Privacy and Security

Our Privacy Code

Our Privacy Code informs you of the practices we have in place relating to the management of personal information at TD in Canada. The word “information” means personal, financial and other details about you that you or your authorized representative provide to us and we obtain from others within or outside TD, including through the products and services you use.

This Code applies to any person who has requested from us, or offered to provide a guarantee for, any product or service offered by us in Canada. This includes individuals carrying on business alone or in partnership with other individuals and signing officers of our business customers. It consists of five key principles:

1. Collecting and using your information

Either before or when we collect information about you, we will explain how we intend to use it. We will limit the information we collect to what we need for those purposes, and we will use it only for those purposes. We will obtain your consent if we wish to use your information for any other purpose and before collecting information from third parties such as credit bureaus.

Your information is used to help us manage products and services you have with us, to contact you about products or services you may be interested in having with us, to help us collect a debt or enforce an obligation owed to us by you and to manage operations and risk within TD. Your information is also used in order to satisfy valid information requests from regulators and other organizations or individuals who are legally entitled to make such requests.

2. Releasing your information

We may provide your information to other persons in situations where –

• our suppliers, agents and other organizations, who assist us in serving you, need the information
• we are required or permitted to do so by law or applicable regulators and self-regulatory organizations
• we want to prevent, detect or suppress financial abuse, fraud, criminal activity, protect our assets and interests or manage or settle any actual or potential loss
• we buy a business or sell all or part of our business or when considering those transactions
• you have provided your consent

3. Protecting your information

We will protect your information with appropriate safeguards and security measures. We will retain your information only for the time it is required and for the purposes we explained to you.

4. Providing your information access and keeping your information accurate

Upon request, we will give you access to the information we retain about you and we will make reasonable efforts to keep your information accurate and up-to-date.

5. Respecting and responding to your privacy concerns

We will explain your options for withdrawing consent to the collection, use and disclosure of your information, and we will record and respect your choices. We will investigate and respond to your concerns about any aspect of our handling of your information.

In this Code, we explain how we fulfill each of these important principles.

Why we ask for your information

We ask you for information to enable us to complete your request and to establish and serve you as our customer.

We collect the information we need and only use it for the purposes explained to you.

When you apply for a new product or service, we will indicate in the application or agreement how we intend to use your information. We will indicate clearly which information would help us to serve you but is optional for you to provide.

We obtain most of our information about you directly from you.

At the time you request to begin a relationship with us and during the course of our relationship, we may collect information about you. The information we ask for depends on which product or service you want. For every product or service, we need your name, address, birthdate, occupation and some identification. Here is why we need some of the information we may ask you to provide:

• Birthdate

  This helps us identify and authenticate you. We may also use it to determine your eligibility for products and services that may be of interest to you, including discounts that may be of benefit to a particular age group.

• Claim History

  This information is important in helping us to assess your insurance profile and recommend the right coverage at the right price. We may obtain the information from a variety of sources, including other insurers, claims tracking databases, brokers, claims experts, investigative bodies, etc. We usually verify the information you provide when you buy your insurance, or at the time of the claim. If we need to obtain sensitive financial or medical information, we will ask for your specific consent.

• Information about your property

  Whether you insure a car or a house, we need information to make sure we recommend the right insurance product. For example, we might disclose your information in order to obtain an appraisal of the value of your house in order to provide you with the insurance coverage you need.

• Financial information

  We may collect information from you and service providers with whom you make arrangements to provide those services (for example when you set up bill payments through your account). We will use your information, including transaction records that reflect your business dealings with and through us, to analyze your activities to help us serve you as a customer and meet your needs.

  TDIGI may also verify information from a client’s credit report (credit score). This information is only one element among others, including your claims history and driving record, for example, that we review in the underwriting or claims process.

  TDIGI never uses credit information to refuse to issue, or cancel a policy, or to determine your financial ability to pay the premium. Because an individual’s credit score is a strong claims predictor, the process of verifying this information allows us to access reliable information electronically and prepare a quote in minutes, whether you are doing business with us online or by telephone. While a request for credit history will appear in your file, there are no negative consequences to the request and it is not considered a credit check and does not in any way affect your credit score.

