nesto acquires CMLS Group

Privacy Policy

[Link to French version]
[Last update: August 8th, 2023]
[Version 2.0]

nesto Inc. (hereinafter referred to as “nesto”, “we”, “us”, and “our”) is committed to the privacy and security of your personal information. This privacy policy (or “Policy” for short) describes how we collect, use, and disclose your personal information, how we protect it, and the controls you have over it.

This Policy applies to nesto’s website (“Site”), and any services rendered or made available through the Site, including our mortgage broker services (“Brokerage Services”), and the financial products and services that we provide as an approved lender in Canada (“Loan Services”) and any other service related to mortgages (“Mortgage Services”), which altogether will be referred to as the “Services” and which are further described in your agreement(s) with nesto for such Services (“Agreement”). This Policy also applies  to your interactions in the course of your use of the Services, whether by phone, email, online chat or otherwise. This Policy does not extend to websites, mobile applications or other services of third parties. We are therefore not liable for their privacy policies, procedures and practices. 


Please review this Policy before providing us with your personal information, using the Site or our Services, or creating any user account in connection therewith. If you do not agree with this Policy, do not provide us with your personal information, use the Site or our Services, or create any user account.

This Policy is divided into the following sections.

  1. What Information Is Collected
  2. How We Collect Your Personal Information
  3. Why We Collect and Use Your Personal Information
  4. Your Consent
  5. To Whom We Disclose Your Personal Information
  6. Cross-Jurisdictional Transfers
  7. Protection of Your Personal Information
  8. How Long We Retain Your Personal Information
  9. Information about Someone Else
  10. Your Rights
  11. Links to Other Websites and Advertising
  12. Social Networks
  13. Changes to This Policy
  14. Contact
  1. What Information Is Collected

For the purpose of this Policy, “personal Information” includes any information which relates to a natural person and allows that person to be identified directly, or indirectly in combination with other information. It does not include personal information where all references to the identity of the relevant Individual have been removed (i.e., anonymous personal information).

We may collect, use, and disclose the following categories of personal information about you, including but not limited to:

  • Identification Information, such as your first name, last name, preferred name, title and marital status;
  • Contact Information, such as your email, address (including over the last three years if for a credit application and length of time at a given address), postal code, and telephone numbers;
  • Account information, such as your user name, password;
  • Credit Assessment Information, such as your credit score, residential situation (e.g. rent/own/live with parents), past consumer proposals or bankruptcies, employment situation, annual income, income sources, investments, financial liabilities, institution where your primary account is held, and any other information that nesto may require to offer you a Service;
  • Property Information about a property that you wish to finance or have already financed with nesto;
  • Service Information, such as the type of Service nesto is providing you with, mortgage amount, down payment, intent, if the property will be owner-occupied, and any other information pertaining to nesto’s servicing and administering a nesto Service offered to you;
  • Client Communications, such as messages, opinions, complaints, evaluations, questions, or comments that you provide to us, as well as your contact information and the content of your message;
  • Career Information, such as your name, phone number, resume/cv, cover letter, language proficiency, and other information that you choose to add to your application for one of our roles;
  • Technical Information, such as internet protocol (IP) address and geolocation information, cookies and other technology on the devices you use to access the Site; and 
  • Internet Activity Information, such as browsing history, search history, and interactions with our Site and online advertisements. In addition, we may collect information about your browsing behaviour, such as the date and time you visit the Site, the areas or pages of the Site that you visit, the amount of time you spend viewing the Site, the number of times you return to the Site, the websites that you visit before or after you visit our Site and other click-stream data. 
  1. How We Collect Your Personal Information
    1. Information that You Provide

Some personal information is provided to us voluntarily by you (for example, when you create an account in order to use the Services) while some personal information is collected automatically (as described below at Section 3.2).

More precisely and without limitation, we collect your personal information in the following circumstances:

  • When you create an account in order to use the Services;
  • When you request our Brokerage Services, Loan Services or Mortgage Services, such as when you request information about mortgages, fill out an application for our Services (“Application”), request a quote or a pre-approval letter, or when you upload documents or information to your account;
  • When you communicate with us by phone, email, online chat or otherwise;
  • When you submit a complaint;
  • When you schedule a meeting with one of our representatives or advisors with regards to the Services;
  • When you apply for a job opening;
  • When you sign-up to our newsletter;
  • When you interact with the digital content on the Site;
  • When you participate in a contest or in a survey;
  • When you post comments on the Site; and
  • When you choose to give us permission to access your personal information from third party websites (for example, by linking to social media networks). When you do so, you allow us to collect information based on your settings and in accordance with the privacy policies of such Third-Party Services. It is your responsibility to control your settings and to read and understand those policies.

