Privacy policy

The personal information (hereafter “information”) that you entrust to us is essential to our business relationship with you. We understand that this information is valuable and we are committed to protecting it. Our goal is to be transparent with you.

That is why we adopted this policy, which describes our practises to protect your information and privacy. This policy applies to the collection, use and disclosure of the information you entrust to the Bank and its subsidiaries ⁱ. It is in effect as long as we have your information on file, including after the end of our business relationship.

Our Chief Privacy Officer is responsible for these practises, which are applied at the Bank and its subsidiaries. If you have any questions about this policy, please write to us at one of the following addresses: 

You may also contact us as indicated in Section 9 below if you have any questions.

IMPORTANT: We limit the collection of your information to what is necessary to help us serve you properly.

We may collect your information directly from you when you contact us or interact with us, in person, by phone, in writing or via our online solutions. We may also collect your information indirectly from other sources listed below. When required, we will obtain your consent.

• Individuals or entities related to your products and services 
• Other financial institutions or lenders, insurers (if we need to verify the accuracy of the information provided)
• Brokers, dealers or other stakeholders in securities or other fields 
• Credit reporting agencies 
• Publicly available sources or records 
• Regulatory bodies and self-regulatory organizations ⁱⁱ
• The Bank or its subsidiaries 
• Program partners 
• Our websites, National Bank mobile app and digital or social media platforms. For more details, please refer to our Digital data policy

We may use and disclose your information to:

Provide products and services adapted to your needs

• Verify your identity, update your information and check the accuracy of the information provided  
• Assess your financial situation and creditworthiness (on a regular basis if you have a credit product)  
• Assess your eligibility for products and services or ensure that our advice, products and services meet your needs
• Establish your investor profile, financial needs and objectives as well as your investment strategies 
• Establish, manage, administer and provide the products and services requested
• Personalize your client experience, notably using analyses of your profile, transactions and other information, particularly to: 
  • Get to know you better and understand your needs  
  • Provide you with better advice based on an analysis of your needs and preferences
• Determine your eligibility for incentives (fee waivers or discounts) 
• Optional: Combine the financial information that the Bank or its subsidiaries have about you to generate a complete view of your products and better serve you (see your right to opt out in section 5.2)  

Contact you

• Send you communications using the contact information you provided (by mail, email, text message, phone or social media) 
• Send you information about the new features available on our online solutions
• Optional: Promote products and services that may be of interest to you offered by the Bank, its subsidiaries or some of its partners, if permitted by law, including by email, text message or via personalized advertising or digital or social media platforms (see your right to opt out in section 5.2)  

Carry on our business and operations

• Prevent, detect and control fraud, as well as any unauthorized or illegal activities (money laundering, cyber threats) 
• Enable due diligence of our operations in preparation for the conclusion of a business transaction 
• Manage risk, including credit and business risks, and comply with applicable laws and regulations 
• Conduct studies and data analyses to generate statistics, improve our products and services, create new ones and carry on activities

At times, it may be necessary to disclose your information to other parties for legitimate purposes. For example, this may be required by law to protect your interests in the event of fraud or to enable you to participate in a program with a partner or provide services on our behalf. We are committed to always limiting information only to what is required and obtaining your consent, as required.

We care about the integrity, security and confidentiality of your information. Under no circumstances do we sell your information to third parties.

We may share your information with:

• The Bank and its subsidiaries, for information used to verify your identity, for compliance purposes and to facilitate the ongoing management of your accounts
• The Bank and its subsidiaries, for your financial information, to better serve you (see your right to opt out in section 5.2)
• A party acting on your behalf or at your request, such as a securities broker or transfer agent 
• Another financial institution, lender, credit insurer or credit reporting agency
• An insurer or agent acting on our behalf 
• A merchant or partner through whom we offer optional products and services, a payment system, a payment card network, a compensation or settlement system
• A person who holds an account jointly with you or who is otherwise involved in the business relationship you have with us 
• Third parties, if we need to disclose your personal information as part of legal proceedings 
• A regulatory or government authority or self-regulatory organization ⁱⁱⁱ
• A person authorized by law to obtain it
  
• Third parties involved in concluding a business transaction
• Social media and digital platforms with whom we may share your name and contact information (e.g., your email address) to enable us to deliver targeted advertising on their platforms (see your right to opt out in section 5.2)
• As described below, service providers we call upon to perform certain tasks such as printing cheques, issuing banking cards or producing investment statements, managing loyalty services, and carrying out marketing services on our behalf

We take great care in selecting service providers. They fall under the following categories:

• Technology services (applications, data centre, data storage and backup, hosting services, maintenance, and support services)
• Professional services
• Financial and banking services
• Insurance services
• Communications services
• Mail services
• Analytical and marketing services

All the service providers who have access to your information sign an agreement with us. They undertake to use your information only for the purposes stated in the agreement and to give it the same level of protection we provide. 

