A word about your privacy

We respect your privacy. Not only do we respect it, but we also protect it. We only share your personal information in circumstances that we will describe in this Code and that align with our privacy principles. We have provided this document to explain our privacy principles and procedures. This Code reflects both the importance of the issue and the legal and regulatory requirements for privacy protection. If you want more information regarding our privacy principles and procedures, please read on.

To request access to, or correction of, your personal information, or to make other inquiries regarding your personal information, you may write our Global Privacy Officer at or by mail to:
Global Privacy Officer,
3389 Steeles Ave E,
Toronto, Ontario 
M2H 0A1.


Tangerine Bank (“Tangerine” or “we”) is committed to keeping personal information of our Clients and prospective Clients (“you” or “your” personal information) accurate, confidential, and secure. The Tangerine Privacy Code reflects this commitment.

This Privacy Code is based on the Personal Information Protection and Electronic Documents Act (PIPEDA). It describes how Tangerine complies with the principles of PIPEDA. A copy of PIPEDA is available at

The scope of this Privacy Code

This Privacy Code describes the principles Tangerine will use to protect the personal information in its possession or control. This Privacy Code does not apply to information about business Clients who carry on business as corporations, partnerships or other forms of association. We do, however, protect the confidentiality of such information in accordance with the law and our policies. This Privacy Code applies to any personal information that we collect about individual owners of sole proprietorships or personal information about officers, directors, employees or partners of a business Client.

Changes to this Privacy Code

In order to ensure that this Privacy Code is kept up-to-date, we will change this Privacy Code from time to time. Notice of any significant changes to the Privacy Code may be distributed by email, through Tangerine statements, letters, posted on the Tangerine website, through your online Inbox or any other electronic method used by Tangerine to communicate with you.



The Client services representatives at Tangerine who will address any questions and concerns about a Tangerine product or service. Associates may be reached by telephone at 1-888-826-4374 or email at

Personal information

Personal information is information that identifies you or can be used to identify you. Examples of personal information include: first and last name, mother’s maiden name, mailing address, telephone number (including mobile), email address, date of birth, Social Insurance Number (SIN), government-issued identification, credit history, information about your employment and education, annual income, assets and liabilities and financial transactions.

Privacy Office

The department at Tangerine that is responsible for the protection of your personal information. The Global Privacy Officer may be contacted by mail or email at:

GLOBAL PRIVACY OFFICER Tangerine 3389 Steeles Ave E Toronto, Ontario M2H 0A1


“Tangerine” is the operating name of Tangerine Bank. Tangerine is a wholly owned subsidiary of The Bank of Nova Scotia (“Scotiabank”).


Principle – Tangerine’s accountability

We are accountable for all personal information in our possession or control, including any personal information transferred to third parties for processing. We have established procedures to comply with this Privacy Code and have designated one or more persons to be accountable for compliance.

  1. Our Global Privacy Officer is responsible for protecting the privacy of our Clients’ personal information and our compliance with this Privacy Code.

  2. We are also accountable for personal information that has been transferred to a third party for processing (for example, cheque clearing services). Our policies for safeguarding personal information transferred to third parties are set out in Section 7.4 of this Privacy Code.

  3. To ensure compliance with the principles of this Privacy Code, we:

    • have established procedures to protect personal information;

    • have established procedures to receive and respond to questions and complaints;

    • published this Privacy Code; and

    • have trained our staff to understand and follow our privacy procedures.

We also oversee compliance with this Privacy Code through regular audits and other compliance procedures. Senior management reports to a committee of Tangerine’s Board of Directors regarding compliance with this Privacy Code.


Principle – Identifying the purposes of collecting personal information

We will identify the purposes of collecting personal information.

  1. We take care to explain purposes which are not as obvious as others. While the purposes for collecting a name or address may be obvious and do not need to be explained, the purposes for collecting other information may not be as self-evident.

  2. We will clearly identify the purpose for which we are collecting your personal information either through writing, verbally when we are speaking with you or through any other means we use to communicate with you. There are some cases where we are not required to obtain your consent (See Section 3 and Section 5.1 for details).

  3. You can ask for information about the purposes for which we collect personal information when you phone us or write to our Global Privacy Officer.

  4. In addition to any purposes identified to you before or at the time of collection, we will collect personal information (which may include credit, employment and other financially related information) for the following purposes:

    • to help identify you;

    • to determine your suitability or eligibility for our products or services;

    • to set up and manage Tangerine’s products and services;

    • to offer, set up and manage products and services, including those of our affiliates or trusted business partners;

    • to provide ongoing service; and

    • to meet legal and regulatory requirements, such as requirements under the Income Tax Act (Canada) and credit reporting requirements.

