Northumberland CFDC’s Privacy, Confidentiality and Security Policy
Northumberland Business Development Assistance Corp. (o/a “Northumberland CFDC” and hereinafter “NCFDC”) supports innovation and entrepreneurship by providing financing and strategy for entrepreneurs, and in particular, business loans or loan guarantees through the Community Futures Program. Northumberland Community Futures Development Corporation (“Northumberland CFDC”) is a registered trade name of Northumberland Business Development Assistance Corp. Your trust and confidence is important to us. NCFDC is committed to protecting the confidentiality, integrity and security of your information through:
- Privacy and confidentiality practices. We are committed to protecting your privacy and the confidentiality of your information.
- Secure technology. We employ secure technology and security standards to protect our systems and your information. For example, our Reviewr application meets the requirements of an extensive list of global security standards including: ISO27001, SOC, the PCI Data Security Standard and FedRAMP. CORL (our fintech application for commercial loan applicants) takes reasonable measures to protect users, the same measures taken by the highest rated Canadian financial institutions and data providers, including but not limited to firewall barriers, SSL encryption techniques, and authentication procedures, to help protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction of data.
- Secure Reporting. We utilize FERN’s leading edge and globally deployed FaaSBank software to meet our reporting requirements to FedDev Ontario and the Government of Canada. FERN is committed to upholding the highest standards of data protection.
- Enhanced identity protection. Access controls are used to prevent others from accessing your account through our Revewr application, and also internally when your loan application is being assessed.
We understand the importance of protecting your privacy and the confidentiality, integrity and security of your information. The following sets out how we handle your information, and our security standards, in more detail.
This policy was last updated October 21, 2021 and may be amended from time to time.
The word “information” means personal, financial and other details about you and your business plans that you or your authorized representative provide to us and we obtain from others within or outside NCFDC.
Collecting and using your information
We collect and use information with your consent. Consent may either be implied from the circumstances or may be expressly given for a particular purpose. For example, we use information to process loan applications and assess creditworthiness for financing startups and other enterprises, as well as to grant performance-based funding. We also use information to provide feedback on business plans, and provide business counselling services.
Most of your information is obtained directly from you. When we collect information from you, we will explain how we intend to use it if that is not apparent from the circumstances. For example, we may ask for your birthdate to identify and authenticate you, and determine if you are eligible for a loan. We may ask for your Social Insurance Number (SIN) or other identification information to conduct a credit investigation to assess your loan application.
Before granting a loan, financing or other funding, we take steps to assess your creditworthiness. We may contact other lenders or credit reporting agencies to get information about you and your credit history. We may also contact employers or other personal references to verify information that you have given us. We will not do this without your consent, but please remember that if you do not give your consent we may not be able to extend credit products to you.
We will limit the information we collect to what we need for those purposes, and we will use it only for those purposes. We will obtain your consent if we wish to use your information for any other purpose and before collecting information from third parties such as credit bureaus.
Your information is used to help us provide you with strategic advice, to manage financing, loans or other products or services you have with us, to contact you about NCFDC products or services you may be interested in having with us, to help us collect a debt or enforce an obligation owed to us by you and to manage operations and risk within the NCFDC. Your information is also used to satisfy valid information requests from regulators and other organizations or individuals who are legally entitled to make such requests.
Click here to learn more about how we handle your information when you use our website.
Maintaining the confidentiality of your information
We maintain the confidentiality of your information in accordance with this policy. For example, your information will be accessed on a “need to know” basis by those who are directly involved with providing you with services (for example, evaluating your loan application or funding proposal) and providing you with strategic advice or other consulting services. Those who access your information are informed about its confidential nature, and legally obligated to keep it in confidence.
We no longer consider information confidential if it is generally known or available to the public, or you provide it to us with the intention that it be disclosed or without an obligation of secrecy.
We will rely on our own investigation, due diligence and analysis in evaluating and satisfying ourselves regarding all matters regarding the information.
Protecting your information
We will protect your information with appropriate safeguards and security measures to maintain its privacy and confidentiality. We use physical, technical, electronic and organizational procedures to safeguard the security and integrity of your information.
NCFDC uses secure technology to protect our systems and your information. In particular, we use firewalls, encryption technology, anti-virus and anti-malware software, among other data protection technologies.
NCFDC also takes other measures to safeguard your information, including:
- Confidentiality provisions are part of our agreements with service providers, suppliers and agents, requiring them to maintain the confidentiality of your information and not use it for any unauthorized purpose. For example, all employees, volunteers, and third party service providers sign confidentiality agreements binding them to safeguarding the confidentiality of personal information to which they have access.
- Secure physical storage including storing active in locked filing cabinets located in work areas restricted to NCFDC employees and authorized volunteers. Closed files are stored in locked cabinets for a period of seven years, after which, the information is shredded prior to disposal.
- Retention periods so that we retain your information only for reasonable periods of time and for the purposes we explained to you. For example, closed files are retained for seven years. When your information is no longer needed for these purposes, we destroy, delete, erase or convert it to an anonymous format.
