The privacy of one’s personal information is vital to DTZ providing its clients with quality service within the commercial real estate brokerage and related services industry. DTZ understands the importance of protecting one’s personal information. DTZ has established a Client Privacy Code to ensure that one’s personal information is protected and that all of DTZ’s practices and procedures are compliant with relevant data protection law. The objective of DTZ’s Client Privacy Code is to promote and ensure the responsible and transparent management of one’s personal information.
DTZ believes that its practices and procedures are fully compliant with Canada’s Personal Information Protection and Electronic Documents Act (the Act). DTZ’s Client Privacy Code corresponds to the 10 principles of the Canadian Standards Association’s ‘Model Code’.
DTZ’s Client Privacy Code applies to the collection, storage, use, disclosure, protection and accuracy of personal information collected and controlled by DTZ. The Client Privacy Code also applies to all personal information in DTZ’s databases utilized by DTZ’s employees.
DTZ will continue to review and update its Client Privacy Code to ensure it remains relevant and current in the face of changing technologies and law.
DTZ invites any questions that one may have about personal information and DTZ’s Client Privacy Code to DTZ’s Privacy Officer.
All employees of DTZ who have a need to know one’s personal information are aware of the sensitive nature of the information that one has disclosed to DTZ to be used for specific purposes.
For the purpose of DTZ’s Client Privacy Code, a client’s ‘personal information’ consists of any information, recorded in any form, about
an individual person who uses, or applies to use, the services of DTZ; about an individual who is solicited by DTZ; and about an individual who is a party to a transaction involving DTZ. Personal information includes an individual’s name, address, birth date, gender, marital status and financial information.
Personal information does not include (i) information pertaining to an organization as distinct from an individual person; (ii) information provided by an individual in the capacity as an employee of an organization; (iii) an individual’s name, address, telephone number or e-mail address which is listed on a public directory or is available through directory assistance, and (iv) other information about a client that is publicly available and is specified by regulations under the Act, including personal information that appears in a publication that is available to the public, where the individual has provided the information, such as information contained on an individual’s business card, etc.
THE PRINCIPLES OF DTZ BARNICKE’S CLIENT PRIVACY CODE
Principle 1 – Accountability
DTZ is responsible for personal information in its possession or under its control, including information that has been transferred to a third party for processing. DTZ will use contractual or other means to provide a comparable level of protection when the information is being processed by a third party.
DTZ is committed to the implementation of policies and practices to give effect to DTZ’s Privacy Code, including:
- establishing policies and practices to receive and respond to inquiries or complaints;
- training and communicating to staff about DTZ’s privacy policies and practices; and
- developing public information to explain DTZ’s privacy policies and practices.
Principle 2 – Identifying Purposes for the Collection of Personal Information
DTZ identifies and documents the purposes for which DTZ collects personal information at or before the time such information is collected. Upon request by the individual to whom the personal information pertains, the DTZ representative collecting the personal information shall explain these identified purposes or refer the individual to a designated person within DTZ, who shall explain the purposes.
The purposes for collecting personal information will be limited to those that are related to DTZ’s business and which a reasonable person would consider are appropriate in the circumstances.
DTZ collects personal information concerning DTZ’s clients and prospective clients for the following purposes:
- To identify and to ensure continuous high quality service.
- To understand client needs and preferences.
- To assess real estate requirements and respective needs.
- To provide professional commercial real estate services.
- To advise clients of real estate options.
- To establish and maintain communication between DTZ and its clients.
- To meet legal and regulatory requirements.
- For quality control and research by DTZ.
- Where a DTZ employee, in the course of providing his/her services, is required to collect information about the client from other persons (e.g., from previous brokers or salespersons for the client).
- Where a DTZ employee, in the course of providing his/her services, is required to collect information to be shared with others who are also advising or providing services to the client (i.e. office-to-office professional services).
Principle 3 – Obtaining Consent
The knowledge and consent of a client are required for the collection, use, or disclosure of personal information, except where permitted under the Act. The manner in which consent is obtained, including whether it is expressed or implied, may vary depending upon the sensitivity of the information and the reasonable expectations of the client. A client can withdraw consent at any time by written notice to DTZ’s Privacy Officer, subject to legal or contractual restrictions and reasonable notice. DTZ will inform the client of any implications of withdrawing consent.
