Credora Privacy Policy

1. Information We Collect

We may collect the following types of personal information from you:

Personal Information

• Full name
• Email address
• Phone number
• Postal code and province
• Date of birth
• Any additional information provided in free-text or survey form fields

Financial Information

• Estimated debt amount
• Types of debt
• Monthly income
• Employment and credit status
• Financial goals and preferences
• Financial documents you choose to provide
• Credit information (only with your explicit consent)

Technical Information

• Website usage data (IP address, browser type, pages visited)
• Communication records (emails, phone calls, chat logs)
• Cookies and similar tracking technologies

2. How We Use Your Information

Your information is used for the following purposes:

Primary Service Delivery

• Providing debt-relief education and preparation services
• Conducting financial assessments and consultations
• Preparing referrals to Licensed Insolvency Trustees and financial partners
• Providing ongoing support and follow-up services
• Assessing your suitability for our educational programs

Business Operations

• Processing payments and managing your account
• Improving our services and customer experience
• Complying with legal and regulatory requirements
• Preventing fraud and ensuring service security
• Internal analytics and service optimization

Communications

• Sending service-related communications
• Providing educational content and resources
• Following up on your service experience
• Responding to your inquiries and requests

3. How We Share Your Information

Sharing with Service Partners

With your explicit consent, we may share your information with:

• Licensed Insolvency Trustees (LITs) for debt-relief consultations
• Financial institutions and lenders for appropriate financial solutions
• Credit-counseling agencies and financial advisors
• Other qualified financial-service providers who may assist with your situation

Legal and Regulatory Sharing

We may disclose your information without consent when required by:

• Court orders or legal proceedings
• Regulatory investigations or compliance requirements
• Law-enforcement requests where legally obligated
• Protection of our legal rights or the safety of individuals

We Do NOT Share Your Information

• With unauthorized third parties
• For purposes unrelated to financial services without explicit consent
• With companies that do not meet our security and compliance standards
• For general marketing purposes outside the financial-services sector

4. Consent and Your Choices

Explicit Consent Required

Before submitting any form, you will be asked to give explicit consent via required checkboxes:

Understanding Your Consent

• Your consent is specific to the purposes outlined above
• You may withdraw consent at any time by contacting us
• Withdrawing consent may limit our ability to provide certain services
• You can opt out of data monetization activities while still receiving our core services

Managing Your Preferences

• Updating your communication preferences
• Opting out of specific data-sharing arrangements
• Requesting restrictions on how your data is used
• Withdrawing consent for future data processing

5. Data Retention

We retain your information only as long as needed to fulfill the purposes outlined in this policy or as required by applicable law:

Service Data

• Active client data: retained for the duration of our relationship plus 7 years for legal compliance
• Financial assessment data: retained for 7 years as required by financial-services regulations
• Communication records: retained for 3 years for service quality and dispute resolution

Marketing and Analytics Data

• Lead and marketing data: retained for 3 years from last contact or until you opt out
• Website analytics: aggregated data retained indefinitely; personal identifiers removed after 2 years

Legal and Compliance Records

• Records required by law: retained as mandated by Canadian financial-services regulations
• Dispute resolution records: retained for 7 years after resolution

You may request that your data be deleted or anonymized at any time by contacting us, subject to legal retention requirements.

6. Your Privacy Rights

Under Canadian privacy law (PIPEDA), you have the right to:

Access and Control

• Request access to the personal data we hold about you
• Receive a copy of your personal information in a portable format
• Correct or update inaccurate information
• Request deletion of your data (subject to legal requirements)

Consent Management

• Withdraw your consent at any time
• Object to specific uses of your information
• Request restrictions on data processing
• Opt out of data monetization activities

Transparency and Accountability

• Request details about how your information has been used or shared
• Receive information about our data partners and sharing arrangements
• File a complaint with the Privacy Commissioner of Canada
• Request an investigation into our privacy practices

Important Limitations: Some rights may be limited by legal or regulatory requirements; withdrawing consent may affect our ability to provide services; legal retention periods may prevent immediate data deletion.

7. Data Security

Technical Safeguards

• End-to-end encryption of sensitive data in transit and at rest
• Secure servers with multi-layered access controls
• Regular security audits and penetration testing
• Automated monitoring for suspicious activities
• Multi-factor authentication for all system access

Administrative Safeguards

• Employee training on privacy and data protection
• Regular privacy impact assessments
• Incident response and breach notification procedures
• Third-party security certifications and audits
• Data minimization and purpose-limitation practices

Physical Safeguards

• Secure facilities with restricted access
• Environmental controls and monitoring
• Secure disposal of physical documents
• Background checks for employees handling sensitive data

8. Third-Party Services and Partners

Service Providers

Our website and services may utilize trusted third-party platforms for:

• Website analytics and optimization
• Form processing and data collection
• Payment processing and financial transactions
• Communication tools (email, scheduling, chat)
• Security and fraud-prevention services

Partner Standards

• Meet or exceed Canadian privacy standards
• Provide adequate security safeguards
• Use data only for specified purposes
• Allow us to audit their privacy practices
• Maintain appropriate insurance and liability coverage

Cookies and Tracking

We use cookies and similar technologies to:

• Improve website functionality and user experience
• Analyze website usage and performance
• Provide personalized content and recommendations
• Facilitate secure login and session management

You can control cookie settings through your browser preferences. Disabling certain cookies may limit website functionality.

9. Compliance and Regulatory Framework

Credora complies with all applicable Canadian privacy and financial-services legislation:

Privacy Laws

• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Provincial privacy laws where applicable
• Canada’s Anti-Spam Legislation (CASL)

Financial Services Regulations

• Office of the Superintendent of Bankruptcy requirements
• Provincial financial-services regulations
• Anti-money-laundering and know-your-customer requirements
• Consumer protection legislation

Industry Standards

• Canadian Standards Association privacy framework
• International Organization for Standardization (ISO) security standards
• Payment Card Industry (PCI) data-security standards where applicable

10. International Considerations

Data Location: Your information is primarily processed and stored within Canada.

Cross-Border Transfers: In limited circumstances, your data may be transferred outside Canada to:

• Cloud service providers with Canadian data-residency commitments
• International financial service partners (only with explicit consent)
• Legal or regulatory authorities in other jurisdictions (when legally required)

All international transfers include appropriate safeguards and comply with PIPEDA requirements.

11. Children and Minors

Our services are intended for adults (18 years of age or older) seeking debt-relief assistance. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from someone under 18, we will delete it promptly and notify the individual’s guardian where appropriate.

12. Policy Updates and Changes

Notification of Changes

• Changes in our business practices or services
• New legal or regulatory requirements
• Technological developments affecting privacy
• Feedback from privacy authorities or customers

How We Notify You

• Material changes will be communicated via email (where possible)
• All updates will be posted on our website with a revised effective date
• Significant changes may require renewed consent
• Additional notice may be provided for substantial modifications

Your Continued Consent: Continued use of our services after policy updates constitutes acceptance of the revised terms. If you disagree with changes, you may withdraw consent and discontinue services.

13. Contact Information and Complaints

Privacy Officer: [Insert name and direct contact information]

Response Times: We will acknowledge privacy inquiries within 5 business days and provide substantive responses within 30 days (or as required by applicable law).

External Complaints: If you are not satisfied with our response, you may contact:

• Office of the Privacy Commissioner of Canada — Website: priv.gc.ca • Phone: 1-800-282-1376 • Email: info@priv.gc.ca
• Provincial Privacy Commissioners: You may also contact your provincial privacy commissioner if applicable.