Waterloo Region Association of REALTORS® Privacy Policy

I.          General Sections

1.       Purpose

a)    This policy relates to the collection, use, and disclosure of personal information by the Waterloo Region Association of REALTORS® (WRAR). 

b)    This policy applies to all members of the Association, all Users of the MLS® System, to buyers and sellers whose personal information is in the MLS® System, and to all users of the Association’s websites.

c)    The Association is a member of The Canadian Real Estate Association (CREA) and adheres to and abides by the principles set out in the CREA Privacy Code.

2.    Definitions

a)    “Association” means the Waterloo Region Association of REALTORS®.

b)    “Authorized User” means a REALTOR® who has been authorized by the Association to access and use any part of the MLS® System.

c)    “Administrative User” means a REALTOR® assistant or brokerage administrator that has been authorized by the Association to access and use any part of the MLS® System.

d)    “ITSO” means Information Technology Systems Ontario.

e)    “MLS® System” means the cooperative selling system operated by ITSO for the purchase, sale, or lease of real estate that includes an inventory of listings of participating REALTORS® and ensures a certain level of accuracy of information, professionalism, and cooperation amongst REALTORS®.

f)     “Personal Information” means any information about an identifiable individual not including:

i)     The name, title, business email, business address or telephone number of an individual when collected, used and disclosed solely for the purpose of communicating or facilitating communication with the individual in relation to their employment, business or profession;

ii)    Aggregated information that cannot be associated with a specific individual.

g)    “PIPEDA” means the Personal Information and Protection of Electronic Documents Act.

h)    “User” means a member of the Association, an Authorized User, or an Administrative User.

3.    Privacy Officer

a)    The Association’s Privacy Officer is the person responsible for compliance with PIPEDA, whose name and contact information is: Tania Benninger, inquiries@wrar.ca.

b)    The Privacy Officer responsibilities shall include:

i)     Maintaining and updating this policy as needed;

ii)    Ensuring third parties providing services to the Association that involve the Personal Information comply with the requirements found in PIPEDA;

iii)   Providing education to employees of the Association on the importance of information protection;

iv)   Attempting to resolve privacy complaints to the satisfaction of the complainant;

v)    Responding to privacy breaches, including reporting breaches to impacted individuals, the relevant privacy commissioner(s), and any other government institution when notifying that institution may be able to reduce the harm from the breach, when necessary.

4.    Amendments

a)    The Association may amend this policy from time to time, which will take effect when posted on the Association’s websites.

b)    You are required to review the Association’s Privacy Policy from time to time and your continued use of the Association’s websites or use of any other Association products and services following the posting of any changes to the Privacy Policy constitutes acceptance by you of such amendments.

II.  Collection, Use, and Disclosure of Personal Information

1.    Collection and Use of Personal Information

a)    The Association collects Personal Information about members necessary to:

i)     Process membership applications;

iii)   Facilitate membership in ITSO, CREA, and the Ontario Real Estate Association (OREA);

iv)   Ensure that only REALTORS® in good standing with ITSO member associations are able to access services through ITSO;

v)    Collect dues;

vi)   Provide services to members (e.g., education, events, long term member recognition, etc);

vii)  Provider members with access to and use of the MLS® System;

viii) Provide support, counsel, and representation to members;

ix)   Enforce the Association’s Bylaws, policies, and rules;

x)    Meeting any legal or regulatory requirements;

xi)   Minimizing and investigating any breach of law or contract;

xii)  Generally effectively administer the Association; and

xiii) Any other purposes consistent with the Association’s mission statement and strategic plan.

b)    The Association collects Personal Information about Users to:

i)     Process Authorized User and Administrative Users applications;

ii)    Provide Users with access to and use of the MLS® System and all ancillary services (e.g., Home Price Index, RETs feeds for websites, access to appointment facilitation software, uploads to REALTOR.ca, Market Share Report, etc.);.

c)    The Association collects Personal Information about users of its websites to:

i)     Respond to your questions and comments;

ii)    For security purposes, such as the prevention, investigation, or disruption of potentially prohibited or illegal activities; and

iii)   Enforce the website terms of use.

2.    Consent

a)    The Association may imply consent to collect, use, and disclose your Personal Information where the Personal Information is not sensitive and where it can be reasonably assumed that you would expect the information to be disclosed in this fashion (e.g., the collection of Personal Information through cookies as result of your use of the Association’s websites).

b)    The Association will obtain express consent to collect, use, and disclose your Personal Information if the Personal Information is more sensitive.

b)    If you provide personal information to the Association, you consent to its collection, use, and disclosure in accordance with this policy.

c)    If the Association is going to use your Personal Information for a new purpose other than what is currently set out in this policy, then the Association will obtain consent from you.

d)    If you have provided your Personal Information to a member of the Association who entered it into the MLS® System then you consented to the collection, use, and disclosure of that Personal Information through the forms you signed with the member.

e)    Consent to the collection and certain uses of the information may be refused or withdrawn by you subject to legal or contractual requirements. In the event you withdraw consent the Association may not be able to offer certain information or services to you.