    Examples of additional purposes for which we may collect, disclose or use your personal information:

    1. references are used to verify information on an application;

    2. your date of birth and other identifying information may be collected and used to verify your identity, and to protect you and Tangerine from error or fraud. We may also collect and use personal information obtained from credit reporting agencies and other financial institutions in order to help verify your identity when you are a new Client;

    3. a Social Insurance Number (SIN) is collected because the Income Tax Act (Canada) and other national or international regulations related to the taxing of nationals require it for income tax reporting. In addition, a SIN may be used to match credit bureau information or protect you and Tangerine from reporting errors or fraud. Providing your SIN for these identity verification purposes is optional. To withdraw your consent for the use of your SIN for identity verification purposes, you may contact us as set out below; see Section 3.5 and Section 3.6;

    4. personal information is exchanged with credit reporting agencies, credit insurers (including health information), and other financial institutions, to maintain the integrity of the credit-granting process and to determine eligibility for financial products and services including creditor insurance products. The credit reporting agencies that provide your credit information to us are Equifax Canada Inc. ( and TransUnion Canada Inc. ( You can contact them to access, rectify or obtain a copy of your credit report;

    5. personal information, including transaction details for any product or service offered by Tangerine, is used by us to determine your eligibility for products and services or to identify products or services that may be of interest to you, and we will use your contact and other information to notify you of such products including by website, mail (including statement inserts), email, phone, SMS text messages, our Mobile Banking app or any other electronic method offered by Tangerine and used by you. If you do not wish to receive marketing communications, you can opt out as described in Section 3.6;

    6. subject to Section 7.4, personal information may be disclosed to investors or potential investors, lenders and government guarantors in order for us to process, fund and securitize your mortgage;

    7. personal information may be collected, used and disclosed to investigate specific transactions or patterns of transactions for the purpose of detecting unauthorized, fraudulent or other illegal activities;

    8. personal information may be collected and used to ensure that your instructions can be properly verified and to prevent errors;

    9. personal information may be collected, used and disclosed to investigate your complaints;

    10. should you open an Account to be operated on behalf of a third party, personal information of that third party will be collected from you in accordance with Anti-Money Laundering legislation;

    11. we may share personal information with members of the Scotiabank group of companies and other service providers who provide operational, administrative and support services on our behalf, to meet legal and regulatory obligations, for fraud prevention purposes, and to perform analytics;

    12. members of the Scotiabank group of companies and our service providers may be located outside of your province of residence or outside of Canada, and your personal information may be accessed or processed in the United States or other jurisdictions. For a list of Scotiabank’s principal affiliates and subsidiaries enterprise-wide, please refer to the most recent Annual Report.

    13. we may share your personal information with other members of the Scotiabank group of companies and our service providers so that they may contact you for the purposes of marketing, including telemarketing, or to help you manage your credit responsibly. You can withdraw your consent to the disclosure of your personal information to other Scotiabank companies for marketing at any time; see Section 3.5 and Section 3.6;

    14. personal information may be collected, used and disclosed for the purpose of legal or regulatory requirements;

    15. personal information may be collected, used and disclosed if you participate in a contest, survey or promotion to administer your participation in the contest or promotion and as otherwise described to you when you enter. Information obtained through our surveys is used in an aggregated form. We use this information to help us understand our Clients and to improve our products and services;

    16. personal information about a joint Account and any transactions on that Account may be disclosed to any Account holder; and

    17. personal information may be disclosed to a representative (such as a legal guardian, Power of Attorney, estate representative or lawyer) where reasonably necessary to administer the estate.

  5. The way we analyze your personal information may involve automated decisions. This involves processing your personal information using software that can evaluate your personal circumstances and other factors to address risks or outcomes. We may use this method to make decisions about you relating to credit checks, identity and address checks, monitoring your Account(s) for fraud or other financial crime, or for other reasons that we’ll disclose to you. We may use automated decision making if it’s necessary for us to provide you with a particular product (for example, we may use it to decide on the types of services that are suitable for you), to prevent fraud or financial crime, or if it’s reasonable to ensure that we’re treating our Clients fairly.


Principle – Obtaining consent

We will collect, use or disclose personal information without your consent only in limited circumstances as permitted by law.

