Compliance & Regulations
PaymentEvolution Compliance & Regulatory Overview
PaymentEvolution Corporation (“PaymentEvolution,” “PayEvo,” “we,” “us,” or “our”) is committed to the highest standards of regulatory compliance, operational excellence, and protection of our clients throughout payroll, HR, benefits, and financial service delivery. This page provides a clear and detailed overview of how we meet and exceed legal and industry requirements, and support our users' rights and safety.
Our Regulatory Approach
We operate under a robust regulatory framework that addresses federal, provincial/territorial, and, where relevant, international obligations. PaymentEvolution's compliance program is continuously updated, reviewed, and designed to empower clients through transparency and best practices.
Related Legal Documentation
This Compliance and Regulations page works alongside our comprehensive suite of legal documentation to provide complete transparency about our operations and your rights. We encourage you to review our related legal pages:
Terms of Service – Outlines the terms and conditions governing your use of PaymentEvolution's platform and services, including service-specific terms for Payroll, PayChequer, Business Payments, Benefits, HX Services, and API access. This document establishes the legal framework for our business relationship and defines user responsibilities and service limitations.
Privacy Policy – Details how we collect, use, store, and protect your personal information in accordance with PIPEDA, Quebec’s Law 25, and other applicable privacy laws. This policy explains our commitment to the ten fair information principles and your rights regarding your personal data.
Data Processing Agreement – Provides specific details about our role as a service provider under Canadian privacy laws, including how we handle personal information on behalf of our clients, cross-border data transfers, and our obligations regarding data security, retention, and destruction.
Trademark Policy – Covers the proper use of PaymentEvolution's intellectual property, including our registered trademarks “PaymentEvolution,” “PayChequer,” and “Why pay to pay?” along with licensing guidelines and permissions for trademark usage.
These documents collectively ensure transparency and establish clear expectations for all aspects of our service delivery and business relationships.
Federal Compliance
Canada Revenue Agency (CRA)
PaymentEvolution ensures:
Automated and accurate calculation and remittance of federal payroll deductions, including Income Tax, Canada Pension Plan (CPP), and Employment Insurance (EI).
Preparation and filing of T4 slips and other information returns on schedule.
Proper withholding and remittance for non-residents.
Secure payroll recordkeeping with audit support.
Anti-Money Laundering (AML) and FINTRAC
As a registered Money Services Business, we strictly comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and FINTRAC requirements:
Risk-based client identification (KYC), transaction monitoring, and suspicious transaction reporting.
Comprehensive written compliance program, ongoing staff training, and independent reviews.
Adherence to evolving requirements and guidance, including enhanced penalties and registration mandates.
Personal Information Protection and Electronic Documents Act (PIPEDA)
We uphold all fair information principles under PIPEDA with:
Consent-based personal data collection and processing.
Clear and accessible privacy policies.
Strong technical, administrative, and physical safeguards.
Rights of access and correction for individuals.
Employment-Related Federal Legislation
Our platform supports compliance with:
Canada Labour Code and employment standards for federally regulated employees.
Employment Equity Act and Pay Equity Act through specialized tools and client support.
Provincial and Territorial Compliance
PaymentEvolution ensures legislative compliance across Canadian provinces and territories by:
Automating up-to-date minimum wage, overtime, vacation, statutory holiday, and termination calculations.
Supporting Québec’s unique legal and tax requirements, including Quebec Pension Plan (QPP) and provincial income tax.
Managing Employer Health Tax, Workers’ Compensation premiums, and provincial payroll taxes.
Maintaining compliant employee recordkeeping as mandated provincially.
Law 25 (Quebec) Compliance Statement
Quebec’s Law 25 (formerly Bill 64) modernizes the province’s privacy regime and imposes some of the strictest privacy obligations in Canada. It applies to any organization “carrying on an enterprise” in Quebec that handles the personal information of individuals located in Quebec.
PaymentEvolution is committed to complying with Law 25 and, where relevant, applying its standards across our platform. In particular, we:
Designate a Person in Charge of the Protection of Personal Information
Our Privacy Officer serves as the person in charge of personal information under Quebec’s private sector privacy law, reporting to senior management and overseeing policies, risk assessments, and incident response.Conduct Privacy Impact Assessments (PIAs)
We perform PIAs for projects, technologies, and major system changes that involve sensitive data, profiling, AI-driven features, or cross-border disclosure of personal information relating to Quebec residents.Embed Privacy by Design and by Default
We implement technical and organizational measures to ensure that only the personal information necessary for the specified purposes is collected, used, retained, and disclosed, with privacy-friendly defaults for end users.Maintain an Incident Register and Breach Notification Processes
In line with Law 25 requirements, we keep a record of all confidentiality incidents (including data breaches and unauthorized access/use) and, when a risk of serious harm exists, we notify the Commission d’accès à l’information (CAI) and affected individuals as required.Support Enhanced Individual Rights
For individuals in Quebec, we support key privacy rights, including:access and rectification of personal information;
the right to request erasure where permitted by law;
de-indexing or cessation of dissemination in certain circumstances;
the right to withdraw consent (subject to legal/contractual limits);
transparency around any automated decision-making that uses their personal information and has significant impact.