  When TDIGI obtains your credit report, we usually do it via Equifax and/or TransUnion. You can reach these organisations at the following addresses:

  TransUnion Canada
  Consumer relations centre
  PO Box 338
  LCD 1
  Hamilton, Ontario L8L 7W2

  Equifax Canada Inc.
  Consumer relations department
  Box 190
  Jean-Talon Station
  Montréal (Québec) H1S 2Z2

• Health information

  This is required for some insurance products to ensure you are eligible for coverage, and may also be used to investigate and adjudicate your claims, and to help manage and assess our risks.

  The health-related information you provide in connection with an insurance product will never be shared within TD. However, it may be shared with administrators, service providers and reinsurers of the insurance operations to process your insurance transactions.

We also collect information during our interactions with you.

• Over the Phone

  We may monitor and/or record your telephone discussions with our representatives for our mutual protection, to enhance customer service and to confirm our discussions with you.

  Customers who prefer not to have their calls taped are welcome to request an insurance quote by writing to us.

• In Person

  We may use video or photographic surveillance to monitor and/or record the activity that occurs in and around TDIGI premises. We use this information for security and investigation purposes relating to, among other things, theft, vandalism, damage to property and fraud.

  Customers who prefer not to have their image collected can transact business with our advisors over the phone or by writing to us.

• Through the Internet

  When you are using one of our websites, we may monitor and/or record your browsing habits as described in our Online Privacy Code. When speaking with one of our internet live chat agents, or communicating with us through social media, we may monitor and/or record our discussions for our mutual protection, to enhance customer service and to confirm our discussion with you.

• Through your mobile device

  When using one of our mobile apps we may collect, use and disclose information collected from you or your mobile device as described in our Mobile Apps Privacy Code.

• Through Email

  When you send us an email or when you ask us to respond to you by email, we learn your exact email address and any information you have included in the email.

  We use your email address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further.

  TDIGI will not ask you to provide personal information or login information, such as username, passwords, PINs, IdentificationPlus® security questions and answers or account numbers, through unsolicited email.

  If you receive an email claiming to be from TD that you believe to be fraudulent, do not respond and do not open or click any links or open attachments contained within the email. Please notify us immediately by forwarding a copy of the email to us at phishing@td.com and then delete the email.

How we obtain your consent

It is important to understand the different ways that we may obtain your consent to collect, use, disclose and share your information.

Depending on the situation and the sensitivity of the information, we may obtain your consent in different ways. Express consent may be obtained verbally, online or in writing. Implied consent may be obtained through your use of a product, or when you approach us to obtain information, inquire about or apply for products or services from us.

We will not make your consent a condition of obtaining a product or service, unless it is reasonably or legally required, and we will clearly indicate when this is the case.

Why we share your information

We may share information within TD to manage your total relationship with us including servicing your account and maintaining information about you, to manage and assess our risks and operations, including to collect a debt owed to us by you and to comply with legal or regulatory requirements.

Your information may be shared, stored or accessed in Canada or other jurisdictions or countries. Your information may be disclosed in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.

Sharing your information within TD helps us determine your preferences and allows us to review whether any other products or services are suitable for you so that we may offer them to you – including special promotions that we believe will be of interest to you.

In order to understand when you can withdraw your consent, refer to the "Respecting your preference" section.

Why we ask others for information about you

With your consent, we may obtain information about you from third parties, including credit reporting agencies.

Obtaining additional information about you from parties outside TD helps us assess your eligibility for our products.

When we release your information

We do not sell or rent customer lists or personal information to others. However, we may release your information to parties outside TD in certain circumstances, which include –

• For servicing purposes

  We give a limited amount of information, only as necessary, to our suppliers and agents; for example, cheque printers and bank card manufacturers who provide goods and services to you, through us. These suppliers and agents may be located in Canada or other jurisdictions or countries and may disclose information in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.

