Privacy and Cookies Policy
Last updated: September 25, 2023
This Policy was last updated on September 25, 2023. BCREA reserves the right to revise this Policy from time to time and, as such, you should review its terms each time that you visit our Site. We will notify you about any significant changes in the way we handle personal information by placing a prominent notice on the Site and / or by updating the privacy information on this page. Any changes to this Policy will not go into effect until at least five (5) days after they are posted or otherwise communicated to you. Your continued use of this Site or our programs and services signifies your acceptance of any changes to this Policy.
Accountability and Openness/Privacy Compliance Officer
BCREA is responsible for personal information under our control, and we are accountable to you for our collection, use, and disclosure of all personal information that you provide to us. We have established policies and procedures to safeguard any personal information that we have on file or that we collect, and to deal with complaints and inquiries. We will only collect personal information as described in this Policy.
BCREA’s CEO is designated as the association’s privacy officer (the “Privacy Compliance Officer”) and is accountable for the protection of data containing personal information and for our compliance with this Policy.
Their name shall be made available on request. The responsibilities of the Privacy Compliance Officer include:
- Establish and update information protection policies.
- Ensure policies are implemented by other associations to which data-processing functions are outsourced.
- Establish criteria for classification of information.
- Evaluate the accessibility of sensitive information and take corrective action where necessary.
- Provide education to employees on the importance of information protection.
- Attempt to resolve REALTORS®’ and guests’ privacy complaints to the satisfaction of the individuals.
- Respond to privacy breaches, including reporting breaches to impacted individuals, the relevant privacy commissioner(s), and any other government institution where notifying that institution may be able to reduce the harm from the breach, when necessary.
If you have questions or concerns regarding this Policy, our compliance with it, as well as any of our processes and procedures relating to the collection, use, and disclosure of your personal information, you may direct them in writing to the Privacy Compliance Officer at [email protected] or Suite 1425, 1075 West Georgia St., Vancouver, British Columbia, Canada V6E 3C9.
Collection of Personal Information
What Information is Collected and How?
We collect personal information only to the extent that it is necessary for the purposes set out below (see: Purpose – Why We Collect, Use, and Disclose Information). In most cases, we will collect personal information directly from you when you visit the Site, participate in our events, or otherwise interact with us regarding the programs and services that we offer. We encourage you not to provide us with any personal information beyond what is required or requested by us for the purposes we have described below. Personal information will always be collected using means that are transparent, fair, and lawful.
A. Direct Collection
Examples of personal information that we may collect, use, and disclose include your name, brokerage name, REALTOR® ID Number, years of experience, title, professional qualifications, member board, email address, physical location, payment information, address, and telephone number. This information will only be collected when you voluntarily provide it to us.
Do not provide any personal information about a consumer or other third-party (“Third-Party Personal Information”) unless you have permission to do so. If you provide us with Third-Party Personal Information, you are wholly responsible for ensuring that the information has been collected, used, and disclosed only as permitted under applicable law, including the British Columbia Personal Information Protection Act and other applicable privacy legislation. Without limitation, you must ensure that all required consents have been obtained and provide proof of such consents to BCREA upon request. Further, you must advise BCREA in writing of any limits or restrictions on the use of any personal information that you disclose to us.
If you provide comments or other feedback to us regarding our programs or services, such comments or other feedback become the property of BCREA and we may use, disclose, and share them for any purpose provided that we do not associate them with your personal information without your express consent.
B. Collection from Third Parties
BCREA may collect your personal information from third parties, such as CREA, member boards, and other industry organizations. However, we will not collect your personal information from a third-party unless we receive assurance that you have consented, or unless we are required or permitted to do so by applicable law. Any personal information collected from a third-party will be used only for the purposes for which it was collected.
C. Information Collected Through Automated Means
Users may visit the Site without telling us who they are or revealing any information about themselves. However, like many organizations’ websites, our web server automatically logs certain information related to a user’s visit to the Site, including the Internet Protocol (IP) address of the user’s computer, the user’s Internet service provider (ISP), the type and version of the browser that the user is using, the date and time the user accessed the Site, the Internet address of the website from which the user linked directly to the Site, the operating system that the user is using, and the pages of the Site that the user has visited. Unless required or permitted by law, we will not attempt to link this information with the identity of individuals visiting our Site unless we have consent to do so. We may, however, review server logs and traffic for system administration and security purposes, for example, to detect intrusions into our network, for planning and improving our website and programs, and to monitor and compile statistics about website usage. The possibility therefore exists that server log data, which contains users’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, we may share raw data logs with the appropriate authorities for the purpose of investigating security breaches.
