Welcome to SQ1! We are committed to protecting the privacy and the security of your personal data or your personal information (“Personal data”). In this Privacy Statement we will tell you what this protection means to you, how your Personal data is collected, how is it used and how do we handle it the proper matter. We believe that you should exactly know what we do with the Personal data you make available to us, why we collect it and what it means for you. We have designed our policies and practices in order to comply with applicable privacy laws, including but not limited to the Gramm-Leach-Bliley Act (“GLBA”) or corresponding State privacy laws as applicable. GLBA means, collectively, the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801, et. seq., the Privacy Regulations, and the standards for safeguarding customer information set forth in 12 C.F.R. Part 1016 and 16 C.F.R. Part 314 or such corresponding regulations as applicable. If you believe that you are at risk of fraud or identity theft, please report to us immediately at email@example.com.
SECTION 1: PERSONAL DATA
What is considered Personal data?
Personal data means any information whether factual or subjective, recorded or not that relates to an identified or identifiable individual. For example, Personal Data may include information in any form pertaining to age, name, ID numbers (SIN), residential address, location data, an Internet Protocol (IP) address, a cookie ID, the advertising identifier of your phone. This means that if different elements of information, collected together, can be used to identify particular person, then such elements of information constitute Personal data. Personal data that had been de-identified or stripped from strict identifiers, encrypted or pseudonymized but can still be used to re-identify an individual also constitutes Personal data.
Personal data that has purposefully been rendered anonymous to the extent that an individual cannot or no longer be identifiable is not considered Personal data. What is not considered Personal data may therefore include: anonymized data; business contact information; a business registration number; a business email address; public telephone directory information; professional and business directories available to the public.
SQ1 is responsible for all Personal data in its possession or control, including any Personal data that is provided to us by our agents or transferred to third parties for processing, storage or other purposes. We respect the privacy rights of SQ1’ employees, customers, clients, business partners and other individuals whose Personal data we have and use. We will protect your Personal data by implementing appropriate technical and organizational measures with our data processing operations. We commit to obtain personal data fairly and only use it for legitimate business purposes. We will therefore hold ourselves accountable for demonstrating compliance with applicable legal and regulatory requirements. SQ1 identifies and explains the purpose(s) for which your Personal data is collected at the time of collection. We do this explicitly or by implication where the purpose of using such information is reasonably apparent to you by virtue of its nature or the context in which it is being collected.
We will obtain your consent prior to collecting, using or disclosing your Personal data. The method of obtaining consent will be appropriate to the type of Personal data being collected, used and disclosed. SQ1 will make reasonable efforts to ensure that you understand what Personal data is being collected and how your Personal data will be used and disclosed. SQ1 will obtain your express consent (verbal, written or electronic) when the Personal data is sensitive or its collection, use or disclosure is outside of the reasonable expectations of you providing it, or that creates a meaningful risk of significant harm that is not otherwise mitigated. We will rely on your implied consent to collect, use or disclose your Personal data where one or more of the following apply:
- We already have a customer relationship;
- You previously gave us your express consent for the same or similar use of your Personal data;
- The purpose of using your Personal data is reasonably obvious from the context in which it is obtained, considering that you provide the information voluntarily.
In limited circumstances will we collect, use and disclose your Personal data without your consent, including: (i) If permitted or required by law; (ii) In an emergency situation that threatens an individual’s life, health or personal security; (iii) If there is a reason to suspect that you may be a victim of fraud or abuse and we need to disclose the Personal data to a government institution or authorized representative for investigation and follow-up;(iv) In connection with an investigation or proceeding by us or a law enforcement organization and (vi) If certain information is publicly available.
Withdrawal of Consent
You may withdraw your consent to any collection, use or disclosure of your Personal data including from direct marketing at any time on reasonable written notice, subject to permitted or required exceptions under applicable privacy laws. If you have consented that your data be used to carry out a financial transaction, the right to withdraw does not exist. We may be obliged to retain data concerning financial transactions for several years in accordance with federal law for the purpose of preventing, detecting, and investigating, possible money laundering of terrorist financing.
