SaveOnEstate
Back to Legal Documents
Regulatory Compliance

PIPEDA Compliance Notice

Important notice regarding SaveOnEstate's compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Last updated: September 9, 2025
9 min read

PIPEDA Compliance Notice

SaveOnEstate Inc. Effective Date: September 9, 2025 Last Updated: September 9, 2025

1. Personal Information Protection and Electronic Documents Act (PIPEDA) Compliance

1.1 Legislative Framework

This notice addresses SaveOnEstate Inc.'s compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and related provincial privacy legislation governing the collection, use, and disclosure of personal information.

1.2 Regulatory Authority

  • Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5)
  • Privacy Act (R.S.C., 1985, c. P-21)
  • Personal Information Protection Act (BC) (S.B.C. 2003, c. 63)
  • Office of the Privacy Commissioner of Canada regulations

2. PIPEDA Principles Compliance

2.1 Principle 1: Accountability

SaveOnEstate's Accountability Framework:

  • Designated Privacy Officer responsible for PIPEDA compliance
  • Privacy policies and procedures implemented across organization
  • Staff training on privacy requirements and responsibilities
  • Regular privacy impact assessments and compliance audits
  • Clear escalation procedures for privacy incidents

Privacy Officer Contact:

  • Name: Akash Sharma, Chief Privacy Officer
  • Email: privacy@saveonestate.com
  • Phone: +1 (778) 513-4033
  • Address: 800-885 West Georgia Street, Vancouver, BC, V6C 3H1, Canada

2.2 Principle 2: Identifying Purposes

Collection Purposes Clearly Identified:

  • Platform account creation and management
  • Real estate transaction facilitation and processing
  • AI coaching tool functionality and improvement
  • Digital Twin property visualization services
  • Network partner connection and referral services
  • Customer support and communication
  • Legal compliance and regulatory reporting
  • Marketing and business development (with consent)

Purpose Limitation:

  • Personal information used only for identified purposes
  • New purposes require additional consent
  • Purpose changes communicated to affected individuals
  • Regular review of collection purposes and practices

2.3 Principle 3: Consent

Consent Management Framework:

Express Consent Required For:

  • Sensitive personal information collection
  • Marketing communications and promotional materials
  • Information sharing with third parties
  • Cross-border data transfers
  • Non-essential cookies and tracking

Implied Consent Acceptable For:

  • Essential platform functionality
  • Transaction processing and completion
  • Legal compliance and regulatory requirements
  • Customer support and service delivery
  • Security and fraud prevention

Consent Mechanisms:

  • Clear opt-in checkboxes for express consent
  • Granular consent options for different purposes
  • Easy withdrawal mechanisms available
  • Consent records maintained and auditable
  • Regular consent refresh and validation

2.4 Principle 4: Limiting Collection

Collection Limitation Practices:

  • Collect only information necessary for identified purposes
  • Use least intrusive methods of collection
  • Avoid excessive or unnecessary data gathering
  • Regular review of collection practices and requirements
  • Data minimization principles applied consistently

Information Collection Sources:

  • Direct user input and account registration
  • Platform usage and interaction data
  • Property information and Digital Twin materials
  • Communication records and support interactions
  • Third-party integrations and partner services

2.5 Principle 5: Limiting Use, Disclosure, and Retention

Use and Disclosure Limitations:

  • Information used only for identified purposes
  • No disclosure without consent except as legally required
  • Third-party sharing limited to necessary service providers
  • Cross-border transfers with adequate protection measures
  • Regular review of use and disclosure practices

Retention Policies:

  • Account Information: Retained while account active + 7 years
  • Transaction Data: 7 years for legal and tax compliance
  • Marketing Data: Until consent withdrawn
  • Technical Logs: 2 years for security and analytics
  • Support Records: 3 years for service quality assurance

2.6 Principle 6: Accuracy

Data Accuracy Measures:

  • User-controlled profile and account information updates
  • Regular data validation and verification procedures
  • Error correction mechanisms and processes
  • Data quality monitoring and improvement programs
  • User notification of accuracy requirements