• When required or permitted to do so by law or applicable regulators and self-regulatory organizations

  We may release information in response to a search warrant, court order or other demand or inquiry which we believe to be valid. This may include requests from regulators, including self-regulators, who are responsible for ensuring TD is in compliance with applicable regulations (e.g. The Office of the Superintendent of Financial Institutions).

• To protect our interests

  We may also disclose information to any person or organization, including an investigative body, in order to prevent, detect or suppress financial abuse, fraud, criminal activity, protect our assets and interests, or manage or settle any actual or potential loss or in the case of a breach of agreement or contravention of law.

  We may also disclose information to help us collect a debt owed to us by you.

• Transfers of a business

  As TD continues to develop and grow, we may buy a business or sell parts of our businesses or consider those transactions. As our businesses consist primarily of our customer relationships, information regarding the particular accounts or services being purchased or sold would generally be part of the business assets.

• Other situations where we have your consent

  We will disclose your credit history with us to other lenders or credit reporting agencies in order to support the credit process. We release only the information required to identify you, as well as facts from our credit records about your repayment history. We may also disclose your account information to a joint account holder, including information about the account prior to it becoming a joint account.

How we protect your information

We will protect your information with appropriate safeguards and security measures.

We have security standards to protect our systems and your information against unauthorized access and use.

For example, our systems have been designed to ensure that your Personal Identification Number (PIN), password and other access codes are always private and confidential. For your protection, your access codes are known only to you – our employees cannot gain access to them and they will not ask you to reveal them.

All our suppliers and agents, as part of their contracts with TD, are bound to maintain your confidentiality and may not use your information for any unauthorized purpose.

When we provide information in response to a legal inquiry or order that we believe to be valid, we disclose only the information that is legally required.

All employees of TDIGI are familiar with the procedures that must be taken to safeguard customer information. And to us, protecting the confidentiality of your information is more than a procedure – it’s part of our job. It is specified in our employment agreements and regularly confirmed in writing.

We audit our procedures and security measures regularly to help ensure that they are being properly administered and that they remain effective and appropriate to the sensitivity of the information.

We retain your information only as long as it is required for the reasons it was collected.

The length of time we retain information varies depending on the product or service and the nature of the information. This period may extend beyond the end of your relationship with us but only for so long as it is necessary for us to have sufficient information to respond to any issue that may arise at a later date or for legal or regulatory purposes. When your information is no longer needed for these purposes, we have procedures to destroy, delete, erase or convert it to an anonymous form.

Your right to access your information

Upon request, we will give you access to the information we have about you. If requested, we will assist you in making your request.

Any request to TD Insurance, General Insurance to access your information should be sent to our Privacy Officer in writing at the following address:

TD Insurance, General Insurance
Privacy Officer
50 Place Crémazie
12th Floor
Montréal, Québec H2P 1B6

We will ask you for specific details such as account numbers.

We will advise you in advance if a minimal charge will be required for conducting the search and we will respond to your request within 30 days.

Please note that we may not be able to provide information about you from our records which contains references to other persons, is subject to legal privilege, contains confidential information proprietary to TD, relates to an investigation of a breach of agreement or contravention of laws, or cannot be disclosed for other legal reasons.

If you have any questions regarding decisions made about you, we will tell you the reasons for those decisions. If we relied on information from a third party, such as a credit bureau, to make the decision, we will provide you with the name and address of the third party.

Keeping your information accurate

We will make reasonable efforts to keep your information accurate and up-to-date.

Having accurate information about you enables us to provide you better service and minimize the possibility that out-of-date information may be used to make a decision which impacts you.

We have procedures and practices in place to help us maintain the accuracy of your information. For most updates, we rely on you for information. You can help by keeping us informed of any changes, such as if you move or change telephone numbers. If you find any errors in our information about you, let us know and we will make the corrections immediately, and make sure they are conveyed to anyone we may have misinformed. For information that remains in dispute, we will note your opinion in the file.

Respecting your preferences

We will explain your option to withdraw your consent to the collection, use or release of your information, and, given reasonable notice, we will record and respect your choices.

