Loi 25

Royal Lepage Tendance (hereinafter "THE AGENCY" or the "BROKER") is governed by the Act respecting the protection of personal information in the private sector (RLRQ, c. P-39.1) (the Act).
Personal information
Personal information is information about a natural person that allows, directly or indirectly, that person to be identified. Writing, images, videos and sound recordings can all contain personal information. In the course of its professional activities, the AGENCY or BROKER may collect personal information such as a person's name, home address, date of birth, identification information, social insurance number, income information, marital status, etc. The AGENCY or BROKER may also use this information to identify a person.   
The AGENCY or BROKER collects, uses and communicates personal information with the consent of the person concerned. To be valid, consent must be manifest, free, informed and given for specific purposes. The person who consents to provide his or her personal information is presumed to consent to its use and communication for the purposes for which it was collected.
Any individual may withdraw his or her consent to the collection, use and disclosure of his or her personal information by the AGENCY or BROKER at any time. In this case, if the collection is necessary for the conclusion or performance of the contract by the AGENCY or BROKER, the AGENCY or BROKER may not be able to fulfill a request for service.

The AGENCY or BROKER is responsible for protecting the personal information it holds in the course of its real estate brokerage activities. To this end, the AGENCY or BROKER has adopted the Privacy Policy as well as policies and practices governing the governance of personal information, the purpose of which is to govern the collection, use, communication, retention and destruction of personal information.
Collection of personal information
The AGENCY or BROKER collects only the personal information required to carry out its real estate brokerage activities. For example, this information may be collected for the purposes of carrying out a real estate transaction, maintaining files, monitoring professional practice by the Organisme d'autoréglementation du courtage immobilier du Québec (OACIQ) or any other purpose determined by the AGENCY or BROKER and made known to the person whose consent is being sought.
The AGENCY or BROKER invites its employees to explain the reasons for the collection of personal information in simple and clear terms to the person concerned, and to ensure that they understand.

The AGENCY or BROKER invites its staff members to explain in clear and simple terms to the person concerned the reasons for collecting his or her personal information and to ensure that they understand.For the purposes of collecting personal information, the AGENCY or BROKER encourages its staff members to use the standardized forms developed by the OACIQ.
The AGENCY or BROKER may also collect personal information verbally during correspondence with persons involved in a transaction or through various documents submitted in connection with the completion of a real estate transaction (identification, financial documents, powers of attorney, etc.).

Use and disclosure of personal information
Personal information is used and disclosed for the purposes for which it was collected and with the consent of the individual concerned. In certain cases provided for by law, personal information may be used for other purposes, for example, to detect and prevent fraud or to provide a service to the person concerned.
The AGENCY or BROKER may be required to communicate personal information to third parties, for example, suppliers, co-contractors, subcontractors, agents, insurers (such as the Fonds d'assurance responsabilité professionnelle du courtage immobilier du Québec [the FARCIQ]), professionals, other regulators, or outside Québec.The AGENCY or the BROKER may, without the consent of the person concerned, communicate personal information to a third party if such communication is necessary for the execution of a mandate or a service or business contract. In this case, the AGENCY or BROKER shall draw up a written mandate or contract in which it shall indicate the measures that its agent must take to ensure the protection of the personal information entrusted to it, to ensure that it is used only in the performance of the mandate or contract and that it is destroyed after its termination.

