BNA provides a variety of products and services to the public, including but not limited to the processing of payments in connection with the use of debit cards and credit cards. BNA is both a vendor of processing equipment and a processor of payments for merchants who have purchased and are using our processing equipment.
In the course of providing these products and services to merchants (e.g. retailers), BNA may collect, with consent, certain personal information about its merchants. In addition, BNA may receive personal information from customers of merchants while providing BNA’s payment processing services. BNA is responsible for personal information that it collects, uses, or discloses as well as personal information that it receives from the customers of its merchants.
“Personal Information” means information about an identifiable individual. This may include, without limitation, the individual’s name, home address, age, income, health, or financial information. Personal Information does not include the name, title, business address or telephone number of an employee of an organization.
Principle 1 – Accountability
Principle 2 – Identifying Purposes
Principle 3 – Consent
Principle 4 – Limiting Collection
Principle 5 – Limiting Use, Disclosure and Retention
Principle 6 – Accuracy
Principle 7 – Safeguarding Personal Information
Principle 8 – Openness
Principle 9 – Access
Principle 10 – Addressing Complaints
BNA informs individuals of the purposes for which it is collecting Personal Information, before or at the time the information is collected from such individuals.
BNA informs merchants of the purposes for which it uses its Personal Information and the Personal Information of such merchant’s customers, before or at the time the information is received by BNA.
BNA will obtain an individual’s consent before or when it collects, uses, or discloses Personal Information. In obtaining consent, BNA will use reasonable efforts to ensure that such individual is advised of the identified purposes for which Personal Information will be used or disclosed. In determining the appropriate form of consent, BNA will consider the sensitivity of the Personal Information and the reasonable expectations of a reasonable person. Consent will not be obtained through deception.
Consent can be expressed, implied, or given through an authorized representative. Consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. BNA will inform an individual of the implications of such withdrawal. However, BNA may collect, use, or disclose Personal Information without an individual’s knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted or required by law.
When Personal Information is received by BNA for processing from a merchant, the responsibility for obtaining consent for the provision of Personal Information to BNA rests with the referring merchant. BNA expects that merchant’s customers will understand that such merchant may forward the Personal Information of its customers for processing and thus assumes the implied consent of the merchant’s customer when BNA receives the Personal Information.
The information collected by BNA will be limited to those details necessary for the purposes it has identified to the individual or the merchants to perform the services requested. Information will be collected by fair and lawful means.
BNA receives from merchants, Personal Information including a merchant’s and/or its principal’s name, contact information, home address, date of birth, and bank account information, so that the information may be used to perform a credit check prior to accepting the merchant as a purchaser of BNA’s payment processing equipment.
BNA also receives from merchants, Personal Information regarding such merchants’ customers, pursuant to such customers’ use of BNA’s payment processing terminal. This Personal Information includes such customers’ name, home address, bank account information, debit or credit card information and related purchase details, all of which is encrypted.
BNA gathers and uses Personal Information to provide the products and services requested. BNA may also use Personal Information to update our services and to offer additional products or services that our customers may be interested in.
BNA may collect anonymous information about you. This means that the information collected cannot be traced back to a specific person. For example, our web servers may record certain information automatically when you visit BNA websites. This information is collected using “cookies” and might include the pages you visited, your IP (Internet Protocol) address and other site usage statistics. This anonymous information is used for research and analytical purposes only (like evaluating how many visitors our websites receive or which pages they visit most often). It does not reveal any Personal Information about you, the user. This aggregate data may be disclosed to third parties, but never with personally identifying information.
Personal Information will only be used or disclosed for the purpose for which it was collected or received unless the individual has otherwise consented. Personal Information may only be retained for the time needed to fulfill the purpose for which it was collected or received.
In certain exceptional circumstances, BNA may have a legal duty or right to disclose Personal Information without an individual’s knowledge or consent.
At BNA we may use Personal Information to carry out one or more of the following:
We will only use Personal Information for the purpose that we have previously disclosed. If we want to use the information for a different purpose, we will notify the individual or merchant and obtain their consent first.
Many of the services offered by BNA require us to use Personal Information to perform the services we have been engaged to provide. We will always obtain consent first, and we will never use the information for purposes other than those we have previously disclosed.
Consent may be withdrawn at any time, subject to any legal or contractual implications (which we will inform you about). In some cases, if you do not consent to our use or disclosure of certain Personal Information, we may be unable to continue to provide all or part of the services you have requested.
In some cases, such as under a court order, we may be required to disclose certain information to persons specified in the court order. We will only provide the specific information requested and only upon being satisfied that the authorities have legitimate grounds to request the information.
The legislation has provided certain situations where BNA is legally permitted to disclose Personal Information without your consent. Examples for the disclosure of Personal Information include situations involving the collection of debt in arrears, medical emergencies, or suspicion of illegal activities.
In order to better meet our customers’ needs, we may share some Personal Information with BNA affiliates. Should you not want to receive promotional materials from or have your Personal Information shared with BNA affiliates please contact the CPO as stated at the end of this Policy.
We may transfer your Personal Information to a third party in connection with a reorganization, sale, merger or other disposition (whether of assets, stock or otherwise) of our business. Personal Information may be disclosed to a potential successor of our business, for the purpose of allowing the potential successor to assess and evaluate our operations.
BNA will keep Personal Information as accurate, complete, and current as necessary to fulfill the identified purposes for which it was collected or received. You may have this information amended where it is found to be inaccurate or incomplete.
Personal Information is safeguarded using measures appropriate to the sensitivity of the information.
BNA will use reasonable efforts and security measures to protect Personal Information against loss or theft, as well as unauthorized access, use and disclosure. BNA has extensive controls in place to maintain the security of its information and information systems. Files containing Personal Information are stored according to the sensitivity of the information contained therein and are backed up at offsite locations. Appropriate technological controls (such as passwords, encryption, firewalls) are placed on our computer systems and data processing procedures. Physical controls (such as locked filing cabinets, restricting access to offices, alarm systems) are in place as are organizational controls (such as staff training and access on a “need to know basis”).
BNA may store and process your Personal Information at BNA’s offices in Canada, or elsewhere. To the extent BNA employs third-party service providers to store, handle or, process Personal Information on our behalf, we will use contractual and other means to provide a comparable level of protection. Service providers, however, may be located in various countries, so please be aware that authorized officials of governments in those countries may be lawfully able to access your Personal Information without your knowledge or consent pursuant to the laws of such countries.
The BNA website may contain links to other websites, including those of its business partners. BNA is in no way responsible and cannot guarantee the content or privacy of other sites linked to our website.
BNA will make available to its customers (including customers of merchants) information about the policies and procedures BNA uses to manage Personal Information.
Upon written request to BNA’s CPO, you will be informed of the existence, use and disclosure of your Personal Information and will be given access to it. You also have the right to verify or amend the information if it is shown to be inaccurate. BNA will respond to all such requests as efficiently as possible and no later than 30 days for a request for Personal Information. If BNA is prohibited from providing such access they will explain the reasons for the lack of access, except where prohibited by law.
BNA Smart Payment Systems Ltd.
3-155 Edward Street
Aurora, ON L4G 1W3