Introduction
SavPay, a trade name of 9499-8390 Québec Inc., is committed to protecting your privacy and personal information. 9499-8390 Québec Inc. operates as an Independent Sales Organization (ISO) of Moneris Solutions Corporation, which acts on behalf of Royal Bank of Canada and Bank of Montreal. SavPay is also an authorized agent of Fiserv Canada Ltd. and Nuvei Corporation.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our payment processing services, visit our website, or interact with us in any capacity.
Information We Collect
Business Information
- Business name, address, and contact information
- Business registration numbers and tax identification
- Industry type and business model details
- Financial information including bank account details
- Processing volume and transaction history
- Beneficial ownership information as required by law
Personal Information
- Contact details (name, email, phone number)
- Identification documents (driver’s licence, passport)
- Social Insurance Number (when required for underwriting)
- Credit reports and financial background checks
- Communication preferences and history
Transaction Data
- Payment card information (processed securely by processor — SavPay does not store raw card data)
- Transaction amounts, dates, and merchant details
- Chargeback and dispute information
- Risk assessment and fraud prevention data
Technical Information
- IP addresses and device information
- Browser type and operating system
- Website usage data and analytics
- Cookies and similar tracking technologies
- Security logs and access records
How We Use Your Information
Payment Processing Services
- Processing payments and managing transactions
- Merchant account setup and ongoing management
- Risk assessment and fraud prevention
- Compliance with PCI DSS standards
- Dispute resolution and chargeback management
Legal and Regulatory Compliance
- Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements
- Proceeds of Crime (Money Laundering) and Terrorist Financing Act compliance
- PIPEDA and Québec Loi 25 compliance
- Financial reporting and audit requirements
Business Operations
- Customer service and technical support
- Account management and relationship building
- Product development and service improvement
- Marketing and communication (with consent)
- Internal analytics and business intelligence
Information Sharing and Disclosure
We may share your information with trusted third parties in the following circumstances:
Payment Processing Partners
- Moneris Solutions Corporation and its sponsoring financial institutions (RBC and BMO)
- Fiserv Canada Ltd. and Nuvei Corporation (authorized processing partners)
- Payment card networks (Visa, Mastercard, Amex, Interac)
- Payment gateway and technology providers
Service Providers
- Credit reporting agencies and background check providers
- Identity verification and fraud prevention services
- Cloud hosting and data storage providers
- Customer support and communication platforms (HubSpot CRM — North America region)
- Legal, accounting, and professional service providers
Legal Requirements
- Government agencies and regulatory bodies
- Law enforcement and legal proceedings
- Court orders, subpoenas, and legal investigations
- FINTRAC (Financial Transactions and Reports Analysis Centre of Canada)
Data Security and Protection
We implement industry-standard security measures to protect your information:
- TLS encryption on all data in transit
- Card data never touches SavPay infrastructure — handled by PCI DSS Level 1 certified processors
- Multi-factor authentication on internal systems
- Role-based access controls — minimum necessary access principle
- Regular security audits and staff training
- Incident response procedures with mandatory breach notification timelines
Your Privacy Rights
Under Canadian privacy laws, including PIPEDA and Québec’s Loi 25, you have the right to:
- Request access to your personal information
- Correct inaccurate or incomplete information
- Receive a copy of your data in a portable format
- Withdraw consent for marketing communications
- Request deletion of personal information (subject to legal requirements)
- Object to certain uses of your information
Note: Some information cannot be deleted due to legal and regulatory requirements in the payment processing industry, including transaction records, compliance documentation, and fraud prevention data.
Data Retention
- Transaction records: 7 years as required by Canadian financial regulations
- KYC/AML documentation: 5 years after account closure as required by FINTRAC
- Marketing data: Until consent is withdrawn or 3 years of inactivity
- Support communications: 2 years for quality assurance
International Data Transfers
Some service providers are located outside Canada, including in the United States. When we transfer your information internationally, we ensure appropriate safeguards are in place, including contractual protections and data processing agreements. We notify you when your data may be subject to foreign government access.
Cookies and Online Tracking
Our website uses essential cookies (required for site functionality) and, with your consent, analytics cookies to understand site usage. We do not use advertising or retargeting cookies. See our Cookie Policy for full details.
Policy Updates
We may update this Privacy Policy from time to time. We will post the updated policy, update the “Last updated” date, and notify you of material changes via email where required by law.
Contact
Privacy Officer — SavPay (9499-8390 Québec Inc.)
Email: info@savpay.ca
Phone: +1 (514) 863-6540 (Mon–Fri 9:30 AM–4:30 PM EST)
Mail: 9499-8390 Québec Inc., Montréal, Québec, Canada
Privacy Complaints: If we have not addressed your privacy concerns adequately, you may file a complaint with the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec.
See also: Cookie Policy · AML/ATF Statement · Compliance & Security · CASL & Do Not Call