Reseau Immobilier Adresz (hereinafter the “AGENCY” or the “BROKER”) is governed by the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1) (“the Act”).
Personal information
Personal information is any information which relates to a natural person and allows that person, directly or indirectly, to be identified. A written document, an image, a video or a sound recording may contain personal information. In the course of its/his professional activities, the AGENCY may collect personal information such as the name, home address, date of birth, identification document information, social insurance number, income information, marital status, etc.
Consent
The AGENCY may collect, use and communicate personal information with the consent of the person concerned. To be valid, consent must be manifest, free, enlightened and given for specific purposes. The person who consents to provide his/her personal information is presumed to consent to its use and communication for the purposes for which it was collected.
Any person may at any time withdraw his/her consent to the collection, use and communication of his/her personal information by the AGENCY. In such cases, if the collection is necessary for the conclusion or performance of the contract by the AGENCY, the AGENCY may not be able to fulfil a request for service.
Responsibility
The AGENCY is responsible for protecting the personal information held in the course of its/his real estate brokerage activities. To this end, the AGENCY has adopted a privacy policy as well as governance policies and practices concerning personal information, the purpose of which is to control the collection, use, communication, retention and destruction of personal information.
Collection of personal information
The AGENCY collects only such personal information as is necessary to carry out its/his real estate brokerage activities. For example, this information may be collected for the purposes of carrying out a real estate transaction, record keeping, monitoring of professional practices by the Organisme d’autoréglementation du courtage immobilier du Québec (OACIQ), or any other purpose determined by the AGENCY and made known to the person whose consent is being sought.
The AGENCY encourages its/his staff members to explain in simple and clear terms to the person concerned the reasons for the collection of personal information, and to make sure these reasons are understood.
For the purpose of collecting personal information, the AGENCY encourages staff members to use the standardized forms developed by the OACIQ.
The AGENCY may also collect personal information verbally in the course of correspondence with persons involved in a transaction, or through various documents submitted for the completion of a real estate transaction (identification documents, financial documents, powers of attorney, etc.).
Use and communication of personal information
Personal information is used and communicated for the purposes for which it was collected and with the consent of the person concerned. In certain cases provided for under the Act, personal information may be used for other purposes, for example to detect and prevent fraud or to provide a service to the person concerned.
The AGENCY may be required to communicate personal information to third parties, including suppliers, co-contractors, sub-contractors, mandataries, insurers (such as the Fonds d’assurance responsabilité professionnelle du courtage immobilier du Québec [FARCIQ]), professionals, other regulators, or parties outside Québec.
The AGENCY may, without the consent of the person concerned, communicate personal information to a third party if such communication is necessary to carry out a mandate or to perform a contract for services or of enterprise. In such a case, the AGENCY draws up a written mandate or contract and specifies the measures which the mandatary must take to ensure that the personal information communicated is protected, so that it is used solely to carry out the mandate or perform the contract, and is destroyed after completion of same. The co-contractor must also undertake to cooperate with the AGENCY in the event of breach of confidentiality of the personal information.
Before communicating personal information outside Québec, the AGENCY must take into account the sensitivity of the information, the purpose for which it is to be used and the protection measures that will be in place outside Québec. The AGENCY will communicate personal information outside Québec only if an analysis shows that the information will be adequately protected in the place where it is to be communicated.
Retention and destruction of personal information
Once the purposes for which the personal information was collected or used have been fulfilled, the AGENCY must destroy the information, subject to a retention period stipulated under the Act. As stipulated in their professional obligations, the AGENCY must retain records for at least six (6) years following the final closing of a file.
Security measures
When collecting, using, retaining and destroying personal information, the AGENCY applies the necessary security measures to protect the confidentiality of the information. More specifically, the following measures apply:
- The Agency has implemented appropriate protection measures to reduce the risk of confidentiality incidents, such as computer security, updating of policies relating to personal information, staff training, etc.
- The Agency has standardized methods for the filing of documents containing personal information.
- The Agency has standardized methods for the retention of documents containing personal information, including digitization procedures.
- The Agency manages physical and computer access to personal information, based among other things on its sensitivity.
- After six years the Agency ensures the secure destruction of personal information. More specifically, it/he provides guidelines or instructions to staff members concerning secure destruction methods, timeframes for destruction, etc.
Confidentiality incident
A confidentiality incident is any access, use or communication of personal information that is not authorized under the Act, or the loss of personal information or any other breach of protection of personal information.
The AGENCY has implemented a confidentiality incident management protocol that identifies the persons who assist the Person in charge of the protection of personal information and sets out the concrete actions to be taken in the event of an incident. This protocol specifies, among other things, the responsibilities expected at each stage of incident management, including the measures to be taken to ensure the security of the data.
Roles and responsibilities
- The AGENCY
The AGENCY ensures the confidentiality of the information through good information management practices. In particular, it/he provides guidelines, training and instructions to staff members regarding the authorized collection, use, storage, modification, consultation, communication and destruction of personal information.
