Privacy Policy

Effective Date: April 23, 2026 | Last Updated: April 23, 2026

This Privacy Policy describes how ACU ("ACU," "we," "us," or "our") collects, uses, discloses, retains, and protects your personal information when you access or use our financial services, visit our website at accu-ca.com, or otherwise interact with us. We are committed to protecting your privacy and handling your personal information in a transparent, responsible, and lawful manner.

ACU operates in Canada and is subject to Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Where relevant, we also align our practices with international standards, including the General Data Protection Regulation (GDPR), as a benchmark for global best practices in data protection.

By using our website, products, or services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services and contact us to address your concerns.

1. Who We Are

ACU is a finance-sector organization providing financial products and services to individuals and businesses across Canada. Our registered place of business and primary point of contact for privacy matters is listed below:

Company Name	ACU
Website	accu-ca.com
Email	[email protected]

For any questions, concerns, or requests relating to your personal information and this Privacy Policy, please contact us using the details provided above or refer to Section 14 of this document.

2. Scope of This Policy

This Privacy Policy applies to:

All personal information collected through our website at accu-ca.com;
Personal information collected through our mobile applications, online portals, and digital platforms;
Personal information collected during the course of providing financial services, including account management, loan applications, investment products, and advisory services;
Personal information received from third parties in connection with the delivery of our services;
Communications between you and ACU, including emails, phone calls, and live chat interactions.

This policy does not apply to the websites, services, or practices of third parties that may link to or from our website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect personal information from you in a variety of ways and for a range of purposes connected to the delivery of our financial services. The categories of personal information we may collect include the following:

3.1 Personal Identification Information

Full legal name
Date of birth
Government-issued identification numbers (e.g., Social Insurance Number where legally required)
Passport, driver's licence, or other identification document details
Signature
Photographs or images (where applicable)

3.2 Contact Information

Home and mailing address
Email address
Telephone and mobile phone numbers
Business contact details (for corporate clients)

3.3 Financial and Account Information

Bank account and financial institution details
Credit history and credit scores
Income, assets, liabilities, and net worth
Investment portfolios and transaction histories
Tax information and records
Loan and mortgage details
Payment card information (processed securely and in compliance with PCI-DSS standards)

3.4 Usage and Technical Data

When you visit our website or use our digital platforms, we automatically collect certain technical and usage data, including:

IP address and approximate geographic location
Browser type and version
Operating system and device type
Pages visited, links clicked, and time spent on pages
Referring URLs and exit pages
Session duration and navigation patterns
Error logs and diagnostic data

3.5 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your interactions with our website and services. Please refer to Section 10 of this policy for full details on our use of cookies.

3.6 Communications and Correspondence

Records of communications you send to us, including emails, contact form submissions, and support tickets
Notes and records from phone calls or meetings with our staff
Chat logs from online support sessions

3.7 Sensitive Personal Information

In limited circumstances, and only where required by law or with your explicit consent, we may collect sensitive categories of personal information, such as biometric data for identity verification, or health information relevant to insurance or financial planning products.

4. How We Collect Your Information

We collect personal information through the following means:

Directly from you: When you complete application forms, register for an account, apply for financial products, contact us, or otherwise provide information voluntarily.
Automatically: Through cookies, analytics tools, and other tracking technologies when you use our website or digital platforms.
From third parties: Including credit bureaus (such as Equifax and TransUnion), identity verification services, financial institutions, regulators, and publicly available sources where permitted by law.
From our affiliates and partners: Where you have consented or where permitted under applicable law in connection with the delivery of integrated financial services.

