MCAP PRIVACY CODE – OUR COMMITMENT TO YOU
MCAP’s Privacy Philosophy
The MCAP Group is committed to fairly and lawfully collecting and maintaining accurate personal information and to protecting the confidentiality of all personal information that we collect, retain, use, or disclose to others during our business activities.
Our Continuing Commitment To You
ProProtecting the privacy and confidentiality of personal information has always been fundamental to the way we do business at MCAP. We strive to meet or exceed all the privacy standards established by federal, provincial and industry authorities in all our dealings with past, current, and prospective customers.
We Live By It – Everyday
As a condition of their continuing employment, every MCAP employee annually signs a declaration acknowledging th
Every MCAP employee annually signs a declaration acknowledging their agreement to be bound by the MCAP Code of Business Conduct, which includes references to this MCAP Privacy Code (the “Code“) and a confidentiality section obligating them to maintain the confidentiality of information both during and after their employment with MCAP.
MCAP has a Chief Privacy Officer (“CPO”) and has established a complaints procedure to ensure compliance with this Code.
Do You Have Questions Or Concerns?
If you have privacy questions, concerns, or complaints, we want them to be answered as quickly as possible and ask that you follow, in order, the following three steps.
Talk to a Customer Service Agent. They can usually handle most questions or concerns immediately over the phone. All pertinent numbers and email addresses can be found on our “Contact Us” page on our website or by following this link.
If the Customer Service Agent is unable to resolve the matter to your satisfaction, advise them that you wish the matter to be reviewed by the department manager who will contact you to resolve the issue. You may be asked to put your concern or complaint in writing.
If you are still not satisfied, contact MCAP’s CPO at:
Mark Adams – Chief Privacy Officer
Email: [email protected]
Suite # 400 200 King Street West
Toronto, ON M5H 3T4
If the above steps fail to resolve your concern to your satisfaction, you may submit your issue to the Privacy Commissioner of Canada, who you may contact at any time in this process, by writing to:
The Privacy Commissioner of Canada
30 Victoria Street Gatineau, Quebec K1A 1H3
Or by telephone, toll free, at 1 800 282 1376 or by TTY at 1 819 994 6591
What Is In This Code?
This Code has been developed to meet the standards set out in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and similar provincial legislation. The Code describes the principles MCAP will use This Code has been developed to meet the standards set out in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and similar applicable provincial legislation. The Code describes the principles MCAP will use to protect the privacy of personal information we possess about our clients and establishes ethical and fair information management practices with respect to personal information collected, used, or disclosed by the MCAP Group. The Code informs customers and borrowers, and our investors and business associates, how personal information is handled within the MCAP Group.
Application Of This Code
This Code applies to all MCAP directors, officers, and employees with respect to any personal information in the This Code applies to all MCAP directors, officers, and employees with respect to any personal information in the possession or control of MCAP Commercial LP or any of its affiliates, including, without limitation, MCAP Commercial LP’s general partner, 4223667 Canada Inc., MCAP Financial Limited Partnership, its general partner, MCAP Financial Corporation, MCAP Service Limited Partnership, its general partner MCAP Service Corporation, Paradigm Quest Limited Partnership, its general partner Paradigm Quest Inc., MCAP Leasing Limited Partnership, its general partner, MCAP Leasing Inc., MCAP Securities Limited Partnership, and its general partner, MCAP Corporation. Reference throughout this Code to “MCAP”, “the MCAP Group”, “we”, “our” and “us” includes all of the above entities.
MCAP’s Relationships With Other Investors / Lenders
MCAP is in the business of providing various financial services to its customers. This includes originating, underwriting, and funding mortgage loans or leases to borrowers, primarily with monies provided to MCAP from institutional lenders/investors, who contract for MCAP to provide those services and to administer, manage, and collect payments on those loans or leases on their behalf and to report to them on the status of those financial assets.
The vastThese institutional lenders/investors include federally regulated financial institutions such as banks and insurance companies, provincially regulated credit unions, mortgage investment corporations, and publicly traded companies. Given our requirement to report to these institutional investors/lenders, MCAP discloses various personal information relating to the loans to them. This is why our documentation, such as our applications and commitment letters, contain your acknowledgement and consent to so disclose.