We will do our best to provide reasonable alternative arrangements. However, in some situations, withdrawal of consent may also deprive you of a benefit or service. To change your consent to collection, use or disclosure of your Personal data about you, please don’t hesitate to contact us.
We will only collect Personal data that is required to provide you with the products and services you request, and only by reasonable and lawful means. We will explain to you the specific purpose for collection of your Personal Data.
Limited use and disclosure
We use and disclose your Personal data only for the purposes for which it was collected unless permitted by law. We will not use Personal data for any additional purpose unless we seek your express consent to-do so. We do not sell or rent Personal data to any organization or person for any reason.
In those defined instances where SQ1 would store or transfer personal information outside the US, SQ1 understands that robust procedures and safeguarding measures must apply to secure, encrypt and maintain the integrity of the data. SQ1 will complete continual reviews of the countries with sufficient adequacy decisions, such as the Privacy Shield in the US, and provisions for binding corporate rules, standard data protection clauses or approved codes of conduct. SQ1 will perfect the performance of due diligence checks with all recipients of personal data to assess and verify that they have appropriate controls in place to protect the information. Therefore, SQ1 undertakes that it shall not transfer Personal data outside of the US unless the adequate conditions are fulfilled, including providing SQ1 customer as a data subject enforceable rights and effective legal remedies. At any time, upon customer written direction will SQ1 delete or return personal data, unless it is required by law to retain the Personal data. Where SQ1 might be required to transfer personal data to the European Union, SQ1 will only send such Personal data to third-party sub-contractors that meet the minimum requirements reasonably applicable for the transfer of personal data to processors established in Europe.
We keep your Personal data only as long as it is required for our business relationship or as required by applicable laws. Subject to any requirements to retain information, SQ1 will ensure that Personal data that is no longer required will be destroyed, erased or made anonymous in a secure manner.
We keep your Personal data up to date, accurate and relevant for its intended use for as long as it is required to fulfill the purpose for which it was collected. In order to achieve this, you can assist us by updating your Personal data (e.g., change of address or telephone number) with us.
We are committed to protecting your Personal data in our possession or controlling it from loss, theft, alteration and misuse. We use a variety of security measures to protect your Personal data including: (i) restricted access facilities and locked filing cabinets; (ii) shredding of documents containing Personal data; (iii) electronic safety measures such as password protection, database encryption and personal identification numbers; (iv) organizational processes such as limiting access to your Personal data to a selected group of individuals; and requiring third parties given access to your Personal data to protect and secure your Personal data. The safeguards we employ to protect your Personal data depend on the sensitivity, amount, distribution, format and storage. In addition to the steps, we take to safeguard your Personal data, we believe you should take these steps as well to protect yourself. We recommend that you not share any personal or financial information with others unless you clearly understand why and confirmed who you are dealing with. It is also best not to give significant personal or financial information via email or voicemail. We use monitoring systems and controls to detect and prevent fraudulent activity. We have fraud prevention measures build into our due diligence processes and we will regularly update our fraud detection/prevention methods. While we take the right precautions to protect your Personal data from loss, theft, alteration, or misuse, no system or security measure is completely secure. Any transmission of your personal data is at your own risk and we expect that you will use appropriate measures to protect your Personal data as well.
We will make our policies and procedures about how we manage Personal data readily available to you and in a form that is understandable in plain, simple language. Most information on Personal data is available on our Website. You can also obtain a copy of our Personal data protection policy from any of our office locations or by contacting us directly.
Access rights as a data subject
You can request access to your Personal data we keep by making a request at any time. Customers who wish to contact us should refer to contact section. You may request any of the following:
- A copy of the information that we hold, how we use it and to whom it may have been disclosed:
- To rectify or correct right to correct data that we hold that is inaccurate or incomplete.
- To ask SQ1 to be erased from our records, except for data relating to accounts or cards which cannot be deleted due to applicable laws associated with the prevention of fraud, money laundering, counter terrorist financing or misuse of services of crime.
- To have the data we hold transferred to another organization.