Assess Cross-Border Transfers
Before disclosing personal information of Quebec residents outside Quebec, we assess whether the information will receive adequate protection, taking into account the sensitivity of the data, the purposes of use, and the foreign legal framework, and we implement appropriate contractual and technical safeguards.French-Language and Transparency Obligations
We provide key policies and client communications in French and are attentive to Quebec’s language and transparency requirements when interacting with Quebec-based clients and individuals.
By aligning our practices with Law 25, we aim to offer Quebec residents (and all our users) privacy protections that meet or exceed the highest standards currently in force in Canada.
Data Privacy and Security
We protect client and employee data with:
End-to-end encryption for data at rest and in transit.
Multi-factor authentication and strict access control policies.
Active security monitoring, logging, and intrusion detection.
Regular third-party security testing and independent security reviews.
Clear breach notification protocols to clients and, where required, regulatory authorities.
We also:
Maintain formal privacy and information security policies and training programs for all staff.
Implement data minimization, role-based access, and retention schedules aligned with legal and business needs.
Use de-identified and aggregated data to improve our products, analytics, and fraud detection, without re-identifying individuals except where necessary for security or legal compliance.
Consumer Protection and Transparency
Committed to fairness and consumer rights, PaymentEvolution ensures:
Transparent pricing with no hidden fees.
Simple, clear communication of terms and conditions, avoiding unnecessary legal jargon.
Accessible and prompt customer support for compliance, payroll, or privacy inquiries.
Fair and equitable treatment, including adherence to non-discrimination principles.
Clear dispute resolution processes with accessible pathways for clients.
Open Banking and Consumer Data Rights
In connection with Canada’s Consumer-Driven Banking Act and the emerging federal open banking framework, we:
Provide secure, consent-based sharing of financial data with approved third parties, where open banking rules apply.
Implement strict technical, contractual, and operational safeguards that align with FCAC oversight and applicable standards.
Respect consumer control over their financial data, including the ability to grant, manage, and revoke access.
Design our integrations to support data sovereignty, user empowerment, and strong consumer protection as the framework evolves.
International and Cross-Border Compliance
Though primarily focused on Canada, we uphold:
International privacy laws such as GDPR and CCPA where they apply to our operations or clients.
Secure cross-border data and payment transactions with appropriate safeguards, including contractual clauses and encryption.
Compliance with international tax treaties and payroll regulations when facilitating cross-border employment or payments.
Lending and Interest Rate Compliance
If applicable, PaymentEvolution complies with the Criminal Code’s cap on annual interest rates (35% maximum) established January 1, 2025, helping protect users from predatory lending practices.
Continuous Compliance and Quality Assurance
Our compliance program features:
A designated compliance officer overseeing policy and regulation adherence.
Comprehensive employee compliance training and awareness programs.
Real-time monitoring and prompt incorporation of legislative updates.
Routine internal audits, risk assessments, and client-focused communication.
Regular review of our controls against recognized frameworks and industry best practices.
Third-Party Risk Management and Regulatory Engagement
We ensure:
Rigorous due diligence and continuous oversight of all vendors and partners, including security and privacy assessments.
Inclusion of compliance, confidentiality, and data protection requirements in vendor contracts.
Active participation in fintech and payroll industry associations and constructive regulatory dialogue to help shape and anticipate evolving requirements.
Incident Response and Breach Transparency
PaymentEvolution pledges:
Immediate investigation and remediation of compliance or security incidents.
Prompt, transparent communication to affected clients and, where required, regulatory authorities such as the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec.
Implementation of enhanced controls to mitigate recurrence risks and strengthen our overall posture.
Support and Accessibility
Compliance documents, policies, and client communications are available in both English and French in accordance with Canadian bilingual requirements.
We aim to provide our key information in accessible formats, and we work with clients to accommodate accessibility needs where possible.
A dedicated compliance department is available for all regulatory questions and client support.
Contact
For compliance-related inquiries please contact:
PaymentEvolution Corporation
2600 Skymark Ave, Building 1, Unit 200
Mississauga, Ontario, Canada L4W 5B2
Email: info@paymentevolution.com
Phone: (647) 776-7600
For privacy-specific questions, including Law 25 or PIPEDA rights, please contact our Privacy Officer at privacy@paymentevolution.com.
Disclaimer
This document provides general information about PaymentEvolution's approach to compliance and regulatory matters. It is not intended as legal advice and should not be relied upon as a substitute for professional legal counsel. Specific compliance requirements may vary based on individual circumstances, and clients are encouraged to consult with qualified legal and compliance professionals regarding their specific obligations.
PaymentEvolution reserves the right to update this Compliance and Regulations page at any time to reflect changes in applicable laws, regulations, or our compliance practices. We recommend reviewing this page periodically for updates.