- to personalize your online experience by delivering personalized content to you;
- to save you time and facilitate browsing, by recalling your specific information and preferences on subsequent visits to the Site;
- to determine and authenticate your access privileges on our Site;
- to complete and support a current activity;
- to track website usage;
- to implement security features;
- for advertising purposes, to offer you relevant opportunities and other targeted content that may be of interest to you; and
- to generally improve your online user experience.
Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. The management of cookies varies for each browser, and you should consult your browser’s user documentation for instructions on how to modify your cookie preferences. If you decline cookies, you may still be able to use the Site but your ability to access certain pages, features, and functions may be affected.
Your browser or device may include “Do Not Track” functionality. “Do Not Track” is a concept that has been promoted by regulatory agencies such as the US Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites by using browser settings. The World Wide Web Consortium (W3C) has been working with industry groups, Internet browser developers, technology companies, and regulators to develop a standard for “Do Not Track” technology. No standard has been adopted to date. At this time, BCREA does not generally respond to browser “Do Not Track” signals.
Consent for the collection, use, or disclosure of personal information may be express or implied. Typically, where we rely on consent to process personal information that you have provided to us, we will seek your consent at the time of collection, and efforts will be made to ensure that you understand the purpose(s) for which the information will be used or disclosed. You are solely responsible for obtaining all necessary consents for the collection, use, and disclosure of any Third-Party Personal Information that you provide to us.
In certain circumstances, we might seek your consent regarding use or disclosure after the information has been collected, but before use, such as when BCREA wishes to use personal information already in its possession for a purpose that was not previously identified.
BCREA will post conspicuous signage at events where photographs will be taken. BCREA assumes the implicit consent of individuals in photographs taken at BCREA events to use the photographs in BCREA communications. If you do not agree to having your photograph taken, please advise the photographer.
Part of providing meaningful consent is understanding the risk of harm and other consequences of the disclosure of personal information. While we endeavour to continually use best practices to minimize the risk of harm (See: Safeguards – How Personal Information is Protected, below), technology is constantly evolving, and no safeguards can be guaranteed to be failsafe or to provide absolute protection against malfeasors.
Withdrawal of Consent
You may always choose not to disclose personal information. Also, when we are already using personal information on the basis of your consent, you may withdraw or change your consent at any time. To withdraw or change your consent to our use of your personal information, please send your request in writing, along with details of the use of your information that you wish to change or withdraw your consent for, to the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer).
In some circumstances, particularly where our use of any personal information that you have provided to us is integral to the provision of our services or your participation in our programs, your refusal or inability to provide consent, or a change, or withdrawal of consent, may adversely affect your interactions with us and/or our ability to provide you with information, programs, or services.
You must advise us promptly, in writing, of any withdrawal or change in consent for the use of any Third-Party Personal Information that you have provided to us.
Purpose – Why We Collect, Use, and Disclose Information
We will not collect personal information that is not necessary and, except as specified below, will not use, or disclose personal information for any purpose other than the purpose(s) for which it was collected, without first obtaining your consent. The information that we collect is used and disclosed only for business purposes related to BCREA. These include:
- to create a user account for you, and to verify and authenticate your identity;
- to operate and maintain the Site, and to respond to your requests, questions and concerns;
- to process payments;
- to make our programs and services available to you, and generally to perform our obligations and exercise our rights arising from any contract between you and us;
- to allow you to access and participate in educational programs and webinars, and to create and enhance online educational resources for use by our members and guests;
- to support our advertising and marketing activities;
- to determine content that may be appealing to our users;
- to enable your participation in committees and industry organizations;
- to provide you with personalized content, and to maximize our ability to provide you with courses, services, information, and other resources that are useful and relevant to you;
- to obtain feedback regarding our programs and services, which may include inviting you by email to write a review of our Site and our programs. This allows us to continually improve the services and resources that we offer;
- to target and measure the performance of ads to users;
- to offer and manage contests, conferences, and other promotional activities;
- to verify that any information submitted by you is accurate and complete;
- to generally communicate with you for reasons related to our association, such as to provide you with announcements, updates, alerts, confirmations, corrections, and surveys;
- to create a record of your involvement with us;
- for legal purposes, which may include the handling and resolution of claims and legal disputes, or for regulatory investigations and compliance;
- to detect and prevent error, fraud, theft, and other illegal or unwanted activities;
- for internal business purposes, including data analysis, to administer or improve our services, perform market research, enhance the user experience, and improve the functionality and quality of our Site and online resources;
- to comply with any legal, accounting, and regulatory requirements, including reporting requirements; and
- for any other reasonable purpose for which you provide consent, or for which consent may be implied in accordance with this Policy and applicable law.
