The KORT Privacy Policy (the “Privacy Policy”) is in compliance with federal legislation. The legislation establishes rules that govern the collection, use and disclosure of personal information by KORT.
“Personal Information” refers to information about an identifiable individual and does not include information about corporations or partnerships. Examples of personal information within KORT include:
- Information about merchants (including the information obtained through the Merchant Application process, credit bureaus, information collected during Fraud investigations, and information gathered as a result of customer service issues).
This policy outlines how KORT complies with the federal legislation and is organized around privacy pillars as follows:
Accountability
Summary: KORT is responsible for maintaining and protecting the personal information under its control.
Procedures:
- KORT has a designated Chief Privacy Officer. The Privacy Officer is accountable for the oversight of KORT’s ongoing compliance with the Privacy Policy.
- All Privacy-related enquiries are to be forwarded to the Privacy Officer in accordance with the procedures outlined below in Principles 9 and 10. The Privacy Officer will respond to enquiries in accordance with the legislation and generally within 30 days of the enquiry.
Identifying Purposes
Summary: KORT must identify the purposes for which personal information is collected before or at the time the information is collected.
Procedures:
KORT uses personal information to respond to a merchant’s application and provide our services. Personal Information about a KORT merchant may be used as follows:
- to determine a merchant’s financial situation by collecting credit and related financial information from our affiliates, strategic partners, credit agencies, other financial institutions and from references provided by the merchant;
- to facilitate the provision of our services by sharing a merchant’s information with our third party service providers, credit and debit card issuers, credit and debit card associations, credit agencies and similar parties connected to credit or debit card services;
- to investigate potentially fraudulent or questionable activities regarding the merchant’s account(s) or the merchant’s use of our services;
- for reporting purposes under credit or debit card association rules or regulations and to credit and debit card issuers, financial institutions or other credit or debit card related entities;
Consent
Summary: Knowledge and consent are required for the collection, use or disclosure of personal information except where required or permitted by law.
Procedures:
- Net new merchants will consent to KORT’s collection, use and disclosure of personal information by way of the KORT Agreement
Limiting Collection
Summary: The personal information collected must be limited to those details necessary for the purposes identified by KORT.
Procedures:
- The amount and type of personal information collected must be limited to what is necessary for the identified purposes.
- Each KORT representative that collects personal information must be able to explain why the information is needed.
Limiting Use, Disclosure and Retention
Summary: Personal information may only be used or disclosed for the purpose for which it was collected unless a merchant has otherwise consented, or when it is required or permitted by law. Personal information may only be retained for the period of time required to fulfill the purpose for which it was collected or as required by law.
Procedures:
- Personal information must be retained for at least as long as we are providing the merchant with our services. Personal information that does not have a specific purpose, must be destroyed in accordance with legal obligations and applicable limitation periods.
- Once it is determined that personal information must be destroyed: personal information on paper must be shredded, and personal information contained in electronic records must be deleted in a secure manner.
Accuracy
Summary: Personal information must be maintained in as accurate, complete and up to date form as is necessary to fulfill the purposes for which it is to be used.
Procedures:
- Merchant communications will include language, which encourages merchants to information KORT of any changes to their personal information.
- Personal information must be entered into KORT’s information systems in an accurate way.
Safeguarding Personal Information
Summary: Personal information must be protected with security safeguards, appropriate to the sensitivity of the information.
Procedures:
In respect of KORT’s merchants, managers must implement appropriate security safeguards to provide protection against loss, theft, unauthorized access, disclosure, copying or modification of personal information.
Openness
Summary: KORT will make information available to our customers concerning the policies and practices that apply to the management of their personal information
Procedures:
- Merchants may request a copy of their Privacy Policy as follows:
- By post or email to KORT’s support team, 179 John St. Toronto, Ontario, M5T 1X3, or to partners@kortpayments.com
Access
Summary: Upon request, a customer shall be informed of the existence, use and disclosure of their personal information, and shall be given access to it. Customers may verify the accuracy and completeness of their personal information, and may request that it be amended, if appropriate.
Procedures:
- Merchants may forward enquiries regarding the existence, use and disclosure of their personal information as follows:
- By post or email to KORT’s support team, 179 John St. Toronto, Ontario, M5T 1X3, or to partners@kortpayments.com
Handling Complaints and Suggestions
Summary: Merchants may direct any questions or enquiries with respect to the privacy principles outlined above or about our privacy practices to KORT’s support team.
Procedures:
- Merchants may request a copy of their Privacy Policy as follows:
- By post or email to KORT’s support team, 179 John St. Toronto, Ontario, M5T 1X3, or to partners@kortpayments.com
- KORT merchants have the right to complain about KORT’s compliance with the federal legislation to the federal Privacy Commissioner.