Dear Minto Customer,
The Minto Group (“Minto”) is committed to protecting the privacy and security of personal information under its control about its property tenants, buyers, prospective tenants/buyers, website visitors and others whose personal information may be collected by Minto.
In an effort to maintain appropriate standards of care in managing personal information, Minto commits to the following ten principles, as outlined in the Canadian Standards Association’s Model Code for the Protection of Personal Information (CAN/CSA-Q830-96) and that comply with provincial and federal legislation:
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure and Retention
- Individual Access
- Challenging Compliance
This Policy is subject to change due to changes in organizational practices or legal and regulatory requirements. We encourage you to periodically check our website for updates to this Policy.
Definition of Personal Information
“Personal information” is any information about an identifiable individual, other than an individual’s business contact information that is used to communicate with the individual in relation to their business, employment or profession. Thus, personal information includes, but is not limited to, your name, contact information, date of birth, credit card details or other financial information, hours of availability, schedule, personal preferences, family size, income, employment details, opinions, purchase patterns and other demographics that help Minto service your specific needs.
Personal information does not include anonymous or aggregated information that cannot be tracked back to you personally. For example, we may use aggregate data to improve the quality and efficiency of our products and services, and to enhance our marketing efforts.
Principle 1: Accountability
Minto accepts full responsibility for the personal information under our control. To that end, we have established internal procedures to comply with this Policy and have designated a Privacy Officer to be accountable for compliance with the following principles.
1.1 Responsibility for ensuring compliance with the provisions inherent in this Policy rests with Minto’s Privacy Officer. The Privacy Officer may delegate responsibilities to one or more employees to oversee privacy compliance.
1.2 Minto shall use contractual and other commercially reasonable means to ensure that any third parties with access to personal information entrusted to Minto provide a comparable level of protection while such information is being processed by them.
1.3 To give effect to the principles of privacy, in addition to developing this Policy, Minto has:
- Developed and implemented practices to protect personal information;
- Established procedures to receive and respond to privacy inquiries or complaints, as well as manage privacy breaches; and
- Established a privacy training program for Minto staff that highlights personal information protection responsibilities.
Principle 2: Identifying Purposes
Minto collects personal information for specific purposes and identifies these purposes at or before the time the information is collected.
2.1 Personal information is collected for purposes such as the following:
- To understand the needs of individuals and respond to requests for information, products or services;
- To verify an individual’s identity;
- To complete a business transaction such as a the lease of a property, rental of a suite or purchase or sale of a property;
- To provide appropriate levels of service following completion of a transaction, such as repairs, maintenance/correction of deficiencies, warranty coverage, and the provision of telecommunications, utility and similar services;
- To establish relationships, provide support, as well as communicate about Minto project updates, service developments or other Minto news;
- To conduct customer satisfaction surveys;
- To facilitate financing or approval of an application, or process financial transactions;
- To provide safety and security services; and
- To meet legal or regulatory requirements imposed upon Minto from time to time.
2.2 Unless otherwise permitted or required by law, Minto shall make reasonable efforts to only collect and use personal information that is necessary for the purposes identified in section 2.1.
2.3 Upon request, representatives of Minto collecting personal information shall explain the purposes for which such information will be used, or refer the individual to another Minto representative who can explain the purposes.
CLICK HERE to learn about our Website Practices.
Principle 3: Consent
Minto obtains informed consent for the collection, use or disclosure of personal information, except where inappropriate.
3.1 Unless otherwise permitted or required by law, Minto shall not use or disclose personal information for any new purpose that is not outlined in section 2.1 without first identifying and documenting the new purpose and obtaining the express consent of the individual.
3.2 Consent can be obtained in person, by phone, by mail, or via the Internet. Consent is only implied or assumed if the collection, use or disclosure of personal information is obvious based on the individual’s actions or inactions, and the personal information is non-sensitive in nature and context.
3.3 Minto will only require individuals to consent to the collection, use or disclosure of personal information as a condition to the supply of a product or service if such collection, use or disclosure is required to fulfill the identified purposes.
3.5 If you provide Minto or its service providers with personal information about another person, it is your responsibility to obtain consent from such person to enable us to collect, use and disclose such information for the purposes set forth in this Policy.
3.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. For example, you are always given the ability to opt-out of receiving promotional electronic messages from Minto by using the available “unsubscribe” link. Minto will inform customers of the implications of withdrawing consent, as we may be limited or unable to provide information, products or services as a result.
Principle 4: Limiting Collection
Minto limits the collection of personal information to that which is necessary for purposes identified by Minto. Personal information is collected by fair and lawful means.
4.1 Every Minto department or business unit is responsible for ensuring that all information collected is limited, both in amount and type, to what is needed to fulfill the identified purposes.