Where personal information that has been collected is to be used for a purpose not previously identified, we will notify you of the new purpose and, where necessary, obtain your consent, prior to the use of that information for the new purpose unless otherwise permitted by law.
Commercial Electronic Messages
BCREA complies with Canadian “anti-spam” legislation and will only send electronic communications as permitted by law. You are liable for ensuring that all necessary consents to receive electronic communications have been obtained from any third-party whose Third-Party Personal Information you have provided to us, and to promptly advise us in writing if any consents to receive electronic communications have been withdrawn. Note that recipients of electronic communications may always unsubscribe from our electronic communications by following the “unsubscribe” link clearly included in each communication, or by notifying the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer). We will promptly comply with all unsubscribe requests.
Disclosure to Third Parties
BCREA may share your personal information, as well as any Third-Party Personal Information that you provide to us, with its employees, contractors, and affiliates for the purposes contemplated by this Policy, provided that such persons agree to use the information only in accordance with this Policy. Except as specifically provided in this Policy or as permitted by law, personal information will not be shared with unrelated third parties unless we provide you with both prior notice and choice. BCREA does not share, sell, rent, or lease user information to third parties.
From time to time, BCREA may disclose personal information to third-party subcontractors, service providers, and real estate developers (“Processors”) in connection with the operation of our association and the provision of our programs and services. Third-party Processors to which we may disclose personal information may include payment processors, analytical support services, web hosts, and parties that we engage to send out surveys, resources, or other materials. Given the nature of cloud services, personal information may be stored outside Canada, anywhere in the world, and may be accessible to foreign courts, law enforcement, and national security authorities in the jurisdiction(s) where it is transferred or stored.
BCREA has contracts in place with our Processors to ensure that any personal information that you disclose to us is kept safe, secure, confidential, and in line with this Policy and applicable laws. In all cases, we will provide the Processors only with the information needed to perform the subcontracted service or pursue a real estate opportunity. We may change or add Processors at any time, at our discretion. Details regarding the personal information that we make available to our third-party Processors, and how it is used, are available by contacting the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer). Any request made by you to correct, change, or erase personal information will be promptly communicated to any third-party Processors in possession of that information (see: Individual Access/Accuracy/Erasure).
We may collect, use, or disclose personal information without your knowledge or consent where we are permitted or required to do so by applicable law, government request, request of a law enforcement agency, search warrant, subpoena, or court order, or based upon our good faith belief that it is necessary to do so in order to comply with such law, request, warrant, subpoena, or court order, or to enforce our rights, or to protect our assets, the users of the Site, or the public.
Retention of Personal Information
Subject to any legal or accounting requirements, we will retain personal information only as long as necessary to fulfill the purposes for which it was collected. Personal information that is no longer required will be destroyed, erased, or made anonymous, although copies of deleted information may continue to exist on back-up media. In certain circumstances, you may request the erasure of your personal information or any Third-Party Personal Information that you have provided to us, which we will endeavour to do without undue delay as required by applicable law. Written requests should be sent to the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer). We use reasonable industry practices to ensure we have adequate controls, schedules, and practices for information and records retention and destruction which apply to personal information.
