Effective from: July 6th, 2021
Trustly Canada, Inc. and its subsidiaries and affiliated entities (collectively, “Trustly”, “we”, “us” or “our”) provides certain online banking payment solutions. Trustly Canada, Inc. is a subsidiary of Trustly Holding AB, a Swedish limited liability company.
4. Information we may collect
(a) Information You Provide. When you use the Trustly Services, we may ask you for, or give you the opportunity to provide, certain information about you, including, but not limited to, your name, a bank name; a face, fingerprint or other biometric information; a bank login ID, a password, a PIN number, answers to security questions, the location where you opened your bank account or other authentication information (i.e. online banking access credentials); a bank account number/IBAN and bank routing transit number, a bank account type, other bank account information; and other personal information, such as your name, driver’s license number and the state where issued, passport information, and taxpayer identification number. The type of information requested from you or provided by you depends upon the Trustly Services that you use and the type of goods and services the Merchant is providing to you.
(b) Information we collect from Merchants. We may also collect your personal information from Merchants, including, but not limited to, your name, address, bank account number, financial institution number, and branch transit number.
(c) Information we collect from Third Party Banking Services. We may also collect information from the online sites of third parties designated by you (including your bank’s online and mobile banking services), including, your name, address, bank account number, financial institution number, and branch transit number.
(d) Information We Collect Automatically. When you use or interact with the Trustly Services made available to you by a Merchant, we may gather or collect from you, the Merchant, your bank, and/or third parties additional information about you to facilitate your use of, and/or enhance, the Trustly Services, including, but not limited to, your purchase/order or bill amount and reference, your name, physical address, email address, phone number, bank account number, financial institution number, branch transit number, bank account balance, bank transactions, and other personal, risk or device information. While you access or use the Trustly Services, we may use a variety of technologies that automatically collect information about you or how you access or use the Trustly Services, including data that may indirectly identify you (such as your browser or application’s cookies, fingerprints, geo-location data, and your internet protocol (“IP”) or media access control (“MAC”) address), and data that may not identify you (such as user agent (client software) data, network connection type and provider, language, time zone, and connection speed). Please see the section below on Browsing and Cookies for additional information we may collect through the use of these technologies, and how we use this information. We may also collect behavioral information regarding your use of the Trustly Services, such as the Merchants with which you use the Trustly Services and when, where, how often, etc. you use the Trustly Services, as well as your clicks, keyboard, voice, image, video and other device interactions while using the Trustly Services.
5. How we use your information
(a) To Provide the Trustly Services to You. We use the information that we collect to provide the Trustly Services to you, including facilitating and processing transactions between you and our Merchants on your and the Merchants’ behalf. For example, while accessing or interacting with the Trustly Services, we may use your information to:
- access your bank account and retrieve information associated with your bank account (including personal information), via an interactive session based on a user interface, or one or more server-to-server sessions without a user interface;
- verify that you are the holder of such bank account and that you have all necessary rights and authority to use such bank account;
- verify your identity and other information (including personal and financial information);
- verify that your bank account is in good standing and verify activity with respect to your Bank account;
- collect and verify the bank account information (including bank account number, financial institution number, and branch transit number, name on account, and account type) required for Merchants to obtain payments from you or make payments to you and for such Merchants to verify your identity, your bank account, or other information required by a Merchant with respect to any transaction between you and a Merchant;
- provide relevant information per the above (but not your online banking access credentials) to Merchants, service providers and other third parties to facilitate payments and other transactions between you and our Merchants; and
- configure the Trustly Services so that the Trustly Services are compatible with Merchant sites.
If you choose to provide us with biometric information (such as a faceprint or fingerprint), we use that information solely to process your transaction by matching up this information with the same types of information collected by your bank in order to authenticate your account. We delete your biometric information once your transaction has been processed.