Subject to certain legal, regulatory and contractual obligations and reasonable notice, an individual can refuse or withdraw their consent to the collection, use or disclosure of personal information about them at any time. In certain instances, that means we may not be able to offer you certain products and services.

  1. Generally, we will seek consent to use and disclose personal information at the time of collection. In some circumstances, we may identify a new purpose and seek consent to use and disclose personal information after it has been collected.

  2. We will explain to you in plain language how personal information will be used or disclosed before requesting your consent.

  3. Consent to the collection, use and disclosure of personal information can be expressed, implied, or given through your authorized representative.

    • You can express consent verbally, such as when information is collected over the telephone, in writing, such as when completing and signing an application, or electronically, such as when applying online.

    • Your consent can be implied, for example, by using a Tangerine product or service.

    • You can also give consent through an authorized representative, such as a legal guardian or a person with a Power of Attorney. This may be necessary, for example, when we cannot obtain express consent from a minor, or an individual who is seriously ill.

  4. We may collect, use or disclose personal information without your knowledge and consent only in limited circumstances as permitted by law. For example:

    • We may collect, use and disclose personal information without your knowledge or consent if it is clearly in your best interest to do so and consent cannot be sought in a timely manner. An example of such a circumstance is when an individual is seriously ill.

    • Tangerine may collect, use and disclose personal information without your knowledge or consent in accordance with law or upon the lawful request of a government institution or part of a government institution. An example would be when a government institution lawfully requests the information for the enforcement of federal or provincial Canadian law or laws of a foreign jurisdiction.

  5. You can refuse to consent to our collection, use or disclosure of personal information, or you may withdraw your consent to our further collection, use or disclosure of your personal information at any time by giving us reasonable notice, subject to limited exceptions. This includes withdrawing your consent for the use of your SIN for identity verification purposes.

    • We will inform you of the consequences of refusing or withdrawing consent. Refusing or withdrawing consent for Tangerine to collect, use or disclose personal information could mean that we cannot provide you with a product and/or service. For example, if you do not allow us to obtain a credit report, we may not be able to lend money to you.

    • We may have legal, regulatory or contractual obligations to collect, use or disclose certain of your personal information, in which case you may not withdraw your consent. For example, during the term of a loan, you may not withdraw your consent to our ongoing collection, use or disclosure of your personal information in connection with the loan you have with us or have guaranteed.

    • We will not unreasonably withhold products, services or information from individuals who refuse to give consent or who withdraw consent.

    • Tangerine is required by law to collect certain types of personal information in order to verify your identity. If you do not allow us to collect and use this information, or if you later attempt to withdraw your consent, we may not be able to open or maintain an Account for you.

    • Withdrawal of consent is not permitted in relation to a credit product where we must collect and report information after credit has been granted. This is to maintain the integrity of the credit reporting system.

    • We will act on your instructions as quickly as possible but there may be certain uses of your information that we may not be able to stop immediately.

  6. You can opt out and withdraw consent.

    • If you wish to withdraw your consent or update your marketing communication preferences, contact us toll-free at 1-888-826-4374.

    • To opt out of email communications, click on the “unsubscribe” link included in each of our communications.

    • To opt out of receiving SMS text messages, respond to any message by texting “STOP”.

    • To opt out of the sharing of your personal information with trusted partners, contact us using the contact information set out above.

    • To opt out of direct mail and phone marketing communications, contact us using the contact information set out above.


Principle – Limits on the collection of personal information

Tangerine limits the amount and type of personal information it collects. We will collect personal information only for purposes that have been already identified to you or as permitted by law.

  1. We will only collect the amount and type of information needed for the purposes documented by us and identified to you.

  2. We will collect personal information about you primarily from you. Except as permitted by law, Tangerine will only collect personal information from external sources if you have consented to such collection (for example, a Refer-a-Friend Program).


Principle – Limits on using, disclosing and keeping personal information

We will use or disclose personal information only for the reasons it was collected, unless consent is given to use or disclose it for another purpose. Under certain exceptional circumstances, we may have a legal duty or right to disclose personal information without your knowledge or consent.

We will keep personal information only as long as necessary for the identified purposes.

  1. We may disclose personal information without consent when required or permitted by law. Examples of such disclosure include:

    • subpoenas, search warrants and other court and government orders;

    • debt collection or demands from other parties who have a legal right to personal information; and

    • disclosure of personal information to a lawyer (or, in Quebec, a notary or an advocate) who represents Tangerine to protect Tangerine’s interests.

  2. In any of the circumstances referred to above, we will protect your interests by making sure that:

    • orders or demands appear to comply with the laws under which they were issued;

    • when permitted by law, we may notify you that an order or demand has been received.

