The Ten Principles of PIPEDA Summarized
“Collection” is the act of gathering, acquiring, recording, or obtaining personal information.
“Consent” is voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express, implied or deemed, and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction or as permitted in any agreement signed by CHESTNUT PARK and the individual. Deemed consent is consent that is deemed to be given pursuant to applicable legislation or other regulations.
“Disclosure” is making personal information available to a third party.
“Data base” means the list of names, addresses and telephone numbers of clients and individuals held by CHESTNUT PARK in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.
“File” means the information collected in the course of providing services, as well as information collected/updated to maintain /service the individual.
“Implied Consent” means the organization may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.
“Individual” means the client, shareholders, co-signors, and/or any guarantor associated with a client. “Personal information” is information about an identifiable individual but does not include aggregated information that cannot be associated with a specific individual. Personal information also excludes certain information as is excluded pursuant to applicable legislation or other regulations, such as publicly available information or business contact information, as and when applicable.
“Third party” is an individual or organization outside CHESTNUT PARK. “Use” is the treatment, handling and management of personal information by and within an organization.
Principle 1 – Accountability
CHESTNUT PARK shall designate a Privacy Officer who is accountable for compliance with the Policy and shall make known, upon request, the name of the person or persons designated to oversee CHESTNUT PARK’s compliance with the Policy. CHESTNUT PARK is responsible for personal information in its possession or under its control and shall use appropriate means to protect personal information while information is being processed by a third party on behalf of CHESTNUT PARK (see Principle 7). To give effect to the Policy, CHESTNUT PARK maintains policies and procedures that require observance by all CHESTNUT PARK’s members, employees, REALTORS® and contracted employees.
Principle 2 – Identifying Purposes for Collection of Personal Information
CHESTNUT PARK collects personal information for the following purposes:
i. to establish and maintain a responsible commercial relationship with clients;
ii. for purposes identified to individuals or purposes obvious to individuals, in respect of particular collection of personal information;
iii. to meet legal and regulatory requirements;
iv. to understand needs and preferences of individuals;
v. to develop, enhance, market and/or provide products and services;
vi. to manage and develop CHESTNUT PARK’s business and operations, including transfer of data among affiliated entities.
Further references to “identified purposes” mean the purposes identified in this Principle.
Principle 3: Consent
An individual’s consent will be obtained before or at the time of collecting personal information. The purposes for the collection, use or disclosure of the personal information will be provided to the individual at the time of seeking his or her consent. Once consent is obtained from the individual to use his or her information for those purposes, CHESTNUT PARK has the individual’s implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.
An individual can choose not to provide some or all of the personal information at any time, but if CHESTNUT PARK is unable to collect sufficient information to provide its services to the individual, then the individual will be so notified, and services may not be provided by CHESTNUT PARK if the information in question is not forthcoming.
A client or an individual can withdraw consent to CHESTNUT PARK’s use of personal information by making such request in writing and subject to legal or contractual restrictions and reasonable notice.
Principle 4: Limiting Collection
Principle 5: Limiting Use, Disclosure and Retention
Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA:
CHESTNUT PARK will use personal information without the individual’s consent, where:
i. the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
ii. an emergency exists that threatens an individual’s life, health or security;
iii. the information is publicly available;
iv. the use is clearly in the individual’s interest, and consent is not available in a timely way;
v. knowledge and consent would compromise the availability or accuracy of the information, and
vi. collection is required to investigate a breach of an agreement.
Disclosure and Transfer of Personal Information
Personal information will be disclosed only to CHESTNUT PARK’s members, employees, REALTORS® and contracted employees who need to know the information for the purposes of providing services to the individual.
Personal information will be disclosed to third parties with the individual’s knowledge and consent. PIPEDA permits CHESTNUT PARK to disclose personal information to third parties, without an individual’s knowledge and consent, in the following circumstances:
i. to a lawyer representing CHESTNUT PARK;
ii. to collect a debt owed to CHESTNUT PARK by the individual or client;
iii. to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
iv. to a law enforcement agency in the process of a civil or criminal investigation;
v. to a government agency or department requesting the information; or,
vi. as required by law.
