PRIVACY POLICY
EGAN Agence immobilière (hereinafter the “AGENCY” or the “BROKER”) is governed by the Act
respecting the protection of personal information in the private sector (CQLR, c. P-39.1) (“the
Act”).
Personal information
Personal information is any information which relates to a natural person and allows that
person, directly or indirectly, to be identified. A written document, an image, a video or a sound
recording may contain personal information. In the course of its/his professional activities, the
AGENCY or the BROKER may collect personal information such as the name, home address,
date of birth, identification document information, social insurance number, income information,
marital status, etc.
Consent
The AGENCY or the BROKER may collect, use and communicate personal information with the
consent of the person concerned. To be valid, consent must be manifest, free, enlightened and
given for specific purposes. The person who consents to provide his/her personal information is
presumed to consent to its use and communication for the purposes for which it was collected.
Any person may at any time withdraw his/her consent to the collection, use and communication of
his/her personal information by the AGENCY or the BROKER. In such cases, if the collection is
necessary for the conclusion or performance of the contract by the AGENCY or the BROKER, the
AGENCY or the BROKER may not be able to fulfil a request for service.
Responsibility
The AGENCY or the BROKER is responsible for protecting the personal information held in the
course of its/his real estate brokerage activities. To this end, the AGENCY or the BROKER has
adopted a privacy policy as well as governance policies and practices concerning personal
information, the purpose of which is to control the collection, use, communication, retention and
destruction of personal information.
Collection of personal information
The AGENCY or the BROKER collects only such personal information as is necessary to carry
out its/his real estate brokerage activities. For example, this information may be collected for the
purposes of carrying out a real estate transaction, record keeping, monitoring of professional
practices by the Organisme d’autoréglementation du courtage immobilier du Québec (OACIQ), or
any other purpose determined by the AGENCY or the BROKER and made known to the person
whose consent is being sought.
The AGENCY or the BROKER encourages its/his staff members to explain in simple and clear
terms to the person concerned the reasons for the collection of personal information, and to make
sure these reasons are understood.
For the purpose of collecting personal information, the AGENCY or the BROKER encourages
staff members to use the standardized forms developed by the OACIQ.
The AGENCY or the BROKER may also collect personal information verbally in the course of
correspondence with persons involved in a transaction, or through various documents submitted
for the completion of a real estate transaction (identification documents, financial documents,
powers of attorney, etc.).
Use and communication of personal information
Personal information is used and communicated for the purposes for which it was collected and
with the consent of the person concerned. In certain cases provided for under the Act, personal
information may be used for other purposes, for example to detect and prevent fraud or to provide
a service to the person concerned.
The AGENCY or the BROKER may be required to communicate personal information to third
parties, including suppliers, co-contractors, sub-contractors, mandataries, insurers (such as the
Fonds d’assurance responsabilité professionnelle du courtage immobilier du Québec [FARCIQ]),
professionals, other regulators, or parties outside Québec.
The AGENCY or the BROKER may, without the consent of the person concerned, communicate
personal information to a third party if such communication is necessary to carry out a mandate or
to perform a contract for services or of enterprise. In such a case, the AGENCY or the BROKER
draws up a written mandate or contract and specifies the measures which the mandatary must
take to ensure that the personal information communicated is protected, so that it is used solely
to carry out the mandate or perform the contract, and is destroyed after completion of same. The
co-contractor must also undertake to cooperate with the AGENCY or the BROKER in the event of
breach of confidentiality of the personal information.
Before communicating personal information outside Québec, the AGENCY or the BROKER must
take into account the sensitivity of the information, the purpose for which it is to be used and the
protection measures that will be in place outside Québec. The AGENCY or the BROKER will
communicate personal information outside Québec only if an analysis shows that the information
will be adequately protected in the place where it is to be communicated.
Retention and destruction of personal information
Once the purposes for which the personal information was collected or used have been fulfilled,
the AGENCY or the BROKER must destroy the information, subject to a retention period
stipulated under the Act. As stipulated in their professional obligations, the AGENCY or the
BROKER must retain records for at least six (6) years following the final closing of a file.
Security measures
When collecting, using, retaining and destroying personal information, the AGENCY or the
BROKER applies the necessary security measures to protect the confidentiality of the
information. More specifically, the following measures apply: This information is stored in a database accessible via a computer or laptop requiring a password, and in a secure location through the real estate agency's real estate broker. It is no longer used once the transaction has been completed, and is shredded after a period of 6 years.