  3. We will collect health records only for specific purposes explained to you, such as establishing the effective date of a Power of Attorney or for creditor insurance purposes, as insurance providers require this personal information to assess insurance risk and to establish and administer the insurance coverage.

  4. In the event we provide personal information to a third party service provider for processing located in a foreign jurisdiction, we will be bound by the laws and regulations of that jurisdiction and may disclose personal information in accordance with those laws and regulations.

  5. We will destroy, erase or make anonymous any personal information no longer needed for its identified purposes or for legal requirements, in accordance with our records retention policies.

  6. When you fill out forms and applications online or in our Mobile Banking app, we may save your progress as a draft for up to 30 days. Where possible, this means that if you can’t complete the form or need to switch devices, you don’t need to start over the next time you open the form. After that period, the information you entered will be deleted.


Principle – Keeping personal information accurate

We will keep the personal information in our possession or control accurate and complete based on the most recent information available to us. From time to time, Tangerine may contact you to ask you to confirm your contact information and your marketing communication preferences.

You may challenge the accuracy and completeness of your personal information and have it amended as appropriate.

  1. We will make reasonable efforts to minimize the possibility of using inaccurate, incomplete or outdated personal information to make a decision about you.

  2. We will make reasonable efforts to keep personal information in our possession and control accurate and current if the information is used on an ongoing basis.

  3. We will rely on you to keep your personal information accurate, complete and current. If you demonstrate to us that personal information relating to you is inaccurate, incomplete, or out of date, we will revise or delete the personal information. If necessary, we will disclose the revised personal information to any third parties to whom we had disclosed wrong or outdated information in order to permit them to revise their records.

  4. If we do not agree to revise the personal information as requested by you, you may challenge our decision. We will make a record of this challenge, and, if necessary, disclose the challenge by you to any third parties to whom we have disclosed the personal information.


Principle – Safeguarding personal information

We will protect personal information with safeguards appropriate to the sensitivity of the information.

  1. We will safeguard personal information in our possession or control from loss or theft and from unauthorized access, disclosure, duplication, use or modification.

  2. The safeguards employed by Tangerine to protect personal information will vary depending on the sensitivity, amount, distribution, format and storage of the personal information. We store most of your information electronically.

  3. We will safeguard personal information in our possession or control through security measures.

    For example:

    • physical security, such as secure locks on filing cabinets and restricted access to offices;

    • organizational security, such as controlled entry in data centres and limited access to relevant information; and

    • electronic security, such as passwords, personal identification numbers and encryption.

  4. We may transfer personal information to third parties for processing. We will require these third parties to safeguard all personal information in a way that is consistent with our principles and as required by law. When we contract with third parties, they are given only the information necessary to perform the services as set out in the contract. The third parties are prohibited from storing, analyzing or using the personal information transferred by Tangerine for any other purpose. The third parties are required to protect personal information transferred by Tangerine in a manner that is consistent with our privacy principles.

  5. We will use care when disposing of or destroying personal information in order to prevent unauthorized access to the information.


Principle – Making information about policies and procedures available to you

We will be open about the procedures used to manage personal information. Individuals will have access to information about these procedures through Tangerine’s Privacy Code, by contacting our Associates or by writing to the Global Privacy Officer. The information will be available in a format that is easy to understand.

  1. We will make this Privacy Code available to the public.

    • An electronic version of this Privacy Code is available on Tangerine’s website at or a copy can be requested by calling one of our Associates.

  2. Information about this Privacy Code will be available in a format that is easy to understand.

    • The contact information of the Associates and the Global Privacy Officer are provided at the beginning of this document in the “Explanation of Terms” section, so you can inquire about Tangerine’s personal information practices.

  3. We may make information about our procedures available in a variety of ways, depending on the nature of the services you are using and the sensitivity of the personal information.

    • We make information available by mail, or email, by a toll-free telephone number or provide online access.

  4. Policies & procedures regarding personal information

    • We have established and implemented governance policies and procedures approved by the Global Privacy Officer to ensure the protection of personal information. These documents provide a framework for the retention and destruction of the information, define the roles and responsibilities of personnel, and provide a process for responding to inquiries regarding the protection of the information. Here is a list of the policies and procedures:

      1. Privacy Risk Management Framework - Provides an overview of the key governance components for the oversight and management of Privacy Risk. Serves as an overarching framework for material elements of Privacy Risk management activities and is a source document to which all other Privacy Risk policies and procedures are aligned.

