Effective February 2018
separate policy. This Policy summarizes our personal information handling practices so that you may easily understand what information we collect and why, as well as how to access, update or
correct your personal information.
Our products and services are intended for use by Canadian customers, eighteen years of age and over, and we follow the privacy principles of applicable Canadian law, the Personal Information Protection and Electronic Documents Act (PIPEDA).
We may update or amend this Policy from time to time. If you continue to use our products and services after we make changes, you are consenting to the updated policy. If there are significant changes in our information handling practices, we will provide you with notice and archive prior versions.
- What Information We Collect and Why
- Sharing of Information
- Protecting Information
- Providing Access to Information and Keeping it Accurate
- Retention of Information
- Providing Notice and Responding to Questions
WHAT INFORMATION WE COLLECT AND WHY
Sigma collects personal information about you for the sole purpose of responding to your queries, and fulfilling the services you have requested and are enrolled in.
The following outlines the information we may collect and how it is used:
- Contact Information
This includes information such as name, address, postal code, email address, telephone number, marital status, and language preference.
This is collected to communicate with you about the products and services requested by you and to verify your identity when you contact customer service. It may also be used to provide you with information about other Sigma products and services that may be of interest to you.
You may unsubscribe or opt-out from receiving notifications from us by following the instructions provided in each communication, or online in your product settings, where applicable.
You may not opt out of certain emails which are fundamental to the product in which you are enrolled. In some cases, you may opt out of non-fundamental emails, however, this may have an impact on the effectiveness of some programs to which you may be enrolled.
- Birth Date
We will collect birth date only if you have subscribed to a credit-related service. It is used to verify your identity when you contact customer service.
- User ID and Password
You may create a user ID and password when you enroll in one of our services. This is used to verify your identity online so that you may access your account and use the service.
- Security Question and Answer
When you enroll in one of our services, you may be asked to select a security question and provide a response. This is used to verify your identity online when you forget your password, or when contacting customer service.
- Credit Card Information
We collect credit card information when you purchase our services. It is used for billing purposes and processing recurring payments or refunds, as required.
If you have enrolled in certain services, as such lost card protection, your credit card information may be requested to provide the service offered.
- Credit Information
If you subscribe to our credit-related service, your credit information is collected from a credit reporting agency for your reference. We may also require access to your credit information to provide customer service support needed by you.
- Other Personally Identifiable Information
Some of our services allow you to store information you consider valuable. Depending on the services in which you have enrolled, we may use this personal information to provide you with additional protection, such as online monitoring. You may cancel these additional services at any time.
- Information Sent by Your Browser
Your browser automatically provides, and we
automatically collect and store, certain information about your device (computer, tablet, smart phone,) and your activities. This may include, but are not limited to:
- Preferences and settings, such as time zone, language, and character size;
- Technical information, such as type of device, operating system or platform (Mac, Windows), and browser information (type, version);
- General geographical location.
This information allows us to provide you with customized experiences while using our websites, and enables us to develop better products and services compatible with the technology used by our visitors.
We use a third-party service provider to gather and analyze non-personalized information about your visit to our website. This aggregate information is used to help us evaluate and improve the content and functionality of the website.
(a) "Session" Cookies are a randomly generated unique identification number assigned to your computer, and it expires when you close your browser. We use Session Cookies to collect information about how our sites are used, such as which pages were visited, which links were used, and the amount of time spent on each page. This provides us with statistics on site usage by our visitors, and allows us to improve the functionality of our websites and the services provided.
(b) "Persistent" Cookies do not expire when you close your browser, but stay on your computer until they are deleted. By using this unique identifier, we are able to identify and store your previous choices and preferences for use on subsequent visits to our website. This provides you with a customized experience when using our services.
For more information about cookies, how they work, and what choices you can make through your browser settings, see http://www.allaboutcookies.org/
- Audio or Video Recordings
When you call customer service, your call may be recorded. This is used to create a record of our interaction and may be used for coaching and training purposes.
If you visit one of our offices, video recordings may be used to monitor the security of our facilities.
When we communicate with each other, whether by email or postal mail, these are retained as confirmation of our communication.
- Demographic Information
We collect certain preferences or customer service related information, such as postal code, age, gender, and reasons for cancellation of a service. This is used to customize your experience with us, and help us develop better products and services.