- Implements appropriate protection measures to reduce the risk of confidentiality incidents, such as computer security, updating of policies relating to personal information, staff training, etc.
- Has standardized methods for the filing of documents containing personal information.
- Has standardized methods for the retention of documents containing personal information, including digitization procedures.
- Manages physical and computer access to personal information, based among other things on its sensitivity.
- Ensures the secure destruction of personal information. More specifically, it/he provides guidelines or instructions to staff members concerning secure destruction methods, timeframes for destruction, etc.
- Person in charge of the protection of personal information
In accordance with the Act, the AGENCY has appointed Mr Valentin Tomescu as the Person in charge of the protection of personal information.
This person is responsible, among other things, for ensuring that the policies are enforced and that they comply with applicable regulations. The name and contact details of this person can be found in the section “Right of access, withdrawal and rectification.”
The Person in charge of the protection of personal information is responsible for managing confidentiality incidents and, in this context, takes action as provided for under the Act.
The Person in charge of the protection of personal information handles requests for access and rectification of personal information. This person also handles complaints concerning the handling of personal information by the AGENCY.
The Person in charge of the protection of personal information is consulted as the event of a privacy impact assessment for any project involving the acquisition, development or redesign of an information system or the electronic delivery of services involving the collection, use, disclosure, retention or destruction of personal information. This person may suggest measures to ensure the protection of personal information in the context of such a project.
- Staff members
Staff members of the AGENCY may access personal information only to the extent necessary for the performance of their duties or mandates.
The staff member of the AGENCY:
- Ensures the integrity and confidentiality of all personal information held by the AGENCY.
- Complies with all policies and guidelines of the AGENCY regarding access, collection, use, communication and destruction of personal information as well as information security, and complies with all instructions received.
- Respects the security measures implemented on his workstation and on any equipment containing personal information.
- Uses only such equipment and software as are authorized by the AGENCY.
- Ensures, when appropriate, the secure destruction of personal information in accordance with the instructions received. Immediately reports to his superior any act of which he is aware that may constitute an actual or suspected breach of security rules relating to personal information.
Right of access, withdrawal and rectification
A person (or his/her authorized representative) may request access to his/her personal information held by the AGENCY. A person may withdraw consent to the collection, use and communication of personal information. Such withdrawal is recorded in writing.
A person may request the correction of personal information in a file concerning him/her that he/she believes to be inaccurate, incomplete or unclear.
The AGENCY may refuse a request for access or rectification in the cases provided for under the Act.
Complaints
A person who deems to have been wronged may file a complaint regarding the handling of his/her personal information by the AGENCY. The complaint will be processed promptly within a maximum of 30 days by the Person in charge of the protection of personal information, and will receive a written response.
Process for handling privacy complaints
In accordance with section 63.3 of the Act respecting Access to documents held by public bodies and the Protection of personal information (effective September 22, 2023), a person may submit a complaint to Reseau Immobilier Adresz regarding the protection of personal information concerning him or her.
The complaint must be submitted within 15 days following the day on which the person witnesses the event leading to his or her complaint.
Complaints must be made in writing and sent to the attention of the Reseau Immobilier Adresz’s Access to Information and Privacy Officer Valentin Tomescu at the following address:
Access to Information and Privacy Officer
Reseau Immobilier Adresz
1564 Herron Rd, Suite 1560
Dorval (Québec) H9S 1B7
Or by email at adresz@videotron.ca.
All complaints must include the following details: the plaintiff's name, contact information and a brief description of the reasons for his or her complaint.
An anonymous complaint is considered as not having been received.
The Access to Information and Privacy Officer acknowledges receipt of the complaint within five working days following its receipt.
The Privacy Officer investigates the alleged breaches of privacy contained in the complaint, if any. For the purposes of his investigation, the Privacy Officer may request any information or document held by Reseau Immobilier Adresz. The Privacy Officer may retain the services of any person needed to carry out an investigation.
Within 30 days of receiving the complaint, the Privacy Officer will inform the person concerned of his conclusions.
If no reply is sent to the person concerned within the above-mentioned period, the Privacy Officer is deemed to have rejected the complaint.
Act respecting Access to documents held by public bodies and the Protection of personal information (effective September 22, 2023):
63.3. A public body must publish on its website governance rules regarding personal information. Such rules must be approved by its committee on access to information and the protection of personal information.
The rules may be in the form of a policy, directive or guide and must, in particular, define the roles and responsibilities of the members of its personnel throughout the life cycle of such information and provide a process for dealing with complaints regarding the protection of the information. They must include a description of the training and awareness activities offered by the public body to its personnel regarding the protection of personal information.
The rules must also include the protective measures to be taken in respect of the personal information collected or used as part of a survey, including an assessment:
(1) the necessity of conducting the survey; and
(2) the ethical aspect of the survey, taking into account, in particular, the sensitivity of the personal information collected and the purposes for which it is to be used.
A government regulation may determine the content and terms of those rules.