The Reasonable Person Approach and MCAP’s Privacy Principles
Privacy is a sensitive topic. Many Canadians have raised concerns about the privacy of their personal information. At MCAP we strive to understand what customers, clients and investors deem to be reasonable and then apply the principles in this Code in accordance with PIPEDA.
MMCAP endorses and has adopted the privacy principals described in Schedule 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) These privacy principles embody sound and prudent information management practices. These practices will provide the necessary assurances that personal information obtained and utilized by MCAP in the course of its business activities will be accurate, held in confidence and be retained in a secure environment.
Below is a brief summary of how MCAP adheres to the PIPEDA privacy principles.
Principle 1 — Accountability
MCAP takes responsibility for protecting and maintaining personal information under its control and has appointed a CPO to ensure compliance with these principles and PIPEDA.
Principle 2 — Identifying the Purposes for Collecting Personal Information
MCAP will identify and disclose the reasons for which personal information is collected and used by MCAP at or before the time the information is collected.
Principle 3 — Consent
MCAP will obtain an individual’s informed consent for the collection, use or disclosure of personal information by MCAP, except as otherwise required or permitted by law.
Principle 4 — Limits to the Collection of Personal Information
MCAP will limit the amount and type of personal information collected to what is necessary for its intended purposes. Personal information will be collected by fair and lawful means.
Principle 5 — Limits to the Use, Disclosure and Retention of Personal Information
MCAP will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information will be retained only as long as it is necessary to fulfill those purposes.
Principle 6 — Accuracy
To minimize the possibility of inappropriate information being considered in its decision-making processes, MCAP will keep personal information as accurate, complete, and up-to-date as necessary for its intended purposes. To ensure accuracy we request that you provide us with any changes to your personal information, including your contact information, as soon as possible.
Principle 7 — Safety & Security
MCAP maintains appropriate safeguards to protect personal information from loss or theft, unauthorized access, disclosure, copying, use or modification regardless of the format in which it is retained.
Principle 8 — Openness
MCAP will inform its customers, clients and employees about its policies and procedures regarding the management of personal information. MCAP will ensure that these policies and procedures are easily understood and readily available.
Principle 9 — Individual Access
Upon request, MCAP will inform an individual of the existence, use and disclosure of his or her personal information and will provide the individual access to that information to verify and or update its accuracy and completeness.
Principle 10 — Handling Inquiries
An individual will be able to direct an issue or concern regarding compliance with the above principles, or MCAP’s practices to MCAP’s CPO or to other accountable employees.
What Information Does MCAP Collect?
MCAP collects only the information that is needed for or related to the business purpose or product being requested.
MCAP primarily obtains personal information about you, such as your name, address, employment information, from you and your mortgage broker. MCAP may also obtain additional personal information from other sources with your consent. For example, when you apply for a mortgage, MCAP asks you to authorize us to obtain a credit bureau report on you (if you have not already so authorized your mortgage broker), and to collect and verify your personal information with the credit bureau, credit insurers, your employer, personal references, and other lenders. If you do not authorize us to obtain your credit bureau report, and to verify your personal information, our standard lending practices may not allow us to provide you with a positive response to your mortgage application.
Why and What Type of Personal Information Is Collected?
MCAP wants to work with you to help you achieve your goals, to provide you with value-added service on an ongoing bMCAP wants to work with you to help you achieve your goals, to provide you with value-added service on an ongoing basis, and to establish a lasting relationship with you as your needs grow and change. The better MCAP knows you, the better we can serve you. MCAP therefore asks you for your personal information for the following purposes:
- to establish and confirm your identity;
- to protect you and us from error, fraud, and criminal activity;
- to understand your financial needs;
- to evaluate your current and ongoing creditworthiness;
- to maintain the accuracy and integrity of information held by credit bureaus;
- to determine the suitability of our products and services for you;
- to determine your eligibility for our products and services;
- to provide you with ongoing service and information related to the products and services you have with us;
- to collect amounts owing to us, enforce obligations, and to manage and assess risk;
- to provide you with information and offers on products and services that MCAP believes may be of interest to you;
- to understand our customers and to develop and tailor our products and services; and
- to comply with applicable laws.
