Privacy Policy

Last Updated: September 13, 2024

OVERVIEW

This Privacy Policy applies to GMR Real Estate Limited Partnership (“GMR,” “we,” “our,” or “us”) and describes how we collect, use, and disclose personal information through this site, through communication with us, or through otherwise doing business with us for the intended purpose of the business, in compliance and accordance with all applicable statutory requirements.

GMR represents its affiliates in the management of their real estate portfolios and is authorized by those affiliates to collect, use, and manage personal information related to these properties. Our commitment to privacy extends to ensuring the security and confidentiality of personal information collected on behalf of our affiliates, in alignment with their operational and regulatory requirements.

GMR is committed to protect and respect personal information of its customers, employees, business partners, and others for the intended purpose of providing real estate rental services and collecting personal information primarily to evaluate and manage lease applications and administer rental agreements.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Any changes will be reflected by revising the “Last Updated” date at the top of this document. Your continued use of the service after we post any modifications to the Privacy Policy on this page will signify your acceptance of the revised terms.

DEFINITION OF PERSONAL INFORMATION

Personal Information refers to any information that may be used to identify an individual, such as but not limited to:

  • Full name
  • Age
  • Gender
  • Family status
  • Address (postal and email)
  • Telephone number
  • Financial information (e.g., employment, income, assets)
  • Identification numbers (e.g., Social Insurance Number, Driver's License)
  • Lease details, rental history, and co-tenant/guarantor information
  • Employment details and income
  • Emergency contacts
  • Information that may be generated through the use of websites, such as your IP address

PURPOSE FOR COLLECTING AND USING PERSONAL INFORMATION

The company only collects as much personal information as is necessary to achieve the stated purpose, and all personal information is only used for the stated purpose of its collection. The source of all collected personal information is always made known to the individual involved.

We collect, use, and disclose personal information for the following purposes:

  • Lease Applications and Agreements: To assess the suitability of potential tenants and guarantors, including background and credit checks.
  • Ongoing Lease Administration: To manage and maintain rental agreements, including billing, payment collection, and compliance with lease terms.
  • Communication: To contact tenants, guarantors, and co-tenants for lease-related matters, maintenance requests, or policy changes, and to contact potential tenants with newsletters, marketing or promotional materials and other information that would be applicable to our business and/or services.
  • Service Providers: To provide personal information to third-party service providers such as utility companies, maintenance contractors, and credit reporting agencies where necessary for the operation of our rental properties.
  • Employment Purposes: To manage employment-related activities, including but not limited to payroll, benefits, onboarding, and compliance with applicable laws.

YOUR CONSENT

We collect, use, and disclose your personal information with your knowledge and consent, which may be provided in writing or electronically. When requesting consent to collect personal information, GMR will inform you of the following:

  • The purpose of collecting the information.
  • What specific information is being collected.
  • Where and how the information will be stored.
  • The duration for which the information will remain on file.
  • Your right to access and rectify the information.
  • Your right to withdraw consent at any time.

If technology is used to collect personal information, GMR will clearly describe the technology and its function to the individual. Support will also be provided to answer any questions or address concerns regarding the collection and use of personal information.

Authorized employees or agents may access personal information without the individual’s consent if it is necessary for the performance of their duties. In addition, GMR may disclose personal information to legal counsel without consent when required for criminal or penal prosecutions, in situations of imminent danger, or for any other reason specifically permitted under applicable laws.

GMR may use personal information for purposes other than the original stated purpose without the individual’s consent in the following cases:

  • The new purpose is directly related to and clearly benefits the individual.
  • The use is necessary for fraud prevention, security assessments, or the detection of misuse.
  • The use is required to provide a service requested by the individual.
  • The personal information has been anonymized and is used for statistical and reporting purposes. In such cases, GMR and its affiliates ensure that the individual cannot be re-identified from the data.

If GMR collects, uses, or discloses personal information for purposes not described above, we will inform you and obtain your consent prior to any such action, unless required by law.

You may withdraw your consent at any time, subject to legal or contractual obligations. However, withdrawing consent may impact our ability to continue to provide you with certain services.

PROTECTION AND RETENTION OF PERSONAL INFORMATION

We will only keep your Personal Information in our records for as long as it is needed to fulfill the purposes for which it was collected, or as may be required or permitted by law. Personal information that is no longer required will be securely destroyed, permanently erased, or reliably de-identified, such that it can no longer be associated with you as an identifiable individual.

We have put in place physical, electronic, and managerial procedures and safeguards designed to protect your Personal Information from unauthorized access, use and disclosure. GMR and its affiliates apply security safeguards appropriate to the sensitivity of the information, such as retaining information in secure facilities and making Personal Information accessible only to a limited number of authorized employees on a need-to-know basis. In those cases where we may engage a third party to provide GMR with services that assist us in providing you with services, we take appropriate contractual and other measures to ensure that the third party has access to only the Personal Information required to provide the service in question, and to ensure that such data is used solely to provide that service, is kept confidential and is protected by appropriate security safeguards. The effectiveness of these safeguards is regularly monitored. The Privacy Officer, or an appointed delegate, is responsible for overseeing the implementation and effectiveness of these protective measures. This includes incident handling, the anonymization process, and ensuring that personal information is securely disposed of when no longer required.