Do Not Track
Some browsers give individuals the ability to indicate that they do not want to be tracked while browsing on the Internet. The "Do Not Track" feature sends a signal that informs online services that the user does not want certain information about their online activities to be collected over time and across websites or online services.
The Internet industry has not yet agreed on a definition of what "Do Not Track" means, how compliance would be measured, or a common approach to responding to a "Do Not Track" signal. Due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated "Do Not Track" signals.
Back to top
SHARING OF INFORMATION
Personal information is not
shared outside of Sigma unless:
- You have explicitly consented to it.
- We are permitted or required to do so by law.
- We have engaged an authorized service provider to carry out services on our behalf.
Our service providers are given only the information they need to perform their designated functions, and they are not authorized by us to use or disclose your personal information for any other purpose. To ensure the integrity and protection of your information, our service providers are contractually required to safeguard personal information in a manner consistent with our privacy and security policies.
Links to Other Websites
There are limited circumstances in which we, or our authorized service providers, may share or transfer your personal information. These would be to:
- establish, exercise, or defend a legal claim,
- investigate or prevent actual or suspected loss or harm to persons or property,
- prevent or investigate a possible crime, such as fraud or identity theft,
- comply with a search warrant, court order, subpoena, or other legally valid inquiry.
In the event we are required by law to disclose personal information, we will take reasonable steps to verify the lawful authority for the collection, and disclose only the information that is legally required.
We may disclose personal information in connection with a proposed or actual sale, purchase, merger, reorganization, financing, liquidation, dissolution, or similar event for all or part of our business or assets. This confidential disclosure would be for the purpose of evaluating and/or completing the proposed transaction.
When we disclose information under these or similar circumstances, we will take appropriate steps to limit use and protect the confidentiality of your personal information.
Do we share your information with other companies?
Subscriber information may be shared by Sigma with Wal-Mart Canada Corp. and Walmart Canada Bank (collectively, “Walmart”), which could include contact information (name, address, email, telephone), subscription information (subscription number, effective date, expiry date, premium amount), and method of payment (Visa, MC, Debit, Cheque). For more information on Walmart’s privacy practices, please refer to Walmart’s website.
Back to top
We take all reasonable steps to protect the privacy and security of your personal information in a manner that is appropriate for the type of information in our custody. This includes multi-layered physical, technical, and administrative safeguards, including:
- Restricting access to view or process personal information to only authorized employees trained in our security procedures. Their access is restricted only to the information needed for their job.
- Appropriate industry standard methods to secure electronic environments, including the use of multi-factor authentication, network firewalls, encryption, and restricted physical access to secure areas.
Our production environments and processes adhere to the security standards outlined in ISO 270001 for Information Security Management, and by the Payment Card Industry Data Security Standard (PCI-DSS) as managed by the PCI Security Standards Council.
Username and Passwords
Depending on the services you are enrolled in, you may have an online account protected by a username and password selected by you. It is recommended that you use a strong password that is not easily guessed, hacked, or used for another online account belonging to you.
It is your responsibility to protect your username and password so that only you may gain access to your personal information online. If you have concerns that the security of your account may have been compromised, contact our Customer Service department immediately.
Emails are generally not encrypted over the internet and it is not a safe method of sending sensitive
information. For your protection, do not include personal or confidential information, such as account numbers, when sending email messages to us. If your request is urgent, or requires
disclosure of confidential or personal information for resolution, please contact our Customer Service department by phone.
Preventing Email Fraud
We will NEVER send email messages to you requesting confidential information, such as passwords or account numbers.
From time to time, you may receive fraudulent emails claiming to be from a financial institution or other reputable business, requesting you to verify your personal and/or account information. These emails often contain a link that will direct you to a pop-up window or modified login page to enter your login ID and password. Do not act on any such emails.
Following any link to a counterfeit internet site can compromise your account. If you have concerns, contact by phone the business affected.
Data Storage Outside of Canada
Our websites and the data they contain are hosted on servers located in Canada. Our call centres are also primarily located in Canada, although we may at times use supplemental facilities located in other countries.