Though nesto offers Brokerage Services, Loan Services and Mortgage Services, we are not a financial institution. However, in order to provide you with the Services, we need to collect standard mortgage application and mortgage servicing information from you, including Credit Assessment Information, Property Information and Service Information.

When we provide Brokerage Services, we act as an intermediary with financial institutions. We need to collect the personal information required by the financial institutions to pair you with a financial institution that can provide you products and services. We collect this personal information to facilitate your mortgage application, and help match you with potential lenders that are best suited to your needs.

When we provide Loan Services or Mortgage Services, we need to collect this information to verify your mortgage application and subsequent mortgage servicing so we can provide you with our products and services. If you have a co-purchaser, we will require information from them as well. 

If you consult one of our advisors by telephone (for example, for help filling out a mortgage application), we may record the call for training and quality assurance.

If you provide us with personal information of another individual, you represent that you have obtained all necessary consents from such person to enable us to collect and process such personal information for the purposes set forth in this Policy.

  1. Information Collected Automatically

As you interact with our Site, we will automatically collect Technical Information and Internet Activity Information about your equipment and browsing actions and patterns. We collect this information by using cookies, pixels, server logs and other similar technologies. We may also receive Technical Information and Internet Activity Information about you if you visit other websites employing our cookies. 

A cookie is a small text file that may be stored on the hard drive of your computer when you access the Site. We may also use cookies to: (1) provide you with customized content and interest-based advertising; (2) monitor our Site’s usage; and (3) conduct research to improve our content and services. You are free to accept or decline cookies at any time, but by doing so, you may not be able to use certain features on the Site or take full advantage of all our offerings. Check the “Help” menu of your browser to learn how to change your cookie preferences.

In addition, the Site contains cookies operated by third parties. For example, we use certain third-party analytics services, such as Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting and other integrated services that require Google Analytics to collect information, including the collection of information via cookies. You can opt out of having made your activity on the Services available to Google Analytics by installing the Google Analytics opt-out browser add-on. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

We conduct interest-based advertising, also referred to as targeted advertising or behavioural advertising on our Site. Retargeting means that the ads that you are being served are personalized based on your behaviour when browsing online. Ad serving services, advertisers, and other third parties may use tracking technologies on the Site and on the Third-Party Services (as defined below) to track your activities across time and services, and tailor ads to you based on your activities, which may include sending you an ad on a Third-Party Service or third-party device after you have left the Website. For instance, our Site uses Bing, Snapchat, LinkedIn and Twitter cookies. If you are not comfortable with this, you can opt out of interest-based advertising by managing your cookies and other tracking technologies in your browser settings.

The Site contains social media plugins provided by social media platforms in order to allow you to interact with us on these platforms. By browsing the Site, your browsing information may be transferred directly to the relevant social media platform, even without direct interaction on your part, due to the sole presence of the buttons on the Site. These cookies are not under our control. Please consult the privacy policies of each of these social media platforms to know more about their use of cookies and other tracking technologies and how they work.

In general, the information collected by cookies is not considered personal information since it cannot be used to identify you. You may set your Internet browser to reject cookies if desired; however, this may result in loss of functionality of certain features of the Site.

Please note that we use the web analysis tool Smartlook to continuously develop our Site and provide visitors with the best possible experience. Smartlook also uses cookies, which enable session-based analysis of your use of the website. The data generated by the cookie and other records about visits to our websites are sometimes stored, processed and made available to us by Smartlook. Smartlook only records your IP address and deletes it automatically after a period of 30 days at the latest. You can prevent the provision of your data by selecting the opt-out option. For more information, please refer to Smartlook’s privacy policy, which can be found here.

  1. Why We Collect and Use Your Personal Information

We may use your personal information for the purposes for which it was collected, as set out in this Policy, for other purposes permitted by law, or for other purposes with your consent.

