Privacy, Data & Legal Security Statements

  1. Email - User Log-in Authentication
  2. Privacy Laws & Privacy Policy Statement
  3. Records Retention Requirements & Records Request Process
  4. PIPEDA PRIV.GC.ca REFERENCE: Principle 5 – Limiting Use, Disclosure, and Retention
  5. PIPEDA PRIV.GC.ca REFERENCE: Principle 9 – Individual Access
  6. PIPEDA CASES
  7. Accountability, Transparency and Disclosure
  8. IT Providers to MortgageQuote Canada Corp.
  9. Data Security Statement
  10. Physical Security
  11. Network Security
  12. People Processes
  13. Safeguard Data
  14. Redundancy and Business Continuity
  15. 3rd Party Security Statements
  16. Additional Information

Email - User Log-in Authentication

Anti-Spoof, Anti-Phishing protocols, Authorized Server:

Email authentication is a way to ensure that an email provider will be able to recognize the sender of an incoming message and fight spam and abuse. You can use authentication data to verify the source of any message that you receive. For example, if you receive a message from a big sender (like a financial institution, or a major email provider, like Google, Yahoo or Hotmail) that isn’t authenticated, this message is most likely forged and you should be careful about replying to it or opening any attachments. (Source)

MortgageQuote authentication methods:

SPF specifies which hosts are allowed to send messages from a given domain by creating an SPF record. We create an SPF record that identifies the MortgageQuote mail servers as the authorized mail servers for our domain so that recipients may determine it is a valid message.

DKIM allows the sender to electronically sign legitimate emails in a way that can be verified by recipients using a public-key. A 1024-bit domain key is issued.

DMARC Authentication of ALL outbound email to process mail that fraudulently claims to originate from a mortgagequote address (phishing, spooring, spam, malicious email). DMARC is a published policy that tells email providers how to handle messages that are sent from mortgagequote.ca but aren’t authenticated. MortgageQuote is able to measure and enforce the authenticity of its emails. By defining a policy, we help combat phishing and related malicious mail, to protect our users.

Goal: "less spam": As an article in Techrepublic stated: "SPF, DKIM, and DMARC don't solve all spam problems: spammers can still send email that people didn't ask for and don't want. But these tools do make it difficult for spammers to send fake messages that appear to have been sent by your organization [MortgageQuote.ca]." As users of email for primary communication, MortgageQuote's management believes it owes you the benefit of using SPF, DKIM, and DMARC.

Employees are required to log-in with 2-step verification.

Privacy Laws

Canada has two federal privacy laws, the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal private-sector privacy law.

PIPEDA will not apply to an organization that operates wholly within a province that has legislation that has been deemed substantially similar to the PIPEDA, unless the personal information crosses provincial or national borders. Alberta, British Columbia and Quebec have general private-sector legislation that has been deemed substantially similar. (see following section titled “Provincial privacy laws” for more information)

Therefore, PIPEDA generally applies to:

  • Private-sector organizations carrying on business in Canada in the provinces or territories of Manitoba, New Brunswick, Newfoundland and Labrador, Northwest Territories, Nova Scotia, Nunavut, Ontario, Prince Edward Island, Saskatchewan, or Yukon but not their handling of employee information.
  • Private-sector organizations carrying on business in Canada when the personal information they collect, use or disclose crosses provincial or national borders but not their handling of employee information.
  • Federally-regulated organizations carrying on commercial activity in Canada, such as a bank, airline, telephone or broadcasting company, etc., including their handling of health information and employee information.

Provincial privacy laws

Some provinces have passed privacy laws that apply to employee information. Examples include

Each province and territory in Canada has a commissioner or ombudsman responsible for overseeing provincial and territorial privacy legislation, and these are listed on our website.

Privacy Policy Statement

MortgageQuote Stakeholders; Customers and External Providers

1. MortgageQuote Canada Corp. is serious about maintaining your privacy.

2. MortgageQuote Canada Corp. will use its best efforts to secure your information in accordance with generally acceptable business process standards.

3. MortgageQuote Canada Corp. maintains its client data in secured data warehousing facilities as per our data security process. See bottom of this statement for the data security statement.

4. MortgageQuote Canada Corp. has developed policies and procedures to: protect personal information; receive and respond to issues related to privacy and data security; train staff regarding related policies and procedures; communicate the policies and procedures to you, our clients.

5. MortgageQuote Canada Corp. collects client personal information for:

  • To provide financing services.
  • To facilitate the offering of third party products or services;
  • To refer client files to third party institutional and lenders;
  • To meet regulatory requirements;
  • To manage and transfer the assets and liabilities of MortgageQuote Canada Corp. and those assets under its administration; and
  • Applicable business purposes, not elsewhere classified.

MortgageQuote Canada Corp. will not use personal information for any additional purpose unless MortgageQuote Canada Corp. seeks client consent to do so.

6.MortgageQuote Canada Corp. will obtain client consent to collect, use or disclose any personal information except where detailed in this policy. MortgageQuote Canada Corp. will make reasonable efforts to ensure that clients understand how their personal information will be used and disclosed.

7. A client's consent can be express, implied, or given through an authorized representative such as a lawyer, agent or broker. Consent may be given orally, in writing, or electronically. For example, depending on the sensitivity of the information, consent can be expressed over the telephone when information is being collected; electronically when submitting an agreement, application, or other information; in writing when signing an agreement or application form. Implied consent exists when MortgageQuote Canada Corp. can reasonably infer consent based upon the action or inaction of the client.

8. MortgageQuote Canada Corp., however, may collect, use or disclose personal information without the client's knowledge or consent as follows:

  • When such collection, use or disclosure is permitted or required by law
  • When certain information is publicly available.

9. Subject to borrower disclosure agreement. MortgageQuote Canada Corp. may decline to deal with a client or person who will not consent to the use of information for financing purposes; or who cannot provide verification of identity.