The co-contractor must also agree to cooperate with the AGENCY or BROKER in the event of a breach of confidentiality of personal information.
Before disclosing personal information outside Québec, the AGENCY or BROKER will take into account the sensitivity of the information, the purpose for which it is to be used and the safeguards that will be in place outside Québec. The AGENCY or BROKER will communicate personal information outside Québec only if its analysis demonstrates that it will benefit from adequate protection in the place where it is to be communicated.
Retention and destruction of personal information Once the purposes for which the personal information was collected or used have been fulfilled, the AGENCY or BROKER must destroy it, subject to the retention period stipulated in the Act.In this regard, the AGENCY's or BROKER's professional obligations require it to keep its files for at least six (6) years following their final closing.
Security measures
When collecting, using, keeping and destroying personal information, the AGENCY or BROKER applies the necessary security measures to protect the confidentiality of personal information. More specifically, the following measures apply:
Personal information is stored on secure external servers.
Personal information collected is limited to that which is strictly necessary for the purposes for which it is to be used.
Personal information is encrypted.
Privacy incident A privacy incident is any access, use, disclosure or loss of personal information that is not authorized by law, or any other breach of the protection of personal information.
The AGENCY or BROKER has established a protocol for managing a confidentiality incident, which identifies the persons who assist the Privacy Officer and sets out the concrete actions to be taken in the event of an incident. This protocol sets out the responsibilities expected at each stage of incident management, including the measures to be taken to ensure data security.
Roles and responsibilities
Ensures confidentiality of information through good information management practices. In particular, it provides guidelines, training and instructions to staff members regarding the collection, use, storage, modification, access, disclosure and permitted destruction of personal information.
Deploys appropriate safeguards to reduce the risk of privacy incidents, e.g. computer security, updated personal information policies, staff training, etc.
Has standardized methods for filing documents containing personal information.
Has standardized methods for storing documents containing personal information, including digitization procedures.
Manages physical and computer access to personal information, according to its sensitivity.
Securely destroys personal information. In particular, he/she gives directives or instructions to staff members regarding secure destruction methods, destruction deadlines, etc.

2. Privacy Officer
In accordance with the Act, the AGENCY or BROKER has appointed a Privacy Officer.
This person is responsible for ensuring that these policies are respected and that they comply with applicable regulations. The name and contact details of this person are listed in the "Right of access, withdrawal and rectification" section.
The Privacy Officer is responsible for managing privacy incidents and, in this context, takes action as provided for by law.
The Privacy Officer handles requests for access and rectification of personal information. He or she also handles complaints concerning the processing of personal information by the AGENCY or BROKER.
The Privacy Officer is consulted as part of a privacy impact assessment for any project involving the acquisition, development or redesign of an information system or the electronic delivery of services involving the collection, use, disclosure, retention or destruction of personal information. It may suggest measures to ensure the protection of personal information in the context of such a project.

3. Staff members
A staff member of the AGENCY or the BROKER may take cognizance of personal information only insofar as this is indispensable to the performance of his duties or his mandate.
The AGENCY staff member or BROKER :
Ensures the integrity and confidentiality of personal information held by the AGENCY or BROKER.  
Complies with all the AGENCY's or BROKER's policies and directives on access, collection, use, disclosure, destruction of personal information and on information security, and follows the instructions presented to him or her.
Respect the security measures in place at his or her workstation and on all equipment containing personal information.
Use only equipment and software authorized by the AGENCY or BROKER.
Ensures the secure destruction of personal information in accordance with instructions. Immediately report to his/her supervisor any act of which he/she is aware that may constitute an actual or suspected breach of security rules relating to personal information.

Right of access, withdrawal and rectification
An individual (or his/her authorized representative) may request access to his/her personal information held by the AGENCY or BROKER. An individual may withdraw his or her consent to the collection, use and disclosure of his or her personal information at any time. This withdrawal will be recorded in writing.
An individual may request the correction of personal information in a file concerning him or her that he or she believes to be inaccurate, incomplete or equivocal.
The AGENCY or BROKER may refuse a request for access or correction in the cases provided for in the Act.
A person who considers himself/herself aggrieved may lodge a complaint concerning the processing of his/her personal information by the AGENCY or BROKER. This complaint will be handled diligently within a maximum of 5 days by the Privacy Officer and a written reply will be sent to you.  
To request access to or rectification of your personal information, or to submit a complaint regarding the processing of personal information, please contact Franca Denis 514-713-3335