Privacy policy

To build and maintain a relationship of trust

Updated : July 7th, 2023

On this page:

1. What is the purpose of this policy?

The personal information (“information”) that you entrust to us is essential to our business relationship with you. We know how valuable it is and we are committed to doing everything we can to protect it.

That is why we adopted this Privacy policy (“policy”), which describes our practices regarding the protection of your information and privacy. Our goal is to be transparent with you. This policy applies to the use and disclosure of any information collected about you and to the manner in which the Bank and its subsidiaries i collect such information in the course of your business relationship with them. This policy applies for as long as we hold your information, including after the end of our business relationship.

Our Chief Privacy Officer is accountable for these practices within National Bank and its subsidiaries. If you have any questions about this policy, please write to us at one of the following addresses: 

confidentialite@bnc.ca

Chief Privacy Officer 

600, De la Gauchetière Street West 

4th floor  

Montreal (Quebec)  

H3B 4L2 

You may also contact us as indicated in Section 9 below if you have any questions.

2. What type of information we may collect and from whom

2.1. The type of information we may collect

Information to identify yourself

  • First and last name 
  • Date of birth 
  • Civil status 
  • Contact information 
  • Email address 
  • Information from an acceptable identification document (driver’s licence, passport, Social Insurance Number*)
  • Job 
  • Account numbers 
  • Information we have about you as an authorized representative, director, officer or shareholder 

* You are not required to provide the Social Insurance Number or Social Security Number, but it does facilitate your identification with credit-reporting agencies. In addition, it is required for tax purposes, especially if an account generates income. 

Information to verify your identity

  • User ID 
  • Signatures 
  • Account information 
  • Biometric data that may include fingerprints, voice print, facial geometry representation, etc.*

* You are never required to provide biometric data. We can only collect such data when we obtain separate consent from you.

Financial information to verify your eligibility for products and services and analyze your creditworthiness

  • Income, salary and balances 
  • Products and investments and their terms and conditions (e.g., term, repayment frequency, limits, rates, expiration, etc.) 
  • Credit reports and credit rating 
  • Professional and financial background 

Other information

  • Your reason for doing business with us 
  • Language and communication preferences 
  • Information about other individuals besides yourself (proxy holder, secondary cardholder, beneficiaries, your spouse or common-law partner or dependents insured under an insurance product or registered plan, an authorized user of your account, and contact information of someone you believe may be interested in a product or service from National Bank and its subsidiaries*)

* If you provide us with information about another individual, we will assume that you are authorized to do so and that you have obtained that individual’s consent for the collection, use or disclosure of that information for the purposes set out in this policy.

Information about your operations 

  • History of the transactions and interactions in your accounts 
  • Participation in rewards programs  
  • Investment instructions 
  • Knowledge and goals for investments and financial planning  
  • Risk tolerance 

Health and lifestyle information for the subscription of insurance products or services* 

  • Your family’s health history 
  • Your activities, your behaviour, your choices 
  • Travel, sports and dangerous recreational activities  

* Due to the sensitive nature of health and lifestyle information, it will not be shared for marketing purposes or for evaluating loan applications.

Information for training, quality control, identification, and security purposes, or to record your consent to a transaction

  • History, recording and transcription of telephone calls, video conferences and chat sessions 
  • History of visits to branches and individual meetings 
  • Images captured by our CCTV cameras in and around our branches, ABMs and other locations 

Information about digital interactions (websites, apps, chat services, text messaging, social media sites)

  • Device information (e.g., IP address, VPN, proxies, device type and operating system). Some services may also allow us to access your pictures or camera to digitally deposit a cheque using your mobile device, or your contact list to make Interac e-Transfers®.
  • Information about your approximate location that is generated using your IP address when you visit our websites 
  • Browsing preferences and history, such as the webpages you visit and use frequently. For more details, please refer to our Digital data policy.

IMPORTANT: We limit the collection of your information to what is necessary to help us serve you properly.

2.2. How we collect your information

We may collect your information directly from you when you communicate or interact with us or when you update your account preferences and settings. We may also collect your information indirectly and from other sources listed below. Where required, we will obtain your consent. 

  • Other individuals related to your products and services 
  • Other financial institutions or lenders, insurers ( when we need to verify the accuracy of information provided) 
  • Brokers, dealers or other stakeholders in securities or other fields 
  • Credit reporting agencies 
  • Publicly available sources or records 
  • Regulatory bodies and self-regulatory organizations ii
  • National Bank or its subsidiaries 
  • Program partners 
  • Content generated through the use of our websites, mobile apps and social media platforms. For more details, please see our Digital data policy.

