Recognized by Deloitte Technology Fast 50™ awards

Privacy Policy

NESTO PRIVACY POLICY

Nesto Inc. (Nesto Inc. is hereinafter referred to as “we”, “us”, and “our”) is committed to the privacy and security of your personal information. This privacy policy (or “Policy” for short) describes how we collect, use, disclose and otherwise process your personal information, how we protect it and the controls you have over it. 

This Policy is incorporated into, and is subject to, our Terms of Service. Capitalized terms used but not defined in this Policy have the meaning ascribed in our Terms of Service.

This Policy applies to the Site, and any services rendered or made available through the Site, including our mortgage broker services (“Brokerage Services”), and the financial products and services that we provide as an approved lender in Canada (“Loan Services”) and any other service related to mortgages (“Mortgage Services”), which altogether will be referred to as the “Services”, including to your interactions in the course of your use thereof whether by phone, email, online chat or otherwise. This Policy does not extend to websites, mobile applications or other services of third parties. We are therefore not liable for their privacy policies, procedures and practices. 

By using the Services, by communicating with us or by agreeing to receive communications from us such as our newsletter and commercial electronic messages, you accept the terms and conditions of this Policy. If you do not agree with the terms and conditions of this Policy, or if you lack the capacity or authority to agree to these terms and conditions, do not browse the Site, or otherwise access or use the Services. We may also communicate the changes through our Services or by other means. 

1. Changes to this Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Site, indicate the date of the latest version, and comply with applicable laws. Your continued use of the Services after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy. If you disagree with any changes made to the Policy, please cease to use the Services. Additionally, if you restart using the Services, you are considered to have accepted the Policy then in effect.

2. How we Collect Personal Information

Some personal information is provided to us voluntarily by you (for example, when you create an account in order to use the Services) while some personal information is collected automatically (for example, when your browse the Site, cookies are placed on your Device (as defined in Section 3 below).

More precisely and without limitation, we collect your personal information in the following circumstances:

  1. When you create an account in order to use the Services;
  2. When you request our Brokerage Services, Loan Services or Mortgage Services, such as when you request information about mortgages, fill out a mortgage application, request a quote or a pre-approval letter, or when you upload documents or information to your account;
  3. When you communicate with us by phone, email, online chat or otherwise;
  4. When you submit a complaint; 
  5. When you schedule a meeting with one of our representatives or advisors with regards to the Services;
  6. When you apply for a job opening; 
  7. When you sign-up to our newsletter;
  8. When you interact with the digital content on the Site;
  9. When you participate in a contest or in a survey;
  10. When you post comments on the Site; and
  11. When you choose to give us permission to access your personal information from third party websites (for example, by linking to social media networks). When you do so, you allow us to collect information based on your settings and in accordance with the privacy policies of such Third-Party Services. It is your responsibility to control your settings and to read and understand those policies.

3. What Information Is Collected

1. Personal Information
For the purpose of this Policy, “personal information” means information about an identifiable individual as defined in the Personal Information Protection and Electronic Documents Act.

For example, and without limitation, we consider your given name, surname, date of birth, postal address, telephone number, mobile phone number and email address as personal information.

We collect multiple types of personal information to provide you with the Services, including:

  • Account information: To allow you to open an account with us, we collect your first & last name, province, email and password.
  • When you ask for a quote through our Services, we collect some information including whether you will live in the property, type of property you are interested in, price, and down payment.
  • Information sent through your communications or comments: When you send us messages, feedback, questions or leave a comment on our Site, we collect your contact information and the content of your message.
  • If you fill out a complaint form on our Site, we collect your name, email address, address, phone, and information about the reason for your complaint, your dissatisfaction, and the resolution sought.
  • If you apply for a job with us, we collect you name, email, phone number, resume/cv, cover letter and whether you are bilingual.
  • Mortgage loan application:

Though Nesto offers Brokerage Services, Loan Services and Mortgage Services, we are not a financial institution. However, in order to provide you with the Services, we need to collect standard mortgage application and mortgage servicing information from you.