- To object to certain types of possessing such as direct marketing as well as automated processing, including profiling. SQ1 may reserve it’s right to decline to make a requested correction but we will append a notation to the record of your requested alternative information; and we will update your Personal data. We may not be able to satisfy your request subject to applicable exceptions under applicable privacy laws, whereas: (i) your request would divulge confidential competitive business information of SQ1; (ii) the data is not readily retrievable and the burden or cost of providing access is disproportionate to the nature of the request; and where access could interfere with or prejudice an investigation or proceeding by SQ1 or law enforcement agencies. Your request must be made in writing and provide us with sufficient detail to enable us, with reasonable effort, to identify you and your Personal data. We will inform you within thirty days what Personal data we have, how we collected it, how we used it, and to whom it has been disclosed. If we need to extend the time, or we must refuse your request, we will tell you why, subject to any legal restrictions, and will notify you of the new deadline, reason for the extension and of your right to contact the federal or provincial privacy commissioner applicable in your jurisdiction.
SECTION 2: COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA
What type of Personal data do we collect?
This will depend on the type of product or service that you have requested from SQ1. We may collect data from you such as: information establishing your identity (for example, name, residential address, phone number, email address, date of birth, gender, SIN (for identification and/or tax reporting purposes) and if applicable, account numbers), and other personal information such as security questions, user ID.
How do we obtain your Personal data?
The data we collect about you is received from you directly. We may also collect information from third parties outside SQ1, including:
- Persons authorized to act on your behalf under a power of attorney or other legal authority;
- Service providers, agents and other organizations with whom you or we conduct business;
- Government agencies and public registries.
The decision to provide us with your Personal data always rests with you. We may, however, be limited in our ability to provide you with certain products and services, if you decline to provide us with information essential to fulfill your request.
Why do we use your Personal data?
We collect your Personal data to manage our relationship with you and to consistently deliver high quality products and services. Why we use your Personal data may include: (i) to verify your identity; (ii) to evaluate and process your application for an account; (iv) to communicate with you about your deposits; (v) to accept deposits; (to process and keeping track of transactions and report back to you; (vi) to protect you and us against theft, fraud and error; (vi) to analyze information to determine that relevant services are offered to you; (vii) to provide you with products and services requested by you and that SQ1 believes may be of interest to you and provide value to you; (viii) to inform you about new business initiatives including contacting you to obtain your views and to encourage you to express your views about them; (ix) to offer you the opportunity to participate in contests, giveaways or other promotions; (x) to conduct research and generate statistics related to our business, products and services; (xi) for business purposes, such as data analysis, audits, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities; (xii) to help manage and assess our risks, operations and relationship with you; (xiii) to comply with legal and governmental requirements; and (xiv) to fulfill any other purpose for which you provide it or with your consent.
Who do we share your Personal data with?
We share it with other SQ1 Companies and respective affiliates to assist us with offering the best services to you. Authorized employees may have access to personal, confidential information as they perform their duties. Employees that are likely to have access to Personal data must sign a confidentiality agreement under which they commit to maintaining the confidentiality of such information.
Third Party Product and Service Providers
With your consent we may disclose Personal data to certain third-party product and service providers retained by us to assist in providing you with services or to perform certain specialized services to assist us in our business. Prior to releasing any Personal data, we require third party providers to respect the confidentiality of Personal data and all legal requirements under applicable privacy laws, and to agree to contractual requirements that are consistent with our own obligations. We only disclose the specific information required to perform the services. Each of our suppliers must undertake to use client information solely for the purpose of carrying out the services it has been retained to provide and must agree to safeguard the information.
In certain instances, we may be compelled to disclose data in response to a legally valid demand, enquiry, proceeding or other order. We reserve the right to comply with any third-party demand issued under federal or state legislation, or any court order we receive, in request of your accounts. You agree that we will not be liable to you in any way for complying with any such third party demands or court orders issued on or against your accounts or products. In these cases, we take steps to ensure the request is valid and we only disclose the specific information necessary to satisfy the enquiry or order.