(b) To Enhance Your Experience. We may use your information to provide a more tailored or seamless experience while using the Trustly Services. For example, if you use the Trustly Services for ongoing and repeated transactions, we may use your information to make such transactions more seamless by automating such transactions or completing some of the required information for you. We may also use the information we collect to verify accounts and activity, combat harmful conduct and fraud, maintain the integrity of the Trustly Services, and promote safety and security. We may use your information to communicate with you regarding your use of the Trustly Services, to answer your questions, obtain your feedback, and to provide disclosures and other information which we deem advisable or which we, or our service providers, are required to provide to you pursuant to applicable law.
(d) Non-Personal or De-Identified Information. We may create non-personal, de-identified records or data from the information we collect by excluding the information that makes the data identifiable to you, such as your name or address (“Anonymized Data”). Any Anonymized Data we create is our property. This Anonymized Data may be used for any purpose. For example, we may build non-personally-identifiable statistical profiles, databases, and analyses regarding the Trustly Services as well as transaction trends, habits, and usage patterns. We may create reports and analytics to assist our, and our Merchants’, understanding of the Trustly Services, enhance the Trustly Services and our Merchants’ services, or improve our security. We may use the Anonymized Data for business purposes and for various reporting obligations. Trustly reserves the right to use the Anonymized Data, and to disclose the Anonymized Data to Merchants and other third parties, in Trustly’s sole and absolute discretion, as permitted by applicable law. We will not “re-identify” any Anonymized Data.
6. How we may share information
Except for your Online Banking Access Credentials, which we never store in central databases or share with any third party other than your bank, we may share, as permitted by law, some or all of your personal information as set forth below:
(a) Merchants, Banks, and Service Providers. We may share your personal information with Merchants, banks, service providers, agents, and/or affiliates for the purposes of effecting, processing, administering, or delivering the Trustly Services or transactions initiated by you. For example, you may access or use the Trustly Services via or through the web site, network, embeddable or mobile applications, SMS, instant message or other notifications or other services of a Merchant with whom you have an existing relationship to obtain or receive goods and services these parties provide to, or perform for, you in connection with that relationship. We may share your personal information with such Merchants in connection with the goods or services to be provided to, or performed for you, by these Merchants. The personal information which we may access and/or share includes, but is not limited to, your bank name, bank account name, numbers and associated information (such as whether your bank account is in good standing, your bank balance, and your bank transactions), information required to verify your identity and that you are the holder of the applicable bank account (such as your name, address, driver’s license number), and information required to authenticate that you have all necessary rights and authority to use such bank account. The Merchants, banks, service providers, agents, and affiliates with whom we may share such information include, but are not limited to, those with whom you have an existing relationship and who utilize the Trustly Services and those with whom we have a relationship to enable us to deliver the Trustly Services to you.
(b) Consumer Reporting and Collection Agencies. We may share your personal information with consumer reporting agencies so that they may manage their risks, prevent fraud, perform the activities of a consumer reporting agency under the applicable provincial credit reporting legislation. If you authorize a payment to a Merchant via the Trustly Services which is returned by your bank, we may use your information, or share your information with collection agencies and others, as necessary to collect the funds from you.
(d) Legal Requirements; Other. We may preserve or disclose your information as necessary or advisable to comply with applicable laws and regulations, legal processes and investigations, or governmental requests; to protect the safety of any person; to address fraud, security, or technical issues; or to protect your or others’ rights or property. Disclosures of your information may be made to law enforcement or governmental regulators as part of a criminal or government investigation. We may also disclose your information in response to a court order or subpoena. If Trustly is involved in any merger, acquisition or sale of all or substantially all of its assets or business, or bankruptcy, your information may be transferred, sold, or disclosed as part of that transaction. We may disclose your information to our corporate affiliates, including corporate affiliates located outside the United States, in order to help provide, understand, or improve our and our affiliates’ products and services. In addition, we may share your personal information as directed by you with your express consent.
7. Opt-out; accessing or amending your information
(b) Decline to Share. You may, of course, decline to share certain personal information with us. However, please be aware that if you decline to share your personal information with us, it may be impossible for us to provide some of the features and functionality of the Trustly Services to you. For example, if you decline to share your Online Banking Access Credentials with us, we may not be able to facilitate a bank account verification or a bank payment from you to a Merchant via the Trustly Services.
