Prepared by: Sania Safdar

Date: April 22, 2024 (Updated August 29, 2025)

Privacy Policy

This Privacy Policy describes the practices of Inkas Payments Corp., including its subsidiaries and affiliates (collectively, “Inkas”, “we”, “us”, or “our”), regarding the collection, use, and disclosure of personal data, and the rights and choices available to individuals under applicable privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act to modernize legislative provisions as regards the protection of personal information (Law 25).

What is Personal Data?

“Personal data” means any information about an identifiable individual. This includes names, contact details, identification numbers, employment data, financial and transactional information, and any other data protected under applicable laws.

Privacy Officer

Name: Sania Safdar
Title: Chief Privacy Officer
Email: [email protected]
Phone: 1 (877) 382-4852 ext. 504
Mailing Address: 1980 rue Sherbrooke W, Suite 1100, Montréal, QC H3H 1E8

  1. Scope of this Policy

This policy applies to:

  • Merchant customers
  • Employees and job applicants
  • Website visitors
  • Third-party business contacts
  1. What Information We Collect

Depending on your relationship with Inkas, we may collect:

  • Full name, date of birth, home and business addresses
  • Phone number, email address
  • Government-issued IDs (e.g., SIN, driver’s license)
  • Financial details (e.g., bank info for payroll or billing)
  • Employment history and health data (if necessary for employment)
  • Transaction history, device identifiers, cookies/IP addresses
  1. Why We Collect Personal Data

We collect and process personal data to:

  • Evaluate applications for our services
  • Underwrite and manage accounts
  • Process transactions and billing
  • Prevent fraud and manage risk
  • Comply with legal obligations
  • Provide customer and employee support
  • Market our services (with consent)
  1. Legal Basis for Processing

We process your data under one or more of the following legal bases:

  • Consent
  • Contractual necessity
  • Legal obligations
  • Legitimate business interests (e.g., fraud prevention)

You may withdraw your consent at any time by contacting our Privacy Officer.

  1. Consent and Minors

We obtain express, informed consent for sensitive data and from individuals under the age of 14 (via parental/legal guardian authorization, where applicable).

  1. Automated Decision-Making and Profiling

If automated decisions are made (e.g., creditworthiness assessments), we will:

  • Inform you of the decision logic
  • Allow human intervention upon request
  • Let you contest the decision
  1. Cookies and Tracking Technologies

We use cookies to improve site functionality, analyze traffic, and personalize experiences. Non-essential cookies require your opt-in consent.

You may manage cookie preferences through your browser or our [cookie consent tool].

  1. Sharing of Personal Data

We may share your personal data with:

  • Inkas affiliates and service providers
  • Payment processors and banking networks
  • Auditors, legal bodies, and regulators
  • Marketing partners (with consent)
  • Debt collection agencies (if necessary)
  • Government authorities, when required by law
  1. International Data Transfers

Your data may be stored or processed outside Quebec or Canada (e.g., in the U.S.). Before transfer, we evaluate protection levels and implement appropriate safeguards such as standard contractual clauses.

  1. Your Rights

Under PIPEDA and Law 25, you have the right to:

  • Access and correct your personal data
  • Withdraw consent at any time
  • Request deletion (right to be forgotten)
  • Restrict or object to processing
  • Be informed of automated decisions
  • Request data portability (as of Sept 2024)
  • File a complaint with the Commission d’accès à l’information (CAI)

To exercise these rights, please contact the Privacy Officer.

  1. Privacy Impact Assessments (PIAs)

We conduct Privacy Impact Assessments before deploying any system or process involving:

  • Sensitive or biometric data
  • Automated decisions
  • Cross-border data transfers
  • New technologies
  1. Security and Safeguards

We apply reasonable physical, technical, and administrative safeguards, including:

  • Encryption, firewalls, and access control
  • Secure data centers and servers
  • Employee training and confidentiality obligations

However, no system is completely immune to risks.

  1. Retention and Destruction

We retain personal data only as long as necessary for the purpose it was collected or as required by law. Data is securely destroyed or anonymized when no longer needed.

  1. Breach Notification

If a privacy breach poses a “risk of serious injury”, we will:

  • Notify the CAI promptly
  • Inform affected individuals
  • Log all such incidents for accountability
  1. Updates to this Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any significant updates will be posted on our website with the “last updated” date clearly indicated.

 

Contact Us

If you have any questions, requests, or complaints regarding your personal data, please contact:

Sania Safdar
Chief Privacy Officer
[email protected]
1 (877) 384-4852 ext. 504
1980 rue Sherbrooke W, Suite 1100, Montréal, QC H3H 1E8