Privacy Policy

Express Gold Refining Ltd (“EGR” or “we”) is committed to maintaining the accuracy, security, and privacy of Personal Information in accordance with applicable legislation. This Privacy Policy provides our commitment to privacy for our customers, visitors to www.xau.ca and any other online websites we make available (collectively referred to as “Sites”) and our social networking sites, and other individuals we interact with the course of our business (“you”).

We have developed this privacy policy to describe how we collect, use, disclose and protect your Personal Information, whether collected online or otherwise.

Personal Information

Canadian privacy legislation defines “Personal Information” as information about an identifiable individual or information allowing an individual to be identified. For the purposes of this policy, Personal Information means information about an identifiable individual as defined from time to time in applicable Canadian privacy legislation. Personal Information does not include what is considered business contact information: your name, title or position, business address, telephone number, facsimile number, and e-mail address if used by us about your employment, business, or profession.

Consent

By submitting Personal Information to EGR or our service providers or agents, you consent to our collection, use, and disclosure of that Personal Information as set out in this Privacy Policy and as permitted or required by law. Subject to legal and contractual requirements, you may refuse or withdraw your consent at any time by contacting the EGR Privacy Officer (see below for contact information). If you refuse or withdraw your consent, we may not be able to provide you or continue to provide you with certain products, services, or information that may be of value to you.

Suppose you provide EGR or our service providers or agents with the Personal Information of another individual. In that case, you represent that you have all necessary authority and/or have obtained all the required consent from such a person to enable us to collect, use and disclose such Personal Information for the purposes outlined in this Privacy Policy.

Personal information we collect

Business Communications

We collect the Personal Information you choose to give us, such as by filling out our forms or communicating with us. This includes but is not limited to when a customer initiates a precious metal transaction with us or applies to open an individual/business account with us.

The Personal Information we collect about you may include contact information such as your name, billing address, phone number, e-mail address, order processing information such as shipping and billing information, bank account and payment information.

We also collect from prospective staff members and service providers, their former employers and other third parties, and/or publicly available sources, Personal Information about prospective or current staff members and service providers that is reasonably required to establish, manage, or terminate an employment or contractual relationship.

We are the data controller of the Personal Information we collect.

Website

When you visit our Sites, we use cookies to automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we use cookies to collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically collected information as “Device Information.”

This Privacy Policy covers the use of cookies by our Sites but does not cover the use of cookies or the collection of Device Information by any third parties with links on our Sites (including Google Analytics). Such parties may employ cookies, device identifiers, or similar technologies to collect their own Device Information, which will be governed by the applicable third party’s privacy policy.

Visitors to our Sites can reset their browsers to notify them when they have received a cookie or refuse to accept cookies. However, if a Site visitor refuses to accept cookies, they may be unable to use some of the features available on our Sites.

We may use third-party website analytics tools, including Google Analytics, and embedded tags/tracking codes to collect visitor traffic on our Sites. Analytics providers may use cookies, tags, and other collection technologies to collect Device Information. They use collected information to evaluate your use of our Sites, compile reports on activity for us, and provide other services relating to activity and service usage. Use of such analytic Device Information collected by third parties will be governed by the applicable third party’s privacy policy. For information on how Google Analytics collects and processes data, visit www.google.com/policies/privacy/partners/.

Identity Verification

When you apply for an account or to complete a transaction with us, we collect Personal Information from you that is reasonably necessary for us to authenticate your identity and prevent fraud (such as your date of birth, residential address, IP address, and photographic identification numbers such as driver’s license number or passport number), including copies of documents supporting this process, such as valid ID (driver’s license, or passport) and proof of address.

Anti-money laundering regulations

We collect Personal Information from you that is reasonably necessary for us to comply with anti-money laundering and other applicable regulations, such as your occupation and source of funds. This includes information about political offices or positions held by our customers, their owners, directors and authorized representatives, and their respective immediate families to determine if such individuals are politically exposed persons.

Retail store visitors

We operate video surveillance in-store for security. Signs are prominently posted, notifying visitors to our store. Please do not visit our store if you do not consent to be recorded by our video security surveillance equipment.

Copies of e-mails and chats

We keep copies of e-mails and chats received or made by our employees for security, training, and quality purposes.

Why do we collect your Personal Information?

In general, we collect, use, and disclose Personal Information about our customers and prospective customers (such as visitors to our Sites) to provide them with products and services. More specifically, we collect, use, and disclose their Personal Information for the following purposes:

• to provide requested products and services to you and maintain our business relationship.
• to fulfill your orders, including order processing, billing, and shipping,
• to communicate with you about your transactions with us,
• to provide customer service and support,
• to administer and improve our Sites, services, and products,
• to fulfill requests you may make,
• to personalize your experience as a customer or visitor to our Site,
• to provide service announcements,
• to develop, enhance, market, sell, and promote our products and services.
• to distribute promotional information to individuals on our mail and e-mail lists.
• to develop and manage our business and operations.
• to consider whether we should establish commercial relationships with you.
• to establish and maintain commercial relationships with customers, suppliers, and other third parties, including issuing invoices, administering accounts, collecting and processing payments, and to fulfill contractual obligations.
• to understand and respond to customers, suppliers, and other third-party needs and preferences, including contacting and communicating with such parties and conducting surveys, research, and evaluations.
• to detect, deter, investigate, and protect against misconduct, error, negligence, breach of contract, fraud, theft, and other harmful, illegal, or unauthorized activity,
• to comply with our policies and contractual, statutory, and regulatory obligations.
• to identify you as required by our regulatory obligations and administrative policies.
• to audit compliance with our policies and contractual, statutory, and regulatory obligations.
• to engage in business transactions, including the purchase, sale, lease, merger, amalgamation, or any other type of acquisition, disposal, securitization, or financing involving us and/or our affiliates; and

for any other purpose to which you consent.

In addition, we collect personal information about applicants for staff or service provider opportunities with us to assess, establish, manage, and terminate employment, contractual, and service provider relationships.

We use Device Information to enhance your convenience and experience in using our Sites and services, evaluate your use of our Sites and services, compile reports and statistical information on Site activity for us, and identify potential and actual cases of abuse. This statistical information is not otherwise aggregated to identify any particular system user.

We want to send you announcements about products or services provided by EGR or our partners that interest you, and we understand that you might prefer to avoid receiving such announcements. We will only send you advertising e-mails if you have chosen to receive such e-mails.

To opt out of these announcements, utilize the opt-out method detailed in any message you receive, or you can send an e-mail to us at [email protected] requesting to be removed from our sales solicitation or promotional mailing lists. In your e-mail, please include some identifying information, such as your EGR account number, to ensure we do not send you this type of communication. Individuals who “Unsubscribe” from receiving promotional e-mails from us will be removed from receiving further promotional e-mail or text communications.

• Sharing of Personal InformationWe will not share your Personal Information with third parties unless you have specifically requested that information be released to them or have otherwise consented to such sharing, or in the following circumstances:

  We may share your Personal Information with our affiliates and with third-party companies that perform services on our behalf (including maintenance, administration, support, hosting and database management services and bill and credit card payment processing) or help us administer or provide our products or services (collectively, “Service Providers”). We have agreements with all our Service Providers that prohibit them from using your personal information for their own purposes and require them to safeguard it appropriately.

  We will disclose any information we collect, use, or receive if required or permitted by law, to comply with a subpoena or similar legal process. Furthermore, when we believe in good faith, disclosure is necessary to protect our rights, protect our safety or the safety of others, investigate fraud, or respond to a government request.

  We reserve the right to disclose personal information in exceptional cases when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury or interference with (either intentionally or unintentionally) our rights or property or anyone else that such activities could harm.

  In the event EGR or its affiliates or their assets are sold, merged, or otherwise involved in a corporate transaction, your personal information will likely be transferred as part of that transaction – we reserve to right to transfer your personal data without your consent in such a situation; provided that we will comply with all requirements of applicable law and make reasonable efforts to see that your privacy preferences are honored by the transferee.

  If you are an individual and your employer pays for your account with us, (i), (ii) was created at the request of your employer, (iii) uses a work-sponsored e-mail address, (iv) is administered by your employer, and/or (v) otherwise reasonably appears to us as controlled by your employer, we will consider your account and all information associated in addition to that as property of your employer as the ultimate account holder. This means that upon the request of your employer, we will disclose information collected in connection with your usage of our sites and services, including Personal Information, to your employer. Upon the cessation of your employment for any reason, we may block or discontinue your access rights associated with your employer account.

  We are regulated under The Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its regulations. As part of the regulatory relationship, we may be required to disclose information about your use of our products and services to FINTRAC (the Financial Transactions and Reports Analysis Centre of Canada). To learn more about FINTRAC’s privacy policy, please visit www.fintrac-canafe.gc.ca/guidance-directives/overview-apercu/FINS/1-eng.

  With their consent, we may disclose our customers’ or prospective customers’ names, date of birth and residential addresses to a third-party Service Provider such as Equifax Canada to help us verify their identity in accordance with applicable regulatory requirements.

• Use and Sharing of Non-Personal Information
  

  We may anonymize, pseudonymize, aggregate, or de-personalize Personal Information and/or Usage Information to create non-personally identifiable information (“Anonymized Data”). We reserve the right to freely disclose, share and use Anonymized Data and other non-personally identifying information for industry analysis, statistical purposes, demographic profiling, marketing, advertising, and other business purposes (including reporting on trends in the usage of our product or services offerings).

• Ability to access, update and correct personal information
  

  You may review, update, correct, or delete certain of your Personal Information in our possession or control by sending a request to us at [email protected]. We will take steps to respond to your request as soon as it is practical and in accordance with applicable law.

Links to other websites

Our Sites may contain links to other websites not owned or controlled by us. Please be aware that we are not responsible for other websites or their owners’ or operators’ privacy practices. We encourage you to be aware when you leave our Site and read the privacy statements of each Website that may collect personal information.

Information security

EGR maintains reasonable physical, administrative, technical, and procedural safeguards and controls appropriate to the sensitivity of the information to help protect against the loss, misuse, alteration, and unauthorized disclosure of Personal Information in our possession or under our control. We periodically test the security protections of our information systems and monitor the effectiveness of our information security controls, systems, and procedures. We secure the Personal Information you provide us on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure.

The personal information you provide us online through our websites is protected using industry-standard encryption software (SSL). While on a secure page, such as our order form, you will know that SSL is in use when the lock icon displayed in your web browser becomes locked. However, the security of data transmission over the Internet or wireless network cannot be guaranteed.

EGR also takes appropriate measures to protect Personal Information offline. All Personal Information we collect is protected in our corporate offices or third-party processors. When we send Personal Information to a third party for processing, we ensure that through our contracts with them, they maintain reasonable safeguards to keep all Personal Information secure.

While we use reasonable efforts to safeguard your personal information confidentiality, we cannot guarantee that data will always remain secure due to transmission errors, outside events, third-party hacking, or other causes. We will comply with all applicable privacy laws and make any legally required disclosures regarding breaches of personal information security, confidentiality, or integrity consistent with our ability to determine the scope of a breach and our obligations to law enforcement.

Retention

EGR will retain your Personal Information only as long as it is reasonably necessary for the purpose we collected it, to meet regulatory and other legal requirements, and to defend or bring potential legal claims.

Children

We do not knowingly collect Personal Information from anyone under 18 years of age. If you believe we have collected the Personal Information of a minor without appropriate consent, please notify us using the contact points below to investigate and delete the information from our systems or make necessary corrections.

• Changes to our Privacy Policy

  This Privacy Policy may be updated occasionally to reflect changes to our information practices. If we make any material changes, we will notify you using the information you have provided to us, via your account, through our services, or by means of posting an updated version on our Site and other appropriate places. We encourage you to periodically review our published Privacy Policy for the latest information on our privacy practices. Any modifications to this Privacy Policy will be effective upon our posting or notification of the new terms. Your continued use of our Site or product or service offerings after that indicates acceptance of the modified Privacy Policy. If you disagree with any part of the modified Privacy Policy, you must terminate your account and stop accessing our sites and services.