5. How We Use Your Information

ACU uses your personal information for specific, legitimate purposes related to the provision of financial services. We rely on applicable legal bases including your consent, contractual necessity, compliance with legal obligations, and our legitimate business interests. Our primary uses include:

5.1 Service Provision and Account Management

Processing applications for financial products, including loans, accounts, credit facilities, and investments
Verifying your identity and conducting Know Your Customer (KYC) and Anti-Money Laundering (AML) checks in compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act
Managing and administering your account and financial products
Processing transactions, payments, and transfers
Providing customer support and resolving disputes or complaints
Communicating with you about your accounts, products, and any service updates

5.2 Risk Assessment and Credit Decisions

Assessing creditworthiness and financial risk in connection with lending and credit products
Conducting fraud prevention, security monitoring, and financial crime detection
Making automated or semi-automated decisions related to credit eligibility (with human oversight where required by law)

5.3 Legal and Regulatory Compliance

Complying with obligations under PIPEDA, provincial privacy legislation, the Income Tax Act, the Bank Act, and all applicable financial regulations
Responding to lawful requests from government authorities, regulators, and law enforcement agencies
Retaining records as required by law
Enforcing our terms and conditions and other agreements

5.4 Analytics and Service Improvement

Analyzing website and platform usage patterns to improve user experience
Conducting internal research and analysis to develop new products and services
Monitoring system performance and identifying technical issues
Generating aggregated, anonymized statistical data for business reporting

5.5 Marketing and Communications

Sending you information about our financial products, services, promotions, and updates that may be relevant to you, where you have provided consent or where permitted by Canada's Anti-Spam Legislation (CASL)
Personalizing your experience on our website and digital platforms
Conducting surveys and gathering feedback to improve our offerings
You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or by contacting us at [email protected]

6. Sharing Your Information with Third Parties

ACU does not sell your personal information to third parties. We may, however, share your information with trusted third parties in the following circumstances:

6.1 Service Providers and Processors

We engage third-party vendors and service providers who assist us in delivering our services. These include:

Cloud computing and data hosting providers
Payment processing companies
Identity verification and KYC service providers
Credit bureaus and reference agencies
IT support, cybersecurity, and software development firms
Marketing and analytics platforms
Legal, accounting, and professional advisory firms

These service providers are bound by contractual obligations to protect your personal information and are prohibited from using it for any purpose other than the specific services they provide to us.

6.2 Financial Partners and Affiliates

In connection with the delivery of certain financial products, we may share your information with partner financial institutions, insurance underwriters, or investment managers. Such sharing is conducted in accordance with applicable law and your consent where required.

6.3 Legal and Regulatory Authorities

We may disclose your personal information where required or permitted by law, including:

To comply with court orders, subpoenas, or other legal processes
To respond to requests from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Office of the Privacy Commissioner of Canada (OPC), or other regulatory bodies
To prevent, detect, or investigate fraud, criminal activity, or breaches of our policies
To protect the rights, property, and safety of ACU, our clients, or the public

6.4 Business Transactions

In the event of a merger, acquisition, amalgamation, asset sale, or other corporate restructuring, your personal information may be transferred to the successor entity. We will notify you of any such transfer that materially affects your privacy rights.

7. Data Security

ACU takes the security of your personal information seriously. We implement a comprehensive range of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, loss, or destruction. Our security measures include:

Encryption: All data transmitted between your browser and our servers is protected using industry-standard TLS (Transport Layer Security) encryption. Sensitive data at rest is also encrypted using strong cryptographic standards.
Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. All staff undergo privacy and security training and are bound by confidentiality obligations.
Multi-Factor Authentication (MFA): We require multi-factor authentication for access to sensitive systems and client-facing portals.
Firewalls and Intrusion Detection: We deploy enterprise-grade firewalls, intrusion detection systems, and continuous network monitoring.
Regular Security Audits: We conduct periodic vulnerability assessments, penetration testing, and third-party security audits to identify and remediate risks.
Incident Response: We maintain a documented data breach response plan and will notify affected individuals and the Office of the Privacy Commissioner of Canada in the event of a breach that poses a real risk of significant harm, as required under PIPEDA.
PCI-DSS Compliance: Payment card data is handled in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

Important: While we employ robust security measures, no method of data transmission or storage over the internet is 100% secure. We encourage you to use strong, unique passwords, protect your login credentials, and contact us immediately if you suspect unauthorized activity on your account.

