Data Security - Compliance with the new EU General Data Protection Regulation

Please find the information below pertaining our compliance and position regarding the EU's General Data Protection Regulation (GDPR). This primarily pertains to clients and customers of the brokerages that utilize our Electronic Signing functionality.

  1. Clients and NexOne users are required to consent to Electronic Signing for each signing session request that is sent to them. Clients can decline and sign on paper.

  2. Clients and NexOne users are required to enable location services when providing their location during the Electronic Signing process. They can opt out of sharing their location and only the IP address is required.

Accountability

  1. NexOne solutions are primarily hosted on Microsoft Azure. The underlying platform is protected by their inherent security practices, and protocols.
  2. Microsoft conducts ongoing security testing of the Azure platform and consents to certain customer-managed test when customers request permission. Microsoft maintains security certifications for Azure, including ISO 27001, SOC 1 & 2 Type 2, FedRAMP, and PCI Level 1.

Right to be Forgotten

  1. For all Real Estate transaction records, NexOne will not erase personal data to ensure that data compliance requirements are met in each provincial jurisdiction. If there are questions regarding these jurisdictional requirements, we recommend requesting more information from the Provincial Real Estate Council. In most jurisdictions, transaction information is required to be preserved for 7 years and at that time, NexOne will remove any personal information upon request by an Agent or their client.
  2. All non-transactional personal information will be removed upon request by NexOne users' EU clients.