3. How we use and share your information and with whom

3.1. How we use and share your information

We use and share your information to:

  1. Verify your identity, update your information and verify the accuracy of the information you provide 
  2. Assess your financial situation and creditworthiness (made on a regular basis if you have a credit product)  
  3. Assess your eligibility for products and services or ensure that the advice, products and services we offer or you obtain are suitable for you 
  4. Make automated decisions about you (for more details, see section 5.5)
  5. Establish your investor profile, your financial needs and objectives as well as your investment strategies 
  6. Establish, manage, administer and provide the products and services requested 
  7. Combine the financial information that the Bank or its subsidiaries hold about you to generate a 360-degree view of the products you currently own in order to provide you with better service (see your right to opt out in section 5.2)  
  8. Conduct research and data analytics to generate statistics, improve our products and services, and develop new ones, by analyzing the information collected by our websites and mobile apps (see your right to refuse in section 5.2)
  9. Personalize your customer experience, including through analytics on your profile, transactions and other information (including information collected by our websites and mobile apps) in order to: 
    • get to know you better and understand your needs
    • identify and personalize products, services and promotions that may be of interest to you and appropriate to your situation
    • provide you with better advice based on the analysis of your needs and preferences
  10. Promote products and services that may be of interest to you offered by National Bank, its subsidiaries or some of its partners, including personalized advertising on social media platforms (see your right to refuse in section 5.2)  
  11. Inform you about new features available on our mobile apps
  12. Carry on our business and operations  
  13. Determine your eligibility for incentives (fee waivers, discounts, etc.)
  14. Prevent, detect and control fraud, as well as any unauthorized or illegal activities (money laundering, cyber threats, etc.)
  15. Enable due diligence of our operations in preparation for a business transaction 
  16. Manage risk, including credit and business risks, and comply with applicable laws and regulations
  17. Communicate with you using the contact information you provided (by mail, email, text messages, phone calls, social media)
  18. Use and disclose specific information where we are authorized to do so by law (see section 4). 

3.2. To whom we may disclose your information

There are times when it is necessary to disclose your information to other parties for legitimate purposes. For example, it may be required by law, necessary to protect your interests in the event of fraud or to allow you to participate in a program with a partner or to provide services on our behalf. At all times, we are committed to limit the information to what is necessary and to obtain your consent, where required. 

We care about the integrity, security and confidentiality of your information. Under no circumstances do we sell client lists to third parties.

We may share your information with:

  • National Bank and its subsidiaries, for identifying information, for compliance purposes and to facilitate the ongoing management of your accounts 
  • National Bank and its subsidiaries, for your financial information, in order to serve you better (see your right to refuse in section 5.2)
  • A party acting for you or at your request, such as a securities broker or transfer agent
  • Another financial institution, lender, credit insurer or credit reporting agency
  • An insurer or agent acting for us
  • A merchant, a partner through whom we offer optional products and services, a payment system, a payment card network, a compensation or settlement system, etc.
  • A person who holds an account jointly with you or who is otherwise involved in your business relationship with us
  • Third parties, if we need to disclose your personal information in the course of legal proceedings
  • A regulatory or government authority or self-regulatory organization iii
  • A person authorized by law to obtain it
  • Third parties, if we need to disclose your personal information in the course of legal proceedings
  • Social media and digital platforms with whom we may share an encoded representation of your details (e.g. your email address) to enable us to deliver targeted advertising on their platforms (see your right to refuse in section 5.2)
  • As described below, service providers we use to perform some functions such as printing cheques, issuing banking cards or producing investment statements, managing loyalty services, and carrying out marketing services on our behalf.

3.3. Service providers

We select service providers with great care. They are part of the following categories: 

  • Technology services (applications, data centre, data storage and backup, hosting services, maintenance, and support services)
  • Professional services
  • Financial and banking services 
  • Insurance services
  • Communications services
  • Mail services
  • Analytical and marketing services

All the suppliers who have access to your information sign a confidentiality agreement with us and agree to use your information only for the purposes stated in the agreement and to protect them with the same level of protection that we provide to your information.

4. When we may need your consent

We only use your information with your consent or as authorized by law. We obtain your consent to collect, use and disclose your personal information when: 

  • you request a new product or service 
  • we need to use your information for another purpose than the ones for which you have already provided your consent 
  • you have specific interactions with us, such as calls to customer service or during the completion of online forms

However, we do not obtain your consent for every interaction with you. For example, if you have a mortgage with us, we may consider that you consent to be contacted for a renewal. 

