The BMO Rewards program (“Program”) and this www.bmorewards.com website (the “Site”) is operated by Aimia for the benefit of MasterCard cardholders of BMO who use this Site (the “Customers”). BMO’s privacy statement can be found here.
Aimia Loyalty Solutions Canada (we, us, our), a wholly owned subsidiary of Aimia Inc., is a customer loyalty company. We fulfill loyalty program services on behalf of our clients for their customers (you).
This policy and our practices meet or exceed the requirements of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
As a company recognizing that a reputation for responsible data management is among Aimia’s most valuable assets, we have developed TACT — a set of ‘data values’ that put the consumer at the heart of what we do.
Scope of this Policy
By using this site, or when you interact with us, you agree to the terms of this policy. This Policy may be supplemented or amended from time to time, so we encourage you to periodically review this policy.
This policy applies to the collection, use, disclosure and storage of the personal information given to us to manage this program.
Below are our privacy promises to you.
This Policy is effective as of June 18, 2019.
Personal information – as defined in the PIPEDA – is “Information about an identifiable individual but does not include the name, title or business address or telephone number of an employee of an organization.” Personal information collected, stored or disclosed on this Site can include age, marital status, credit history, home and email address and telephone number.
We are accountable for all aspects of your data provided to us through each stage of its lifecycle.
As such, we have assigned a team to oversee what personal information is collected, how it is used, who it is disclosed to and how it is destroyed at the end of its lifecycle.
We communicate our privacy promises to our employees and train them in the handling your information and their roles and responsibilities in protecting your privacy. We regularly assess the privacy and security practices of our websites (including this Site) and databases to identify ways we can improve our data practices.
When we collect your personal information, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.
We’ll give you choices about the ways we use and share your personal information, and we’ll respect the choices you make.
We use your personal information to administer the Program; to advise of any changes to the program; to invoice you if applicable; to maintain your account with us; and to communicate with you regarding your account with us and other aspects of the administration of the Program such as sending marketing/promotional communications if consent has been given.
You will be given the opportunity to opt out on each applicable communication sent to you by clicking on the Unsubscribe link at the bottom of the communication.
Note that certain communications are transactional and therefore cannot be unsubscribed from.
For each purpose identified, we will request your consent.
We will ensure to gain your consent for each new purpose we would like to use your personal information for before we use it and will not collect, use or disclose your personal information without your consent, except where required by law.
We collect only as much personal information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent.
Information we may collect include:
- contact information such as name, address, phone number, and email address
- authentication information such as user ID/name, password and point balances
- transactional information in relation to travel and non travel redemptions, such as items booked and/or purchased along with credit card information if you’ve elected to pay by credit card
- information contained in email messages you have sent to us
- IP address
- date and time you accessed this site, the type of your operating system, and the type of your browser
The information provided by your browser does not identify you personally. However, we may review our server logs for security purposes, such as detecting intrusions into our network. If we suspect criminal activity, we might share our server logs -- which contain visitors’ IP addresses -- with the appropriate investigative authorities who could use that information to trace and identify individuals. In addition, if you access this site through an email we have sent you, or if you’ve created a “user identity” during one of your visits, we may link the information provided by your browser to information in our records that identifies you personally.
Information Collected Using “Cookies.” Like many commercial websites, we use "cookies." A cookie is a small text file that is placed on your hard disk by a Web server. Cookies cannot be used to install computer programs or deliver viruses to your computer.
We use “session cookies” to assign a randomly-generated unique identification number to your computer. A session cookie expires after you close your browser. We use session cookies to collect information about the ways visitors use our Site – which pages they visit, which links they use, and how long they stay on each page. We analyze this information, known as “clickstream data,” to better understand our visitors’ and members’ interests and needs, and to improve the content and functionality of this Site and our Program.
We may also use “persistent cookies.” These cookies do not expire when you close your browser, but stay on your computer until they expire or you delete them. Each time you visit our Sites, our Web server will recognize your cookie. By assigning your computer a persistent, unique identifier, we’re able to create a database of your previous choices and preferences. In situations where these choices or preferences need to be collected again, they can be provided by us automatically, saving you time and effort. Assigning your computer a persistent, unique identifier also helps us keep a more accurate account of how many people visit our Sites, how often they return, how their use of our Sites may vary over time, and the effectiveness of our promotional efforts.
Aimia will only use your information for the purposes described to you at the time of collection and detailed in this policy.
We’ll also use the information to better understand how you use Aimia’s services.
When you send us an email or when you ask us to respond to you by email, we learn your exact email address and any information you have included in the email.
We use your email address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further. If you have consented, we may use your email address to send you information about offers on products and services that we believe may be of interest to you. You can opt out of these communications at any time by contacting us or clicking on the unsubscribe link at the bottom of the communication.
Important Information About Preventing Email Fraud: From time to time, fraudulent emails may be circulated to you claiming to have been issued by entities or Canadian banks, requesting customers to verify their personal and/or account information. Customers are often asked to click on a link in the email that directs them to a pop-up window or modified online login page to enter their respective bank's login ID and password.