You can choose not to provide us with some or all of your personal information. However, if you make this choice, MCAP may not be able to provide you with the product, service, or information that you requested or that was or could be offered to you.
MCAP will make sure you are aware of the purposes for collecting information when you apply for any of our products or services. Self-evident purposes should be clear, but if you have any questions or require assistance in understanding the scope of consent being sought, just ask us. If a new purpose for using your personal information develops, MCAP will ask for your consent again.
Disclosure Of Personal Information Outside Of MCAP
The most common reason for release of your personal information is that you have given your consent. For example, when you apply for a mortgage and accept our commitment letter, you give your consent to the exchange of information about you with a credit bureau, other credit grantors, credit insurers including mortgage and portfolio insurers and other lenders who invest in or fund our mortgage products.
Other reasons may include if we have a legal obligation, such as a court order, or if we need to protect assets (e.g. collection of overdue accounts) or the public’s interest. For example, we may release personal information about a customer to legal authorities in cases of criminal activity or for the detection and prevention of fraud. If we release information for any of these reasons, we keep a record of what, when, why and to whom such information was released.
We do not keep a record of why your personal information is disclosed to third parties for routine purposes such as reporting to Canada Customs and Revenue Agency (T5 and other reports), regular update reports to a credit bureau, credit insurers and investors / lenders, and reporting to third parties when cheques are returned NSF (i.e. for insufficient funds). Any health information that you may provide for credit insurance purposes (i.e. mortgage life insurance) is forwarded only to the insurer in question and is not used by us for any other purpose.
If you have a mortgage or other product or service which is connected to another person (e.g. a co-borrower or guarantor for a mortgage), or you add and authorize a third party to your account, we may share certain details of your personal information with that person in connection with your mortgage. We may also share your personal information with your beneficiaries or estate representatives where reasonably necessary following your death to help in the administration of your mortgage, your insurance products, or your estate’s financial affairs.
MCAP does not sell lists of our customers to others for their use.
Sharing Your Personal Information within MCAP
Your personal information is shared, to the extent permitted by law, and to the extent necessary to provide you with the best service, within the MCAP Group and our institutional business affiliates in order to provide mortgages, insurance and other products and services. This sharing is limited to a ”need to know” basis. With our various departments having a more comprehensive understanding of your requirements, we are better able to meet your needs as they grow and change.
MCAP routinely collects and collates anonymous, non-personal information that is not traced back to a specific individual or business client. This includes individual and cumulative transaction and settlement records with our various investors. This type of information is considered necessary and consistent with MCAP’s business activity.
Safeguarding of Your Personal Information
MCAP has an information security program that includes policies, procedures, technical controls, and physical controls designed to ensure the confidentiality, integrity and availability of information in our care and to protect against unauthorized use, alteration, duplication, destruction, disclosure, loss or theft of, or unauthorized access to, your personal information (“MCAP Security Program”). MCAP’s networks, systems, applications, and services that are used to collect, store, process or transmit information are managed under the MCAP Security Program. The MCAP Security Program is designed to identify and protect against potential threats or hazards to our data.
MCAP may use service providers to provide certain services to you on our behalf. In such cases, we will have contracts in place holding these service providers to the same high standards of confidentiality by which we are governed and requiring that any information provided by us must be kept strictly confidential and used only for the purposes of the contract.
MCAP and our service providers may process and store your personal information outside of your province of residence and/or Canada.
MCAP also has agreements in place with credit insurers and institutional investors/lenders, which also require that any information provided by us must be maintained in strict confidence.
MCAP has procedures in place when destroying, deleting, or disposing of personal information when it is no longer required for the purposes as set out in this Code, or by law, to prevent unauthorized access to such personal information.
