Banco de Madrid Bank (Canada) is committed to maintaining the confidentiality of your personal information. We are further committed to keeping such personal information accurate, safe and secure. Your privacy is important to us and protecting this privacy has always been integral to way we do business. The Chief Privacy Officer is responsible for overall privacy governance. However, all of our employees are responsible to maintain your privacy and your Client Advisor is available to address any questions or concerns you may have.

Our Client Privacy Code consists of the following 10 Principles (the “Principles”):

Accountability: within Banco de Madrid Bank for compliance with the Principles;

Identifying Purposes: awareness within Banco de Madrid Bank about why we collect personal information and communication with you about these purposes;

Consent: you must consent to our collection, use and disclosure of your personal information;

Limiting Collection: only that information necessary for our identified purposes may be collected;

Limiting Use/Disclosure and Retention: information may not be used for a new purpose without consent and may be retained only as long as necessary to meet the identified purposes;

Accuracy: personal information must be accurate and up-to-date;

Safeguards: personal information must be protected by physical, organizational and technological means;;

Openness: information about our privacy policies must be readily available;

Individual Access: you have the right to know what personal information we have, how it is used, to whom it has been disclosed and you have the right to see your personal information; and

Challenging Compliance: you have the right to challenge our adherence to these Principles and there must be a complaint procedure in place for that purpose..

The following Client Privacy Code implements these Principles:

Personal Information

Personal Information includes your name, address, age and gender, personal financial records, identification numbers including the SIN, personal references, employment records and all of the other Account Application information collected by us to assist in meeting the Identified Purposes..

Accountability

Every employee of ours is responsible for ensuring that your personal information remains confidential.

Identified Purposes

Personal information is collected by us for the following purposes:

  • to identify you;
  • to protect you and us from error and fraud;
  • to conduct credit investigations;
  • to understand your needs and eligibility for products and services;
  • to recommend particular products and services to meet your needs;
  • to provide ongoing service;
  • to respond to regulatory and governmental requests; and
  • to comply with legal and regulatory requirements.

We use and/or disclose personal information to regulators, auditors, sBanco de Madrididiaries, affiliates, agents, intermediaries and other third parties operating on their or our behalf to:

  • carry out banking functions such as data processing, electronic payments and storage;
  • determine eligibility for a product or service;
  • assist with the delivery of a product or service; and
  • comply with legal and regulatory requests and requirements.

Personal information may be transferred, processed and/or stored outside of Canada for the purposes described above. Legal requirements in foreign countries applicable to us or our sBanco de Madrididiaries, affiliates, agents, intermediaries and other third parties operating on their or our behalf may include an obligation to disclose personal information to government authorities in foreign countries.

We ask you for certain personal information for specific reasons, such as:

  • the SIN number is used to identify you, match credit bureau information and comply with Income Tax Act reporting requirements;
  • references are used to verify information on our application;
  • credit information may be reported to credit bureaus, credit reporting agencies, credit insurers and other lenders to maintain the integrity of the credit-granting process.

If it is intended to use personal information already in our possession for a new purpose, not identified above and communicated you, your express consent will be obtained.

Consent

Your consent is required for the collection, use or disclosure of personal information and will be obtained at or before the time the information is collected from you. Consent may be express or implied. Consent may also be given through an authorized representative, such as a legal guardian or person having a full power of attorney for someone who is a minor, is seriously ill or is mentally incapacitated. A person named under our Trading Authorization does not have authority to give their consent under this Client Privacy Code on behalf of the account holder.

By signing the Account Application you consent to the collection, use and disclosure of personal information in accordance with the Client Privacy Code.

You will not be required, as a condition of obtaining a product or service from us, to consent to the collection, use or disclosure of information beyond that necessary to meet our Identified Purposes.

If you choose not to give your consent or choose to withdraw your consent, you must be aware that we may not be able to provide you with certain products or services if we are unable to obtain personal information necessary to provide those products or services.

You may withdraw your consent at any time, on reasonable notice to us. Consent cannot be withdrawn in relation to the provision of a credit facility after credit has been granted.

We may collect, use or disclose personal information without your knowledge and consent when legal, security or certain processing reasons make it impossible or impracticable to get this consent. For example, we will not ask for consent when personal information is collected, used or disclosed to:

  • detect and prevent fraud;
  • collect overdue accounts; or
  • comply with the law.