We will never send email messages to you requesting confidential information such as passwords or account numbers. Please do not act on any such emails as you may compromise your account or other information with us by following links to a counterfeit Internet site(s).
Except as described in this policy, we won’t share your personal information with third parties without your consent.
We may share your personal information with companies and organizations that perform services on our behalf. For example, if you redeem points for merchandise we may need to send your information to the manufacturer of the product you have ordered if it is housed at their location. This use of your information would be to fulfill your order only and not for any other purposes.
There are other, limited circumstances in which we or the companies with which we share your personal information may share or transfer your personal information to unrelated third parties. For example, we may provide personal information to a third party when we believe it is necessary to prevent or investigate a possible crime, such as fraud or identity theft; to comply with a court order or subpoena; to comply with a legal requirement; to protect your vital interests; or in connection with a sale, purchase, merger, reorganization, financing, liquidation, dissolution, or similar event. When we disclose information under these or similar circumstances, we’ll take appropriate steps to limit use and protect the confidentiality of your personal information.
Our Sites and our data are hosted on servers located in Canada. Our call centres are also located in Canada, although we may at times use supplemental facilities located in other countries.
When we transfer your personal information to another country, we’ll take appropriate measures to protect your privacy and personal information. In addition, no matter where we transfer your personal information, it will remain subject to the terms of this Policy and your privacy preferences.
We keep your personal information for as long as we need it for the purposes for which it was collected, or to which you have consented, or as permitted by applicable law. Generally, this means that we’ll keep your information as long as you have an active account. If, however, you choose to close your account with us we will eliminate your personal information from our records, unless an applicable law requires us to retain your personal information for some period of time.
We’ll take appropriate steps to make sure the personal information in our records is accurate.
We take appropriate security measures to protect your personal information from unauthorized alteration. If you become aware that any of the personal information in our records is inaccurate or has been altered, please contact us.
We’ll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
For example, our data networks are protected by firewalls and intrusion-detection sensors. Only employees who have a “need-to-know” are authorized to access member accounts, and only after they’ve been trained on our security procedures.
Although we use reasonable measures to help protect your personal information and comply with applicable data security laws, it’s important that you understand that no website or database is completely secure, or “hacker proof.” You can protect yourself and help us prevent computer crime by carefully guarding your password. If you believe the security of your account has been breached, contact us.
To ensure the integrity and protection of your information with any of Aimia’s third party service providers, we ensure that all of these companies sign non disclosure agreements and are held to the same standard that we ourselves comply with.
When we ask for your personal information, we'll let you know how you can find out about our privacy practices. If we're asking you for information online – on this Site, for example -- we'll provide a link to this Policy. If you're contacting us by phone, our operators will be able to answer your privacy questions or point you in the proper direction. If you have any questions or concerns about our privacy practices, you may contact us.
We reserve the right, at our discretion, to change, modify, add, or remove portions of this Policy at any time.
Minor Changes. If we make only minor changes to this Policy, we'll replace this Policy with the new Policy and change the “Effective” date at the top of this Policy. We will also provide a notice at the top of this Policy for at least 30 days after the new effective date and highlight the changes in the Policy so that you can locate them easily. Your continued participation or use of this Site following a minor change to this Policy will indicate your acceptance of the revised Policy. Minor changes include, for example, changes to our contact information.
Material Changes. We’ll notify you of any material changes to this Policy by sending you a notice by email at the last email address you provided us. Our notice may include a link or direct you to visit this Site to review the revised Policy. We’ll also provide a notice at the top of the revised Policy for at least 30 days after the new effective date and highlight the changes in the Policy so that you can locate them easily.
Material changes to this Policy will be effective as of the effective date included in the notice to you. Please note that you are responsible for confirming that your contact information is always current. If the last email address you provided us is not valid or current, or if for any other reason is not capable of delivering to you the notice described above, our mailing of the notice to your last email address will nonetheless constitute effective notice of the changes described in the notice.
We’ll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies.
The easiest way to access and review your key account information is to visit your profile on this Site. If you have additional questions regarding your personal information, please contact us. We will respond promptly within the time limits established by applicable law. For your protection, we may ask you for additional information to verify your identity. In most cases, we will provide the access you request and correct or delete any inaccurate information you discover. In some cases, however, we may limit or deny your request if the law permits or requires us to do so.
To access your information, ask questions about our privacy practices, change your marketing preferences, or issue a complaint, contact us at:
- Privacy Officer
- 777 Bay St., P.O. Box 118, Suite 2901
- Toronto, Ontario
- M5G 2C8
If your privacy concern isn’t addressed to your satisfaction, you may contact us and if your concern still hasn’t been addressed to your satisfaction, you may contact:
- The Office of the Privacy Commissioner
- 112 Kent Street
- Place de Ville
- Tower B, 3rd Floor
- Ottawa, Ontario
- K1A 1H3