Each time you visit an MCAP website, our servers may record certain information on how you interacted with the MCAP website, including, but not limited to, your IP address, your internet service provider, the date and time of your visit, the pages you visited, the searches you performed, and the webpage that led you to the MCAP website,
As well, when you log into an account on a MCAP website, such as a homeowner portal account, we may link your activity on that website with your user account. For example, we may track your document downloads, self service requests, and banner clicks and associate this information with your user account information.
MCAP uses this information to: (i) maintain the security of MCAP websites and our products and services, (ii) improve and optimize our website and product and services, (iii) detect, investigate, and prevent fraud and (iv) comply with regulatory record keeping requirements.
Cookies, Pixels and Other Tracking Mechanisms
A cookie is a file containing a small amount of data that your web browser stores on your computer or mobile device when you visit certain websites (“Cookies”). Cookies can either be a first party cookie (i.e. the cookie is created by website you’re visiting) or a third-party cookie (i.e. the cookie is created by a different website than the one you’re visiting).
Cookies are also either “persistent” cookies or “session” cookies, depending on how long they are used.
- Persistent cookies remain on your device after you have closed your browser and allow a website to remember your actions and preferences. They are activated each time you visit the website where the cookie was generated. Sometimes persistent cookies are used by websites to provide targeted advertising based on the browsing history of the device. They are stored by the browser and remain valid until their set expiry date (unless deleted by the user before the expiry date).
For further information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Cookies may also work in conjunction with pixels, web beacons, clear GIFs, and other similar technologies (“Pixels”). Pixels are small snippets of code that is loaded when a user visits a website and are used to provide information about how you interact with a website. In contrast to Cookies, which are stored on your computer’s hard drive, Pixels are embedded invisibly on web pages. We may use Pixels, in connection with our websites or other online services to, among other things, track the activities of visitors, help us manage content, and compile statistics about usage. We and our third-party service providers also use Pixels in HTML emails to our users to help us track email response rates and identify when our emails are viewed.
More About the Cookies, Pixels and Other Tracking Technologies MCAP Uses
Essential Cookies are first party cookies necessary for using MCAP websites and cannot be disabled without impairing the optimal functioning of our websites. They allow, among other things, access to areas of MCAP websites that require a log-in, changes to the appearance of MCAP websites, and storage of your language preferences.
MCAP is always looking to improve its customer experience and to measure and improve the performance of MCAP websites. To do so, MCAP employs analytics Cookies and Pixels from third party service providers like Google Analytics and Meta Business Tools to gather information on how you use MCAP websites. The information includes your IP address, which pages you visit, the links you click and the length of time you spent on a particular page. This enables us to better understand the visitors who come to MCAP websites, where they come from and what content on our site is of interest to them.
Marketing and Advertising Cookies
MCAP also works with third party advertising service providers like Google to use information gathered from your MCAP website browsing activity to provide tailored online advertising on third party websites. MCAP uses Google’s Remarketing with Google Analytics feature to provide targeted Google Ads to previous visitors to certain MCAP websites. As well, if you click an MCAP advertisement, we may also track the response rate and the website activity associated with it to evaluate the effectiveness of our online marketing campaigns.
Opting Out – Marketing and Advertising Cookies
To opt out of receiving online behavioural advertisements from participating third party interest-based advertising companies, you can visit the Digital Advertising Alliance of Canada (DAAC) Self-Regulatory Program for Online Interest-Based Advertising at DAAC Opt Out Tools. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of targeted advertising and the choices you have regarding information circulated among NAI members. Please note that when using these ad industry opt-out tools, you may need to execute the opt-out on each browser or device that you use.
Opting out from one or more companies listed on the DAAC Opt-Out Tools or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of targeted content or ads, but it does not mean you stop receiving ads through our website or on other websites. You may continue to receive ads, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you opt out on the DAAC or NAI websites, your opt-out may not be effective.
You can also adjust your Google Ads settings directly with Google at Google Ad Settings or by installing the Google Analytics Opt-Out .
