Purpose of Chestnut Park Real Estate Limited Brokerage (CHESTNUT PARK) Privacy Policy

CHESTNUT PARK is a real estate brokerage that, in the usual course of carrying on its business, often requires significant amounts of detailed information about identifiable individuals and companies. Most of this information is considered private under general community standards. The dissemination of information about an individual is vital in the conduct of CHESTNUT PARK’s business, but the indiscriminate dissemination of information, even if unintentional, may lead to the loss of privacy of an individual. Buyers and sellers, therefore, expect real estate organizations such as CHESTNUT PARK to take positive steps to protect the information provided. CHESTNUT PARK developed this privacy policy in light of this fact and the requirements under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”).

PIPEDA sets out rules for the collection, use and disclosure of personal information in the course of commercial activity as defined in the Act. Specifically, PIPEDA’s Privacy Code established ten principles (“Ten Principles”) as further outlined in Section 1, below, of this Privacy Policy. The Ten Principles, if followed, sets in place a solid foundation within which companies such as Chestnut Park may protect its clients, customers, and the general public. CHESTNUT PARK, as further described in this Privacy Policy, adheres to the Ten Principles.

The Ten Principles of PIPEDA Summarized

The ten Principles of PIPEDA that form the basis of this Privacy Policy are as follows:

  1. Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Privacy Officer;
  2. Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes;
  3. Consent: organizations must obtain an Individual’s express or implied consent when they collect, use, or disclose the individual’s personal information;
  4. Limiting Collection: the collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes;
  5. Limiting Use, Disclosure and Retention: personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure;
  6. Accuracy: organizations are required to keep personal information in active files accurate and up-to-date;
  7. Safeguards: organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure.
  8. Openness: organizations must inform their clients and train their employees about their privacy policies and procedures;
  9. Individual Access: an individual has a right to access personal information held by an organization and to challenge its accuracy if need be; and
  10. Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Privacy Officer, and respond promptly to a request or complaint by the individual.

This Privacy Policy applies to CHESTNUT PARK’s members, employees, REALTORS® and contracted employees (collectively “CHESTNUT PARK”). As well, CHESTNUT PARK ensures that all third-party service providers that may have come into contact with, or may have access to, personal information under the control or in the possession of CHESTNUT PARK, are compliant with PIPEDA.

Definitions

“Collection” is the act of gathering, acquiring, recording, or obtaining personal information.

“Consent” is voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express, implied or deemed, and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction or as permitted in any agreement signed by CHESTNUT PARK and the individual. Deemed consent is consent that is deemed to be given pursuant to applicable legislation or other regulations.

“Disclosure” is making personal information available to a third party.

“Data base” means the list of names, addresses and telephone numbers of clients and individuals held by CHESTNUT PARK in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.

“File” means the information collected in the course of providing services, as well as information collected/updated to maintain /service the individual.

“Implied Consent” means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.

“Individual” means the client, shareholders, co-signors, and/or any guarantor associated with a client. “Personal information” is information about an identifiable individual but does not include aggregated information that cannot be associated with a specific individual. Personal information also excludes certain information as is excluded pursuant to applicable legislation or other regulations, such as publicly available information or business contact information, as and when applicable.

“Third party” is an individual or organization outside CHESTNUT PARK. “Use” is the treatment, handling and management of personal information by and within an organization.

Principle 1 – Accountability

CHESTNUT PARK shall designate a Privacy Officer who is accountable for compliance with the Policy and shall make known, upon request, the name of the person or persons designated to oversee CHESTNUT PARK’s compliance with the Policy. CHESTNUT PARK is responsible for personal information in its possession or under its control and shall use appropriate means to protect personal information while information is being processed by a third party on behalf of CHESTNUT PARK (see Principle 7). To give effect to the Policy, CHESTNUT PARK maintains policies and procedures that require observance by all CHESTNUT PARK’s members, employees, REALTORS® and contracted employees.

Principle 2 – Identifying Purposes for Collection of Personal Information

CHESTNUT PARK collects personal information for the following purposes:

i. to establish and maintain a responsible commercial relationship with clients;
ii. for purposes identified to individuals or purposes obvious to individuals, in respect of particular collection of personal information;
iii. to meet legal and regulatory requirements;
iv. to understand needs and preferences of individuals;
v. to develop, enhance, market and/or provide products and services;
vi. to manage and develop CHESTNUT PARK’s business and operations, including transfer of data among affiliated entities.
Further references to “identified purposes” mean the purposes identified in this Principle.

Principle 3: Consent

An individual’s consent will be obtained before or at the time of collecting personal information. The purposes for the collection, use or disclosure of the personal information will be provided to the individual at the time of seeking his or her consent. Once consent is obtained from the individual to use his or her information for those purposes, CHESTNUT PARK has the individual’s implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.

An individual can choose not to provide some or all of the personal information at any time, but if CHESTNUT PARK is unable to collect sufficient information to provide its services to the individual, then the individual will be so notified, and services may not be provided by CHESTNUT PARK if the information in question is not forthcoming.

A client or an individual can withdraw consent to CHESTNUT PARK’s use of personal information by making such request in writing and subject to legal or contractual restrictions and reasonable notice.

This Privacy Policy does not cover statistical data from which the identity of individuals cannot be determined. CHESTNUT PARK retains the right to use and disclose statistical data as it determines appropriate.

Principle 4: Limiting Collection

Personal information collected will be limited to the purposes set out in this Privacy Policy.