3.    Retention

a)    The Association retains Personal Information as long as is necessary to fulfill the purpose for which it was collected.

b)    The Association has a Document Retention Policy consistent with the nature and need for the information and legislative requirements.

4.    Disclosure

a)       The Association may also disclose Personal Information of members to third parties, such as CREA, OREA, lawyers, consultants, or others who work with the Association to collect and analyze information from members, to improve the products and services offered by the Association, or to provide products and services to members. Some of these third parties may send information to or contact the member.

b)    The Association may be permitted or required by law to disclose Personal Information without consent in certain circumstances including, but not limited to:

i)     Where the information was public;

ii)    Where required by law;

iii)   Where it is necessary to protect the rights of an identifiable person or group;

iv)   Other circumstances recognized by privacy legislation as permitting disclosure without consent.

c)    The Association reserves the right to report to law enforcement agencies any uses of the Association’s websites and Users of the MLS® System that it, in good faith, believes to be unlawful.

d)    You agree that the Association may release your Personal Information to law enforcement agencies where the Association has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property and safety of the Association or any person.

III.       Storage and Protection of Personal Information 

1.    Protecting Information

a)    The Association protects Personal Information in a manner commensurate with its sensitivity, value, and criticality.

b)    This policy applies regardless of the media on which information is stored, the locations where the information is stored, the systems used to process the information, or the processes by which information is handled.

c)    The Association uses physical, organizational, and technological measures to protect Personal Information.  All Association staff have computer passwords, which are confidential and not shared with any unauthorized persons.

2.    Storage

a)    The Association products and websites may include links to third party websites and the Association may provide Personal Information to third party companies that provide ancillary services to Users. Before using those third party websites or services, you should carefully examine their privacy policies because any personal information that you choose to provide to them will be subject to their privacy policies.

b)    The Association uses third party service providers who store information in the Cloud. Some of these service providers, and the databases where they store Personal Information, are located outside of Canada. You should note that where Personal Information is located outside of Canada, it is subject to the laws of that jurisdiction in which it is located, and could be subject to lawful demands for access by law enforcement agencies.

c)    While the Association puts in place reasonable precautions to protect Personal Information, we cannot guarantee at all times the security of the information. No method of transmitting or storing data is completely secure, particularly with regard to Internet applications.

IV.       Accuracy and Access to Personal Information 

1.    Access to Personal Information

a)    Individuals may request access to any Personal Information about themselves retained in Association records.

b)    All access requests must be in writing, directed to the Association’s Privacy Officer, and accompanied by appropriate identification satisfactory to the Association.

c)    The Association has the right prior to responding to any access requests, to take whatever steps it deems necessary to confirm the identity of the individual making the request.

d)    The Association has the right to decline to provide access to Personal Information in a number of circumstances, including where the information:

i)     Is subject to solicitor-client privilege;

ii)    Could interfere with law enforcement, investigative, or regulatory functions;

iii)   Would disclose of Personal Information of another individual;

iv)   Would cause serious harm to another individual;

v)    Is confidential business information that may harm the Association or the competitive position of a third party;

vi)   Any other circumstances recognized by the privacy legislation.

e)    Where the information cannot be disclosed, the individual making the request will be provided with the reasons for non-disclosure.

f)     The Association will endeavour to provide any applicable information within 30 days of the date of the request and may charge an administrative fee for providing the information, where reasonable and allowed by law.

2.    Accuracy of Personal Information

a)    The Association attempts to ensure the Personal Information under its control is as accurate, complete, current and relevant as is necessary for its identified purpose.

b)    Where an individual believes that the Personal Information in the Association’s files is inaccurate, they may request the Association to append the record with alternative information, where the Association is of the view that the appended information is, in fact, correct.

V.        Compliance 

1.    Risk of Misuse

a)    There is a risk that your Personal Information may be misused by the third parties that we provide Personal Information to.  Most of the Personal Information in the MLS® System is also found in public records, but we still require all third parties to comply with PIPEDA.

2.    Complaints

a)    Any complaints from an individual concerning the collection, use, or disclosure of their Personal Information or concerning the individual’s ability to access their Personal Information must be referred to the Association Privacy Officer who will attempt to resolve the complaint to the individual’s satisfaction.

b)    In the event the complaint cannot be resolved internally to the individual’s satisfaction, he or she will be advised of where to direct the complaint.