10. MortgageQuote Canada Corp. may periodically use client personal information to conduct client surveys in order to enhance our provision of services or products. If an outside body is employed to conduct research on behalf of MortgageQuote Canada Corp., or provide other services that require access to client information, MortgageQuote Canada Corp. will ensure that appropriate security undertakings, such as confidentiality clauses in contractual arrangements, are employed to protect the transfer and use of personal information.

11. MortgageQuote Canada Corp. will retain client personal information only as long as necessary or expected to be necessary for the identified purposes, or as required by legislation.

12. MortgageQuote Canada Corp. may disclose personal information related to third parties as required to effect a financing transaction.

13. MortgageQuote Canada Corp. will make reasonable efforts to ensure that client personal information is as accurate. In some cases, MortgageQuote Canada Corp. relies on its clients to ensure that certain information, such as the client's address or telephone number, is current, complete, and accurate.

14. MortgageQuote Canada Corp. will update information necessary to fulfill the purposes to maintain an active account. An account is deemed active for 7 years from the date of application; or based upon the time the regulators deem it to remain in file for audit puposes.

15. MortgageQuote Canada Corp. is committed to the safekeeping of client personal information in order to prevent its loss, theft, unauthorized access, disclosure, duplication, use, or modification, and will employ appropriate security measures to protect the information. The measures may include, for example, the physical security of offices and data, and electronic security measures such as passwords and encryption where appropriate.

16. Clients are to direct any complaints, concerns or questions regarding this privacy policy in writing to the Privacy Officer. At any point in this process the client may also write to the Privacy Commissioner.

17. To improve the usability of our website at www.mortgagequote.ca we capture information about how users interact with our site and what pages they visit. No personal information is collected as part of this process. The data we collect is used internally to better understand and support our users.

18: Right of access. Subject to law, every person has a right of access to a record or a part of a record in the custody or under the control of an institution unless:

  • the record or the part of the record falls within one of the exemptions under the law;
  • the head is of the opinion on reasonable grounds that the request for access is frivolous or vexatious, pursuant to the law;
  • because of their repetitious or systematic nature, the requests would unreasonably interfere with the operations of the organization or amount to an abuse of the right to make those requests.
  • granting access would reveal confidential commercial information;
  • the information was collected in accordance with our mortgage fraud watch program;
  • the information was generated in the course of a formal dispute resolution process;
  • the information would likely reveal personal information about another individual or 3rd party;
  • to protect our firm's rights and property.
  • Section 9(3)b - When access may be refused
  • (3) Despite the note that accompanies clause 4.9 of Schedule 1, an organization is not required to give access to personal information only if
    • (a) the information is protected by solicitor-client privilege or, in civil law, by the professional secrecy of lawyers and notaries;
    • (b) to do so would reveal confidential commercial information;
    • (c) to do so could reasonably be expected to threaten the life or security of another individual;
    • (c.1) the information was collected under paragraph 7(1)(b);
    • (d) the information was generated in the course of a formal dispute resolution process; or
    • (e) the information was created for the purpose of making a disclosure under the Public Servants Disclosure Protection Act or in the course of an investigation into a disclosure under that Act.
  • However, in the circumstances described in paragraph (b) or (c), if giving access to the information would reveal confidential commercial information or could reasonably be expected to threaten the life or security of another individual, as the case may be, and that information is severable from the record containing any other information for which access is requested, the organization shall give the individual access after severing.
  • Marginal note:Limit
  • (4) Subsection (3) does not apply if the individual needs the information because an individual’s life, health or security is threatened.
  • Marginal note:Notice
  • (5) If an organization decides not to give access to personal information in the circumstances set out in paragraph (3)(c.1), the organization shall, in writing, so notify the Commissioner, and shall include in the notification any information that the Commissioner may specify.
  • 2000, c. 5, s. 9, c. 17, s. 97;
  • 2001, c. 41, s. 82;
  • 2005, c. 46, s. 57;
  • 2006, c. 9, s. 223;
  • 2015, c. 32, s. 9.

Previous Version

Marginal note:Sensory disability

10 An organization shall give access to personal information in an alternative format to an individual with a sensory disability who has a right of access to personal information under this Part and who requests that it be transmitted in the alternative format if

  • (a) a version of the information already exists in that format; or
  • (b) its conversion into that format is reasonable and necessary in order for the individual to be able to exercise rights under this Part.

19. Right of Notification: Pursuant to applicable law, namely Alberta: Notification of loss or unauthorized access or disclosure 34.1(1) An organization having personal information under its control must, without unreasonable delay, provide notice to the Commissioner of any incident involving the loss of or unauthorized access to or disclosure of the personal information (breach) where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure. (2) A notice to the Commissioner under subsection (1) must include the information prescribed by the regulations.

1(1) Where an organization suffers a loss of or unauthorized access to or disclosure of personal information that the organization is required to provide notice of under section 34.1, the Commissioner may require the organization to notify individuals to whom there is a real risk of significant harm as a result of the loss or unauthorized access or disclosure (a) in a form and manner prescribed by the regulations, and (b) within a time period determined by the Commissioner.

20. Severability of record. Subject to law, if an institution receives a request for access to a record that contains information that falls within one of the exemptions under the law; and the head of the institution is not of the opinion that the request is frivolous or vexatious, the head shall disclose as much of the record as can reasonably be severed without disclosing the information that falls under one of the exemptions.

Referral Privacy Policy: Clients referred to MortgageQuote.ca by referral sources are subject to the following REFERRAL PRIVACY POLICY.

RENTING

See our Rental Privacy Policy

Records Retention Requirements & Records Request Process

Records Retention

Mortgage Laws:

All records are held subject to legislation;

Alberta Law

Section 25 (9) REAL ESTATE ACT Source: (http://www.qp.alberta.ca/documents/Acts/R05.pdf): An industry member shall, in accordance with the rules, keep in Alberta records and books of account of the industry member’s business and accounting records, and shall keep those records and books of account (a) for a period of 3 years after they came into existence, or (b) for any longer period that the executive director directs in a particular case for the purposes of an investigation or prosecution under this Act. There was a recommendation by RECA in 2013 to extend this time frame, however this recommendation is not implemented.