Transfers of Business
Collection, Use and Disclosure of Non-Personal data
Non-personal data is any information that does not reveal your identity or directly relates to you as a person. Some examples of non-personal data we may collect from you are demographic information, such as occupation, language, interests, the first three digits of your postal code, unique device identifier, and transactional data. Non-personal data may also include data we have de-identified or aggregated to the point where it no longer identifies a particular individual. Data relating to business customers may also include your business name, address, phone number, email address, industry type, financial status and details on the owners, operators and directors.
SQ1 may also make certain aggregated non-personal information available to strategic partners and third-party service providers that work with SQ1, to provide or support our or their products and services or that help SQ1 or its strategic partners and third-party service providers to conduct data analysis, to develop and improve products and services, and determine the effectiveness of promotional campaigns. We reserve the right to use and share any such non-personal information with third parties for any lawful purpose.
If it happens that we combine non-personal information with any Personal data, we will obtain your consent and treat it as Personal data is treated under this policy.
To ensure that you are the only person accessing your Personal data, we restrict access to your online account by requiring that you enter your customer number or user ID and password to login. Only you know your password. Our employees do not have access to your password, and they will not ask you to reveal it. If someone does ask you to provide your password to them, we ask that you refuse to do so and contact us immediately.
Our system offers many functions, such as transfers between accounts. These transactions are all logged to ensure that your accounts are debited or credited appropriately, and a history of each transaction is available to verify your account.
To create a secure channel between your browser and our server, we use the highest level of encryption available. Your data is secured whether at rest or in transmission, using PCI recommended encryption techniques and protocols. We provide secure online application forms. These forms capture personally identifiable information that we use to provide you with the products and services that you have requested. This information is processed in a fashion similar to that of application forms received through our other channels. The information contained in the application may be archived or stored, as governed by existing law or policy.
However, despite these measures, our systems could be compromised by parties seeking unauthorized access to our data or users’ data, by a technological malfunction or in error by an employee, vendor or contractor. In addition, the transmission of information via the Internet or mobile data networks could be intercepted by third parties. As a result, our efforts to protect our data and users’ data from unauthorized access may be unsuccessful and we cannot assure you that the security measures we have adopted will provide absolute certainty. Any transmission by you is at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the contact section. If we learn of a security systems breach, we will inform you and the appropriate authorities of the occurrence of the breach in accordance with applicable law.
Website and statistics
To continually improve our Website and our online services, we may collect information about how our customers are using it. These usage statistics are only viewed in the aggregate – and are never tied to an individual. We use this information for purposes such as improving the pages where our customers are having difficulties and ensuring that we have the appropriate infrastructure in place to service future needs. The information collected may include your location, your IP address, your browser type and your operating system, as well as data that is passively generated as you browse, such as the number and types of pages visited, and the length of time spent per page and on the Website overall.
To make sure that someone cannot access your Personal data, please always exit your online account using the logout button located at the top of every page. When you exit using the logout button, we delete your session cookie so that your session cannot be resumed unless your customer number and password are re-entered.
In the event that you leave your computer without logging out, the online prepaid card account site has been designed to end your session automatically if our system detects that you haven’t provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your password again.
To communicate with us electronically, we strongly recommend that you use our “Contact” feature. This feature provides a secure channel for sending us comments, questions or instructions. Email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly recommend that you do not include personal financial information (such as account numbers) within the email as we cannot guarantee its confidentiality as it comes to us. When you email us your comments, questions or instructions, you provide us your email address and we use it to correspond with you. We will not provide your email address to anyone outside of SQ1. We may use your email address to send you information about products or services that we think may be of interest to you. If you do not want us to contact you with product information by email, you may tell us so at any time by using the “Contact” feature. We will discontinue the practice. If you have asked us to provide you with information on a regular basis, or if we email you information about our products or services, you may ask us to remove you from the list at any time. We will include instructions to unsubscribe from the list in every mailing, and on the site where you originally subscribed to the list.
Where do we store your Personal data?
How to contact us
If you have any questions, concerns or complaints about our privacy policies or are uncomfortable about any information or requests you receive from SQ1 via phone, fax or email, we encourage you to contact us immediately on the SQ1 Mobile App or S1Flex.com. In most cases, any questions or concerns that you have can be resolved by discussing it with us.