(c) Accessing; Amending Your Information. If you wish to access or amend any personal information we have about you, or to request that we delete any information about you that we have, you may contact us at firstname.lastname@example.org or via our user data permission management portal at https://www.trustly.one/user-portal/. Please note that while any changes you make will be reflected in Trustly’s active user databases within a reasonable period of time, we may be obligated to retain some or all information we have collected from or about you to satisfy our legal obligations, comply with applicable laws, regulations and regulatory requirements, prevent fraud and abuse, or complete a transaction with you. We may also refuse to provide you access with your personal information if the information includes the personal information of another individual that cannot be separated from your personal information, information that is subject to solicitor-client privilege, or information that cannot be disclosed for any other legal, security, or commercial proprietary reasons.
8. Marketing email communications
You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or by sending us a request to unsubscribe at email@example.com. If you opt-out of receiving marketing email communications, we may still send you email messages related to your account with us or your use of the Trustly Services. Unsubscribing yourself from our marketing communications will not affect the quality of service we provide you.
9. Text/sms messaging
You have the choice to opt-in to receiving text messages and alerts on the mobile phone number(s) you have shared with us. Once you have opted-in, we may send you text messages
- regarding your account (if any);
- to investigate or prevent fraud; and
- to alert you in the event of an emergency. We may send these text messages and alerts using autodialed technology.
We will not contact you via text messages or alerts for marketing purposes without your prior express written consent. You do not have to opt-in to text messages and alerts to use and enjoy our websites and services. If you opt-in, standard text messaging charges may apply. For more information regarding our text messaging and alerts, please contact us at firstname.lastname@example.org.
You may choose to opt-out from our text messages and alerts at any time using any reasonable means. To directly opt-out, send us a text message from your mobile phone with the word STOP, STOP ALL, END, QUIT, CANCEL or UNSUBSCRIBE, and we will unsubscribe you from text communications. Once you opt-out, you will not receive any additional text messages via your mobile phone. Please keep in mind that if you opt-out of receiving text messages and alerts we may not be able to contact you with important messages regarding your account. However, if there is an emergency or account question, we will make every attempt to contact you in other ways, such as by email or on a landline phone.
10. Data security
(a) Data Protection and Security. Trustly utilizes technical and organizational security measures, including physical, electronic, and procedural security measures, to protect against loss, destruction, unauthorized access or processing, misuse and alteration of information under our control. Trustly employs reasonable practices and security measures to safeguard and secure the personal information we collect, and our data center is compliant with certain standards such as SSAE-18, SOC1/SOC2 promulgated by the American Institute of Certified Public Accountants.
(c) Residual Risk of Harm. Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, altered, or destroyed by breach of our administrative, managerial, and/or technical safeguards. In these cases, there may be a residual risk of harm to you resulting from the unauthorized use of your personal information, including financial loss, identity theft or negative effects to your credit record.
11. Preventing identity theft
Please do not send confidential, personal information such as Social Security number, government identification numbers, online banking access credentials, or bank account numbers to Trustly without first specifically confirming that you are sending such information to Trustly (and not to an unauthorized third party) and unless agreed between you and Trustly. The agreement should include method of transmission, such as registered mail, secure or encrypted email, or some similar secure method of communication. Do not be misled by emails or other communication that appear to be from us and request personal information. If you receive any suspicious email requesting your personal information, please immediately forward the email to: email@example.com.