In addition, we do not obtain your consent in some situations provided by law, in order to: 

  • comply with a court order or other enforceable request 
  • to collect a debt 
  • investigate a breach of contract or law 
  • prevent, stop or detect fraud. 

5. What are your rights and how to exercise them

5.1. Right to accept or refuse to provide your information

Your information belongs to you. Subject to legal, business or contractual requirements, you have the right to withdraw your consent for the collection, use or disclosure of personal information. We will process your request in a timely manner.  

However, some types of information are essential for us to provide you with certain products and services. If you refuse to provide it, it may be difficult, if not impossible, to establish or maintain a business relationship with you or even to offer you some of our products. For example, if you do not want to provide your Social Insurance Number (SIN), we will not be able to offer you products for which it is required, such as a registered product like an RRSP.

5.2. Right to refuse the use of your information for specific purposes

 

You can refuse to let us use your information or withdraw your consent for the following purposes:

  1. Send you promotional offers

    National Bank and its subsidiaries may, from time to time, send you promotions that may be of interest to you. You may withdraw your consent to receive these promotions at any time. There may be a delay before you stop receiving our promotional offers, including those from a promotional campaign already in progress.

    We may also use an encoded representation of your email address or other contact information to create personalized audiences on social media and digital platforms. This allows us to display ads tailored to your needs and interests on these platforms. You can refuse the use of your information for targeted advertising by changing your preferences in your social media account settings or by contacting us.

    We may, from time to time, contact you to ask if you would like to update your choice to ensure that our records are up-to-date and reflect your actual preferences.

    Please note that if you withdraw your consent to this use, you may still see some of our advertisements on social media platforms. However, these advertisements will not have been targeted as a result of the use of your contact information.


  2. Share your financial information between National Bank and its subsidiaries

    We may share your financial information within National Bank and its subsidiaries to facilitate your interaction and relationship with us. For instance, this allows us to:

    • better serve you and to have a complete view of all the products you own within National Bank and its subsidiaries (e.g., when you meet with us and request a new product or service)
    • analyze your financial situation to verify your eligibility for offers, promotions and certain products and services that are better suited to your needs
       
  3. Collect and use your digital information on our online services

    With your consent, we may collect your digital information (e.g., your device and browsing habits) using optional cookies or other similar technologies when you visit our online services. This information allows us to measure and analyze traffic to improve your browsing experience. It also enables us to provide you with offers and services that correspond to your needs. You can refuse the collection of this information by clicking on "Cookie preferences" at the bottom of our websites. You can also sign in to our mobile app, and from the My Preferences section, click "Manage my digital data collection". For more details, see our Digital data policy.
     

How to withdraw your consent

You may at any time withdraw your consent to receive our promotional offers (5.2 a)) and your consent to share your financial information between National Bank and its subsidiaries (5.2 b)). Contact us or ask your branch’s customer service, your investment advisor or a representative. We will process your request as quickly as possible.

You may also refuse the use of cookies on our websites and mobile apps at any time (5.2 c)). To find out how to do this, see our Digital data policy.
 

What you will continue to receive after you withdraw

You will continue to receive:

  • Prescribed notices that we are required by law to provide
  • Service messages that we provide on account statements, at an ABM or on a trade confirmation 
  • Information about your current products and services

You may also continue to receive information about our products and services verbally or in person from our representatives. Indeed, some of our representatives have a duty to advise you and will continue to provide you with this information when necessary.

You may also continue to see personalized offers about our products and services on our websites and mobile apps or on social media platforms if you have consented to the use of cookies and similar technologies via our online banner. For more details, see our Digital data policy. 

5.3. Right to access your information

You may request access to the information we hold about you, except where such access is restricted by law. 

How to access your information 

To consult your information, you must make a request:

  • Via your online bank or National Bank app
  • By contacting us by phone 
  • By contacting your advisor or a branch

We will process your request within 30 days or within a longer period if required by law. You will be notified if the timeframe is longer than 30 days. 

5.4. Right to have your information corrected

You can and should correct inaccurate information we hold about you. To provide you with a quality service, it is essential that your information is accurate and complete.  To that end, we rely on you to help us maintain the quality of the information we hold by informing us of any changes. To make a request, please refer to the procedure identified in section 5.3 above.

5.5. Automated decisions

We may use your personal information to make automated decisions about you, such as responding to your requests for certain credit and financing products. If this is the case, we will inform you during the process or at the time the decision is communicated to you, at the latest. If you have any questions, we invite you to contact the team responsible for the decision.

Note that a decision is automated when no employee is significantly involved in the decision-making process.

