What we collect and why
In order to build your plan and provide you services, we need to know a about you, things such as your name, email address and phone number. Once you decide to build your plan and use our planning tools, we need to ask for more things, such as family information, personal preferences, your address, social insurance number, date of birth, nationality, personal finances, health, and to run some checks on your credit score and banking history. We also track your interactions with our website and planning engine.
It’s not that we like to pry, but we are bound by certain responsibilities. First among those is to make sure any advice your receive takes into account all of your relevant financial and personal circumstances, and that we recommend the right types of borrowing, investments and insurance when appropriate to do so. But there is also the matter of satisfying the requirements of Canada’s securities, lending and insurance regulators, federal anti-money laundering laws, and the standards of Europe’s General Data Protection Regulation – Regulation EU 2016/679, better known as GDPR.
Here’s a list of the ways we use your data:
To verify your identity
To build your plan and make suitable recommendations
To contact you about your plan and our services
To understand how you interact with our website and app so we can improve them
Here are the lawful reasons that we collect your information:
To meet the requirements of the relevant laws and regulators
Something called “legitimate interest,” which means contacting you about your plan
Another thing called “vital interest,” which refers to life or death situations, such as contacting the next of kin if an account holder were to pass away
You should know that Pennywise is headquartered in beautiful Canada. Therefore, you may be engaging with our website or service from the European Economic Area (EEA) but we may transfer your data to a location outside the EEA. If this happens, we will continue to be exceptionally careful to protect your personal information.
We want you to feel absolutely at ease sharing information with us, and you have a whole bunch of rights to protect you:
The right to be informed. You’re reading it now.
The right of data portability. You can ask to see and even take away a copy of the information we have about you.
The right to rectification. You can let us know if we have incorrect or incomplete information about you.
The right to disappear. You can ask us to erase the information we have about you (as long as it doesn’t violate any laws or regulations).
The right to halt. You can ask us to stop processing your data (again, as long as it doesn’t violate any laws or regulations).
Rights in relation to automated decision making and profiling. You can ask us to stop using your data to customize your experience, such as tailoring email messages or product experiences based on your behaviour.
If you have any questions or wish to exercise any of these rights, shoot us an email at email@example.com.
To comply with the appropriate regulators, we retain certain data for a period of 7 years. We do, however, keep it super-secure in the meanwhile. We may share your data with certain third parties who each have their own privacy and data retention policies, which you should check out. Here are details on those third parties:
Regulatory bodies and police to comply with legal obligations
Fraud prevention agencies and related organizations
Data, security, service and software providers’
Certain suppliers or subcontractors where necessary
Under GDPR rules, we are known as a “Data Controller,” which means we determine the purposes, conditions and means of processing personal data. As such, there are two things we promise you:
We anonymize and/or minimize the data we share with third parties as much as possible
We never sell or lease your information to third parties without your permission
The Internet will never be absolutely 100% secure, especially as long as we are human beings who make mistakes and choose silly passwords. Having said that, we go to great lengths to protect the data privacy of our users, including limiting our team’s access to our databases, physically separating sensitive data from our web-facing network, and hiring outside security experts to continually test and harden our security defenses.
A cookie is a very small file that’s placed on your computer or mobile device when you visit our website or mobile app. Some cookies are there to help you (such as automatically remembering your username) and some are there to help us (such as letting us know which websites are sending us the most new clients). We also use a technology known as web pixels for similar purposes.
The data that we collect is sometimes shared with advertising platforms such as Facebook and Google to help us attract more users while spending less money advertising to the wrong people (we believe this is ultimately good for the company and for our clients).
If you don’t want us using cookies with you, you can turn off cookies in your browser settings. Just be warned that this may prevent our service from working properly, and you will definitely want to write your username down somewhere.
Links to other websites
This document is regularly revised in response to many factors. If you have any questions or would like to suggest ways to improve your plan, please let us know at firstname.lastname@example.org