessed in jurisdictions outside Canada. Such jurisdictions currently include, but are not limited to, the United States, the European Union, the United Kingdom, India, South Africa and the Philippines. Such information may be accessible to law enforcement and national security authorities under local laws. When we engage a service provider that operates outside of your province, territory or Canada, Personal Information may be subject to the law of the jurisdiction in which it is used or stored, including any law permitting or requiring disclosure of the information to the government, government agencies, courts, and law enforcement in that jurisdiction.

14. Retention of Personal Information

We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. When information is no longer required, we securely delete it, anonymize it, or de-identify it in accordance with our retention and records management schedules. Please note that if your Personal Information is collected by a third party, it will be retained in accordance with the privacy policies and records retention requirements of that third party.

15. Your Rights

Under Canadian law, and subject to legal and contractual restrictions, you may request:

  • Access to your Personal Information.
  • Correction of inaccurate or incomplete information.
  • Deletion of Personal Information where permitted by law.
  • Withdrawal of consent to further use or disclosure (for example, for marketing) where consent is the basis for processing.
  • Updates to your marketing and interest-based advertising preferences.

To exercise your rights, contact our Chief Privacy Officer using the contact details above.

16. Questions and Complaints

If we are unable to resolve your concern, you may have the right to contact the Office of the Privacy Commissioner of Canada (OPC) or your applicable provincial privacy regulator.

17. Updates to this Notice

We may update this Notice to reflect changes in our practices, legal or regulatory requirements, or technological developments. Updated versions will be posted on our website. Where changes are material, we will provide additional notice or seek consent where required. If you do not agree to the changes in our policy, it is your responsibility to stop using our products and services.

18. Language (Quebec)

For Québec residents only: You acknowledge and agree that you have first been presented with and have examined the French version of this Notice, and that you then have expressly requested that this Notice, and all related documents including notices, be drawn up in the English language and that you wish to and agree to be bound by the English version of this Notice. Vous reconnaissez et convenez que la version française de la présente politique vous a d’abord été présentée et que vous l’avez examinée, et que vous avez ensuite expressément demandé que la présente politique et tous les documents connexes, y compris les avis, soient rédigés en anglais et que vous souhaitez être lié par la version anglaise des présentes et que vous acceptez de l’être.