Automated Decision Making
MCAP may make decisions based exclusively on automated processing of your personal information (“Automated Decisions”). These Automated Decisions include responding to certain credit and mortgage applications. If this is the case, we will inform you during the process or at the time the Automated Decision is communicated to you.
Retention Of Your Personal Information
MCAP only keeps your personal information for as long as we need it to meet the purposes set out in this Code and in accordance with MCAP’s record retention policy. The length of time we retain your personal information is also affected by: (1) the type of product or service you have with us, and (2) any legal requirements we may have to meet such as regulatory file retention periods or for being able to respond to any concerns you may have, even if you are no longer an active customer of ours.
Withdrawing Your Consent
You can choose not to provide us with some or all of your personal information. This may, however, severely restrict the products and services MCAP can then provide.
You can also withdraw your consent to our use of your personal information, if you give us notice in writing, addressed to:
MCAP Chief Privacy Officer
Suite # 400 200 King Street West
Toronto, ON M5H 3T4
Your withdrawal of consent is subject to any legal, regulatory, or contractual restrictions. For instance, you cannot withdraw your consent if it results in our or your inability to fulfill any contract already in place with us. Your withdrawal of consent also does not apply to a credit product we have granted to you where we are required to collect and exchange some or all of your personal information, on an ongoing basis, with credit insurers, other investors/lenders, or a credit bureau. We continue to disclose your personal information to credit bureaus to maintain the integrity of the credit-granting system and the completeness of information held by a credit bureau.
To withdraw your consent from any electronic marketing communications, you can use the unsubscribe mechanism included in our electronic marketing communications or you may contact us directly. You may however continue to receive electronic transactional and account related communications from us.
How You Can Help Us Protect Your Personal Information
If you want to review or verify your personal information or find out to whom we have disclosed it as permitted by this Code, you can call and speak to one of our service representatives. At that time, if it is not something that can be simply answered over the phone, we will provide you with a form to sign and will help you complete the specific information we will need from you to enable us to search for, and provide you with, the requested personal information we hold about you. We may charge you a fee to do this and will advise you of the fee in advance.
There are a few instances where we will not be able to provide the personal information, we hold about you that you request. Some of these instances include, if:
- it contains references to other persons;
- it is subject to solicitor-client or litigation privilege;
- it contains our own proprietary information that is confidential to us;
- it has already been destroyed due to legal requirements or because we no longer needed it for the purposes set out in this Code;
- it is too costly, in our determination, to retrieve;
- we are prohibited by law from disclosing to you.
If we are unable to provide you with access to your personal information, we will explain the reason why.
MCAP Roles and Responsibilities
Any MCAP employee who believes personal information is not being handled in accordance with this Code is required to immediately advise their manager and the CPO.
Department managers are required to resolve privacy issues (as per the second step in our privacy question and complaint handling process) and shall maintain appropriate records of the same and shall report them to the CPO.
Department managers are responsible for oversight of this Code within their department, including establishing, implementing, and regularly reviewing the necessary procedures and standards to give effect to this Code and to train their staff accordingly. MCAP’s CPO is responsible for providing advice to the department managers on appropriate compliance programs and for reviewing the effectiveness of such programs.
The CPO or their delegate shall act as a resource to department managers in the handling of complaints and shall maintain a list of all privacy incident reports as required by applicable law, the nature and number of privacy issues reviewed and any recommendations with respect to privacy strategies, oversight and policies.
The CPO or their delegate will assist department managers with developing procedures, standards, guidelines, and interpretations, promoting awareness of privacy issues and developing staff training programs.
Keeping the MCAP Privacy Code Current
Changes to this Code and the information handling practices of MCAP will result in amendments to this document
Changes to privacy legislation and the personal information handling practices of MCAP will result in amendments to this document from time to time. The Code will be reviewed by MCAP’s CPO, at a minimum, annually. MCAP may add, delete, or modify sections at its discretion. Any changes MCAP makes to this Code will be effective when the revised Code is posted on the MCAP website. We recommend that you check this page from time to time to inform yourself of any changes to this Code.
MCAP Privacy Code Last Updated: August 2023