All personal information is used as part of a real estate transaction. We must verify the identity of any third party and add, for example, information from an ID document on various OACIQ forms.
Confidentiality incident
A confidentiality incident is any access, use or communication of personal information that is not
authorized under the Act, or the loss of personal information or any other breach of protection of
personal information.
The AGENCY or the BROKER has implemented a confidentiality incident management protocol
that identifies the persons who assist the Person in charge of the protection of personal
information and sets out the concrete actions to be taken in the event of an incident. This protocol
specifies, among other things, the responsibilities expected at each stage of incident
management, including the measures to be taken to ensure the security of the data.
Roles and responsibilities
1. The AGENCY or the BROKER
The AGENCY or the BROKER:
▪ Ensures the confidentiality of the information through good information management
practices. In particular, it/he provides guidelines, training and instructions to staff
members regarding the authorized collection, use, storage, modification, consultation,
communication and destruction of personal information.
▪ Implements appropriate protection measures to reduce the risk of confidentiality
incidents, such as computer security, updating of policies relating to personal information,
staff training, etc.
▪ Has standardized methods for the filing of documents containing personal information.
▪ Has standardized methods for the retention of documents containing personal
information, including digitization procedures.
▪ Manages physical and computer access to personal information, based among other
things on its sensitivity.
▪ Ensures the secure destruction of personal information. More specifically, it/he provides
guidelines or instructions to staff members concerning secure destruction methods,
timeframes for destruction, etc.
2. Person in charge of the protection of personal information
In accordance with the Act, the AGENCY or the BROKER has appointed a Person in charge of
the protection of personal information.
This person is responsible, among other things, for ensuring that the policies are enforced and
that they comply with applicable regulations. The name and contact details of this person can be
found in the section “Right of access, withdrawal and rectification.”
The Person in charge of the protection of personal information is responsible for managing
confidentiality incidents and, in this context, takes action as provided for under the Act.
The Person in charge of the protection of personal information handles requests for access and
rectification of personal information. This person also handles complaints concerning the handling
of personal information by the AGENCY or the BROKER.
The Person in charge of the protection of personal information is consulted as the event of a
privacy impact assessment for any project involving the acquisition, development or redesign of
an information system or the electronic delivery of services involving the collection, use,
disclosure, retention or destruction of personal information. This person may suggest measures
to ensure the protection of personal information in the context of such a project.
3. Staff members
Staff members of the AGENCY or the BROKER may access personal information only to the
extent necessary for the performance of their duties or mandates.
The staff member of the AGENCY OR BROKER:
▪ Ensures the integrity and confidentiality of all personal information held by the AGENCY
or the BROKER.
▪ Complies with all policies and guidelines of the AGENCY or the BROKER regarding
access, collection, use, communication and destruction of personal information as well as
information security, and complies with all instructions received.
▪ Respects the security measures implemented on his workstation and on any equipment
containing personal information.
▪ Uses only such equipment and software as are authorized by the AGENCY or the
BROKER.
▪ Ensures, when appropriate, the secure destruction of personal information in accordance
with the instructions received. Immediately reports to his superior any act of which he is
aware that may constitute an actual or suspected breach of security rules relating to
personal information.
Right of access, withdrawal and rectification
A person (or his/her authorized representative) may request access to his/her personal
information held by the AGENCY or the BROKER. A person may withdraw consent to the
collection, use and communication of personal information. Such withdrawal is recorded in
writing.
A person may request the correction of personal information in a file concerning him/her that he/
she believes to be inaccurate, incomplete or unclear.
The AGENCY or the BROKER may refuse a request for access or rectification in the cases
provided for under the Act.
Complaints
A person who deems to have been wronged may file a complaint regarding the handling of his/
her personal information by the AGENCY or the BROKER. This complaint will be dealt with diligently within a maximum of 30 days by the Privacy Officer and a written response will be sent to you. Each complaint must be properly documented and accompanied by proof in the transaction file. The complainant will be notified in writing of the decision rendered by the Agency Director.To request access to or rectification of your personal information, or to submit a complaint regarding the processing of personal information, please contact the Agency Director: Jennifer Debra Egan at 418.683.4403.