SHARING AND DISCLOSURE OF PERSONAL INFORMATION

GMR and its affiliates may, from time to time, share Personal Information with third parties. We will only the Personal Information that is reasonably necessary for the purpose or service for which the third-party is engaged. We will also use contractual and other means to provide a comparable level of protection while the information is being processed by such service providers.

We may share your personal information in the following circumstances:

  • With Co-Tenants or Guarantors: For purposes related to the management of shared lease agreements.
  • Third-Party Service Providers: With service providers like utility companies, credit agencies, and maintenance providers, to facilitate the administration of the lease and property management.
  • Legal Obligations: As required by law, including responding to subpoenas, court orders, or regulatory authorities.
  • Business Transactions: In the event of a sale, financing, or transfer of assets, your personal information may be disclosed as part of the transaction, with confidentiality protections in place.

ANONYMIZING INFORMATION

GMR and its affiliates follow an anonymization process to ensure that any personal information used for anonymous purposes, such as statistical or reporting purposes, can no longer be used to directly identify an individual.

All personal information that could directly identify a person is removed, and we implement practices to mitigate the risk of re-identification or the possibility of other available information being used to identify a person, either directly or indirectly. We regularly reassesses anonymized data to ensure it remains anonymized, taking into account technological advancements and emerging risks.

Personal information is considered adequately anonymized when it is reasonably foreseeable that the individual can no longer be identified, directly or indirectly, and when the anonymization or destruction of the data is irreversible.

ACCESSING AND CORRECTING PERSONAL INFORMATION

Individuals have the right to access their personal information and request that their personal information be corrected if it is inaccurate, incomplete, or ambiguous, or if its collection, communication, or retention is not authorized by law. Individuals may also withdraw their consent to the use or disclosure of their personal information at any time.

Requests for access to personal information or for corrections should be submitted in writing to the Privacy Officer. GMR will respond to such requests in writing within 30 days. If access or correction is refused, GMR will provide the reasons for the refusal, including any relevant legal provisions, and outline alternative remedies available to the individual.

CONFIDENTIALITY INCIDENTS

If we believe that a confidentiality incident has occurred (such as unauthorized access or the loss of personal information), the Privacy Officer, or an appointed delegate, will take immediate steps to minimize the risk of harm and prevent similar incidents in the future.

If the incident presents a serious risk, the Privacy Officer, or an appointed delegate, will notify the Commission d’accès à l’information (the “Commission”) and the individuals whose personal information was involved. Any communication with third parties to mitigate the risk will be documented. If informing the affected individuals would interfere with the investigation, prevention, detection, or suppression of a crime or statutory offence, notification will be delayed until the risk is no longer present.

When assessing the risk of harm, the Privacy Officer will consider the sensitivity of the information, the potential consequences of its misuse, and the likelihood of inappropriate use to determine the necessary protective measures.

GMR maintains a register of all confidentiality incidents and will provide it to the Commission upon request.

CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

When personal information is transferred across provincial or national borders (e.g., between Quebec and Ontario), We ensure that such transfers comply with applicable privacy laws. Appropriate safeguards are in place to protect the data during these transfers, and individuals will be informed when their personal information is shared outside of Quebec.

PRIVACY IMPACT ASSESSMENTS (PIAs)

We conduct Privacy Impact Assessments (PIAs) to evaluate the risks and ensure adequate protection of personal information when implementing new procedures or information systems, particularly those involving personal data transfers outside of Quebec. These assessments help ensure that all necessary safeguards are in place to protect personal information during such projects.

COOKIES AND INTERNET TECHNOLOGIES

Our websites may use cookies and other tracking technologies to enhance user experience and gather aggregated data. Cookies are small files containing a unique identifier, sent to your browser and stored on your device. Additionally, we may collect information your browser sends when you visit our site, referred to as "Log Data." This Log Data may include details such as your computer's IP address, browser type and version, pages visited, date and time of visit, and time spent on each page. We may use third-party services like Google Analytics to collect, monitor, and analyze this data to improve site functionality.

You can choose to disable cookies in your browser settings; however, doing so may limit certain features and functionalities on our websites.

PRIVACY OFFICER AND CONTACT INFORMATION

The Privacy Officer is responsible for ensuring that GMR complies with applicable privacy laws and that personal information is handled appropriately. The Privacy Officer may appoint delegates within GMR and its affiliates to manage privacy-related matters as outlined in this policy.

Should you wish to inquire about the Personal Information about you we maintain, or about any other matter relating to our privacy policies, please contact GMR’s Privacy Officer at privacyofficer@gmrre.com or write to:

GMR Real Estate Limited Partnership
Privacy Officer
5160 Bd Décarie
Montréal, QC   H3X 2H9