To ensure the best service to you, we may contract with service providers outside of Canada, where your information may be processed and stored. When we transfer your personal information to another country, we will take appropriate measures to protect your personal information in a manner that is consistent with this Policy and our data security requirements.
By using our sites and participating in the related programs, you are consenting to the transfer of your personal information, in accordance with the terms of this Policy.
Back to top
PROVIDING ACCESS TO INFORMATION AND KEEPING IT ACCURATE
The easiest way for you to access and review your account information is to visit your account profile on this website. Updates or corrections to your profile can be made by you at any time. If this site does not have a profile page, please contact Customer Service for assistance.
For access to information, or to make changes / corrections that require our assistance, we will take reasonable steps to verify your identity before granting access or making any changes.
Although we will respond to your requests for changes within a reasonable time, there are certain changes which we are unable to make on your behalf, for example errors in a credit report or on government ID. If applicable, these will be communicated to you.
We use appropriate security measures to protect your personal information from unauthorized access. If any of your personal information appears to have been altered without your knowledge, please advise us immediately.
Back to top
RETENTION OF INFORMATION
We retain the personal information you provide to us for as long as:
- your account is active,
- it is required to provide you with the products or services in which you are enrolled,
- a reasonable period of time following cancellation of services, to allow for possible re-engagement,
- reasonably required to comply with legal obligations, regulatory requirements, resolve disputes, or prevent fraud and abuse.
Back to top
PROVIDING NOTICE AND RESPONDING TO QUESTIONS
We reserve the right, at our discretion, to update, change, add, or remove
portions of this Policy at any time. The level of notice we will provide when we change this Policy will depend on the nature and impact of the change.
If the changes we make do not impact how we collect, use, or disclose personal information, we will replace this Policy with the revised Policy and change the "effective" date at the beginning of this document.
If we make material changes that affect how we collect, use, or disclose personal information, we will provide appropriate notice for at least 30 days before and after the new effective date, and highlight the changes in the Policy so they can be easily located.
Your continued use of our products and services following a change to this Policy will indicate your acceptance of the revised Policy.
We take our commitment to privacy seriously, and all of our employees and third-party service providers are responsible for ensuring the confidentiality of the information entrusted to us.
If you have questions or concerns that have not been resolved to your satisfaction by Customer Service, you may contact our Privacy Officer by email at email@example.com, or by mail at Sigma Loyalty Group, P.O. Box 1700 STN D, Toronto, Ontario M9A 5C7.
Back to top
Last Modified: October 15, 2020
ID Assist services (“Service”) are provided by Sigma Loyalty Group Inc. (“Sigma”, “we”, “us” or “Our”).
Information and to whom this information may be disclosed. “Personal Information” means any information about an
identifiable individual but does not include the name, title, business address or telephone number of an employee or
that may be linked to the Service.
By subscribing to the Service you consent to the collection, use, disclosure and management of your Personal
You may withdraw your consent to the use of Personal Information by contacting the Privacy Officer as provided below.
However, if you withdraw your consent you will not be able to continue to use the Service.
Collection of Information
We may collect the following Personal Information in connection with your subscription to the Service:
- First, middle (optional), and last name;
- street name and number (and/or apartment #);
- postal code;
- language preference
- date of birth;
- email address;
- home phone number;
- business phone number (optional);
- cell phone number (optional, unless you would like to receive alerts and notification of changes via text
- credit card type, number, expiry date;
- a username and a password, to authenticate you on the Service website or mobile app;
- selection of two security questions, to enable us to authenticate you when you call us for assistance; and
- an answer to each security question.
In addition, you may also be required to provide or authorize us to collect the following Personal Information in
order to use certain Service features. The Personal Information which we may collect depends on Service features
available as part of your Subscription; consult our website or the materials provided with your subscription for
Online Identity Monitoring: This section applies if your subscription includes online identity monitoring
Services, including online credit card monitoring and/or online personal information monitoring. We collect the
following Personal Information when you use this Service:
- Other Personal Information you register for the purposes of monitoring, which may include:
- e-mail addresses
- social insurance number (optional)
- phone numbers
- payment card numbers
- bank account information
- drivers’ license number
- passport numbers
- We will automatically register for online monitoring services the email address and/or payment card information
you provided at the time you purchased your subscription on your behalf.