Any content beyond the time frame is destroyed. In some cases, data may be retrieved - but only if we determine so - based upon a court order and a "Retrieval Analysis Process (RAP)"; this RAP is a cost, pursuant to the servicing fees schedule (servicingfees.mortgagequote.ca) and if it is determined that data might be recoverable (on a best efforts basis), then upon payment of a Data Retrieval Attempt (DRA) Fee, MQCC will attempt to retrieve the data. If data may be retrieved and made available to you or your legal counsel; the contents may only be relied upon for information purposes only and no other purposes.

Ontario Law

5. How long do records need to be retained? Source

A Mortgage Brokerage is required to retain:

    • All records that relate to a mortgage or mortgage renewal for at least six years after the mortgage or mortgage renewal’s term expires.
    • All records that relate to the purchase, sale or trade of a mortgage for at least six years after the trade completion date or expiry of the transaction.
    • All other records, including all financial records, for at least six years.

Any content beyond the time frame is destroyed. In some cases, data may be retrieved - but only if we determine so - based upon a court order and a "Retrieval Analysis Process (RAP)"; this RAP is a cost, pursuant to the servicing fees schedule (servicingfees.mortgagequote.ca) and if it is determined that data might be recoverable (on a best efforts basis), then upon payment of a Data Retrieval Attempt (DRA) Fee, MQCC will attempt to retrieve the data. If data may be retrieved and made available to you or your legal counsel; the contents may only be relied upon for information purposes only and no other purposes.

BC Law

Mortgage brokers shall keep separate, and make available at their registered business address for a period of seven years.

Any content beyond the time frame is destroyed. In some cases, data may be retrieved - but only if we determine so - based upon a court order and a "Retrieval Analysis Process (RAP)"; this RAP is a cost, pursuant to the servicing fees schedule (servicingfees.mortgagequote.ca) and if it is determined that data might be recoverable (on a best efforts basis), then upon payment of a Data Retrieval Attempt (DRA) Fee, MQCC will attempt to retrieve the data. If data may be retrieved and made available to you or your legal counsel; the contents may only be relied upon for information purposes only and no other purposes.

Records Request Process

For all Records Requests, please email us for the records that you are requesting. All records are provided pursuant to requirements of applicable mortgage brokerage legislation. All initial responses might or might not be free of cost. Please see servicingfees.mortgagequote.ca for costs.

If the results of an initial records request response raises questions or concerns, please see this page: MortgageQuote's Commendations and Complaints Policy and the section called MQCC Volunteer Broker Resolution Process (MQCC VBRP) Section.

PIPEDA PRIV.GC.ca REFERENCE: Principle 5 – Limiting Use, Disclosure, and Retention

4.5 Principle 5 —Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.

4.5.1

Organizations using personal information for a new purpose shall document this purpose (see Clause 4.2.1).

4.5.2

Organizations should develop guidelines and implement procedures with respect to the retention of personal information. These guidelines should include minimum and maximum retention periods. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. An organization may be subject to legislative requirements with respect to retention periods.

4.5.3

Personal information that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous. Organizations shall develop guidelines and implement procedures to govern the destruction of personal information.

4.5.4

This principle is closely linked to the Consent principle (Clause 4.3), the Identifying Purposes principle (Clause 4.2), and the Individual Access principle (Clause 4.9).

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

Your Organization’s Privacy Responsibilities

Under the “Limiting Use, Disclosure, and Retention” principle, your organization must:

  • Never use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law;
  • Document any new purpose for collecting personal information;
  • Retain personal information only as long as necessary to fulfill the purpose;
  • If personal information has been used to make a decision about an individual, retain the information long enough to allow the individual access to the information after the decision has been made; and
  • Develop guidelines and procedures to govern the disposal of personal information.

Under the “Limiting Use, Disclosure, and Retention” principle, your organization should:

  • Destroy, erase, or anonymize any personal information that is no longer required to fulfill identified purposesFootnote3;
  • Develop guidelines and implement procedures with respect to the retention of personal information; and
  • Include minimum and maximum retention periods in these guidelines.

Note

  • The “Safeguards” principle also refers to the destruction of personal information. Specifically, Principle 4.7.5 of Schedule 1 states:
  • Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.

It should be noted that simple recycling of paper-based-personal information is not the same as destruction.

How to Meet these Objectives

Limit Use and Disclosure

  • Use or disclose personal information only for purposes identified and documented at the time it was collected;
  • If your organization wishes to use or disclose personal information for any new purpose not identified at the time it was collected, document the new purpose, notify the persons concerned, and seek their consent (unless the new use or disclosure is required by law or unless an exception in Section 7 of PIPEDA applies); and
  • Make sure that all staff handling personal information understand and respect the limitations on use and disclosure.

Retention and Destruction

  • Review your organization’s information holdings to determine if all personal information on file was collected for specific purposes and whether it is still necessary to fulfill the purposes for which it was collected or to comply with legislative requirements;
  • If you determine that some personal information on file has no specific purpose or is no longer necessary, use appropriate safeguards to destroy, erase or anonymize it;
  • Develop guidelines and implement secure procedures to retain and destroy personal information. Set retention and destruction schedules, including minimum and maximum retention periods, taking into account any legislative requirements which apply to your organization;
  • Where personal information is used to make a decision about an individual, set a retention period that will give the individual a reasonable amount of time to access the information after the decision is made;
  • Base your organization’s retention policy and practices on the premise that information should be retained only as long as necessary for the fulfillment of the purposes for which it was collected;
  • Conduct periodic audits or spot-checks of your holdings to ensure personal information is not being retained beyond established time frames;
  • To prevent improper disclosure, establish secure methods for destroying information no longer needed (e.g., shredding paper files or securely deleting electronic records). Consider, for example, the risks associated with the disposal of computers where personal information has been left on the hard drive;
  • Develop policies and/or contracts which apply to third parties engaged in the disposal of personal information on behalf of your organization; and
  • For guidance on retention of personal information your organization collected before it became subject to PIPEDA, refer to the OPC document, Best Practices for Dealing with Pre-PIPEDA Personal Information available at http://www.priv.gc.ca/.