Accuracy Responsibilities:

  • Users responsible for providing accurate information
  • SaveOnEstate maintains reasonable accuracy measures
  • Prompt correction of identified errors
  • Regular data quality assessments and improvements

2.7 Principle 7: Safeguards

Security Safeguards Implementation:

Technical Safeguards:

  • End-to-end encryption for data transmission
  • Advanced encryption standards for data storage
  • Multi-factor authentication and access controls
  • Regular security assessments and penetration testing
  • Automated threat detection and response systems

Administrative Safeguards:

  • Privacy and security training for all staff
  • Background checks for personnel with data access
  • Clear data handling policies and procedures
  • Regular compliance audits and assessments
  • Incident response and breach notification procedures

Physical Safeguards:

  • Secure data center facilities with restricted access
  • Environmental controls and monitoring systems
  • Secure disposal of physical media and documents
  • Clean desk policies and secure storage requirements

2.8 Principle 8: Openness

Transparency Measures:

  • Comprehensive Privacy Policy publicly available
  • Clear explanation of information practices
  • Regular updates and notifications of policy changes
  • Privacy Officer contact information readily available
  • Annual privacy compliance reports and updates

Information Availability:

  • Privacy policies accessible on platform
  • Plain language explanations of privacy practices
  • Regular communication about privacy rights
  • Educational resources and guidance materials

2.9 Principle 9: Individual Access

Access Rights Implementation:

  • User account dashboards for information access
  • Formal access request procedures available
  • Response within 30 days of valid requests
  • Reasonable fees for extensive requests
  • Clear explanation of information provided

Access Request Process:

  1. Submit written request to Privacy Officer
  2. Identity verification and request validation
  3. Information compilation and review
  4. Response within statutory timeframes
  5. Appeal process for disputed responses

2.10 Principle 10: Challenging Compliance

Complaint and Challenge Process:

  • Internal complaint resolution procedures
  • Privacy Officer investigation and response
  • Escalation to senior management when necessary
  • External complaint options with Privacy Commissioner
  • Regular review and improvement of complaint processes

3. Cross-Border Data Transfers

3.1 International Transfer Framework

Data Transfer Safeguards:

  • Adequacy assessments for destination countries
  • Contractual protection measures with service providers
  • Regular monitoring of international privacy developments
  • User notification of cross-border processing
  • Alternative processing options when possible

Current International Transfers:

  • Cloud hosting services (with adequate protection)
  • Analytics and performance monitoring tools
  • Customer support and communication platforms
  • Payment processing and financial services
  • Marketing and advertising platforms (with consent)

3.2 Transfer Protection Measures

Contractual Safeguards:

  • Data processing agreements with all service providers
  • Privacy and security requirements specified
  • Regular compliance monitoring and auditing
  • Breach notification and incident response procedures
  • Right to audit and inspect processing activities

4. Privacy Rights and User Controls

4.1 Individual Privacy Rights

Rights Under PIPEDA:

  • Right to know what personal information is collected
  • Right to access personal information held
  • Right to correct inaccurate information
  • Right to withdraw consent (subject to legal requirements)
  • Right to complain about privacy practices

Additional Rights Provided:

  • Data portability and export capabilities
  • Granular privacy control settings
  • Marketing preference management
  • Account deletion and data removal options
  • Privacy impact notification for significant changes

4.2 User Control Mechanisms

Privacy Control Features:

  • Account privacy settings and preferences
  • Communication and marketing opt-out options
  • Data sharing and third-party integration controls
  • Cookie and tracking preference management
  • Account deletion and data removal tools

5. Privacy Impact Assessments

5.1 PIA Framework

Assessment Requirements:

  • New product and feature development
  • Significant changes to data processing
  • Third-party integrations and partnerships
  • Cross-border data transfer arrangements
  • High-risk processing activities

Assessment Process:

  1. Privacy risk identification and analysis
  2. Mitigation measures development and implementation
  3. Stakeholder consultation and review
  4. Privacy Officer approval and sign-off
  5. Regular review and update procedures