In most cases you are free to refuse or withdraw your consent at any time. You may do so by leaving us a message at 1 866 323 0266 or by contacting our client services centre. Our staff will be pleased to explain your options and any consequences of withdrawing your consent, and record your choices.

There are several privacy preferences available to you, subject to legal, business or contractual requirements. If you prefer, you may choose not to have us –

- Contact you by telephone, fax, text messaging, or other electronic means, and automatic dialing-announcing device, at the numbers you have provided us, or by ATM, internet, mail, email and other methods with marketing offers that may be of interest to you.

This does not include messages or other information about promotional offers we provide on, or enclose with, your written or electronic account statements, or that we may discuss while talking with you. Any marketing campaigns that are already underway may not immediately take your preference into account.

- Share your information within TD in certain circumstances

- Contact you to participate in customer research and surveys

Addressing your concerns

If you have any questions or concerns about privacy, we encourage you to let us know. If you choose to mail, fax or email² us, please include your full name, address and telephone number.

We've developed a resolution process that can deal with most concerns in a single, simple step.

Step 1

Talk to Your TDIGI Representative

Many concerns can be resolved right at the time when they occur. Discuss your concern with your TDIGI Representative who will be happy to help you.

Further steps you can take

If the TDIGI Representative is not able to resolve your concern to your satisfaction or if, after the first step, you are still not satisfied that your concern has been resolved, TDIGI offers two more internal levels that can help you.

STEP 2

Elevate Your Concern

If you have contacted us and are not satisfied with the resolution that has been suggested, your concern can be referred to a representative of the TD Insurance Customer Care Department.

How to contact us:

TD Insurance Customer Care Department
120 Adelaide St W.
PO Box 1
Toronto ON
M5H 1T1
Canada

Phone

1-877-734-1288

Email

tdinscc@TD.COM

STEP 3

Contact the TD Insurance Ombudsman

If you have been through the first two steps and you still feel your concern has not been resolved, please contact the TD Insurance Ombudsman. The office of the TD Insurance Ombudsman acts as an independent body that mediates between customers and different TD Insurance groups to resolve outstanding concerns. When you refer a concern to the TD Insurance Ombudsman, the office will conduct a thorough and impartial investigation and work to reach a fair and reasonable resolution.

The TD Insurance Ombudsman does not normally investigate concerns regarding bank policies, including credit granting policies or risk management decisions; levels of interest rates, service charges or fees that apply to all customers; or matters where legal action has already commenced or has been concluded.

• Phone: 416-773-4715 or 1-866-337-3314 ext. 4715
• Email³: ombudsman@tdinsurance.com
• Mail: 3560 Victoria Park Ave, 9th floor
  Toronto, ON M2P 3P7
• Fax: 416-774-3196

Include your full name, address, telephone number(s) and the details of your concern in your letter, email or fax.

STEP 4

The following independent services can provide you with information and a further review of your complaint if you do not accept the decision of the TD Ombudsman. You can also contact these services if you have waited more than 90 days for a resolution after elevating your concern (Step 2).

General Insurance OmbudService (GIO)
10 Milner Business Court
Suite 701
Toronto, Ontario M1B 3C6

Our Online Privacy Code

This Online Privacy Code tells you how we handle the information we obtain from you when you use our websites.

Our use of Cookies

A cookie is a small file containing certain pieces of data that a website creates when you visit the website, either from a computer or a device such as a mobile phone or tablet. When you visit a website, a cookie may be used to track the activities of your browser as well as provide you with a consistent, more efficient experience.

There are two common types of cookies that we use: “Session cookies” and “Persistent cookies”.

Session cookies store information only for the length of time that you are connected to a website – they are not written onto your hard drive. Once you leave the website, they expire and are no longer active.

Persistent cookies store information for longer than the length of time that you are connected to a website – they are more permanent and store information on your hard drive. Persistent cookies can be re-read when you return to the website that placed them on your hard drive.

On our websites we use Session and Persistent cookies in the following ways.