When we provide Brokerage Services, we act as an intermediary with financial institutions. We need to collect the personal information required by the financial institutions to pair you with provide you products and services. We collect this personal information to facilitate your mortgage application, and help you match you with potential lenders that are best suited to your needs.

When we provide Loan Services or Mortgage Services, we need to collect this information to verify your mortgage application and subsequent mortgage servicing so we can provide you with our products and services. If you have a co-purchaser, we will require information from them as well. 

We collect information through your mortgage application, including:

  • Identification information, including, full name, date of birth, address, email and phone number;
  • Information about your employment situation, including as your place of work, and information from your employer (for example, an employment statement);
  • information about your financial situation, including proof of employment, proof of income, proof of assets, indebtedness, credit reports, details of the client’s assets (if any), credit history, and any other important details that may be required to process your mortgage application.

We may also ask for your Social Insurance Number (SIN) so that we can provide your information to a credit reporting agency in order to perform a credit analysis. The SIN is the best way to ensure that the information we are provided by the reporting agency actually refers to you. Providing your SIN assists us with accurate and timely processing of your application.

If you consult one of our advisors by telephone (for example, for help filling out a mortgage application), we may record the call for training and quality assurance.

2. Information Collected Automatically

Like most modern Internet sites and mobile applications, the Site uses cookies to record user browsing activity, such as pages visited, or technological information such as the Internet browser and operating system used to visit the Site. The use of cookies and similar tracking technologies enables us to improve the Site’s performance, remember your preferences/settings, offer you an optimal experience with the Site, personalize the Services and, in accordance with applicable laws, send you advertisements tailored to your interests.

A cookie is an alphanumeric online identifier that is set on your computer, tablet or mobile (“Device”) when you use the Site. If you are looking for more information on cookies, you can refer to websites such as http://www.cookiecentral.com/ and https://www.allaboutcookies.org/.

Cookies can be set by us on your Device or by a third party (such as our partners).

The Site contains content from and hyperlinks to certain third parties’ websites, locations, platforms, and services (“Third-Party Services”). In addition, the Site contains cookies operated by third parties. For example, we use certain third-party analytics services, such as Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting and other integrated services that require Google Analytics to collect information, including the collection of information via cookies. You can opt out of having made your activity on the Services available to Google Analytics by installing the Google Analytics opt-out browser add-on. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

We conduct interest-based advertising, also referred to as targeted advertising or behavioural advertising on our Site. Retargeting means that the ads that you are being served are personalized based on your behaviour when browsing online, Ad serving services, advertisers, and other third parties may use tracking technologies on the Site and on the Third-Party Services to track your activities across time and services, and tailor ads to you based on your activities, which may include sending you an ad on a Third-Party Service or third-party device after you have left the Website. For instance, our Site uses Bing, Snapchat, LinkedIn and Twitter cookies. If you are not comfortable with this, you can opt out of interest-based advertising by managing your cookies and other tracking technologies in your browser settings.

The Site contains social media plugins provided by social media platforms in order to allow you to interact with us on these platforms. By browsing the Site, your browsing information may be transferred directly to the relevant social media platform, even without direct interaction on your part, due to the sole presence of the buttons on the Site. These cookies are not under our control. Please consult the privacy policies of each of these social media platforms to know more about their use of cookies and other tracking technologies and how they work.

In general, the information collected by cookies is not considered personal information since it cannot be used to identify you. You may set your Internet browser to reject cookies if desired; however, this may result in loss of functionality of certain features of the Site.

