Privacy Policy

The Filogix Marketplace is a collection of services that enables e-commerce for the Canadian mortgage industry. Through the Filogix Marketplace, brokers and lenders can conveniently communicate and conduct business with a broad array of Canadian mortgage industry partners and suppliers. Tailored to the needs of the mortgage industry, the Filogix Marketplace is a dynamic hub providing a single point of access to third-party mortgage service providers across Canada.

Finastra also provides web-based technology solutions: Filogix Expert (mortgage origination), Filogix Exchange (document management) and Filogix Express (mortgage underwriting), (the “Systems”) for the Canadian mortgage industry. The Systems allow brokers and lenders to access, use, provide, exchange, and receive information and data in connection with mortgage transactions and other related activities.

The right to privacy and the protection of personal information collected and processed by Filogix about our customers and others with whom we do business are important to us. We understand the obligations for the Canadian mortgage industry (“you” or “your”) to comply with the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy legislation that may be applicable to you (“Privacy Laws”). Filogix will meet its responsibilities to protect customer data in accordance with legal requirements and best practices.

In this Privacy Policy, “Customer Data” means any data, including personal information, relating to customers of mortgage brokers and lenders entered or stored in the Systems; and “Personal Information” means any information about an identifiable individual but does not include the name, title or business address or telephone number of an employee of an organization.

This Privacy Policy covers the privacy practices that Finastra employs with respect to the collection, use, sharing, disclosure and protection of Customer Data entrusted to us by our customers and to the Personal Information collected through the Systems. This Privacy Policy does not extend to the data management practices of third-party sites linked from the Systems.

We have a dedicated Privacy Office, headed by our Chief Privacy Officer who is accountable for overseeing the compliance with the principles set out in this Privacy Policy.

When you use the Systems, information is collected by us as you interact with the Systems.

When you access the Systems, we collect certain information from your browser using “cookies”. Cookies are small files that are stored on your computer that help us to optimize your experience while using the Systems. We may also use Web Beacons which are electronic images used to track the movement of a visitor using the Systems.Web Beacons allow us to count visits to certain web pages and to access cookies. Your browser software allows you to disable and delete cookies. If you choose to do so, this may interfere with your ability to personalize and be recognized by the Systems, and or this may slow down the performance of the Systems.

If you choose to communicate with us through the “Contact Us” link on our website, we will ask for information such as your name, telephone number, and email address so that we may promptly respond to your enquiry.

When you use the Systems, we do not directly collect Customer Data but rather receive Customer Data from you and we use Customer Data to perform services on your behalf. Unless required by law, we do not use or disclose, for any new purpose, Customer Data that we have received unless we first identify and document the new purpose and obtain your consent where appropriate.

By using the Systems, you consent to the collection, use and disclosure of your Personal Information as described in this Privacy Policy.

You may withdraw your consent to the use of your Personal Information by contacting the Privacy Officer as provided below.

We do not control your information collection or use practices of Customer Data. We rely on you to obtain the consent of your customers for the use of Customer Data in the Systems, as required by Privacy Laws. At the time of collection, you are required to inform your customers of the purpose of the collection and how their Personal Information will be used.

You may visit our websites without revealing any Personal Information about yourself. We do not collect Personal Information from visits to our websites, unless the information is provided to us voluntarily.

We will ensure that the use and disclosure of Customer Data we receive is limited to the purposes specified in your contracts with us, or as required by law.

If we hire subcontractors to assist in providing services, their access to Customer Data will be consistent with the terms of your contract with us and with this Privacy Policy.

Only individuals with a business need to know, or whose duties reasonably so require, are granted access to Customer Data to carry out the functions as per our contractual obligations. Customer Data residing in the Systems is controlled via the use of an account management framework and access to Customer Data by your end users is controlled by you.

We will only retain Customer Data we receive for as long as it is necessary or relevant for the business purpose for which it was entrusted to us. We will retain and destroy Customer Data provided to us as stipulated in your contract with us or as otherwise instructed by you. Customer Data that is no longer required for statutory or regulatory requirements or where the mandate has been fulfilled in accordance with the identified purpose when we received the Customer Data will be destroyed, erased or rendered anonymous to prevent unauthorized parties from gaining access to the Customer Data.

When we receive Customer Data, we do not verify the accuracy of the information. We rely on you to ensure the accuracy and completeness of the Customer Data that has been provided to us to perform the services we have been contracted to provide.

We have adopted reasonable security measures in an effort to protect the Customer Data provided to us from loss, misuse, or alteration while it is under our control. We use reasonable technical, contractual, administrative and physical measures to protect the Customer Data against unauthorized access.

Only individuals with a business need to know, or whose duties reasonably so require, are granted access to Customer Data to carry out the functions to meet our contractual obligations. To protect the integrity of Customer Data, your users should only be accessing your Customer Data through the use of their user ID and password as provided by you.

Our Systems may contain links to other websites that operate independently and are not under our control. We provide links to other websites solely for your convenience and information. Other websites may have their own terms of use and privacy notices, which we suggest you review if you visit any linked websites. We are not responsible for information that is collected through those websites or for any other use or disclosure of information by the operators of those websites.

We will make available information about our general policies and practices relating to the handling of your Customer Data.

We will refer to you any requests that we receive for access to Customer Data held by us on your behalf. We will also assist you wherever possible in responding to any access requests you may receive.

Since we regularly review all of our policies and procedures, we may change this Privacy Policy from time to time without notice. Any changes to this Privacy Policy or our policies will become effective upon posting of the revised Privacy Policy on this website.

We welcome you to contact us at any time should you have any questions, comments or concerns regarding this Privacy Policy. Please contact our Chief Privacy Officer by email at or by mail at 120 Bremner Boulevard, Suite 3000, Toronto, Ontario M5J 0A8.