We use Session cookies –

• to learn:
  • which pages are visited and what action you have taken;
  • the address of the websites and advertisements that link directly to our sites;
  • the keywords used for searches that brought you to our websites;
  • about the browser version and operating system you use;
  • your Internet protocol (IP) address; and
  • your Internet service provider (ISP) and the region from which you're connecting to our websites.
• as a type of digital signature to identify your current session to our web server.

We use Persistent cookies –

• to remember your language preference and automatically input your access number or Connect ID if you choose this option on our login screen;
• to assist us in authenticating you and your computer and to administer MyInsurance;
• to reduce the likelihood that any online offer which you have already responded to is not presented again;
• to analyze which products and services you have used which allows us to optimize our websites and to provide a more personalized experience while you utilize our websites. Once you have successfully logged into MyInsurance, we associate you with a TD internal identifier that identifies you as our customer. Although the TD internal identifier allows us to know that you are our customer, the cookie will never contain information that would allow a third party to know who you are, such as your name, address, telephone number or email address. This internal identifier enables us;
• to monitor your browsing habits on our website in order to learn which advertisements you may be interested in, and to deliver online marketing offers and advertisements tailored to you or that may be of interest to you;
• to help personalize our websites and to contact you occasionally either by telephone, fax, mail, email or ATM, or all of these methods, with marketing offers that may be of interest to you based on your browsing habits on our website;. If you prefer, you may choose not to have us contact you with marketing offers or personalized advertisements based on your online behaviour by contacting the branch or office where your account is held We use both Session and Persistent cookies –
  • to assist us with application support issues and to aid in fraud investigations; and
  • to determine how many people visit our websites and which sections of the websites are visited most frequently. This helps us to understand what type of information is most useful to our website visitors so that we can improve our websites and make it easier for our website visitors to access information. We record statistical information on the numbers of visitors to our websites.

Managing Your Cookies

If you prefer not to accept cookies, you may adjust your browser settings to notify you when a cookie is about to be sent or you may configure your browser to refuse cookies automatically. If you would like to learn more about your cookie options, please refer to your browser’s documentation or your browser’s online help function for instructions.

If you choose not to accept cookies, some of our websites may not function properly or optimally. For example, you will not be able to access any of our secured websites as cookies are used for security and multi-factor authentication, as well as for fraud prevention or investigation purposes. Also, if you adjust your browser settings to refuse cookies, you may still receive some online advertising from us, but that advertising will not be based on your preferences or products that you hold with us.

Our Advertisting

Tags & Other Tracking Technologies - help us to manage some of our online advertising and report on activities that happen after a web user sees or clicks on one of our online ads. These tags enable us to learn which advertisements bring users to our website and combined with a cookie and the information a user provides us when completing an online application, may identify the individual and the individual’s activities on our site.

Our Mobile Apps Privacy Code

This Mobile Apps Privacy Code tells you how we handle the information we obtain from you when you use our mobile apps. If you are using your mobile device, such as a mobile phone or tablet, to access TD websites, please refer to our Online Privacy Code.

What information we collect and how we use it

Depending on the TD mobile app you use, we may collect the following information from you or your device as you use the mobile app: personal information you input into the app, financial information, transactional data, mobile phone number, geolocation, IP address, device ID, mobile country code, and Integrated Circuit Card Identifier.

We may use your information to provide or enhance the app-specific products or services you request from us or to improve the functionality of our TD apps.

We may also use and disclose your information as described in the Privacy Agreement located on our website

Please note that the ability to collect certain personal information is controlled by your device, for example geolocation. Please refer to the documentation for your device regarding how to allow or block the collection of location or device information. If you choose not to provide location or certain device information, some services you request may not operate effectively.

Defined Terms

• Device ID: A unique number that identifies your device.
• Geolocation: Approximate physical location of your device.
• Integrated Circuit Card Identifier: A unique serial number that identifies your SIM Card.
• IP Address: A unique numerical label that identifies your device and allows it to communicate over a computer network.
• Mobile Country Code: A three digit number that indicates the country in which your mobile device is registered. For example, 302 is the mobile country code for Canada.
• Transactional data: data related to the transactions you are conducting including your financial data such as your credit card number, nickname and expiry date, account information you may provide and other information arising from your use of the app.