We only use your information with your consent or as permitted by law. We obtain your consent to collect, use and disclose your personal information when:

• You request a new product or service
• We need to use your information for a purpose other than the ones for which you already gave your consent
• You have specific interactions with us, such as calls to customer service or to complete online forms

However, we do not obtain your consent for every interaction with you. For example, if you have a mortgage with us, we may consider that you consent to us contacting you to renew it. 

In addition, we do not obtain your consent in some situations provided by law, such as to: 

• Comply with a court order or other enforceable request 
• Recover a debt 
• Investigate a breach of contract or law 
• Prevent, cease or detect fraud 

Your information belongs to you. Subject to legal, business or contractual requirements, you have the right to withdraw your consent for the collection, use or disclosure of personal information. We will process your request as quickly as possible.  

However, some types of information are essential for us to provide you with certain products and services. If you refuse to provide this information, it may be difficult, or even impossible, to have a business relationship with you or even to offer you some of our products. For example, if you don’t provide your Social Insurance Number (SIN), we will not be able to offer you products for which it is required, such as a registered product (e.g., RRSP).

You may refuse to have us use or disclose your information for the following purposes:

a) To share your personal information between the Bank and its subsidiaries

We may share your financial information between the Bank and its subsidiaries to facilitate your interactions and relationship with us. Doing so enables us to:

• Better serve you and to have a comprehensive view of all the products you own with the Bank and its subsidiaries, if permitted by law (e.g., when you meet with us and request a new product or service)
• Analyze your financial situation to verify your eligibility for offers, promotions and certain products and services that are better suited to your needs, if permitted by law

You may withdraw your consent at any time:

• By doing so yourself via our online solutions. Simply sign in to your account, access your profile, then your privacy settings to withdraw your consent.
• By requesting it from the customer service at your branch or from your advisor or representative.
• By calling our customer service.

b) To send you promotional offers by email, text message or via our online services

The Bank and its subsidiaries may, from time to time, send you promotions that could be of interest to you, if permitted by law. You may withdraw your consent to receive such promotions at any time by following the instructions in section 5.2a) above. There may be a delay before you stop receiving our promotional offers, including those from a promotional campaign already in progress.

We may, from time to time, contact you to ask if you would like to update your privacy settings to ensure that our records are up-to-date and reflect your current preferences.

c) To send you promotional offers via digital or social media platforms

We may also use your name, email address or other contact information to create personalized audiences on digital or social media platforms. This enables us to display ads tailored to your needs and interests on these platforms. You can opt out from having your information used for this purpose:

• By withdrawing your consent to receiving promotional offers (follow the instructions in section 5.2a) above)
• By changing your preferences in the settings of your social media account

Please note that if you withdraw your consent to such use, you may still see some of our advertisements on digital or social media platforms. However, these advertisements will not have been released further to the use of your name and contact information but rather by using information collected using cookies and similar technology, or as part of an advertising campaign not targeting any specific group. For further details, please refer to the following section. 

 d) To send you promotional offers through the use of cookies and similar technologies

With your consent, we may collect your digital information (e.g., data on your device and browsing habits) using optional cookies or similar technologies when you visit our online services. This information allows us to measure and analyze traffic to improve your browsing experience. It also enables us to propose offers and services that meet your needs, particularly on digital and social media platforms. For more details, see our Digital data policy.

You can opt out from having such information collected and used via the banner that appears when you first sign in to our online services. 

You can then modify your privacy settings: 

• On the web: By following the instructions in our Digital data policy (link at the bottom of our website pages)
• On the National Bank mobile app: By signing in to your account, accessing your profile and consulting the privacy settings section

What you will continue to receive after you have withdrawn your consent

You will continue to receive:

• Regulatory notices that we are required to send you by law
• Service messages that we provide on account statements, at ABMs or regarding a trade confirmation
• Information about your current products and services

You may also continue to receive information about our products and services verbally or in person from our representatives. In fact, some of our representatives have a duty to advise you and will continue to provide you with this information as required.