We may use the information collected for the following purposes:

PurposeType of personal information
Manage the account creation process on the Site, and, more generally, manage your accountIdentification
Contact Information
Account Information
To assess your Application in order to provide you with our Services, including to verify your creditworthinessIdentification
Contact Information
Credit Assessment
Property Information
To provide you with the products and services you have requested through the Services and as further described in an AgreementIdentity Personal Information
Contact Personal Information
Property Information
Service Information
To provide you with access to our Site and to enhance your convenient use of our SiteTechnical Information 
Internet Activity Information
Respond to any communication we receive from youIdentity Information
Contact Information
Client Communications
Organize and inform you about contests and other promotional activitiesIdentity Information
Contact Information
Understand your needs and interests and provide you with optimal services and personalized advertisements, services, products and other communicationsIdentity Information
Contact Information
Service Information
Credit Assessment Information
Help us develop, deliver, improve and provide you with our best services, content and communicationsIdentity Information
Contact Information
Account Information 
Service Information
Technical Information
Internet Activity Information
Credit Assessment Information
Provide you with access to our online recruitment service and provide you with employment opportunitiesIdentity Information
Contact Information
Career Information
Protect against error or fraudAll categories of information
Comply with legal and auditing requirementsAll categories of information
Investigate breaches of the Terms of Service or the PolicyAll categories of information
Collect debts owed to us by youAll categories of information
  1. Your Consent

We will only collect, use and disclose your personal information with your consent. 

Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information.  In connection with your Application(s) and Agreement(s) you will be asked to consent expressly to our collection of personal information for the purposes identified herein. Additionally, you will be asked to consent expressly to any collection of personal information about you that is particularly sensitive, such as information about your credit history and social insurance number. In other cases, your consent is implied, such as when you respond to a customer satisfaction survey or speak with our representatives after having been notified that the call may be recorded.

We do not knowingly collect personal information from anyone under the age of 14 (“child” or “children”). If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to delete that information.

Please consult Section 11.5 to learn about your right to withdraw your consent.

  1. To Whom We Disclose Your Personal Information

We may communicate your personal information to third parties in the following circumstances:

  1. with our service providers who help us (i) fulfil the purposes for which your personal information was collected, including e-commerce providers, mortgage servicing and / or mortgage administration providers, hosting providers and data storage and processing providers and marketing providers (including social media companies), and (ii) analyze the profiles and characteristics of our Site’s visitors and the Services (such as research and analytics), and job applicants to better understand them; 
  2. with Financial Institutions and an approved lender, in order to provide you with the Services;
  3. with credit-rating agencies (Equifax and TransUnion), in order to assess your application and provide the Services;
  4. with our promotional partners for any activities such as contests and other promotions;
  5. to comply with our obligations under any law or regulation, investigation, subpoena or order of a court, tribunal or other administrative or governmental authority;
  6. with law enforcement or a government institution in order to investigate fraud or potential fraud, as well as any other violation of a law, regulation, or the terms and conditions of use of the Site or any agreement with you in connection with the Services, and/or in order to protect the rights, property, or safety of nesto, our customers/users, or our partners; 
  7. with an acquiring organization in the event of a proposed or actual purchase (including liquidation, realization, seizure, or repossession), concession, merger, business combination, or any other type of acquisition, liquidation, transfer, translational contract, or financing of nesto in whole or in part or of any property, share, assets, stock, or business of nesto; and
  8. with referral partners (with your express consent), who may be able to help address your mortgage requirements if we are unable to provide you with our Services during the mortgage experience. 

If we provide your personal information to third parties, then we require that the recipients keep your personal information secure, and only handle it for limited purposes for which it is provided.  We do not authorize third-party providers to disclose your personal information to unauthorized parties. We do not authorize third parties to use your personal information for their direct marketing purposes, except for our advertising partners. 

  1. Cross-Jurisdictional Transfers

By providing us with personal information, you acknowledge and agree that your personal information may be transferred to other jurisdictions for processing and storage, including in servers located across Canada and in the United States, where laws regarding the protection of personal information may be less stringent than the laws in your jurisdiction. Further, your personal information may be accessible to law enforcement, national security authorities, and the courts of such jurisdictions. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information. 