Please note that we use the web analysis tool FullStory to continuously develop our Site and provide visitors with the best possible experience. FullStory is provided by our software partner FullStory Inc, 120 Ottley Dr., NE, Ste. 100, Atlanta, GA 30324, United States of America (“FullStory”). FullStory records the DOM (Document Object Model) elements within the browser window together with the associated CSS styles. The DOM is the interface between HTML and dynamic JavaScript. All elements become objects that can be called, changed, added and deleted dynamically. CSS is a stylesheet language for electronic documents and together with HTML and DOM one of the core languages of the World Wide Web. Dynamic changes to DOM elements, e.g. by using Javascript, are also recorded. This allows sessions to be recorded on dynamic web pages. FullStory also uses cookies, which enable session-based analysis of your use of the website. The data generated by the cookie and other records about visits to our websites are sometimes stored, processed and made available to us by FullStory. FullStory only records your IP address and deletes it automatically after a period of 30 days at the latest. By using the “Discard user IP addresses” extension, we ensure that FullStory does not transmit your IP address to us. Furthermore, form fields and other areas that contain personal data are not recorded. For this we use the mechanism “Excluded elements”, which is part of the functionality of FullStory. For clarification, no personal data will be transmitted to us by FullStory. You can prevent the provision of your data by selecting the opt-out option: https://www.fullstory.com/optout/. For more information, please refer to FullStory’s privacy policy, which can be found here: https://www.fullstory.com/legal/privacy/.

3. Information About Someone Else
As set forth in the Terms of Services,, your account is intended for your use and information between accounts is not shared, even if the accounts are both involved in the same transaction. Therefore, if you wish to co-purchase a property with another individual, you will each need to upload documents to your individual accounts, since the documents in one account are not accessible to another. YOU MUST ENSURE THAT YOU HAVE THE REQUIRED CONSENT OF YOUR CO-PURCHASER PRIOR TO SHARING ANY OF THEIR PERSONAL INFORMATION WITH US.

4. Children’s Information
We do not knowingly collect personal information from children through our Services. If you are a minor under the laws applicable to your place of residence, please do not submit to us any personal information without the express consent of a parent or guardian.

4. How we Use Personal Information

We take steps designed to ensure that only those employees who need access to your personal information to fulfill their employment duties will have access to it. We may use your personal information to:

  • Manage the account creation process on the Site, and, more generally, manage your account;
  • Deliver the products and services you have requested through the Services;
  • Design, maintain, analyze, manage, improve, market and provide products and services via the Site;
  • To assess your application in order to provide you with Loan Services and/or Mortgage Services; 
  • Help us perform transactions and verify your identity with the transaction you have requested;
  • Provide access to the Site;
  • Respond to your queries, questions and comments;
  • Perform quality assurance, marketing and other business analysis;
  • Organize contests and other promotional activities;
  • Contact you in connection with products and services you have requested;
  • Communicate with you about changes to our policies;
  • Send you surveys with regards to the Services, namely satisfaction surveys, in accordance with applicable laws or with your consent (if required);
  • Understand your needs and interests and provide you with optimal services and personalized advertisements, services and products by performing profiling, where permitted under applicable laws or with your consent (if required); 
  • Improve the Site performance, respond to your requests regarding the Site, remember your preferences/settings with regards to the Site;
  • Send you specific information, promotional and marketing communications about us or third-party products and services (for example, offers, discounts, newsletters and birthday communications), where permitted under applicable laws or with your consent (if required); 
  • Protect against error or fraud;
  • Comply with legal and auditing requirements;
  • Investigate breaches of the Terms of Service or the Policy; and
  • Collect debts owed to us by you.

Additionally, we may use and disclose your personal information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce the terms of the agreements for our products and services; (e) to protect our rights, operations or property; (f) to allow us to pursue available remedies or limit the damages that we may sustain. In addition, we may transfer your personal information and other information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets.

5. Disclosure of Personal Information

In certain circumstances or in order to perform the Services, we may disclose your personal information with:

  1. Service Providers
  2. We use other organisations to help us process personal information to perform a variety of services on our behalf, such as e-commerce providers, hosting, data storage and processing service providers, and research and analytics. 
  3.  Financial Institutions and Approved Lender:
  4. In order to provide you with the Brokerage Services, we may share your personal information with financial institutions; 
  5. Promotional Partners
  6. We may share your personal information with third parties who may or may not associate themselves with us, for any activities such as but not limited to contests and other promotions;
  7. An Acquirer, Successor or Assignee
  8. In the event of change of ownership, sale, merger, liquidation, reorganization, acquisition of Nesto, in whole or in part, or in the event of any other business transactions or bankruptcy, your personal information may be transferred as part of the transaction;
  9. Law Enforcement, Governmental and Administrative Entities
  10. We may disclose your personal information with law enforcement, government and administrative entities if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facility valid court order, judicial or other governmental subpoena or warrant, or to otherwise cooperate with law enforcement, governmental and administrative entities;
  11. Social Media Networks or other Service Providers
  12. We may share your personal information with social media networks and other service providers to use their marketing tools for the purposes of target and look alike marketing. For example, we may use Customer Audiences from Facebook to match the people on our customer list with people on Facebook. This enables us to target our advertisements on Facebook to the audience that has been created by Facebook through its Customer Audiences tool.