8. Your Rights and Choices

Under PIPEDA and applicable provincial privacy legislation, you have several important rights regarding your personal information. We are committed to honouring these rights in a timely and transparent manner.

8.1 Right of Access

You have the right to request access to the personal information we hold about you, including information about the purposes for which it is used and with whom it has been shared. We will respond to access requests within 30 days, as required by PIPEDA.

8.2 Right to Correction

If you believe that the personal information we hold about you is inaccurate, incomplete, or out of date, you may request that we correct it. We will make reasonable efforts to update the information or, where we do not agree with the correction, note your request alongside the record.

8.3 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Please note that withdrawal of consent may affect our ability to provide certain services. You can withdraw consent by contacting us at [email protected].

8.4 Right to Erasure (Deletion)

In certain circumstances, you may request the deletion of your personal information. We will comply where we are not required by law to retain the information and where deletion does not conflict with other legitimate interests.

8.5 Right to Data Portability

Where technically feasible and in alignment with Canadian law, you may request a copy of your personal information in a structured, machine-readable format so that it can be transferred to another service provider.

8.6 Right to Object to Marketing

You may opt out of receiving direct marketing communications from us at any time by clicking the "unsubscribe" link in our emails, adjusting your account preferences, or contacting us directly.

8.7 How to Exercise Your Rights

To exercise any of the rights described above, please contact our Privacy Officer at:

Email: [email protected]
Website: accu-ca.com

We may need to verify your identity before processing your request. We will respond within 30 days of receipt. If we require an extension, we will notify you within that initial 30-day period with an explanation.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, and to comply with our legal, regulatory, and contractual obligations. The following general retention principles apply:

Category of Information	Typical Retention Period
Account and client identification records	7 years after account closure (as required by FINTRAC and tax regulations)
Loan and credit application records	7 years from the date of application or last activity
Transaction records	7 years as required under the Income Tax Act and AML regulations
Marketing communications preferences	Until consent is withdrawn or 3 years after last interaction
Website usage and technical data	Up to 24 months
Support and correspondence records	3 years after resolution of the matter
Legal and compliance records	As required by applicable law, which may exceed the above periods

Upon expiry of the applicable retention period, we will securely destroy, delete, or anonymize your personal information in accordance with our data destruction procedures.

10. Cookies and Tracking Technologies

Our website at accu-ca.com uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver relevant content. The types of cookies we use include:

Strictly Necessary Cookies: Essential for the operation of our website and cannot be disabled. These include session management and security cookies.
Performance and Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). Data collected is aggregated and anonymized.
Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and language settings.
Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These are only placed with your consent.

You may manage your cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect the functionality of our website.

For full details on the cookies we use, the data they collect, and how to manage your preferences, please refer to our Cookie Policy.

11. Children's Privacy

Our financial services and website are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.

If you believe that we have inadvertently collected personal information from a minor, please contact us immediately at [email protected] so that we can promptly delete the information and take appropriate corrective action.

Where our services may be accessible by individuals aged 18 or older but who are subject to additional legal protections in their jurisdiction, we apply appropriate safeguards to ensure compliance with applicable laws.

12. International Data Transfers

ACU is based in Canada and primarily stores and processes your personal information within Canada. However, some of our third-party service providers and technology partners may store or process data in other countries, including the United States and countries within the European Economic Area.

When your personal information is transferred outside Canada, we ensure that appropriate safeguards are in place to protect it, consistent with the requirements of PIPEDA and international best practices. These safeguards may include:

Contractual clauses that require the recipient to apply equivalent privacy protections;
Reliance on the recipient country's adequacy determination (where applicable);
Binding corporate rules or other approved transfer mechanisms;
Your explicit consent to the transfer.