12. Browsing and cookies
When you browse our web sites, applications, or access or use the Trustly Services, we automatically collect certain technical information about your visit. Examples of this information include: which type of Internet browser you use, your IP address, browser headers, operating system, screen resolution, the clicks you make, the pages you browse, and the domain name and country from which you request information. We use this type of technical information to improve the Trustly web sites or applications and the Trustly Services. As part of our efforts to protect end users from fraud, this information is also used to assist in authenticating who you are when you access our web sites, applications or use the Trustly Services. We and our service providers also use this type of information to identify you and show you relevant advertisements as you browse the internet or use social media. Some of our web or mobile pages and applications may use “cookies,” fingerprints, or data that is sent to your web or mobile browser or application and stored on your device. The purpose of these “cookies” is to allow our, or a third party, server to recognize you as an end user returning to our web sites, applications or the Trustly Services using the same device and browser. In the event you do not wish to receive such cookies, you may configure your web browser to not accept cookies or to notify you if a cookie is sent to you. If you choose to decline cookies you may not be able to use all the features and functionalities of our web sites, applications and the Trustly Services.
13. Do not track
Do Not Track (“DNT”) is a privacy preference that you can set in your web browser. When you use the DNT signal, the browser sends a message to web site operators requesting them not to track your web site navigation activities. Trustly does not track you over time or across third party web sites to provide targeted advertising and does not respond to Do Not Track (DNT) signals. For more information about DNT, visit https://allaboutdnt.com.
14. Privacy practices of third parties
15. No use by children
The Trustly Services are not directed to children under the age of 18 and we do not knowingly collect personal information from children under the age of 18 without parental consent. If you are under 18 years of age, then please do not access or use the Trustly Services at any time or in any manner. If we learn that personal information has been collected on the Trustly Services from persons under the age of 18, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has accessed or used the Trustly Services, then please alert us at firstname.lastname@example.org so that we may delete that child’s personal information from our systems.
16. Rights of California consumers
If you are a California consumer seeking to use your rights under the California Consumer Privacy Act of 2018 (“CCPA”), please see our Privacy Notice for California Residents.
17. Rights of EU, UK, and EEA persons
Persons in the EU, UK, and EEA have the following rights:
- The right to be informed about the collection and use of your personal data. That right is satisfied by the information provided in this Policy.
- The right of access to your information. You can get information from Trustly about what personal data we have gathered, why we have gathered it, etc.
- The right to rectification. If any of your personal data that we process is inaccurate, you are entitled to have it corrected.
- The right to erasure (a/k/a the “right to be forgotten”). You can request that Trustly erase personal data that we have gathered about you. Trustly will, under certain circumstances, be obliged to remove it.
- The right to restrict processing. You can request that Trustly restrict the processing of your personal data under certain circumstances, e.g. if you contest the accuracy of the personal data processed by us. We must then restrict the processing while verifying the accuracy of your request.
- The right to data portability. You can request that Trustly provide all the personal data that Trustly processes about you in a common, structured and machine-readable format. In some cases, we are obliged to comply with that request and provide you with the personal data processed about you.
- The right to object to processing. You can object to the processing of your personal data that Trustly carries out based on the legal basis of our legitimate interest as specified above , including profiling that we carry out on the basis of our legitimate interest. If you object, we must assess if we can continue to process your personal data. You also have the right to object to processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing, whereby your personal data will no longer be processed for such purposes.
- Rights in relation to automated decision-making and profiling. Trustly sometimes uses profiling and automated decision making when providing its services. You have the right to understand when and why we use these types of processing, which are described above.
- The right to lodge a complaint: If you are unhappy with our handling of your personal data, you can lodge a complaint to the Swedish Authority for Privacy Protection, which is the lead supervisory authority in relation to Trustly in the EU. You can also lodge a complaint with the data protection authority in your home country in the EU. If you are based in the UK, you can lodge a complaint to the Information Commissioner’s Office in the UK.
If you have questions or want to exercise your rights explained above, please do so by either completing this online form located at https://www.trustly.com/customer-complaint-handling, or sending an e-mail to our Data Protection Officer at email@example.com.
18. Merchant representatives
If you are a representative of one of our Merchants or another company entering an agreement with us, you may provide us with information about you. Please see the Privacy Notice for Company Representatives
19. Trustly Group; sharing information outside of Canada
20. How to contact us
Trustly Canada, Inc.
145 Spruce Street, Suite 200, Ottawa, ON
Canada K1R 6P1