When access prohibited

  • 9 (1) Despite clause 4.9 of Schedule 1, an organization shall not give an individual access to personal information if doing so would likely reveal personal information about a third party. However, if the information about the third party is severable from the record containing the information about the individual, the organization shall sever the information about the third party before giving the individual access.
  • Prohibited Disclosure of MQCC Lenders (including PRV Lenders, investor-lenders) by MQCC under records request conditions:
    • If you have borrowed money from MortgageQuote and would like to know who your lender is, please refer to the signed mortgage documents or copies of your post-dated mortgage cheques; if you have misplaced your documents, or do not have copies of your post-dated cheques, ask the lawyer who you worked with, at the time of funding. If you did not have a lawyer or your lawyer is not able to answer your query quickly, a faster way to obtain details of your lender is to refer to your property insurance policy and - if your property is insured - see the name listed on the "loss payable" section of your document. If you have obtained funds from MortgageQuote from multiple different lenders, you could ask us for the lawyer's names who represented the lender at the time of the commitment letter being issued, which might have been disclosed to you in the commitment letter.
    • Most business transactions are between mortgage applicants and MortgageQuote Canada Corp. (MQCC). Once a mortgage is accepted, conditions are waived and approved for funding, the relationship transitions from the applicant and MortgageQuote to the applicant's solicitor and the lender's solicitor; at which time paperwork which establishes a business relationship with the lender and the applicant, becomes formalized - through the back and forth process of signing documents, registering security and advancing funds. Lender information is formally disclosed by the lender's lawyer to the borrower's lawyer; or by the lender directly, in the event lawyers are not engaged.
    • Pursuant to Privacy legislation section 9(3)b, MortgageQuote's relationship with the lender's or their internal agent's is classified as confidential commercial information - subject to a "specific confidentiality agreement between MortgageQuote and the private lender or their internal agent", and is therefore prohibited from disclosure.
    • Since MortgageQuote lenders are third party organizations, if you have a mortgage funded by mortgage and would like to know who the lender is, please see your signed mortgage documents, or, refer to your internal records or, ask your legal counsel if you have retained legal counsel.
    • Lender information may be made known by MortgageQuote to existing clients in the event of collections, enforcement or default, when the lender asks MortgageQuote to interact with the customer, on their behalf.
    • Lender information may be made known by MortgageQuote pursuant to informal discussions between MortgageQuote and customers or other third -parties, however such information is privileged and confidential, so is not provided as part of the records request process.
  • Marginal note:Limit
  • (2) Subsection (1) does not apply if the third party consents to the access or the individual needs the information because an individual’s life, health or security is threatened.

PIPEDA PRIV.GC.ca REFERENCE: Principle 9 – Individual Access

4.9 Principle 9 — Individual Access

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note: In certain situations, an organization may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.

4.9.1

Upon request, an organization shall inform an individual whether or not the organization holds personal information about the individual. Organizations are encouraged to indicate the source of this information. The organization shall allow the individual access to this information. However, the organization may choose to make sensitive medical information available through a medical practitioner. In addition, the organization shall provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.

4.9.2

An individual may be required to provide sufficient information to permit an organization to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.

4.9.3

In providing an account of third parties to which it has disclosed personal information about an individual, an organization should attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, the organization shall provide a list of organizations to which it may have disclosed information about the individual.

4.9.4

An organization shall respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information shall be provided or made available in a form that is generally understandable. For example, if the organization uses abbreviations or codes to record information, an explanation shall be provided.

4.9.5

When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the organization shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

4.9.6

When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by the organization. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Your Organization’s Privacy Responsibilities

Under the “Individual Access” principle and Section 8 of PIPEDA your organization must:

  • On written request, inform individuals of the existence, use, and disclosure of their personal information, and provide access to that information, except as specified in Section 9 of PIPEDA;
  • Allow individuals to challenge the accuracy and completeness of personal information and have it amended as appropriate;
  • Upon receiving a request in writing:
    • inform individuals whether or not you hold personal information about them;
    • allow the individual access to this information;
    • provide an account of how you have used or will use the information; and
    • inform individuals of third parties to which the information has been disclosed.

EXCEPTION: Note that section 4.9 of PIPEDA does provide that in certain situations, an organization may not be able to provide access to all personal information it holds but exceptions should be limited and specific and reasons for not providing access should be provided to the individual.

  • When it is not possible to provide a list of organizations to which personal information has actually been disclosed, provide a list of organizations to which it may have been disclosed;
  • On request, provide any assistance required by individuals in preparing an access request;
  • Respond to an individual’s access request at minimal or no cost to the individual;
  • Respond to an individual’s access request with due diligence and in any case not more than 30 days after receipt of the request (note that an acknowledgment letter does not constitute a response). You must either provide the information requested or indicate that you do not have the information requested within 30 days;
  • Where an extended time limit is required, send the individual notice of extension no later than 30 days after the date of the request, advising of the new time limit, the reasons for the extension, and the right to complain to the OPC;
  • Provide requested information in a format that is generally understandable (e.g., explain any abbreviations or codes used to record information);
  • If you refuse an access request, inform the individual in writing, along with the reasons for the refusal and any recourse available to them under PIPEDA;
  • Retain personal information that is the subject of a request for as long as necessary to allow the individual to exhaust any recourse under PIPEDA;
  • When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, amend the information as required;
  • Where appropriate, transmit amended information to third parties having access to the information;
  • When a challenge is not resolved to the individual’s satisfaction, keep a record of the details of the unresolved challenge; and
  • Where appropriate, inform third parties having access to the information that an unresolved challenge exists.

Under the “Individual Access” principle, your organization should:

  • Be as specific as possible about third parties to which personal information about an individual has been disclosed; and
  • Where possible, indicate the source of the information when informing an individual that you hold information about them.

Under the “Individual Access” principle and Section 8 of PIPEDA, your organization may:

  • Extend the 30-day time limit for a maximum of 30 extra days if:
    • meeting the time limit would unreasonably interfere with the activities of the organization, or
    • the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet;
  • Extend the 30-day time limit for the period necessary for converting the personal information into an alternative formatFootnote5;
  • Respond to a request at a cost to the individual only if the individual has been informed of the approximate cost and has advised that the request has not been withdrawn;
  • Choose to make medical information available through a medical practitioner;
  • Ensure requestors provide sufficient information to permit you to provide an account of the existence, use, or disclosure of personal information, and use such information only for this purpose.

How to Meet these Objectives

Preparing for Access Requests

  • Ensure your privacy framework includes procedures for handling requests for access to personal information. Take into account all above-mentioned responsibilities under the “Individual Access” principle and Section 8 of PIPEDA. Ensure you can address requests for personal information in alternative formats;
  • Note all exceptions applicable to individual access as listed in Section 9 of PIPEDA. In any case where your organization refuses access, ensure that the refusal can be justified on the basis of a Section 9 exception;
  • Ensure that your organization’s information systems can facilitate the retrieval and accurate reporting of an individual’s personal information, including disclosures to third-party organizations, and that requested information can be obtained with minimal disruption to operations;
  • Ensure that staff assigned to process access requests know your organization’s responsibilities under the “Individual Access” principle, as well as the specific procedures and time limits to be observed and applicable exceptions under Section 9 of PIPEDA;
  • Ensure that staff know how to identify an access request and refer it to an appropriate officer within the organization;
  • Make information readily available to the public on how to request access to personal information with your organization.

Processing Access Requests

  • Help the individual prepare a request for access, which should be in writing, to personal information if required. On receiving an access request that requires clarification, ask the requester to supply enough further information to enable you to fulfill the request and use that information only for this purpose;
  • On receiving an access request, record the date of receipt and confirm the requester’s identity and right of access to the information;
  • Respond to an access request as quickly as possible and in any case within 30 days, and with minimal or no cost to the requester.
  • If you intend to charge costs, notify the requester of the approximate amount before processing the request, and confirm that he or she still wants to proceed;
  • On a specific request:
    • inform the requester whether or not your organization has any personal information about him or her;
    • indicate the source of the personal information if possible;
    • explain how your organization has used or is using the information;
    • provide a list of any other organizations to which your organization has disclosed the information;
    • when it is not possible to provide a list of organizations to which information has actually been disclosed, provide a list of organizations to which it may have been disclosed;
    • give the requester access to the information; and
    • give the requester a copy of the information requested.
  • Make sure all requested information is presented in understandable terms. Explain any acronyms, abbreviations, or codes.

Amending Personal Information

  • Allow requesters to challenge the accuracy and completion of their personal information;
  • If a requester can demonstrate that personal information is inaccurate or incomplete, amend the information in question. This can mean correcting, deleting or adding to the information;
  • If the personal information has been disclosed to third parties, give the amended information to those parties as appropriate; and
  • In cases where a challenge is not resolved to the individual’s satisfaction, note the disagreement on the individual’s file and advise third parties as appropriate.

Denial of Access

  • If your organization refuses to provide access to requested personal information:
    • notify the requester, in writing, of the refusal within 30 days of receiving the request;
    • explain to the requester the reasons for the refusal, citing any relevant exceptions specified in Section 9 of PIPEDA; and
    • inform the requester of any recourse he or she may have (such as the right to complain to the OPC).
  • Retain personal information that is the subject of a request for as long as necessary to allow the requester to exhaust any recourse under PIPEDA.

Extension of Time Limits

  • Make every effort to respond to an access request within the normal 30-day time limit. Rely on a time limit extension only in cases where:
    1. responding within the original 30 days would unreasonably interfere with activities of your organization;
    2. additional time is needed to conduct consultations; or
    3. additional time is needed to convert personal information to an alternative format.
  • Where an extension is warranted, do not extend the time limit for more than another 30 days in the case of items 1 and 2 above or for more any longer than necessary in respect of item 3 above; and
  • Where an extension is warranted, notify the requester in writing within 30 days of receiving the access request. At the same time, notify the requester of the reasons for the extension and of his or her right to complain to the OPC.

Privacy Cases

Bank refuses customer access to internal credit score

Complaint

An individual complained that a bank had refused him access to his personal information, specifically his credit score.

Summary of Investigation

After reading an article on the subject, the complainant had written asking his bank for his credit score. The bank refused him access, citing the exemption provided in section 9(3)(b) of the Personal Information Protection and Electronic Documents Act. The bank's position was that to give customers their internal credit scores would be to reveal confidential commercial information in the form of the credit scoring model on which the scores were based.

The bank confirmed that it maintained an "account management" credit score in connection with the complainant's use of his credit card. The credit score in question was the bank's internal credit score. It had been generated not by a credit reporting agency's standardized credit scoring model, but rather by a customized model unique to the bank and incorporating its strategic business priorities.

In support of the proposition that its internal credit scoring models were confidential commercial information, the bank made three main arguments:

(1) A confidentiality agreement between the bank and the firm from which it licensed the models prohibited the disclosure of account management scores. The Commissioner noted that, unless the scores were determined to be exemptable under section 9(3)(b) or some other provision of the Act, the Act would supersede any such confidentiality agreement.

(2) Credit scoring models should be deemed confidential commercial information by reference to the factors commonly considered by the courts in determining what constitutes a "trade secret" or in distinguishing between "commercial" and "business" information. In this context, the bank demonstrated to the Commissioner's satisfaction that it and other financial institutions did genuinely regard their internal credit scoring models as proprietary, confidential commercial information, analogous to trade secrets, and did treat and protect them accordingly. The Commissioner noted that he found this argument particularly compelling in making his determinations.