6. What are our security safeguards for storing your information

6.1. Time-limited retention

We retain your information, in physical or digital format, for as long as necessary to fulfill the purposes for which the information was collected or as long as required or permitted by law. The purpose, nature and sensitivity of the information have been considered in determining retention periods.

National Bank and its subsidiaries are subject to numerous legal obligations regarding the retention of personal information (for example, under banking, tax and anti-money laundering laws). In general, to meet these obligations, your client profile information (such as your name, address, date of birth) will be retained for the duration of your relationship with us and for a period of ten years following the end of your relationship with us. In addition, we will retain your transactional information for seven years after completion.

Certain exceptions may apply requiring longer retention periods, for example in the case of disputes or claims. In which case your information may be retained for up to ten years. When your information is no longer required, we will make reasonable efforts to destroy it securely.

6.2. Places where we keep your information

National Bank, its subsidiaries, service providers and other third parties to whom your information is disclosed under this policy may operate outside Quebec and Canada. Your information may therefore be used and stored securely in other provinces and countries. In some cases, your information may be subject to the laws and access rights of authorities in foreign countries, including the United States. For more information about our practices, we invite you to consult our Privacy booklet available at nbc.ca.

6.3. Information Security Program

We make significant efforts to protect your information from loss, theft, and unauthorized access, use or disclosure and from any other breach of security. We have a security program in place to keep pace with changing information security threats. The measures adopted in our security program include: 

  • Protecting the infrastructure through secure access to our premises and secure locations for our equipment, etc. 
  • Limiting who has access to your information. This means that only employees who need to know your information in order to carry out their duties have access to it. 
  • Manage passwords and set up firewalls. 

You have a role to play in protecting your information. We encourage you to never disclose your passwords, codes and personal identification numbers (PIN). Our employees do not have this information and will not ask you for it. Avoid sending any personal information via email. We invite you to visit our Fraud prevention page at nbc.ca

7. What other terms and conditions go along with this policy

This policy is supplemented by our Digital data policy, which explains how we use cookies and other similar technologies when you visit our websites or mobile apps.

In addition, some products and services have specific terms and conditions governing the processing of information. It is important to take this into account.

If you do business with, or your data is collected by, one of our facilities or subsidiaries located in the European Union, you have certain rights under the General Data Protection Regulation (GDPR) with respect to the processing of your information. This policy does not limit in any way your rights under the GDPR. A detailed statement of your rights and the use of your information will be provided to you at the time the information is collected.

8. How we can make changes to this policy

We may change this policy from time to time. You will be notified by a notice appearing on our websites and by any other appropriate means of contacting you.

9. How to reach us with a question, comment or complaint

To ask a question or send a comment, please contact us:

  • Send an email to confidentiality@nbc.ca
  • Call our customer service centre
  • Contact your advisor or visit a branch
  • Reach out to your investment advisor or representative
  • Write to our Chief Privacy Officer, whose contact details appear at the beginning of this document

To make a complaint, you must follow the procedures outlined in our complaint resolution brochure, available on our website, under About us > Our organization > Complaint settlement.

i This policy applies to:

i)    National Bank of Canada;

ii)   all its subsidiaries offering to the public in Canada deposit and lending services, credit, debit and payment cards, trust services, custodial, brokerage, insurance, assistance and other personal financial services, including National Bank Financial Inc., National Bank Trust Inc., National Bank Investments Inc., National Bank Direct Brokerage and Natcan Trust Company as well as the Private Banking 1859 division;

iii)  its establishment and subsidiaries established in the EU, including NBC Global Finance Ltd.

iv)  to the successors and assigns of the above-named entities.

A list of major Canadian subsidiaries is available at our branches and at nbc.ca. The words “we”, “us” and “our” refer to any of these entities or divisions, as the context requires. The term Bank includes National Bank of Canada and its subsidiaries. Some subsidiaries may be subject to specific legislation. Other policies may apply to customers outside of Canada, depending on the laws applicable in those jurisdictions.

 

ii Self-regulatory organizations or SROs include the Investment Industry Regulatory Organization of Canada and the Mutual Fund Dealers Association of Canada.

iii We are required to cooperate with securities regulators and self-regulatory organizations (SROs) for regulatory purposes, including monitoring trading activities, reviewing sales, financial and trading compliance, conducting regulatory audits, maintaining regulatory databases and enforcing disciplinary procedures. Securities regulators and SROs may, in connection with any of the foregoing activities, disclose information to other securities regulators, regulatory markets, SROs or law enforcement agencies in any domestic or foreign jurisdiction.