  1. Protection of Your Personal Information

To prevent unauthorized access or disclosure, maintain data accuracy and facilitate the appropriate use of data, nesto uses physical, technological and administrative procedures to attempt to protect the integrity of its Site and Services and the confidentiality of personal information that it collects, uses, and discloses. Nevertheless, Internet transmissions are never completely private or secure. nesto cannot be liable for any breaches of confidentiality due to system failures or unauthorized access by third parties.

  1. How Long We Retain Your Personal Information

nesto only keeps personal information for as long as necessary and for the purposes for which it was collected, or for as long as required to comply with any applicable legal obligation and its documents retention policies. The length of time personal information is kept varies according to the nature of the information, and it may extend beyond the end of the relationship between an Individual and nesto.

When the personal information collected is no longer required by nesto, the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form are applied.

In some circumstances, we will anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes or other legitimate reasons, in which case we may use this information indefinitely without further notice to you.

  1. Information about Someone Else

As set forth in the Terms of Services, information between accounts may be shared in the event that those accounts are both involved in the same transaction. Therefore, if you wish to co-purchase a property with another individual (e.g.: your spouse), you may act as a main applicant and add the other individual to the application as a co-applicant. YOU MUST ENSURE THAT YOU HAVE THE REQUIRED CONSENT OF YOUR CO-PURCHASER PRIOR TO SHARING ANY OF THEIR PERSONAL INFORMATION WITH US.

  1. Your Rights

Subject to certain exceptions, as permitted by law, you have the following rights in relation to the personal information we hold about you

  1. Your right of access

You have the right to access the personal information we hold about you and to receive a general account of our uses of that personal information. Upon receipt of a written request from you, we will provide you with a copy of your personal information, although in certain limited circumstances, we may not be able to make all relevant personal information available to you, for example, where that personal information also relates to another individual. In such circumstances, we will, upon request, provide you with the reasons for such refusal. We will endeavour to deal with all requests for access to personal information in a timely manner.

  1. Your right to rectification

If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. Where appropriate, such amended personal information will be provided to the parties to whom we are authorized to disclose your personal information. Information stored in your account profile may be corrected directly by you if necessary. Information collected by cookies is stored in cookie files located on your device, and thus can be modified by you without involving us.

  1. Your right to erasure

You can ask us to delete or remove your personal information in some circumstances such as where we no longer need your information to fulfill the purposes for which it was collected, or if you withdraw your consent (where applicable because your consent was the legal basis on which we were processing your personal information).

  1. Your right to portability

You may have the right, in certain circumstances, to obtain personal information you have provided us with in a structured, commonly used, and machine readable format and to reuse it elsewhere or to ask us to transfer this to a third party of your choice. 

  1. Your right to withdraw consent

If we rely on your implicit or explicit consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you, including the Services. We will advise you if this is the case at the time you withdraw your consent. We may use your information to send important notices or communications regarding your orders, even if you have opted out from our marketing communications.

  1. Links to Other Websites and Advertising

The Site may occasionally contain links to other sites not operated by nesto (“Third Party Services”). nesto is not responsible for the privacy practices or the content of those websites. Please be sure to review the privacy policies of those sites.

The Site may display advertisements and/or links to third party sites. These advertisements or links may contain cookies placed by those third parties. nesto is not responsible for those advertisements, the websites to which they are linked, or how any other linked sites may use their own cookies or information. For example, cookies received with banner ads may be collected by the company posting the ad on nesto’s Site. Please refer to that company’s privacy policy for further information.

  1. Social Networks

The use of social networks in connection with nesto’s Site may lead to the collection and exchange of some personal information between nesto and such social networks. We invite you to read the privacy policy posted on the social networks’ websites to be aware of what personal information can be transmitted to nesto as well as the purposes of processing of your personal information by such social networks, in particular for advertising purposes. You can directly configure and control the access to and confidentiality of your personal information. nesto shall not be responsible for any use of your personal information by social networks on their account.

  1. Changes to This Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Site, indicate the date of the latest version, and comply with applicable laws. Your continued use of the Services after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy. If you disagree with any changes made to the Policy, please cease to use the Services. Additionally, if you restart using the Services, you are considered to have accepted the Policy then in effect. 

  1. Contact

If you have any questions or comments about this Policy or your personal information, or to make a request to access your personal information or have it corrected, please communicate with our Privacy Officer by email using the following contact information: