Privacy Policy
Personal Information
Personal information is information which concerns a natural person and which allows, directly or indirectly, to identify them. A writing, an image, a video and a sound recording may contain personal information. As part of its professional activities, the AGENCY may collect personal information such as name, home address, date of birth, identification document information, social insurance number, personal information about a person’s income, marital status, etc.
Consent
The AGENCY collects, uses, and communicates personal information with the consent of the person concerned. To be valid, this consent must be manifest, free, informed, and given for specific purposes. The person who consents to provide their personal information is presumed to consent to their use and disclosure for the purposes for which they were collected.
Any person may withdraw their consent to the collection, use, and disclosure of their personal information by the AGENCY at any time. In this case, if the collection is necessary for the conclusion or execution of the contract by the AGENCY, the AGENCY may not be able to comply with a service request.
Responsibility
The AGENCY is responsible for the protection of the personal information it holds in the course of carrying out real estate brokerage activities. To this end, the AGENCY has adopted the confidentiality policy as well as policies and practices governing the protection of personal information and whose objective is to regulate the collection, use, disclosure, retention, and destruction of personal information.
Collection of Personal Information
The AGENCY only collects personal information necessary to carry out its activities in the field of real estate brokerage. For example, this may involve information collected for the purposes of carrying out a real estate transaction, for the purposes of record keeping, and for the monitoring of professional practice by the Real Estate Self-Regulatory Organization of Quebec (OACIQ) or any other purpose determined by the AGENCY and brought to the attention of the person whose consent is requested.
The AGENCY invites its staff members to explain in simple and clear terms to the person concerned the reasons for collecting their personal information and to ensure their understanding.
For the purposes of collecting personal information, the AGENCY encourages its staff members to use the standardized forms developed by the OACIQ.
The AGENCY may also collect personal information verbally during correspondence with persons involved in a transaction or through various documents submitted as part of the completion of a real estate transaction (identity documents, financial documents, powers of attorney, etc.).
Use and Disclosure of Personal Information
Personal information is used and communicated for the purposes for which it was collected and with the consent of the person concerned. In certain cases provided for by law, personal information may be used for other purposes, for example, for the purpose of detecting and preventing fraud, for the purpose of providing a service to the person concerned.
The AGENCY may be required to communicate personal information to third parties, for example, to suppliers, co-contractors, subcontractors, agents, insurers (such as the Professional Liability Insurance Fund for real estate brokerage of Quebec [the FARCIQ]), to professionals, to other regulators, or outside Quebec.
The AGENCY may, without the consent of the person concerned, disclose personal information to a third party if this disclosure is necessary for the execution of a mandate or a service or business contract. In this case, the AGENCY establishes a written mandate or contract in which it indicates the measures that its representative must take to ensure the protection of the personal information entrusted to it, so that it is only used in the exercise of the mandate or contract and that they are destroyed after its end. The co-contractor must also undertake to collaborate with the AGENCY in the event of a violation of the confidentiality of personal information.
Before disclosing personal information outside Quebec, the AGENCY takes into account its sensitivity, the purpose of its use and the protection measures it will benefit from outside Quebec. The AGENCY will only disclose personal information outside Quebec if its analysis demonstrates that it will benefit from adequate protection in the place where it must be disclosed.
Retention and Destruction of Personal Information
When the purposes for which the personal information was collected or used have been accomplished, the AGENCY must destroy it, subject to a retention period provided for by law. In this regard, the professional obligations of the AGENCY or BROKER require it to keep its files for at least six (6) years following their final closure.
Security Measures
When collecting, using, retaining, and destroying personal information, the AGENCY applies the necessary security measures to protect the confidential nature of personal information.
Privacy Incident
A confidentiality incident is the access, use, disclosure of personal information not authorized by law or the loss of personal information or any other breach of the protection of personal information.
The AGENCY has put in place a confidentiality incident management protocol in which the people who assist the Personal Information Protection Manager are identified and which provides for the concrete actions that must be taken in the event of an incident. This protocol provides in particular the responsibilities expected at each stage of incident management, including the measures to be taken to ensure data security.
Roles and Responsibilities
1. THE AGENCY
THE AGENCY:
- Ensures the confidentiality of information through good information management practices. More particularly, he (he) provides directives, training and instructions to staff members relating to the collection, use, storage, modification, consultation, communication and permissible destruction of personal information.
- Deploys appropriate protection measures to reduce the risk of confidentiality incidents, for example, IT security, updating policies relating to personal information, training of its staff, etc.
- Has standardized methods for filing documents containing personal information.
- Has standardized methods for preserving documents containing personal information, particularly regarding the scanning procedure.
- Manages physical and computer access to personal information based in particular on its sensitivity.
- Performs secure destruction of personal information. More particularly, she (he) gives directives or instructions to staff members relating to the method of secure destruction, destruction times, etc.
2. Responsible for the Protection of Personal Information
In accordance with the Law, the AGENCY has appointed the Personal Information Protection Officer.
In particular, he ensures that these policies are respected and that they comply with applicable regulations. The name and contact details of this person appear in the “Right of access, withdrawal and rectification” section.
The Personal Information Protection Manager is responsible for managing confidentiality incidents and, in this context, takes actions provided for by law.
The Personal Information Protection Officer processes requests for access and rectification of personal information. He also handles complaints relating to the processing of personal information by the AGENCY.
The Personal Information Protection Officer is consulted as part of an assessment of the factors relating to privacy for any project for the acquisition, development and redesign of an information system or electronic delivery of services involving the collection, use, disclosure, retention or destruction of personal information. He may suggest measures to ensure the protection of personal information in the context of such a project.
3. Staff Members
An AGENCY staff member may access personal information only to the extent that it is essential to the performance of his or her functions or mandate.
The AGENCY staff member:
- Ensures the integrity and confidentiality of personal information held by the AGENCY.
- Complies with all policies and directives of the AGENCY or BROKER on access, collection, use, disclosure, destruction of personal information and information security and respects the instructions presented to him/her.
- Respects the security measures put in place at his/her workstation and on any equipment containing personal information.
- Uses only equipment and software authorized by the AGENCY.
- Ensures, when the time comes, the secure destruction of personal information in accordance with the instructions received. Immediately reports to his/her superior any act of which he/she becomes aware that may constitute a real or suspected violation of security rules relating to personal information.
Right of Access, Withdrawal and Rectification
An individual (or their authorized representative) may request access to their personal information held by the AGENCY. An individual may withdraw their consent to the collection, use, and disclosure of their personal information at any time. This withdrawal is then recorded in writing.
A person may ask to correct, in a file that concerns them, personal information that they consider to be inaccurate, incomplete, or ambiguous.
The AGENCY may refuse a request for access or rectification in the cases provided for by law.
Complaints
A person who considers themselves wronged may file a complaint regarding the processing of their personal information by the AGENCY. This complaint will be processed diligently within a maximum period of 15 days by the Personal Information Protection Officer, and a written response will be sent to them.