I. General Sections
a) This policy relates to the collection, use, and disclosure of personal information by ITSO.
b) This policy applies to Member Associations, to all Users of the ITSO MLS® System, to buyers and sellers whose personal information is in the ITSO MLS® System, and to all users of ITSO websites.
a) “Arbitration Policy” means the policy followed by ITSO to resolve commission or fee disputes.
b) “Member Association” means all Associations participating in ITSO, which have entered into the MLS® Services Agreement.
c) “MLS® System” means the cooperative selling system operated by ITSO for the purchase, sale, or lease of real estate that includes an inventory of listings of participating REALTORS® and ensures a certain level of accuracy of information, professionalism, and cooperation amongst REALTORS®.
d) “Personal Information” means any information about an identifiable individual not including:
i) The name, title, business email, business address or telephone number of an individual when collected, used and disclosed solely for the purpose of communicating or facilitating communication with the individual in relation to their employment, business or profession;
ii) Aggregated information that cannot be associated with a specific individual.
e) “PIPEDA” means the Personal Information and Protection of Electronic Documents Act.
f) “PSC Policy” means the Professional Standards Complaints Policy that ITSO follows when handling incidents alleging breaches of the ITSO Rules and unethical conduct that may breach the REALTOR® Code or the REBBA Code.
g) “User” means a REALTOR® that belongs to a Member Association or a REALTOR® that belongs to a non-Member Association but is bound by this Policy as a result of using the ITSO MLS® System and agreeing to the ITSO EULA.
3. Privacy Officer
a) The ITSO Privacy Officer is the person responsible for compliance with PIPEDA, ITSO’s Executive Director, or anyone else designation by the Executive Director, whose name and contact information shall be made available on ITSO websites.
b) The ITSO Privacy Officer responsibilities shall include:
i) Maintaining and updating this policy as needed;
ii) Ensuring third parties providing services to ITSO that involve the Personal Information comply with the requirements found in PIPEDA;
iii) Providing education to employees of ITSO on the importance of information protection;
iv) Attempting to resolve privacy complaints to the satisfaction of the complainant;
v) Responding to privacy breaches, including reporting breaches to impacted individuals, the relevant privacy commissioner(s), and any other government institution when notifying that institution may be able to reduce the harm from the breach, when necessary.
a) ITSO may amend this policy from time to time, which will take effect when posted on the ITSO websites.
II. Collection, Use, and Disclosure of Personal Information
1. Collection and Use of Personal Information
a) ITSO collects Personal Information about Users necessary to:
i) Operate the MLS® System;
ii) To provide services ancillary to the operation of the MLS® System (e.g., Home Price Index, RETs feeds for websites, access to Showing Time, BrokerBay, uploads to REALTOR.ca, Market Share Report, etc.);
iii) To enforce the terms of the End User License Agreement (EULA) that all Users enter into to access the MLS® System;
iv) Enforce the PSC and Arbitration policies and compliance with ITSO’s By-Laws and policies in general;
v) Provide support, counsel, and representation to Member Associations;
vi) Monitoring Users’ use of ITSO products and services so that ITSO can improve the products and services it offers;
vii) Meeting any legal or regulatory requirements;
viii) Minimizing and investigating any breach of law or contract;
ix) Generally effectively administer ITSO; and
x) Any other purposes consistent with ITSO’s mission statement and strategic plan.
b) ITSO collects Personal Information about buyers, sellers, and properties provided to ITSO by Users in the course of the operation of the MLS® System.
c) ITSO collects Personal Information about users of its websites to:
i) Respond to your questions and comments;
ii) For security purposes, such as the prevention, investigation, or disruption of potentially prohibited or illegal activities;
iii) Use Google Analytics, a web and mobile analytics tracking tool provided by Google, for audience activity, demographics reporting, and remarketing (users can opt-out of Google Analytics by installing a browser plug-in available on Google’s website - you can find more information here: https://policies.google.com/privacy?hl=en-US); and
a) ITSO may imply consent to collect, use, and disclose your Personal Information where the Personal Information is not sensitive and where it can be reasonably assumed that you would expect the information to be disclosed in this fashion (e.g., the collection of Personal Information through cookies as result of your use of ITSO websites).
b) ITSO will obtain express consent to collect, use, and disclose your Personal Information if the Personal Information is more sensitive (e.g., Personal Information collected in the course of a professional standards investigation).
c) If you provide Personal Information to ITSO, you consent to its collection, use, and disclosure in accordance with this policy.
d) If ITSO is going to use your Personal Information for a new purpose other than what is currently set out in this policy, then ITSO will obtain consent from you.
e) If you have provided your Personal Information to a User who entered it into the MLS® System then you consented to the collection, use, and disclosure of that Personal Information through the forms you signed with the User.