PIPEDA permits CHESTNUT PARK to disclose personal information to a third party, without the individual’s knowledge or consent, if the disclosure is simply for processing purposes and the third party only uses the information for the purposes for which it was disclosed. CHESTNUT PARK will ensure, by contractual or other means, that the third party protects the information and uses it only for the purposes for which it was disclosed.
Retention of Personal Information
Personal information will be retained in client files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.
CHESTNUT PARK shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction, which apply to personal information that is no longer necessary or relevant for the identified purposes, or required or permitted by law to be retained. Such information shall be destroyed, erased or made anonymous.
Principle 6: Accuracy
CHESTNUT PARK endeavours to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify CHESTNUT PARK’s Privacy Officer of any change in personal or business information. Information contained in inactive files is not updated.
Principle 7: Safeguards
Access to personal information will be limited to CHESTNUT PARK’s members, employees, REALTORS® and contracted employees who require same to provide service to the individual. CHESTNUT PARK’s members, employees, REALTORS® and contracted employees are not permitted to copy or retain for personal use any personal information of the individual to which they have access. CHESTNUT PARK’s members, employees, REALTORS® and contracted employees are further required to return for destruction all such information given to them once the purpose for which they have access to the information has been
CHESTNUT PARK’s members, employees, REALTORS® and contracted employees are required to sign a confidentiality agreement binding them to maintain the confidentiality of all personal information to which they have access.
All personal information is stored in locked filing cabinets when not in use. Access to work areas where personal information may be in use is restricted to authorized CHESTNUT PARK members, employees, REALTORS®, contracted employees and authorized third parties. All personal information no longer required is shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons.
Personal information contained in CHESTNUT PARK’s computers and electronic data bases are password protected. Access to any of CHESTNUT PARK’s computers is password protected. CHESTNUT PARK’s Internet router or server has firewall protection sufficient to protect personal and confidential information against virus attacks and “sniffer” software arising from Internet activity.
Principle 8: Openness
Principle 9: Individual Access
An individual who wishes to review or verify what personal information is held by CHESTNUT PARK, or to whom the information has been disclosed (as permitted by PIPEDA), may make the request for access, in writing, to CHESTNUT PARK’s Privacy Officer. Upon verification of the individual’s identity, the Privacy Officer will respond as promptly as reasonably practical in the circumstances.
If the individual finds that the information held by CHESTNUT PARK is inaccurate or incomplete, upon the individual providing documentary evidence to verify the correct information, CHESTNUT PARK will make the required changes to the individual’s active file(s) promptly.
Principle 10: Complaints/Recourse
If an individual has a concern about CHESTNUT PARK’s personal information handling practices, a complaint, in writing, may be directed to CHESTNUT PARK’s Privacy Officer.
Upon verification of the individual’s identity, CHESTNUT PARK’s Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.
Where CHESTNUT PARK’s Privacy Officer makes a determination that the individual’s complaint is well founded, the Privacy Officer will take the necessary steps to correct the offending information handling practice and/or revise CHESTNUT PARK’s privacy policies and procedures.
Where CHESTNUT PARK’s Privacy Officer determines that the individual’s complaint is not well founded, the individual will be so notified in writing.
If the individual is dissatisfied with the finding and corresponding action taken by CHESTNUT PARK’s Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner at the address below:
The Privacy Commissioner of Canada
112 Kent Street, Place de Ville, Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Toll Free 1-800-282-1376
Natalka Falcomer, Privacy Officer Chestnut Park Real Estate Limited, Brokerage 1300 Yonge St., Suite 101 Toronto, ON M4T 1X3
416 925 9191 Email address: firstname.lastname@example.org