4.2 For the most part, personal information is collected directly from the individual who it is about, for example through applications and supporting documentation provided.
4.3 Only with the authorization of the individual or where permitted or required by law, Minto may also collect personal information from references, financial institutions, credit reporting agencies or other third parties.
Principle 5: Limiting Use, Disclosure and Retention
Minto does not use or disclose personal information for purposes other than those for which it is collected (as outlined in section 2.1), except with the consent of the individual or as required by law. Minto retains personal information only as long as necessary for the fulfillment of those purposes, or as required by law.
5.1 There are circumstances where a disclosure without consent is justified or permitted, for example in the context of a legal investigation or a request from law enforcement or other governmental authorities, or where Minto believes, upon reasonable grounds, that the disclosure is necessary to protect the rights or safety of an identifiable person or group.
5.2 Also, note that your information may be shared with service providers who assist us in establishing, managing or maintaining our relationship with you. These organizations, such as telecommunication and utility providers, banking institutions and credit agencies, as well as trades and contractors and warranty providers who perform various functions to provide or assist in the delivery of service, commit to safeguarding your personal information.
5.3 Note that your personal information may be transferred to a foreign jurisdiction to be processed or stored by Minto or its service providers, including data hosting providers. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
5.4 Minto does not and will never sell any personal information to third parties for marketing or any other commercial purposes.
5.5 Personal information may be shared within the entities comprising Minto for internal audit, management, billing, promotional or administrative purposes including defending and bringing legal actions.
5.6 Minto retains personal information only as long as it is deemed necessary, to fulfill the purposes identified in section 2.1 or as required by law. Minto has established departmental retention timelines for staff to follow and also periodically reviews Minto’s retention needs. The retention period may extend beyond your relationship with us.
5.7 Personal information no longer necessary or relevant for the identified purposes or no longer required to be retained by law, shall be securely destroyed, erased or made anonymous.
Principle 6: Accuracy
Minto makes reasonable efforts to keep personal information as accurate, complete and up-to-date as is necessary to fulfil the purposes for which the information is to be used.
6.1 Minto relies upon the individuals who provide us with their personal information to ensure its accuracy and completeness.
6.2 Minto has established internal procedures to preserve the integrity of the personal information received by individuals in accordance with reasonable commercial standards.
6.3 Minto shall update personal information about customers as and when necessary to fulfill the identified purposes, or upon notification by the individual.
Principle 7: Safeguards
Minto protects personal information with security safeguards appropriate to the sensitivity of the information.
7.1 With the use of appropriate security measures, Minto protects personal information against a variety of risks, such as loss, theft, unauthorized access, unauthorized disclosure, unauthorized copying, unauthorized use, unauthorized modification or unauthorized destruction of such information.
7.2 Safeguards involve physical, organizational and technical measures including but not limited to:
- Security card access to premises;
- Restriction of employee access to files on a “need to know” basis;
- Confidentiality undertakings by all employees;
- Locking up personal information as necessary, such that it is not left unattended in plain view;
- Firewalls, anti-malware detection software, strong passwords and software solutions for technical security (including ensuring that information is only collected on Minto websites via a secure, 128-bit encrypted Secure Socket Layer session); and
- Regular reviews of privacy compliance initiatives.
7.3 All of Minto’s employees with access to personal information shall be required, as a condition of employment, to safeguard personal information viewed or handled by the employee. Employees sign confidentiality agreements and must complete privacy awareness training.
Principle 8: Openness
Minto makes readily available specific information about its personal information management policies and practices to individuals upon request.
8.1 This information includes:
- a) the name, title and address of the Privacy Officer to whom inquiries or complaints can be forwarded;
- b) the means of gaining access to personal information held by Minto;
- c) a description of the type of personal information held by Minto, including a general account of its use and disclosure; and
- d) a copy of this policy or other information that explains Minto’s information handling practices.
8.2. Minto makes information available to help individuals exercise choices regarding the use and disclosure of their personal information upon request. Minto staff are able to answer inquiries about our information handling practices and appropriately refer unanswered questions or privacy complaints to Minto’s Privacy Officer.
Principle 9: Individual Access
Minto informs individuals of the existence, use and disclosure of his or her personal information upon request, and gives the individual access to that information. Individuals are given the opportunity to challenge the accuracy and completeness of their information and have it amended as appropriate.
9.1 Upon written request, Minto will afford customers a reasonable opportunity to review their personal information as contained in Minto’s files, whether in electronic or in paper form. The written request must provide sufficient detail so that Minto can properly and efficiently locate the records requested.
9.2. Upon request, Minto will provide an account of the use and disclosure of the individual’s personal information and, where reasonably possible, will state the source of the information.