You may request access to the information we have about you or ask for such information to be disclosed, except when such requests are restricted by law.

How to access your information or request its disclosure

You can access or download some of the information we have about you directly via our online solutions (e.g., your transaction statements).

You can also submit a request to access your information or have it disclosed:

• Via your online bank on the web or our National Bank mobile app. To do so, sign in to your account, access your profile then your privacy settings, where you will be able to make such a request
• By phone by contacting our customer service
• By asking your advisor or representative or at your branch

We will process your request within 30 days or within a longer period as set out by law. You will be notified if the timeframe is longer than 30 days.

You can and should correct any incorrect information we may have about you. For the Bank to provide you with quality service, your information must be accurate and complete. We therefore rely on you to help us maintain the quality of the information we have by informing us of any changes to it.

You can make changes to some of your information directly on our online solutions. Otherwise, you can call our customer service or contact your advisor, representative or your branch to request that changes be made. 

We may use your information to make automated decisions about you. We may do so to respond to your requests to grant or renew certain credit or financing products for example. We may also do so to comply with obligations to prevent fraud and financial crime. As required, we will inform you of any such use during the process or when the decision is communicated to you. We will refer you to the team responsible for the decision rendered if you have any questions.

Note that a decision is considered to be automated when no employee has intervened in a significant manner in the decision-making process.

We retain your information, in hard copy or digital format, for as long as necessary to fulfil the purposes for which the information was collected or as long as required or permitted by law. The purpose, nature and sensitivity of specific information were considered when setting the retention period.

The Bank and its subsidiaries are subject to many legal obligations regarding the retention of information (e.g., under banking, tax and anti-money laundering legislation). In general, to meet these obligations, your client profile information (such as your name, address and date of birth) will be retained for the duration of your relationship with us, and for a period of 7 years following the end of this relationship. Moreover, we will retain your transactional information for seven years after such transactions have been carried out.

Certain exceptions may apply that require longer retention periods, in the case of disputes or claims for example. In that case, your information could be retained for up to 10 years after the proceedings have ended. When your information is no longer required, we will do our utmost to destroy it securely.

The Bank, its subsidiaries, service providers and other third parties to whom your information is disclosed under this policy may operate outside Quebec and Canada. Your information may therefore be used and stored securely in other provinces and countries. In some cases, your information may be subject to the laws and access rights of authorities in foreign countries, including the United States. For more information about our practises, please refer to our Privacy Booklet available at nbc.ca. 

We make significant efforts to protect your information from loss, theft, and unauthorized access, use or disclosure and from any other breach of security. We have a security program in place to keep pace with changing information security threats. The measures adopted in our security program include: 

• Protecting the infrastructure through secure access to our premises and secure locations for our equipment, etc. 
• Limiting who has access to your information. This means that only employees who need to know your information in order to carry out their duties have access to it. 
• Manage passwords and set up firewalls. 

You have a role to play in protecting your information. We encourage you to never disclose your passwords, codes and personal identification numbers (PIN). Our employees do not have this information and will not ask you for it. Avoid sending any personal information via email. We invite you to visit our Fraud prevention page at nbc.ca.

This policy is supplemented by our Digital data policy, which explains how we use cookies and similar technologies when you visit our websites or mobile apps.

In addition, some products and services have specific terms and conditions governing the handling of information. It is important to take them into account.

If you do business with one of our offices or subsidiaries located in the European Union, or your data is collected by one of these offices or subsidiaries, you have certain rights under the General Data Protection Regulation (GDPR) with respect to the handling of your information. This policy does not in any way limit your rights under the GDPR. A detailed statement of your rights and the use made of your information will be provided to you when the information is collected.

We may change this policy from time to time. When required, you will be informed of such changes with a notice appearing on our websites and by any other appropriate means through which we contact you.

To ask a question or submit a comment, please contact us in one of the following ways:

• Email confidentiality@nbc.ca
• Call our customer service centre
• Contact your advisor or representative, or visit a branch
• Write to our Chief Privacy Officer, whose contact information appears at the top of this document

To file a complaint, follow the procedure set out in the Complaint settlement section under the Useful links listed at the bottom of our website pages.