Safeguards – How Personal Information is Protected
We have implemented physical, organizational, contractual, and technological security measures to protect personal information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal information, with the highest level of protection given to the most sensitive information. Our data systems use user IDs, passwords, multifactor authentication, and encryption technology. Paper files containing personal information are centralized and kept in locked filing cabinets and are shredded when no longer required. We store data on remote servers hosted by reputable companies. Staff and contractors who have access to personal information are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. Any credit card information that you submit will not be stored on our servers but rather will be sent to a PCI Level 1-compliant payment processor for storage. Personal information that is transmitted to other sites is protected through the use of encryption, such as Secure Sockets Layer (SSL) protocol. When destroying personal information, we delete electronically stored personal information and shred any physical materials containing personal information. While we will endeavour to destroy all copies of personal information, you acknowledge that deleted information may continue to exist on back-up media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal information may involve the transmission of data on an international basis and across networks not owned and/or controlled by BCREA. Accordingly, we cannot guarantee that personal information will not be lost, or that it will not be altered, intercepted, or stored by an unauthorized third party.
In the event of a security breach concerning personal information, we will endeavour to notify affected individuals promptly upon discovering the breach, as required by applicable law. In any event, if a breach is likely to affect the rights and freedoms of the affected individual, we will ensure that the notification is made without undue delay.
We will endeavour to ensure that personal information contained in our records, or which is disclosed to third parties for the purposes described above will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is used. You may request access to the personal information that we hold about you by submitting a written request to the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer). Including “Request for Information” in the subject line will assist us in processing your request. We will inform you of your personal information held by us and provide an account of the use that has been made of the information, as well as identify any third parties to whom we have disclosed the information. In some instances, you may also be entitled to receive a copy of your personal information in a structured, commonly used, machine-readable format (or request that this be transferred to a third party when technically possible). In certain circumstances, BCREA may not be able to provide you with access to all or some of your personal information, in which case you will be advised in writing of the reasons for our inability to provide you with the information.
You also have the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect. If you demonstrate the inaccuracy or incompleteness of your personal information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data or if your personal information changes. You must also promptly notify us of any changes or corrections to the Third-Party Personal Information that you have disclosed to us. All notices and requests regarding inaccuracies or changes should be in writing and sent to the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer).
In certain circumstances, you have the right to require that we erase, limit, and/or cease processing your personal information. All notices and requests asking us to erase, limit, or stop processing your personal information should be in writing and sent to the Privacy Compliance Officer at the address set out above (see: Accountability and Openness/Privacy Compliance Officer).
Links to other Websites
To the extent the Site contains links to other websites, the owners of those websites are responsible for the privacy practices and content for their sites. If you click on those links, you will leave the BCREA website, and third parties may collect personal information from you or your electronic devices. The accessing and use of any third-party websites is at your own risk. BCREA does not provide or endorse any information, goods, or services available through third-party websites, and we cannot assume responsibility for the privacy practices, policies, or actions of the third parties who operate those websites. This Policy applies only to the BCREA website, and we encourage you to review the privacy policies contained on each Internet site that you access.
International Transfer and Storage of Information
BCREA is based in British Columbia, Canada. However, personal information may be hosted, transmitted, transferred, processed, backed-up, and/or stored outside of Canada, including in the United States. In particular, the Processors to which we disclose your personal information (see: Disclosure to Third Parties) may use and store that information at their facilities outside of Canada. We will use reasonable means to ensure that your information is protected, including written agreements with our third-party Processors, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of Canada, or that your personal information will not be accessible to foreign courts, law enforcement, or national security authorities in the jurisdiction(s) where it is transferred or stored.
The Site and our programs are intended solely for users who are not minors (19 years of age or older). BCREA will never knowingly collect personal information from minors. If we are advised or otherwise discover that personal information has been collected from a minor without the express consent of a parent or guardian, we will take all commercially reasonable steps to delete that information.
Compliance and Governing Law
Inquiries, requests, and complaints regarding our compliance with this Policy should be directed to the Privacy Compliance Officer at address listed above (see: Accountability and Openness/Privacy Compliance Officer).
Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual.
The Site is operated from Vancouver, British Columbia, Canada. Except as required by applicable privacy laws, your use of the Site, this Policy, and the protection of your personal information will be governed exclusively by the applicable laws of the Province of British Columbia and of Canada. Additional rights may apply to users in other jurisdictions as required by applicable law.