(3) The experience of other jurisdictions is instructive and supports the bank's position that credit scores should not be released. The Commissioner noted that, though practices in other countries ought not determine what rules should apply in Canada or how our own Act should be interpreted, he had nevertheless found the experience of other jurisdictions helpful in satisfying him that the depiction of internal credit scoring models as confidential commercial information was neither fanciful nor disingenuous.

In support of the proposition that releasing internal credit scores could reveal the models by which they were generated, the bank presented a forensic analysis of the risk of fraud contingent upon the availability of credit scores. That analysis concluded that, if internal credit scores were readily available, the integrity of a credit scoring model could be compromised on the basis of a relatively small number of known scores generated by the model. The Commissioner's Office consulted an expert in the field of algorithms, who found this conclusion to be correct on the whole and affirmed that access to customized credit scores would definitely make it easier to approximate a bank's model.

Commissioner's Findings

Issued July 22, 2002

Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act applies to any federal work, undertaking, or business. The Commissioner had jurisdiction in this case because banks are federal works, undertakings, or businesses as defined in the Act.

Application: Principle 4.9 states that, upon request, an individual must be informed of the existence, use, and disclosure of his or her personal information and must be given access to that information. Section 9(3)(b) is an exemption provision stipulating that an organization is not required to give access to personal information if to do so would reveal confidential commercial information.

The Commissioner was satisfied that the bank's internal credit scoring model was confidential commercial information. Moreover, on the cumulative basis of the submissions from this and an earlier case, he was persuaded in general that customized credit scoring models internal to financial institutions should in future be deemed confidential commercial information for purposes of the Act.

On the question whether the release of credit scores would reveal the model by which they were generated, the Commissioner found as follows:

He noted that section 9(3)(b), by using the word "would" rather than "could" or "might", set a very high standard for justifying the withholding of personal information.

Though willing to admit that it was technically possible to approximate a credit scoring model from knowledge of a few scores, he was not in the least persuaded that it would ever happen.

Specifically, the bank's submissions had failed to convince him that fraudsters would actually go to the lengths described in the risk analysis to deceive a bank. He found it especially difficult to accept the apprehension, evidently shared by all Canadian banks, that even one's competitors in the credit-granting community would as a matter of course resort to such tactics in order to "crack" one another's credit scoring models and gain competitive advantage.

Nevertheless, the fact remained that the bank had stated its belief and expressed its fear of inevitable fraud through manipulation of released credit scores and its mistrust of the competitive ethics of the credit-granting community. Having personally examined the bank's credit scoring model, he had no reason to suspect ulterior motives that might be contrary to the public interest, such as fear of giving rise to controversy or embarrassment for the bank.

However unlikely it seemed to him that the release of credit scores would reveal the internal scoring model, it was undeniably a prospect that the Canadian banking community continued to take very seriously and that he himself was unable to refute. Moreover, he continued to see no significant harm ensuing to Canadians' privacy rights from the inability to obtain internal credit scores.

Given his responsibility to achieve a balance between the privacy rights of individuals and the legitimate informational interests of organizations, he considered it only fair in the circumstances to accept the proposition that the release of internal credit scores would reveal the credit scoring model on which they were based.

The Commissioner found that, in citing the section 9(3)(b) exception for confidential commercial information to refuse the complainant access to his credit score, the bank had been acting in accordance with the Act.

He concluded that the complaint was not well-founded.

Further considerations

This finding is identical to the Commissioner's finding in a previous complaint against a different bank with regard to denied access to internal credit scores.

Date modified: 2002-07-22

Accountability, Transparency and Disclosure

MortageQuote Canada Corp. is responsible for the Personal Information under its control and has appointed a Chief Privacy Officer to comply in all material respects with applicable privacy legislation and the terms of this Privacy Policy.

The Chief Privacy Officer and those designated by the Chief Privacy Officer address and investigate questions or concerns regarding a Client's Personal Information.

Chief Privacy Officer

548 Rundleridge Drive NE

Calgary, AB T1Y 2K7

IT Providers to MortgageQuote Canada Corp.

As a Best-in-Industry Sector & Best-in-Industry Class company, MortgageQuote Canada Corp. relies on Best-in-Industry Sector & Best-in-Industry Class IT Vendors including the following:

Amazon Web Services, Inc

Google Inc.

Data Security Statement

The following certifications are earned by ourselves or our third-party IT infrastructure and delivery partners:

ISO 9001

ISO 27001

SSAE 16 / ISAE 3402

FISMA

Data is secured by a comprehensive, integrated network of our own internal servers and those of our reliable and proven third party suppliers.

With many users using our MortgageQuote Canada Corp. services, security and data protection are paramount for us. We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure.

If you are currently maintaining your data on personal computers or your own servers, the odds are that we offer a better level of security than what you currently have in place.

This document outlines some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.

At a high level, we’ve taken the following approach to secure the MortgageQuote Canada Corp. infrastructure:

  • Certifications and Accreditations. Some of MortgageQuote Canada Corp.’s third party suppliers have successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services.
  • Physical Security. MortgageQuote Canada Corp. has many years of experience in working with vendors who are in the business of designing, constructing, and operating large-scale data centers. MortgageQuote Canada Corp. infrastructure is housed in supplier-controlled data centers throughout the world. Only those within MortgageQuote Canada Corp. who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
  • Secure Services. Each of the services within the MortgageQuote Canada Corp. data system is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. This maintains data privacy.

Physical Security

Our third party datacenters are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.

  • 7x24x365 Security. The data centers that host your data are access controlled and guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
  • Video Monitoring. Each data center is monitored 7x24x365 with night vision cameras.
  • Controlled Entrance. Access to the MortgageQuote Canada Corp. data centers is tightly restricted to a small group of pre-authorized personnel.
  • Biometric, two-Factor Authentication. Two forms of authentication, including a biometric one, must be used together at the same time to enter a MortgageQuote Canada Corp. data center.
  • Undisclosed locations. MortgageQuote Canada Corp. servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
  • Bullet-resistant walls. MortgageQuote Canada Corp. servers are guarded safely inside bullet-resistant walls and perimeter fencing.