- The types of Personal Information available for monitoring may change over time. Please consult your Services
subscription materials and the website for details.
Lost Wallet Assistance: This section applies if your subscription includes lost wallet assistance Services. We
collect the following Personal Information when you use this Service:
- Payment card numbers (including credit card and debit card numbers) you register with us so we can report any
loss or theft to the card issuer.
Identity Theft Assistance: This section applies if your subscription includes identity theft assistance
Services. We collect the following Personal Information when you use this Service:
- previous mailing address (optional). This information will be required in the event of fraud to initiate credit
monitoring and fraud alert services;
- Personal Information not previously provided to us which may be necessary to report and remediate an identity
- any Personal Information required by any power of attorney service provider or other third party engaged to
provide identity theft assistance services.
Credit Bureau Services: This section applies if your subscription includes Credit bureau Services such as
credit reports, credit scores and/or credit monitoring and alerts. We may collect your personal information from you
and provide to credit bureaus in order to fulfill credit monitoring services. In the course of providing these
services we may, based on the authorization you have provided, retrieve your credit information from credit bureaus
on your behalf and provide that information to you. Credit information is defined by applicable provincial
legislation and may include information such as: your name, current/ former address, date of birth, marital status,
social insurance number, current/ former employment, credit history, paying habits, outstanding debt obligations,
estimated income, cost of living obligations, and other information. You may also be required to provide or confirm
other personal information, including certain elements of your credit information, with us or a credit bureau in
order to verify your identity and access these services.
Social Media Monitoring: This section applies if your subscription includes social media monitoring Services.
We collect the following Personal Information when you use this Service:
- first and last name
- social media usernames and passwords
- information regarding your activities on social media, which may without limitation include posts, photographs,
tweets, tags, and any of the following information:
- in respect of Facebook:
- profile information (such as name, email address, date of birth, username, city, time zone,
telephone number, profile photo, and biographical information, but excluding IP addresses,
personal websites or Facebook passwords)
- content posted by you or by others to your account or which is associated with your profile
(such as status updates, photos, videos, posts, comments, tags, and timelines, but excluding
friend lists, likes or follows)
- communications with other users (such as text, photo, video or other messages, but excluding
private communications or friend invites)
- location information tracked by Facebook
- private messages sent to or from you are not collected
- in respect of Instagram:
- username and e-mail address of Instagram account (we do not collect Instagram passwords)
- profile information for user profile (e.g., first and last name, picture, but excluding phone
- user content (e.g., photos, comments, and other materials) that are posted to the Instagram
- in respect of Twitter:
- basic account & contact information such as name and username (but excluding password, email
address or phone number).
- additional information uploaded to Twitter services and made public, such as a short biography,
location, website, or pictures (but excluding date of birth)
- Tweets, Following, Lists and other public information on Twitter such as messages Tweeted by
you; the metadata provided with Tweets, such as when you Tweeted and the client application used
to Tweet; the language and time zone associated with the account; and the lists you create,
people you follow, Tweets you mark as likes or Retweet, and many other bits of information that
result from use of Twitter
- location Information if you choose to publish your location in Tweets or in your Twitter profile
- in respect of Linkedin:
- basic account & contact information such as name, username, email address or phone number (but
- additional registration which forms part of your Linkedin profile, such as your postal code, job
title, and company
- profile information you have uploaded to Linkedin services and made public, such as biography,
website, pictures, skills, professional experience, educational background, honors, awards,
professional affiliations, group memberships, networking objectives, companies or individuals
that you follow, and other information including content
Document Registry: If your subscription to the Services began prior to December 3, 2016, your Services may
include a registry feature. If your subscription began prior to December 3, 2016 you may provide some or all of the
following types of information to us in connection with this feature:
- Debit/Credit Card numbers
- Retail/Loyalty Points Card numbers
- Financial Account numbers
- Government Document numbers
- Asset details
- Investment details
- Insurance Policy details
- Subscription details and numbers
- Membership details and numbers
- Other Important Documents
If your subscription includes the registry feature, and if you registered certain information prior to December 3,
2016, we will continue to store and provide access to that information as part of this feature. We will not accept
registry of the following types of information after December 3, 2016.