Please be aware that personal information transferred to a foreign country may be subject to the laws of that country, including disclosure requirements to foreign courts, governments, or law enforcement agencies. By using our services, you acknowledge that your information may be transferred to and processed in countries outside Canada.

If you would like more information about international data transfers and the safeguards we have in place, please contact our Privacy Officer at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service offerings. When we make material changes, we will:

Post the updated policy on our website at accu-ca.com with a revised "Last Updated" date;
Notify you by email or through a prominent notice on our website or platforms, where required by law or where the changes materially affect your rights;
Obtain fresh consent where required under applicable privacy law.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our services after the effective date of any changes constitutes your acknowledgment of the updated policy.

14. Contact Us and Privacy Inquiries

If you have any questions, concerns, or requests related to this Privacy Policy or the handling of your personal information, please contact our Privacy Officer using the following details:

ACU — Privacy Officer

Company	ACU
Email	[email protected]
Website	accu-ca.com

We are committed to responding to all privacy-related inquiries within 30 days of receipt. If your request is complex or involves a large volume of information, we may extend this period by up to an additional 30 days, but we will inform you of any extension within the initial 30-day window.

15. How to File a Complaint with the Data Protection Authority

If you are not satisfied with our response to your privacy inquiry or believe that we have not handled your personal information in accordance with applicable Canadian privacy law, you have the right to file a complaint with the relevant data protection authority.

15.1 Office of the Privacy Commissioner of Canada (OPC)

The primary federal privacy regulator for private-sector organizations in Canada is the Office of the Privacy Commissioner of Canada (OPC). You may file a complaint with the OPC using the following contact information:

Organization	Office of the Privacy Commissioner of Canada
Address	30 Victoria Street, Gatineau, Quebec K1A 1H3, Canada
Toll-Free Phone	1-800-282-1376
TTY	819-994-6591
Website	www.priv.gc.ca

15.2 Provincial Privacy Commissioners

Depending on your province of residence and the nature of your complaint, you may also have the right to file a complaint with a provincial privacy commissioner. Key provincial regulators include:

Alberta: Office of the Information and Privacy Commissioner of Alberta — www.oipc.ab.ca
British Columbia: Office of the Information and Privacy Commissioner for British Columbia — www.oipc.bc.ca
Quebec: Commission d'accès à l'information du Québec (CAI) — www.cai.quebec.ca
Ontario: Information and Privacy Commissioner of Ontario — www.ipc.on.ca

We always recommend contacting us first so that we have an opportunity to address your concerns directly before you escalate your complaint to a regulatory authority.

16. Legal Basis and Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, and applicable provincial legislation. Our privacy practices also comply with:

Canada's Anti-Spam Legislation (CASL), S.C. 2010, c. 23;
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA);
The Income Tax Act, R.S.C. 1985, c. 1 (5th Supp.);
The Financial Consumer Agency of Canada Act;
Quebec's Act respecting the protection of personal information in the private sector (Law 25), as applicable;
Any other federal or provincial legislation applicable to our operations.

Where we reference the GDPR as a standard of best practice, this is done to reflect our commitment to high global standards of data protection. GDPR obligations apply where we process personal data of individuals located in the European Economic Area.

17. Automated Decision-Making

In the context of our financial services, ACU may use automated systems to assist with decisions such as credit assessments, fraud screening, and eligibility determinations. These systems analyze data including your financial history, identity information, and other relevant factors to produce recommendations or decisions.

Where automated decisions produce significant effects for you (such as a credit denial), we ensure that:

You are informed that an automated process has been used;
You have the opportunity to request human review of the decision;
You can contest the decision and provide additional information for reconsideration;
The logic involved in the decision-making process is explained to you upon request, to the extent permitted by law.

To request human review of an automated decision, please contact us at [email protected].

ACU Privacy Policy

Effective Date: April 23, 2026 | Last Reviewed: April 23, 2026

Questions? Contact us at [email protected] or visit accu-ca.com