Although we strive to protect and safeguard your information, no security is perfect. You should always take care with how you handle and disclose your information, and avoid using insecure means to transmit information, such as email. Click here for ways you can help to safeguard your information.
Storing and releasing your information
We may provide your information to other persons in situations where:
- our employees, volunteers, service providers, suppliers, agents and other organizations who assist us in serving you, need the information;
- we are required or permitted to do so by law or applicable regulators and self-regulatory organizations, for example, in response to a search warrant, court order, or other demand or inquiry we believe to be valid. Your information may be shared, stored or accessed in Canada or other jurisdictions or countries;
- we want to prevent, detect or suppress financial abuse, fraud, criminal activity;
- we want to protect our assets and interests or manage or settle any actual or potential loss, including to help us collect a debt owed to us by you;
- we acquire, are acquired or merge with another organization, or when considering those transactions;
- to support the credit process, including disclosing your credit history with us to other lenders or credit reporting agencies. As part of these efforts, we send a quarterly credit reports to Equifax;
- you have provided your consent, including to a joint loan applicant or account holder.
Providing you with access to your information and keeping your information accurate
Upon request, we will give you access to the information we retain about you and we will make reasonable efforts to keep your information accurate and up-to-date.
If you notify NCFDC that your information in an active file requires correction or updating, the necessary changes will be made. Information contained in closed files is not updated.
Respecting and responding to your privacy concerns and preferences
We will explain your options for withdrawing consent to the collection, use and disclosure of your information, and we will record and respect your choices. We will investigate and respond to your concerns about any aspect of our handling of your information. For example, you can opt out of certain communications from us contacting our Chief Privacy Officer (see below for contact information). You may phone, email or write to us to let us know you do not want us to:
- use your Social Insurance Number with credit reporting agencies
- conduct a credit check in order to assess your creditworthiness and/or to perform a risk analysis understanding that, as a result, we may not be able to approve your loan or extend services to you
- contact you with marketing offers that may be of interest to you
- contact you to participate in customer research and surveys
Once you have a loan with us, we will share your credit experience on an ongoing basis with credit reporting agencies. You cannot withdraw your consent for this sharing of information as it is necessary to support the credit process.
How we handle your information when you use our website
A cookie is a small amount of data that is stored by your web browser when you visit certain websites. Cookies may be used to track the activities of your browser as well as provide you with a consistent, more efficient experience.
- learn about why and how you browse and interact with our website (for example, which pages you visit and which websites, advertisements, and keywords used for searches brought you to our websites)
- remember your language preference and automatically input your information on our login screen
- assist us in authenticating you and your computer, administer our secure websites and for fraud prevention or investigation purposes
- personalize your experience (for example, to deliver tailored content, offers and advertisements that we believe are relevant to you based on your browsing habits or the nature of the products and services you have with us)
assist us with application support issues and fraud investigations
- help us improve our website and make it easier to navigate (for example, by determining how many people visit our websites and which sections of the websites are visited most frequently)
Technical and Aggregate Information
When you visit our websites, we may also collect:
- your Internet protocol (IP) address;
- your Internet service provider (ISP) and the region from which you’re connecting to our websites; and
- attributes related to the device and browser you are using to connect to our websites (e.g. operating system type and version, current language, browser version and plug-ins, screen resolution etc.).
We use this information for the purposes of optimizing our websites and the content we make available.
“Aggregate information” is standard web server/visitor traffic information, commonly referred to as ‘aggregate information’, regarding overall website traffic patterns. We do not report on individual user sessions. Web servers normally collect this type of basic information as part of their web log processes. This aggregate information does not identify you and thus does not constitute personal information. In addition to information provided by our visitors we use the normal Internet tracking tools associated with standard Internet protocols and web–based systems. This system information is typically stored in log files and the information is used for aggregate reporting. Aggregate reporting includes total number of visitors, most visited sections, peak traffic times, etc. Log files are simply transaction records web servers maintain. Those logs are used for recording information, such as:
- service provider IP addresses;
- browser versions;
- referring websites;
- search terms used;
- average number of pages requested;
- average duration of visit;
- total visitor traffic.
We use aggregate information gathered from your visit to optimize our website. This information supplies us with a broad picture of how people use our website in order to help the management of our systems and to better serve our audience.
Important ways you can help protect yourself
- For our Reviewr or Corl application, choose a unique password and change it regularly. Choose a password combining letters, numbers and special characters that will be hard for others to guess, and change your password regularly, for example, every 3 months.
- Never disclose your passwords to anyone, especially online.
- Use a firewall. Firewalls guard your home network from potential hackers and offensive websites.
- Use anti-virus and anti-malware software. Updated anti-virus and anti-malware software can protect your computer from threats and cyber-attacks.
- Guard your mobile device. Password protect your phone, and use the built-in lock function. Don’t leave your phone unattended.
If you have any questions regarding this policy, or you wish to make an access to personal information request, please contact:
Chief Privacy Officer
Northumberland Business Development Assistance Corp.
739 D’Arcy Street, Suite 120
Cobourg, ON, K9A 0H6
Phone: 905.372.8315 Fax: 905.372.2238