Our own office facilities have the following:

  • 24 Hour Monitoring. Each office facility is monitored by two-way security systems.
  • Controlled Entrance. Access to the MortgageQuote Canada Corp. data centers is tightly restricted to a small group of pre-authorized personnel.
  • Physical Barriers. MortgageQuote Canada Corp. offices have bars, locks, secure filing systems with lock access only; and additional preventive measures.

Network Security

Our supplier’s network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.

  • 128/256-bit SSL. The communication between your computer and our servers is encrypted using strong 128-bit keys (256-bit keys in many cases). What this means is that even if the information traveling between your computer and our servers were to be intercepted, it would be nearly impossible for anyone to make any sense out of it. Please check our product pages for details on which applications or plans support SSL.
  • IDS/IPS. Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
  • Control and Audit. All accesses are controlled and also audited.
  • Secured / Sliced Down OS. MortgageQuote Canada Corp. applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
  • Virus Scanning. Traffic coming into MortgageQuote Canada Corp. Servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.

People Processes

Designing and running data center infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. MortgageQuote Canada Corp.'s supplier’s security team has years of experience in designing and operating data centers and continually improves their processes over time. They have developed world class practices for managing security and data protection risk.

  • Select Employees. Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers' behalf.
  • Audits. Audits are regularly performed and the whole process is reviewed by management
  • As-Needed Basis. Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.

Safeguard Data

Source: Google.com: Rather than storing each user's data on a single machine or set of machines, we distribute all data—including our own—across many computers in different locations. We then chunk and replicate the data over multiple systems to avoid a single point of failure. We randomly name these data chunks as an extra measure of security, making them unreadable to the human eye.

While you work, our servers automatically back up your critical data. So when accidents happen—if your computer crashes or gets stolen—you can be up and running again in seconds.

Lastly, we rigorously track the location and status of each hard drive in our data centers. We destroy hard drives that have reached the end of their lives in a thorough, multi-step process to prevent access to the data.

Redundancy and Business Continuity

One of the fundamental philosophies of business computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.

  • Distributed Grid Architecture. MortgageQuote Canada Corp. services run on a distributed grid architecture. That means a server can fail without a noticeable impact on the system or our services. In fact, on any given week, multiple servers fail without our customers ever noticing it. The system has been designed knowing that server will eventually fail - we have implemented our infrastructure to account for that.
  • Power Redundancy. MortgageQuote Canada Corp. configures its servers for power redundancy – from power supply to power delivery.
  • Internet Redundancy. MortgageQuote Canada Corp. is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
  • Redundant Network Devices. MortgageQuote Canada Corp. runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
  • Redundant Cooling and Temperature. Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. MortgageQuote Canada Corp. servers are backed by N+2 redundant HVAC systems and temperature control systems.
  • Geo Mirroring. Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes. Please note geo mirroring is available on select products and plans.
  • Fire Prevention. The MortgageQuote Canada Corp. data centers are guarded by industry-standard fire prevention and control systems.
  • Data Protection & Back-up. User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure or disaster.

3rd Party Security Statements

Amazon: http://aws.amazon.com/security/

Google: https://support.google.com/a/answer/60762?hl=en

Zoho: https://www.zoho.com/security.html

Additional Information

While we cannot list all the details of our infrastructure for security reasons, rest assured that MortgageQuote Canada Corp.'s security practices, policies and infrastructure are proven and reliable.

Also visit: Legal See below

Feel free to contact us at businessdevelopment[at]mortgagequote.ca

MortgageQuote AND it's 3rd Party IT Vendor's, undergo several independent third party audits to test for data safety, privacy, and security.

Legal Disclaimer - Website

Your use of this Web site is at your own discretion.

The term user and website visitor is deemed to be interchangeable for the purpose of this document.

MortgageQuote Canada Corp. is exempted from all liability or potential liability relating to your use of the information or content of this Web site, including but not limited to any damages, losses or expenses of any kind arising from or in connection with this Web site or its use or any person's inability to use the site, or in connection with any failure of performance, error, omission, interruption, defect, delay in operation or transmission, computer virus or line or system failure, loss of data or otherwise, even if MortgageQuote Canada Corp. is advised of the possibility of such damages, losses or expenses.

Website visitors should conduct their own investigations, analysis, due diligence, draw their own conclusions, and make their own decisions. The user further acknowledges and agrees that MortgageQuote Canada Corp. does not assume and hereby disclaims any liability to any party for any loss or damage caused by the use of the information or documents contained herein or errors or omissions in the information contained in this document to make any investment or borrowing decision, whether such errors or omissions result from negligence, accident or any other cause.

All products and services in the pages of the Site are subject to the terms and conditions of the applicable agreements governing their use, which may change from time to time.

The Disclaimer is to be read by you together with any terms, conditions or disclaimers provided in the pages of the Site and in the Product Specific Legal disclaimers. In the event of any conflict, the terms provided in the pages of the Site and in the Product Specific Legal disclaimers will govern. The Product Specific Legal disclaimers relate specifically to a particular product or service and are displayed on each part of the Site that contains product information. The Product Specific Legal disclaimers contain important information and warnings regarding risks associated with the product or service.

The Product Specific Legal disclaimers should be accessed by you before reading the information for each product displayed on the Site and it is important that you read all of the information.

MortgageQuote Canada Corp. uses reasonable efforts to provide up-to-date, current and accurate information on this Web site but does not warrant its accuracy, adequacy, timeliness or completeness. This Web site is for informational or illustrative purposes only.

MQCC may monitor and gather information regarding visitors to the Site for the purposes of marketing, security, statistical analysis and systems development.

You should always seek personalized advice from qualified, licensed, registered and insured professionals before making any banking, finance, investment, insurance or financial planning decisions based upon any information provided on or though the Web site.

Rates, fees and other information is subject to change at any time without notice to users and the posted rates and fees on the site may not immediately reflect such changes.