If we provide your personal information to third parties, then we require that the recipients keep your personal information secure, and only handle it for limited purposes for which it is provided.  We do not authorize third-party providers to disclose your personal information to unauthorized parties. We do not authorize third parties to use your personal information for their direct marketing purposes, except for our advertising partners. 

However, if we are unable to provide you with our Services during the mortgage experience, we will refer and transfer you (directly or indirectly) to third-party partners who may be able to help address your mortgage requirements that you may qualified for.  Prior to disclosing your personal information to third-party partners, we will obtain your specific and explicit consent for such purpose before they begin marketing and offering their products and services.   

In this context, such third-party partners are acting on their own behalf and we do not control their practices regarding your personal information. This Privacy Policy does not govern any third-party products and services, which are subject to their own distinct contracts and privacy policies with the concerned third-party partner.  These third-party partners may also be the subject of an additional contract with us.  

6. Storage of your Personal Information

While your personal information will be collected and stored on servers in Canada, it may be disclosed to, stored and/or otherwise processed by third parties who are located in other countries. For example, some of the service providers that process or handle personal information on our behalf are located outside of Canada. Regardless of where the processing of your personal information takes place, we will take steps to protect your personal information in accordance with this Policy, data protection laws, and where required by applicable laws, recognized data transfer mechanisms. While we use reasonable means to safeguard your personal information, it is subject to the legal requirements and governmental authorities of the foreign jurisdictions in which it is located. For example, we may be legally required to disclose personal information to a governmental authority of a foreign jurisdiction in which your personal information is located.

7. Personal Information Security

We have adopted reasonable security procedures to help protect against loss or theft, unauthorized access, disclosure, copying, use, or modification to the personal information you provide to us. Despite the measures outlined above, no method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security.  

8. Retention Period

We will retain your personal information only as long as is necessary for the fulfillment of the purposes outlined in this Policy or for a longer period if required or permitted under applicable laws and regulations or internal document retention policies. Please note that if you merely unsubscribe from marketing communications such as the newsletter, we may nonetheless continue to use your personal information for marketing and business analytics purposes, unless you withdraw your consent to this activity by following the procedure set out in the “Withdrawal of Consent” section of this Policy.

9. Right to Consult and Correct Personal Information

You have the right to consult all personal information that relates to you and that is held by us, and to correct any such personal information that is inaccurate or outdated.

Information stored in your account profile may be consulted through our and corrected directly by you if necessary.

Information collected by cookies is stored in cookie files located on your device, and thus can be accessed or modified by you without involving us.

For all other privacy-related requests, you may contact us via email using the contact information in the “Contact Us” section of this Policy. Depending on the nature of your request, a reasonable fee may be required before we transcribe, reproduce, or transmit your personal information.

10. Withdrawal of Consent

You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us via email using the contact information in the “Contact Us” section of this Policy. However, before we implement the withdrawal of consent, we may require proof of your identity or quality.

In some cases, withdrawal of your consent to our collection, use or disclosure of personal information may mean that we will no longer be able to provide certain products or services to you, including access to the Site.

11. Updates to this Policy

This Policy is current as of the “updated” date which appears at the bottom of this page.  We may modify this Policy from time to time.  When changes are made to this Privacy Statement, they will become immediately effective when published in a revised Privacy Statement posted on our website unless otherwise noted.  We may also communicate the changes through our services or by other means.  

12. Contact

If you have any questions or comments about this Policy or your personal information, or to make a request to access your personal information or have it corrected, please communicate with our Privacy Officer by email using the following contact information: privacy@nesto.ca

Third Party Partners:

[Last update: December 2021]

[Prior Version 2.0]