- Prescription details
- Mobile Phone numbers
Please note that we do not validate the accuracy or completeness of any information provided as part of document
Registry will not be available for any subscriptions purchased after December 3, 2016. Details about this service may
be obtained by reviewing your subscription materials or by contacting our customer service department at the contact
information set out on the website.
Date Reminders: If your subscription to the Services began prior to December 3, 2016, your Services may
include a date reminder feature. If you use this feature, for each reminder you may provide us with a reminder date,
message title and message for us to send to you. Please note that reminder notices are automated; we do not review
or validate the accuracy or completeness of any information provided as part of date reminder services. Date
reminders will not be available for any subscriptions purchased after December 3, 2016. Details about this service
may be obtained by reviewing your subscription materials or by contacting our customer service department at the
contact information set out on the website.
Website Collection of Information
When you visit the Services website or download the Services mobile app, information is collected by us as you
interact with the website or mobile app. We collect certain information from your browser using "cookies". Cookies
are small files that are stored on your computer that help us to optimize your experience on the Services website or
contain Personal Information. They gather statistical data such as the average time spent on a specific webpage.
This kind of information provides us with insight on how to improve the design, content and navigation of the
website and mobile app. Your choice not to accept these cookies will not interfere with your use of the Services.
persistent cookie installed on your computer or device that contains information to help us verify you as the
subscriber and to help block unauthorized attempts to access your information through the website or mobile app.
Your choice not to accept these cookies may interfere with your ability to personalize and be recognized by the
website or mobile app, and/or may prevent the operation of the services or certain features within the services from
Mobile App Collection of Information
We also collect information about your device such as device model, unique device number, browser type, and IP
address. Information about your device helps us to improve the functionality of the Services mobile app, meet our
clients’ needs, measure the effectiveness of our services, enhance security measures and protect you.
When accessing the services through the Services mobile app, no Personal Information will be stored on your device.
If you choose to use the “Remember Me” functionality, the Services mobile app will store your username and password
to help us verify you as the subscriber and recognize you in future sessions.
When you use the mobile application, the app will determine your current location and report that information to us.
We will not share your current location with other users or partners. If you do not want us to use your location for
the purposes set forth above, you should turn off the location services for the mobile application located in your
account settings or in your mobile phone settings and/or within the mobile application.
Use of Your Personal Information
We may use your Personal Information:
- to verify your identity and provide the Services and customer support you request, including but not limited to
the following Services:
- Online Identity Monitoring;
- Lost Wallet Assistance;
- Identity Theft Assistance;
- Document Registry;
- Date Reminders; and
- Social Media Monitoring.
This may include disclosure of the information we collect, as described above, to non-affiliated third parties that
are acting on our behalf or with whom we interact in performing the Services, including:
- Credit bureaus;
- Companies that perform data searches and support services for us;
- Parties with whom there may be possible cases of identity theft or fraud, and then only to detect the
actual facts or to resolve the case;
- Parties which could include governmental units, courts or other entities (in response to subpoenas and
other legal processes), and those with whom you have requested us to share information;
- To obtain information which may help detect fraud or identity theft; and
- To notify appropriate parties of possible identity theft or fraud.
- for administrative purposes;
- to understand your needs and preferences so that we may notify you of new service offerings or send you
advertisements that respond to your needs or preferences based on your communication preferences
- to resolve disputes, collect payments, and troubleshoot problems;
- on an aggregate, non-identified basis for the purposes of planning a service or product and to monitor patterns,
gather data and generate reports. This aggregated information may be published or shared with third parties. We
or our service providers may perform statistical analyses of user and online behaviour and characteristics to
measure interest in and use of the Services so as to improve the Service. We or our service providers may also
perform various analyses of de-identified online interactions and activity of the users we monitor to improve
the usefulness of our alerts, as well as to provide behavioral and statistical insight and context across the
- to process payment transactions;
- to send you notices about your transactions; and
- to provide a record of correspondence with you, whether by telephone, mail, email or text message, to ensure
instructions are properly followed and to ensure customer service levels are maintained.