      2. Privacy Risk Management Policy - Provides a description of the general policies and principles applicable to Privacy Risk Management. It is part of the effective management and mitigation of Privacy Risk.

      3. Roles and Responsibilities Matrix of the Privacy Risk Management Program - This tool identifies roles and responsibilities associated with tasks.

      4. Access to Personal Information Procedures – Sets out the framework for handling access requests and requests to amend personal information pursuant to applicable laws. The Procedures are part of the Privacy Risk Management Program.

      5. Privacy Case Management Tool Governance Procedures – A privacy case management tool is a system used to track privacy-related incidents in a centralized location and to report that data to the relevant personnel. The governance procedures outline the structure and process for decision-making, accountability and control relating to the relevant privacy-related incidents tracked by the tool.

      6. Guidelines for Use of PII in Digital Initiatives – Provides an overview of the privacy implications that must be considered when devising a digital initiative involving personal information. These Guidelines assist employees to distinguish between permissible and impermissible uses of personal information.

      7. Incident & Breach Management Procedures – Provides steps for handling Privacy Concerns that impact Tangerine and its Clients, employees or other individuals.

      8. Privacy Impact Assessment Procedures – Outlines the processes involved to complete a Privacy Impact Assessment. These Procedures are part of Tangerine’s Privacy Risk Management Program.

      9. Employee Privacy Policy – Sets out how Tangerine collects, uses, discloses and otherwise manages personal information of its employees while administering and managing the employment relationship.

      10. Enterprise Records Management Policy – Establishes foundational principles applied across Tangerine to facilitate the creation, retrieval, use, maintenance, retention and disposition of records in a manner consistent with Tangerine’s business priorities and applicable legal and regulatory requirements.


Principle – Access to personal information

When you request it, Tangerine will advise what personal information we have in our possession or control about you, what it is being used for and to whom it has been disclosed.

In certain exceptional situations, we may not be able to give individuals access to all of the personal information about them.

  1. You have the right to know, on request, what personal information we have in our possession or control about you, a right to access that personal information and to know to which third parties we have disclosed that information, subject to legal and regulatory exceptions. Individuals may direct their requests by telephone to our Associates or, in writing, to the Global Privacy Officer.

  2. We have established procedures for responding to requests for access to personal information. In the unlikely event that we determine that there will be a cost to the individual in granting such access, we shall inform the individual of the reasonable costs permitted by law prior to granting such access.

  3. To process your request, we may ask you for information to validate your identity and confirm the scope of your request, such as your branch and Account Number, and clarification on the specific information or time period you are requesting.

  4. If you have a sensory disability, you may request that your personal information be made available in an alternative format.

  5. If we are prohibited from providing a request for access to personal information, we will advise of the reason for the refusal. An appeal of that decision can then be made to the Office of the Privacy Commissioner of Canada.

  6. We may not be able to provide you with access to your personal information in certain circumstances, such as where your request includes personal information about a third party that cannot be removed, or when the information you are requesting is protected by legal privilege.

  7. Tangerine may charge you a nominal access fee depending on the nature of your request. We will advise you of the fee, if any, prior to proceeding with your request.


Principle – Handling complaints and questions

Individuals may challenge Tangerine’s compliance with this Privacy Code. We have policies and procedures to receive, investigate, and respond to individuals’ complaints and questions relating to privacy.

  1. Individuals are advised to direct their complaints and questions by telephone to the Associates or in writing to the Global Privacy Officer.

  2. We will investigate all complaints. If we find a complaint to be justified, then we will attempt to resolve it.

  3. If you have an inquiry about Tangerine’s privacy practices or how we and our service providers treat your personal information, please contact an Associate by calling us toll-free at 1-866-677-0546. If we are not able to resolve your concern to your satisfaction, you can contact the Global Privacy Officer:

    GLOBAL PRIVACY OFFICER Tangerine 3389 Steeles Ave E Toronto, Ontario M2H 0A1

  4. Tangerine has policies and procedures to receive, investigate, and respond to your privacy complaints and questions. We will investigate all complaints we receive, and if we find a complaint justified, we will try to resolve it. You can find more details on our complaints process at

  5. If you are not satisfied, you may file a complaint with the Office of the Privacy Commissioner of Canada:

    Office of the Privacy Commissioner of Canada 30, Victoria Street Gatineau, Quebec  K1A 1H3 Toll-free: 1-800-282-1376 Phone: (819) 994-5444 TTY: (819) 994-6591