5.2 Ongoing Privacy Monitoring

Continuous Compliance Measures:

  • Regular privacy compliance audits
  • Staff training and awareness programs
  • Privacy by design implementation
  • Vendor and partner privacy assessments
  • Incident monitoring and response procedures

6. Breach Notification and Response

6.1 Breach Response Framework

Incident Response Procedures:

  • Immediate containment and investigation
  • Risk assessment and impact analysis
  • Notification to Privacy Commissioner within 72 hours
  • User notification for high-risk breaches
  • Remedial action implementation and monitoring

Notification Requirements:

  • Privacy Commissioner notification (mandatory)
  • Affected individual notification (when required)
  • Law enforcement notification (when applicable)
  • Regulatory authority notification (as required)
  • Public disclosure (in exceptional circumstances)

6.2 Breach Prevention Measures

Preventive Security Controls:

  • Regular security assessments and testing
  • Employee training and awareness programs
  • Access controls and authentication measures
  • Data encryption and protection technologies
  • Monitoring and detection systems

7. Privacy Training and Awareness

7.1 Staff Training Program

Training Components:

  • PIPEDA principles and requirements
  • Company privacy policies and procedures
  • Data handling and security practices
  • Incident response and reporting procedures
  • Regular updates and refresher training

Training Schedule:

  • New employee orientation training
  • Annual privacy compliance training
  • Specialized training for high-risk roles
  • Update training for policy changes
  • Incident-specific training as needed

7.2 User Education

Privacy Education Initiatives:

  • Privacy policy explanations and guidance
  • Best practices for personal information protection
  • Security awareness and threat prevention
  • Rights and remedies information
  • Regular privacy tips and updates

8. Compliance Monitoring and Auditing

8.1 Internal Compliance Program

Monitoring Activities:

  • Regular privacy compliance assessments
  • Data processing activity reviews
  • Third-party vendor privacy audits
  • User complaint analysis and resolution
  • Privacy policy effectiveness evaluation

Audit Schedule:

  • Annual comprehensive privacy audit
  • Quarterly compliance spot checks
  • Monthly vendor and partner reviews
  • Ongoing monitoring of high-risk activities
  • Special audits for incidents or complaints

8.2 External Compliance Verification

Third-Party Assessments:

  • Independent privacy compliance audits
  • Security and privacy certifications
  • Regulatory compliance reviews
  • Industry best practice benchmarking
  • Professional privacy consulting services

9. Contact Information and Complaints

9.1 Privacy Officer Contact

SaveOnEstate Privacy Officer Email: privacy@saveonestate.com Phone: +1 (778) 513-4033 Address: 800-885 West Georgia Street, Vancouver, BC, V6C 3H1, Canada Office Hours: Monday-Friday, 9:00 AM - 5:00 PM PST

9.2 External Complaint Options

Office of the Privacy Commissioner of Canada Website: www.priv.gc.ca Phone: 1-800-282-1376 Email: info@priv.gc.ca

BC Office of the Information and Privacy Commissioner Website: www.oipc.bc.ca Phone: 250-387-5629 Email: info@oipc.bc.ca

10. Policy Updates and Changes

10.1 Update Procedures

Change Management Process:

  • Regular policy review and assessment
  • Stakeholder consultation for significant changes
  • Privacy Officer approval for all updates
  • User notification of material changes
  • Implementation monitoring and evaluation

10.2 Effective Date and Versions

This PIPEDA Compliance Notice is effective as of September 9, 2025 and supersedes all previous versions. Regular updates ensure continued compliance with evolving privacy requirements and best practices.

SaveOnEstate Inc. is committed to protecting your privacy and complying with all applicable privacy laws. This notice demonstrates our commitment to PIPEDA compliance and transparent privacy practices.

Legal Notice

This document is part of SaveOnEstate Inc.'s legal framework. By using our platform, you agree to be bound by all applicable terms and policies. For questions about this document, please contact our legal team at legal@saveonestate.com.

Ready to Get Started?

Join thousands of homeowners who are taking control of their real estate transactions with SaveOnEstate.

Get StartedLearn More