We may also monitor or record any telephone call we have with you. Monitoring and recording of calls is done to
establish a record of the information you provide; to ensure that instructions are properly followed; and to ensure
customer service levels are maintained. We will inform you of the possibility that your call is being monitored or
recorded prior to proceeding with the call. If you prefer not to have your call recorded you can conduct your
transaction online or contact our Privacy Officer to arrange an alternate procedure.
Disclosure of Personal Information
We do not sell, rent or trade any Personal Information to any third party for financial gain or marketing purposes.
you without your prior consent, unless as permitted or required by law, for example:
- to a government institution, law enforcement or other authority that has lawful authority to obtain the
- to comply with a subpoena or warrant or an order made by a court, person or entity with jurisdiction to compel
the production of information;
- in urgent circumstances to protect the life, health or security of any person; or
- to comply with court rules regarding the production of records and information.
We may transfer certain Personal Information to business service providers, but only to provide the Services and
contractual means, ensure that it uses privacy and security standards comparable to ours.
As part of the Services, we may retrieve your credit bureau information from credit reporting agencies on your behalf
and provide that information to you. We do not disclose your credit bureau information to anyone but you, except to
our service providers who help us provide the Services to you.
We may disclose your Personal Information in connection with a corporate reorganization, merger or amalgamation,
provided that the use of such Personal Information so disclosed continues to be the use permitted by this Privacy
Your Personal Information may be transferred, stored and/or processed by us or by our third party service providers
outside of the country where you reside, such as in the United States. In that case, your Personal Information would
be subject to the laws of the country in which it is stored or transferred. That country may have laws that require
your Personal Information be disclosed to the government under different circumstances that exist in your country of
We have implemented reasonable technical, physical and administrative safeguards designed to protect Personal
Information from unauthorized access, use, modification, disclosure, or other breach of privacy. We have
comprehensive physical and logical security policies and procedures, based on industry best practices, designed to
address practices for the secure access, storage, transmission, and disposal/destruction of Personal Information. We
will maintain appropriate security upon the disposal and destruction of Personal Information.
In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security
of Personal Information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy
When you transmit Personal Information to us through the Services website, that information is encrypted using the
128 bit SSL security protocol (Secure Sockets Layer) which encrypts the information channel from your computer to
our server over the Internet. We also use SSL to allow you to securely view your on-line account and registration
information. Furthermore, your credit/debit card information is encrypted using the 256 bit AES (Advanced Encryption
Standard) encryption algorithm and stored in a database.
Other than limited access by us in order to carry out the Services as described above, your Personal Information is
accessible only by you using a password created by you. To protect the security of your Personal Information, you
must keep your password confidential. You are responsible for all uses of Services by anyone using your password,
including any disclosures of Personal Information.
We will make available information about our general policies and practices relating to the processing of Personal
Information. We will not make available information about processing or management of Personal Information for a
specific customer except to that customer or as directed by that customer.
Accuracy of Personal Information and Access
We rely on you to ensure the Personal Information you provide to us is accurate and up to date for the purposes set
out in the Policy.
You may update, review or correct your Personal Information at any time on-line by accessing your password protected
registration page or by contacting our Privacy Officer as specified under “Questions or Concerns About Your Privacy”
We will keep Personal Information that remains relevant for the intended purposes or as required by law. We may keep
Personal Information about you in our records as long as it is needed for the purposes described above, including
statutory or regulatory retention requirements, even if you cease to be a customer.
Once Personal Information is deleted, you will not be able to access it any longer.
change our practices in processing Personal Information, we will post an updated policy in place of this Privacy
Policy, to keep you informed of what information we collect, how we use it and with whom we share it. Your continued
acceptance of all such changes.
Links to Third Party Websites
The Services website may contain links to other websites that operate independently of the Services and that are not
under our control. We provide links to other websites solely for your convenience and information. Other websites
may have their own privacy policies, which we suggest you review if you visit any linked websites. We are not
responsible for information that is collected through those websites or for any other use or disclosure of
information by the operators of those websites.
Questions or Concerns About Your Privacy?
We welcome you to contact us at any time should you have any questions, comments or concerns regarding this Privacy
Policy or the manner in which we or our service providers treat your Personal Information. Please contact our
Privacy Officer at the coordinates listed below:
Sigma Loyalty Group
P.O. Box 3020 STN D
Toronto, Ontario M9A 5C7