Privacy Policy
PaymentEvolution Corporation (“PaymentEvolution”, “we”, “us”, or “our”) is committed to protecting the privacy, security, and confidentiality of the Personal Information we handle. This policy explains how we collect, use, disclose, store, transfer, and protect Personal Information when you use our websites, platforms, mobile applications, APIs, or Services (collectively, the “Services”).
This Privacy Policy complies with:
PIPEDA (Canada)
Quebec Law 25 (Loi modernisant des dispositions législatives en matière de protection des renseignements personnels)
Alberta PIPA
British Columbia PIPA
CASL (Canada's Anti-Spam Legislation)
Any other applicable Canadian privacy laws and regulations.
By accessing or using our Services, you agree to the practices described in this Privacy Policy.
1. Personal Information We Collect
“Personal Information” means any information about an identifiable individual, and includes:
Name, email address, mailing address, phone number
Account identifiers, login information
Employment information (job title, department, compensation)
Payroll, tax, and remittance details
Government identification numbers (SIN, BN, CRA account numbers)
Bank account and payment information
Benefits and HR enrollment data
Activity logs, device metadata, and IP addresses
Any other information submitted by you or generated by the Services
We may collect Personal Information directly from you, from your employer or authorized administrator, from Resellers acting on your behalf, or through automated systems when you interact with our Services.
2. How We Use Personal Information
We use Personal Information only for purposes permitted by Canadian privacy laws, including:
2.1 To Deliver and Improve Our Services
Payroll calculation and processing
Government remittances and tax filings
Payments, disbursements, reimbursements, paycards, or payment services
Benefits, HR, scheduling, and record management
Identity verification and fraud prevention
Customer support and account administration
2.2 For Security and Compliance
Monitoring for unauthorized access, threats, or fraud
Compliance with PIPEDA, Law 25, CRA requirements, financial regulations, PCMLTFA, and other laws
Responding to lawful requests, subpoenas, or regulatory inquiries
2.3 To Maintain and Improve the Platform
We may use Personal Information, logs, telemetry, and metadata to:
diagnose issues, improve reliability, and optimize performance
develop new features, workflows, integrations, or machine-learning models
enhance security, fraud detection, and risk scoring
Where reasonably possible, we use De-Identified or Aggregated Data for these purposes.
2.4 To Communicate With You
Account notifications
Service updates
Regulatory or operational alerts
Optional newsletters or product updates (with consent under CASL)
We do not use Personal Information to market to employees whose information we process on behalf of their employer.
3. De-Identified, Aggregated, and Anonymized Data
PaymentEvolution may create De-Identified Data or Aggregated Data that cannot reasonably identify an individual. We may use such data to:
analyze system performance
benchmark product usage
train predictive or diagnostic models
support research and product innovation
provide insights to clients or the public
enhance fraud detection and compliance tools
De-Identified Data is not Personal Information under this policy and may be retained indefinitely.
We do not re-identify such data except as required for:
system integrity
fraud investigation
regulatory compliance
security investigations
(This clause ensures future AI/ML innovation while remaining fully compliant.)
4. Cookies, Tracking Technologies & Log Data
We use cookies, local storage, and similar technologies for:
authentication and session management
personalization
usage analytics
fraud detection and security
site performance and debugging
Log data may include:
IP address
browser type
device identifiers
date/time stamps
clickstream and navigation paths
Users may disable cookies, but some features may not function properly.
5. When We Share Personal Information
PaymentEvolution does not sell Personal Information.
We may share Personal Information only with:
5.1 Authorized Third-Party Service Providers
Including:
secure cloud hosting providers
payment processors
benefits carriers
identity verification partners
communication platforms
analytics or security vendors
We contractually require them to maintain strict confidentiality and security.
5.2 Your Employer, Administrator, or Reseller
Where your employer or authorized Reseller administers your account, Personal Information may be shared with them as part of service delivery.
5.3 Corporate Affiliates
PaymentEvolution subsidiaries and affiliated companies may process Personal Information for operational purposes.
5.4 Legal or Regulatory Requirements
We may disclose Personal Information if required to:
respond to lawful requests or court orders
cooperate with CRA, ESDC, Revenu Québec, or law enforcement
prevent or investigate fraud or security incidents
enforce our legal rights
5.5 Business Transactions
If PaymentEvolution undergoes a merger, acquisition, financing, or restructuring, Personal Information may be transferred under appropriate confidentiality protections.
6. Cross-Border Transfers
PaymentEvolution may process Personal Information:
in Canada,
in the United States,
or in other jurisdictions where our trusted subprocessors operate.
We ensure all transfers are protected through:
contractual safeguards
encryption at rest and in transit
strict access controls
compliance with PIPEDA, Law 25, and provincial requirements
assessments of foreign privacy risks (as required by Law 25)
Client consent includes authorization for such international transfers.
Note: Quebec’s proposed consumer-protection amendments (Bill 10) relate to contract cancellation mechanisms and do not modify privacy rights under Law 25 or PIPEDA.
7. Data Security
We use industry-leading administrative, technical, and physical safeguards, including:
encryption at rest and in transit
least-privilege and role-based access
MFA and secure authentication
continuous monitoring and intrusion detection
regular third-party security audits
secure SDLC and change management
data minimization and retention controls
No system is 100% secure. Users must also take reasonable precautions, including safeguarding credentials.
8. Data Subject Rights
Subject to applicable laws, individuals have rights to:
access their Personal Information
request correction or updates
request deletion where permitted by law
restrict or withdraw consent
request information about cross-border transfers
challenge PaymentEvolution’s compliance
Requests may be submitted to: privacy@paymentevolution.com
Where Personal Information is processed on behalf of an employer, we may redirect requests to that employer.
9. Data Retention
We retain Personal Information:
for as long as required to provide the Services,
for legal/regulatory retention periods (CRA, employment laws, etc.),
to resolve disputes or enforce rights,
or as otherwise permitted by law.
When data is no longer required, we securely delete or anonymize it.
10. Children’s Privacy
PaymentEvolution does not knowingly collect Personal Information from children under the age of 13. If such data is identified, we will delete it unless retention is required by law.
11. Third-Party Links and Websites
Our websites may contain links to third-party websites. We are not responsible for their privacy practices. We encourage users to review third-party privacy policies.
12. Accountability and Contact
PaymentEvolution has designated a Privacy Officer responsible for overseeing compliance.
Contact:
Privacy Office
PaymentEvolution Corporation
2600 Skymark Ave, Building 1, Unit 200
Mississauga, Ontario, Canada L4W 5B2
Email: privacy@paymentevolution.com
You may contact our Privacy Officer with any questions, concerns, requests, or complaints.
You may also escalate concerns to the Office of the Privacy Commissioner of Canada or a provincial commissioner.