f) Consent to the collection and certain uses of the information may be refused or withdrawn by you subject to legal or contractual requirements. In the event you withdraw consent ITSO may not be able to offer certain information or services to you.
a) ITSO retains Personal Information as long as is necessary to fulfill the purpose for which it was collected.
b) ITSO has a Document Retention Policy consistent with the nature and need for the information and legislative requirements.
a) ITSO may also disclose Personal Information of Users to third parties, such as The Canadian Real Estate Association, Altus, lawyers, consultants, or others who work with ITSO to collect and analyze information from Users, to improve the products and services offered by ITSO or to provide products and services to Users. Some of these third parties may send information to or contact the User.
b) ITSO may be permitted or required by law to disclose Personal Information without consent in certain circumstances including, but not limited to:
i) Where the information was public;
ii) Where required by law;
iii) Where it is necessary to protect the rights of an identifiable person or group;
iv) Other circumstances recognized by privacy legislation as permitting disclosure without consent.
c) ITSO reserves the right to report to law enforcement agencies any Users of the ITSO MLS® System and users of ITSO website that ITSO, in good faith, believes to be unlawful.
d) You agree that ITSO may release your Personal Information to law enforcement agencies where
ITSO has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property and safety of ITSO or any person.
III. Storage and Protection of Personal Information
1. Protecting Information
a) ITSO protects Personal Information in a manner commensurate with its sensitivity, value, and criticality.
b) This policy applies regardless of the media on which information is stored, the locations where the information is stored, the systems used to process the information, or the processes by which information is handled.
c) If you are involved in a professional standards incident or arbitration of a commission dispute then only the ITSO staff and committee members that need to see your Personal Information to fulfil ITSO’s mandate under the PSC and Arbitrations policies will have access to it.
d) ITSO uses physical, organizational, and technological measures to protect Personal Information. All ITSO staff have computer passwords, which are confidential and not shared with any unauthorized persons.
a) ITSO products and websites may include links to third party websites and ITSO may provide Personal Information to third party companies that provide ancillary services to Users. Before using those third party websites or services, you should carefully examine their privacy policies because any personal information that you choose to provide to them will be subject to their privacy policies.
b) ITSO uses third party service providers who store information in the Cloud. Some of these service providers, and the databases where they store Personal Information, are located outside of Canada. You should note that where Personal Information is located outside of Canada, it is subject to the laws of that jurisdiction in which it is located, and could be subject to lawful demands for access by law enforcement agencies.
c) While ITSO puts in place reasonable precautions to protect Personal Information, we cannot guarantee at all times the security of the information. No method of transmitting or storing data is completely secure, particularly with regard to Internet applications.
IV. Accuracy and Access to Personal Information
1. Access to Personal Information
a) Individuals may request access to any Personal Information about themselves retained in ITSO records.
b) All access requests must be in writing, directed to ITSO’s Privacy Officer, and accompanied by appropriate identification satisfactory to ITSO.
c) ITSO has the right prior to responding to any access requests, to take whatever steps it deems necessary to confirm the identity of the individual making the request.
d) ITSO has the right to decline to provide access to Personal Information in a number of circumstances, including where the information:
i) Is subject to solicitor-client privilege;
ii) Could interfere with law enforcement, investigative, or regulatory functions;
iii) Would disclose of Personal Information of another individual;
iv) Would cause serious harm to another individual;
v) Is confidential business information that may harm ITSO or the competitive position of a third party;
vi) Any other circumstances recognized by the privacy legislation.
e) Where the information cannot be disclosed, the individual making the request will be provided with the reasons for non-disclosure.
f) ITSO will endeavour to provide any applicable information within 30 days of the date of the request and may charge an administrative fee for providing the information, where reasonable and allowed by law.
2. Accuracy of Personal Information
a) ITSO attempts to ensure the Personal Information under its control is as accurate, complete,
current and relevant as is necessary for its identified purpose.
b) Where an individual believes that the Personal Information in ITSO’s files is inaccurate, they may
request ITSO to append the record with alternative information, where ITSO is of the view that
the appended information is, in fact, correct.
1. Risk of Misuse
a) There is a risk that your Personal Information may be misused by the third parties that we provide Personal Information to. Most of the Personal Information in the ITSO MLS® System is also found in public records, but we still require all third parties to comply with PIPEDA.
a) Any complaints from an individual concerning the collection, use, or disclosure of their Personal Information or concerning the individual’s ability to access their Personal Information must be referred to the ITSO Privacy Officer using the contact information below, who will attempt to resolve the complaint to the individual’s satisfaction.
Information Technology Systems Ontario (ITSO)
Attn: Privacy Officer
b) In the event the complaint cannot be resolved internally to the individual’s satisfaction, he or she will be advised of where to direct the complaint.