9.3 In order to safeguard and prevent fraudulent access to personal information, we may take steps to verify the identity of an individual, or their legally authorized representative, before granting them with access to their file.
9.4 Minto will respond to access requests in a timely manner, and in accordance with the timeframe prescribed by relevant legislation.
9.5 Individuals will be provided with any assistance required to access or understand their personal information, including clarifying exactly what personal information they are looking for or receiving in response to their access request.
9.6 Depending on the amount of information requested, there may be a nominal fee charged to cover any costs associated with responding to the request. Minto will inform the individual of any such fees prior to fulfilling the access request.
9.7 Minto shall promptly correct or complete any personal information that is successfully demonstrated by the individual, or their legally authorized representative, to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Minto shall transmit to third parties having access to the personal information in question, any amended information or information regarding the existence of any unresolved differences.
9.8 An individual's right to access or correct personal information is subject to applicable legal restrictions. If Minto does not have custody of the personal information requested or must decline to provide an individual with access to their personal information for legal, regulatory or other reasons, an explanation will be provided when permitted.
Principle 10: Challenging Compliance
10.1 Minto has procedures in place to receive, investigate, respond to and track concerns or complaints about Minto’s management of personal information.
10.2 Upon conclusion of a complaint investigation, the Privacy Officer will inform the complainant of:
- a) the results of the investigation; and
- b) any appropriate remedy or corrective action Minto will undertake to address the complaint, including if necessary, amending Minto’s policies and procedures.
10.3 Note that Minto is located in Canada for which the European Commission has made a positive finding of adequacy. Personal information about an EU resident may be stored on a Minto server provided that Minto complies with the General Data Protection Regulation (EU 2016/679). Minto has taken necessary GDPR compliance steps as a data controller.
Our websites may automatically record some general information about your visit in order for Minto to engage in web statistical analysis using Google Analytics and other web analytics services. We want to make sure our sites are useful to visitors, and ensure we engage in targeted advertising responsibly, such that customers receive information that is relevant to their needs and interests. User information gathered may include the:
- Internet domain for your Internet service provider, such as “company.com” or “service.ca” and the IP address of the computer you are using to access Minto’s website;
- Type of browser you are using, such as Internet Explorer, Firefox or Chrome;
- Type of device used to access our websites;
- Type of operating system you are using such as Windows or Macintosh;
- Date and time of the visit to our site, the pages of our site that were visited, and the address of the previous website you were visiting if you linked to us from another website; and
- Age category, gender, and affinity interests as determined by demographic and interest reports available through web analytics.
Data collected for web analytics purposes may be processed in any country where the web analytics organization used by Minto operates servers, and thus may be subject to the governing legislation of that country.
We also use "cookies" that identify you as a return visitor and which can help us tailor information to suit your individual preferences. A cookie is a small text file that a website can send to your browser, which may then store the cookie on your hard drive. The goal is to save you time next time you visit, provide you with a more meaningful visit, and measure website activity. Cookies in and of themselves cannot be used to reveal your identity. Many browsers, however, allow you to disable cookie collection if you wish, or inform you when a cookie is being stored on your hard drive.
OTHER IMPORTANT NOTES REGARDING OUR WEB PRACTICES
Minto provides links to other websites which we believe may be of interest to you. We are not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of each and every website that requests personal information from you.
THIRD PARTY SOCIAL MEDIA
Minto’s use of social media serves as an extension of its presence on the Internet. Social media account(s) are public and are not hosted on Minto’s servers. Users who choose to interact with Minto via social media should read the terms of service and privacy policies of these third-party service providers and those of any applications used to access them.
We may offer you the opportunity to engage with our content through third party social networking websites and applications. When you engage with our content this way, you may allow us to have access to certain information associated with your social media account (e.g. name, username, e-mail address, picture) to deliver the content or as part of the website or application. We may use this information to confirm your identity and to personalize your experience.
SPECIAL NOTE FOR PARENTS
Minto takes seriously its obligations under the Children’s Online Privacy Protection Act concerning the collection of personal information from individuals under the age of thirteen (13). Minto websites are not directed at children, and we request that children under the age of 13 not provide personal information through our sites.
No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us through or in connection with Minto websites. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem in order for Minto to resolve the issue in a timely manner. Also keep in mind that e-mail is not a secure form of communication so never send sensitive personal information to us via e-mail.
Privacy Officer Contact Information:
If you have any questions about this policy, Minto’s privacy practices, or would like to access your personal information, please contact:
The Minto Group
200-180 Kent Street
Ottawa, ON, Canada
* NOTE: We cannot guarantee the security of e-mail communications over the Internet.
REVISIONS TO THIS POLICY