Principle 5: Limiting Use, Disclosure and Retention

Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA:

CHESTNUT PARK will use personal information without the individual’s consent, where:

i. the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
ii. an emergency exists that threatens an individual’s life, health or security;
iii. the information is publicly available;
iv. the use is clearly in the individual’s interest, and consent is not available in a timely way;
v. knowledge and consent would compromise the availability or accuracy of the information, and

vi. collection is required to investigate a breach of an agreement.

Disclosure and Transfer of Personal Information

Personal information will be disclosed only to CHESTNUT PARK’s members, employees, REALTORS® and contracted employees who need to know the information for the purposes of providing services to the individual.

Personal information will be disclosed to third parties with the individual’s knowledge and consent. PIPEDA permits CHESTNUT PARK to disclose personal information to third parties, without an individual’s knowledge and consent, in the following circumstances:

i. to a lawyer representing CHESTNUT PARK;
ii. to collect a debt owed to CHESTNUT PARK by the individual or client;
iii. to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
iv. to a law enforcement agency in the process of a civil or criminal investigation;
v. to a government agency or department requesting the information; or,
vi. as required by law.

PIPEDA permits CHESTNUT PARK to disclose personal information to a third party, without the individual’s knowledge or consent, if the disclosure is simply for processing purposes and the third party only uses the information for the purposes for which it was disclosed. CHESTNUT PARK will ensure, by contractual or other means, that the third party protects the information and uses it only for the purposes for which it was disclosed.

Retention of Personal Information

Personal information will be retained in client files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.

CHESTNUT PARK shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction, which apply to personal information that is no longer necessary or relevant for the identified purposes, or required or permitted by law to be retained. Such information shall be destroyed, erased or made anonymous.

Principle 6: Accuracy

CHESTNUT PARK endeavours to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify CHESTNUT PARK’s Privacy Officer of any change in personal or business information. Information contained in inactive files is not updated.

Principle 7: Safeguards

CHESTNUT PARK will use physical, organizational, and technological measures to safeguard personal information collected or held by CHESTNUT PARK’s members, employees and REALTORS® , and ensure that contracted employees or third parties who require this information for the purposes set out in this Privacy Policy do the same.

Organizational Safeguards

Access to personal information will be limited to CHESTNUT PARK’s members, employees, REALTORS® and contracted employees who require same to provide service to the individual. CHESTNUT PARK’s members, employees, REALTORS® and contracted employees are not permitted to copy or retain for personal use any personal information of the individual to which they have access. CHESTNUT PARK’s members, employees, REALTORS® and contracted employees are further required to return for destruction all such information given to them once the purpose for which they have access to the information has been
fulfilled.

CHESTNUT PARK’s members, employees, REALTORS® and contracted employees are required to sign a confidentiality agreement binding them to maintain the confidentiality of all personal information to which they have access.

Physical Safeguards

All personal information is stored in locked filing cabinets when not in use. Access to work areas where personal information may be in use is restricted to authorized CHESTNUT PARK members, employees, REALTORS®, contracted employees and authorized third parties. All personal information no longer required is shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons.

Technological Safeguards

Personal information contained in CHESTNUT PARK’s computers and electronic data bases are password protected. Access to any of CHESTNUT PARK’s computers is password protected. CHESTNUT PARK’s Internet router or server has firewall protection sufficient to protect personal and confidential information against virus attacks and “sniffer” software arising from Internet activity.

Principle 8: Openness

CHESTNUT PARK will endeavour to make its privacy policies and procedures known to the individual via this Privacy Policy as well as upon request by contacting CHESTNUT PARK’s Privacy Officer.

Principle 9: Individual Access

An individual who wishes to review or verify what personal information is held by CHESTNUT PARK, or to whom the information has been disclosed (as permitted by PIPEDA), may make the request for access, in writing, to CHESTNUT PARK’s Privacy Officer. Upon verification of the individual’s identity, the Privacy Officer will respond as promptly as reasonably practical in the circumstances.

If the individual finds that the information held by CHESTNUT PARK is inaccurate or incomplete, upon the individual providing documentary evidence to verify the correct information, CHESTNUT PARK will make the required changes to the individual’s active file(s) promptly.

Principle 10: Complaints/Recourse

If an individual has a concern about CHESTNUT PARK’s personal information handling practices, a complaint, in writing, may be directed to CHESTNUT PARK’s Privacy Officer.

Upon verification of the individual’s identity, CHESTNUT PARK’s Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.

Where CHESTNUT PARK’s Privacy Officer makes a determination that the individual’s complaint is well founded, the Privacy Officer will take the necessary steps to correct the offending information handling practice and/or revise CHESTNUT PARK’s privacy policies and procedures.

Where CHESTNUT PARK’s Privacy Officer determines that the individual’s complaint is not well founded, the individual will be so notified in writing.

If the individual is dissatisfied with the finding and corresponding action taken by CHESTNUT PARK’s Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner at the address below:

The Privacy Commissioner of Canada
112 Kent Street, Place de Ville, Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Toll Free 1-800-282-1376
Email notification@priv.gc.ca
Website: https://www.priv.gc.ca

Questions/Access Request/Complaint

Any questions regarding this or any other privacy policy of CHESTNUT PARK may be directed to the Privacy Officer. Requests for access to information, or to make a complaint, are to be made in writing and sent to the Privacy Officer at the address below:

Natalka Falcomer, Privacy Officer Chestnut Park Real Estate Limited, Brokerage 1300 Yonge St., Suite 101 Toronto, ON M4T 1X3
416 925 9191 Email address: natalka@chestnutpark.com

This policy is subject to amendment in response to developments in the privacy legislation. The Privacy Officer will review and revise the Privacy Policy from time to time as required by changes in privacy law. Notification of any changes in the Privacy Policy will be posted on CHESTNUT PARK’s website: www.chestnutpark.com