The website www.mortgagequote.ca and websites related to mortgagequote.ca or tradenames of MortgageQuote Canada Corp., and all material herein/therein are the property of MortgageQuote Canada Corp.

No endorsement of any third party products, services or information is made or implied by any information, material or content referenced or included on, or linked from or to this Web site.

Copies or portions thereof may not be reproduced in any form or used in any medium without prior written consent of MortgageQuote Canada Corp.

NOTE TO NON-RESIDENT INVESTORS AND RISK WARNING

MQCC is incorporated in Canada. Advertising for products and services on this website that can be marketed within applicable jurisdictions that MQCC is registered to trade in Canada, has been approved to the extent required by law. Potential investors must note that in some or all respects the regulatory regime applying will be different from that of their home jurisdiction.

Mortgage investing is comparatively safe when compared to investing in corporations via stock certificates, corporate debentures or any investment requiring a prospectus or offering memorandum disclosure instrument. While the value of stock market and related public investments can go up and go down (volatility) and investors may not get back the amount originally invested; in mortgage lending you have "double security", in the form of the cashflow earning of the mortgagor and the underlying asset value of the real estate that is secured by your primary mortgage instrument.

The information published on the Site is general information only and is not intended to be specific investment or taxation advice. The information on the Site should not be used as the basis for investment decisions and readers of the Site must consult with appropriately qualified professional advisors, including a Private Equity Mortgage Professional PEMPTM, before making investment or other financial decisions. You should carefully read the applicable regulatory and non-regulatory disclosures contained on this website and in any literature forwarded to you.

LOCAL LAWS

It is important to note that the products, services and Information may not be available to residents of certain jurisdictions. Accordingly, the financial services detailed in the Site do not constitute an offer to transact business in any jurisdiction where such an offer would be considered unlawful. The Information does not constitute an offer or solicitation to buy or sell any currency, investment fund or other product, service or information to anyone in any jurisdiction in which an offer or solicitation is not authorized or cannot legally be made or to any person to whom it is unlawful to make an offer or solicitation. For information specific to your jurisdiction, please contact your financial advisor or Private Equity Mortgage Professional PEMPTM.

The terms and conditions applicable to any product, service or information will be those determined at the time of provision of the product, service or information. Please be aware of the laws of your country or that otherwise apply to you in relation to any of the matters described in these pages. If you choose to access the Site, you do so on your own initiative and are responsible for compliance with applicable local, national or international laws.

TRADEMARKS AND COPYRIGHTS

Certain names, words, titles, phrases, logos, icons, graphics or designs or other content in the pages of the Site are trade names or trademarks owned by MortgageQuote Canada Corp. or its subsidiaries, or trade names or trademarks licensed to them. The trademarks are distinguished from one another and accompanied, at first-time use, with the appropriate trade-mark symbol: ®/TM. These symbols are keyed to their respective legend which describes the owner or licensee of the trade-mark: ® Registered trade-mark of MQCC used, under license by MortgageQuote Canada Corp./ TM Trademark of MortgageQuote Canada Corp., used under license by MortgageQuote Canada Corp. MQCC is the parent company of (also known as) MortgageQuote Canada Corp.. The display of trademarks and trade names on pages of the Site does not imply that a license of any kind has been granted to anyone else. The Information is for your personal use only. Any unauthorized downloading, re-transmission, or other copying or modification of trade-marks and/or the contents of the Site may be a violation of any federal or other law that may apply to trade-marks and/or copyrights and could subject the copier to legal action. The Information is protected under the copyright laws of Canada and other countries. Unless otherwise specified, no one has permission to copy, redistribute, reproduce, republish, store in any medium, re-transmit, modify or make public or commercial use of, in any form, the Information.

INTERNET E-MAIL

Any unprotected e-mail communication over the Internet is, as with communication via any other medium (e.g. cellular phones, post office mail), not confidential, subject to possible interception or loss, and is also subject to possible alteration. MQCC is not responsible for and will not be liable to you or any one else for any damages in connection with an e-mail sent by you to MQCC or an e-mail sent by MQCC to you at your request or on an ad-hoc basis.

NO ENDORSEMENTS

No endorsement or approval of any third parties or their advice, opinions, information, products or services is expressed or implied by any Information.

NO LIABILITY

MQCC is not responsible for and will not be liable to you or anyone else for any damages whatsoever (including direct, indirect, incidental, special, consequential, exemplary or punitive damages) arising out of or in connection with your use of or inability to use the Site or the Information, or any action or decision made by you in reliance on the Site or the Information, or any unauthorized use or reproduction of the Site or the Information, even if MQCC has been advised of the possibility of these damages.

LINKS/SOFTWARE

Links from or to Websites outside the Site are meant for convenience only. MQCC does not review, endorse, approve or control, and is not responsible for any sites linked from or to the Site, the content of those sites, the third parties named therein, or their products and services. Linking to any other site is at your sole risk and MQCC will not be responsible or liable for any damages in connection with linking. Links to downloadable material situate on or through other sites are for convenience only and MQCC is not responsible or liable for any difficulties or consequences associated with downloading such material Use of any downloaded material is governed by the terms of the license agreement, if any, which accompanies or is provided with the software.

JURISDICTION

The Site is administered on behalf of the MortgageQuote Canada Corp. entities that comprise MQCC Private Lender Network by PrivateLender.org: Canada's Private Lender Network, based in Calgary, Canada. The Site will be governed by and construed in accordance with the laws of Alberta, Canada, without giving effect to any principles of conflicts of laws. All disputes, controversies or claims arising out of or in connection with the Site shall be submitted to and be subject to the exclusive jurisdiction of the Courts of Alberta, Canada. Through accessing the site you agree to submit and attorn to the exclusive jurisdiction of the Courts of Alberta, Canada to finally adjudicate or determine any suit, action or proceeding arising out of or in connection with the Site.

Feel free to contact any member of our team at 1-866-948-7283, should you have any questions. You may also email us at businessdevelopment[at]mortgagequote.ca