Limiting Collection

We may collect only that personal information necessary to achieve the Identified Purposes and to which you have consented. (See “Identified Purposes” and “Consent”). We may collect personal information from external sources, such as credit bureaus, employers and other lenders.

Limiting Use, Disclosure and Retention

We may use and/or disclose your personal information only in relation to the Identified Purposes. Disclosure without consent may be made when required by law (see “Consent”).

If you purchase or we purchase on your behalf, securities pursuant to prospectus and registration exemptions under National Instrument 45-106, investment information including your name, residential address, telephone number, number and type of securities purchased, total purchase price, date of purchase and exemption relied upon in connection with such purchase may be disclosed to securities regulatory authorities or, where applicable, regulators under the authority granted in securities legislation for the purposes of the administration and enforcement of the securities legislation and you authorize such disclosure of information.

If you have any questions about the collection and use of this information, you may contact the securities regulatory authority or, where applicable, the regulator in the jurisdiction where you reside. In Ontario, the public official contact regarding the indirect collection of information is the Administrative Assistant to the Director of Corporate Finance who is available by phone at (416) 593-8086 or by mail at Ontario Securities Commission, Suite 1903, Box 5520, 20 Queen Street West, Toronto, Ontario M5H 3S8.

All your client records are kept on site for at least 1 year, to facilitate the internal and external audit processes. The information may then be stored offsite.

Accuracy

Personal information must be accurate, complete and up-to-date. It is essential for our Identified Purposes that your information be regularly updated. You can help us ensure your information stays current by advising us in writing of any changes, such as if you move or change your telephone number.

Safeguards

All of your client records are handled, maintained and stored in a secure manner in accordance with internal policies. The Chief Privacy Officer is responsible for overall privacy governance. However, all of our employees are responsible to maintain your privacy and your Client Advisor is available to address any questions or concerns you may have. Access to your information is restricted to employees who have a legitimate business purpose for accessing it. All employees are required to maintain the confidentiality of client information at all times. Banco de Madrid has established procedures to comply with this Client Privacy Code and in order to safeguard the privacy of personal information,

Openness

Information about our policies and procedures for handling personal information, as well as addressing any concerns or complaints, is available by contacting your Client Advisor, the Chief Compliance Officer, the Chief Privacy Officer or you may visit our web site, www.Banco de Madrid.ca. (See "Individual Access" and "Challenging Compliance" sections for contact details).

Individual Access

You are entitled, on request, to know of the existence, use and disclosure by us of your personal information. You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.

All requests for access to your personal information must be made in writing and will be handled in a timely manner. In order to respond to a request, we are entitled to request sufficient personal information to allow us to confirm whether or not we have personal information relating to you, the individual making the request. We reserve the right to charge a minimal fee for copies of documents requested under this Client Privacy Code. Please advise us if you need any help in preparing your request and Banco de Madrid will ensure you are provided with such assistance. Additionally, for those with a sensory disability, we will endeavour to provide you with access to your personal information in an alternate format, if so requested. Please contact your Banco de Madrid Client Advisor for further information for such requests and assistance.

All requests for access to your personal information under this Client Privacy Code should be directed in writing to the Chief Privacy Officer, Banco de Madrid Bank (Canada), 154 University Avenue, Suite 800, Toronto, Ontario M5H 3Z4 (telephone: 416-343-1800; facsimile: 416-345-1900).

There may be circumstances where we are unable to provide the requested access. Those circumstances include if the cost of providing access would be prohibitive, the information contains references to other individuals, disclosure is prohibited for legal, security or commercial proprietary reasons, and/or the information is subject to solicitor client or litigation privilege.

Challenging Compliance

You have the right to challenge our compliance with the Personal Information Protection and Electronic Documents Act and the Principles. All such complaints or concerns should be in writing and directed to the Chief Compliance Officer at Banco de Madrid Bank (Canada) at Suite 800,154 University Avenue, Toronto M5H 3Z4 (telephone: 416-345-7164; fax: 416-345-7145).

If you are not satisfied with the response or the way your complaint or privacy concern was handled by us, then you may contact the Ombudsman for Banking Services and Investments (OBSI) at Suite 1505, P.O. Box 5, Toronto, Ontario M5H 2Y4, or email: ombudsman@obsi.ca, or telephone:1-888-451-4519, or facsimile:1-888-422-2865.