A client’s consent remains valid following the expiry or termination of the relationship between DTZ and the client, unless the client provides DTZ with written notice that such consent is withdrawn.
In general, a client’s authorization of services provided by DTZ constitutes implied consent for DTZ to collect, use and disclose personal information for all identified purposes.
In certain circumstances, as permitted or required by law, DTZ may collect, use or disclose personal information without the knowledge or consent of the client. These circumstances include: personal information which is subject to solicitor-client privilege or is publicly available as defined by the Act and its regulations; where collection or use is clearly in the interests of the client and consent cannot be obtained in a timely way; to investigate a breach of an agreement or a contravention of a law; to act in respect to an emergency that threatens the life, health or security of an individual; for debt collection; or to comply with a subpoena, warrant or court order.
Principle 4 – Limiting Collection
DTZ limits the collection of personal information to the purposes identified by DTZ in its Client Privacy Code.
DTZ collects personal information primarily from its clients and customers. However, DTZ may also collect personal information from other sources including directories, employers (with consent), personal references, or other third parties who represent that they have the right to disclose the information.
DTZ collects personal information by fair and lawful means.
Principle 5 – Limiting Use, Disclosure and Retention
DTZ does not use or disclose personal information for purposes other than those identified in DTZ’s Client Privacy Code, except with the consent of the client or as required by law. DTZ retains personal information only as long as necessary to satisfy those purposes.
DTZ shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or as required by law.
Only employees of DTZ with a business need-to-know, or whose duties reasonably so require, are granted access to personal information about clients and prospective clients.
DTZ may disclose a client’s personal information to:
- a company or person who in the reasonable judgment of DTZ is seeking the information as an agent of the client;
- another real estate broker for the efficient and cost-effective provision of real estate services;
- a company or individual employed by DTZ to perform functions on its behalf, such as research or data processing;
- another company or individual for the development, enhancement, marketing or provision of any of DTZ’s services;
- a credit reporting agency;
- a public authority or regulatory body; and
- a third party or parties, where the client consents to such disclosure or disclosure is required by law.
Principle 6 – Accuracy of Personal Information
DTZ will use its best efforts to ensure that personal information that is used on an ongoing basis, including information that is disclosed to third parties, is accurate, complete and up-to-date.
DTZ shall update personal information about a client as and when necessary to fulfill the identified purposes or upon notification by the client. Written notification from a client should be directed to DTZ’s Privacy Officer.
Principle 7 – Security Safeguards
DTZ shall protect personal information in its possession against the risks of loss, theft, unauthorized access, disclosure, copying, use or modification, through the implementation of security safeguards that are appropriate in light of the sensitivity of the information. DTZ’s methods of protection will include physical measures.
Principle 8 – Openness Concerning Policies and Practices
DTZ shall make specific information about its policies readily available, except to the extent that such disclosure pertains to confidential commercial information.
The information that DTZ will make available upon request will include: how to gain access to personal information; the type of personal information held by DTZ; general information concerning DTZ’s Privacy Code; and how to contact DTZ’s Privacy Officer.
Principle 9 – Individual Access
DTZ shall inform a client of the existence, use and disclosure of the client’s personal information upon written request from the client and shall give the client access to that information. A client shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Upon request, DTZ shall provide a client with a reasonable opportunity to review the personal information in the client’s file. Personal information shall be provided in understandable form within a reasonable time, and at minimal or no cost to the client.
In certain situations, DTZ may not be able to provide access to all the personal information that it holds about a client. If access to personal information cannot be provided, DTZ shall give reason for denying access upon request.
Principle 10 – Challenging Compliance
A client can address a challenge concerning DTZ’s compliance with any of its Privacy Code principles to DTZ’s Privacy Officer.
DTZ will investigate all written complaints. If DTZ finds a complaint to be justified, DTZ will take all reasonable measures to ensure compliance.