top of page
Privacy Policy

OVERVIEW

The Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA) governs how organizations collect, use, and disclose personal information of individuals in the course of business. This privacy policy is intended to provide information on the way in which we use, collect, and disclose the personal information of our clients. Only the information that we require in order to carry out our services will be documented and stored in a secure manner. We always ensure to protect the personal information of our clients while in the course of business. The Office of the Privacy Commissioner (Commissioner) oversees PIPEDA and addresses complaints by individuals.

 

PURPOSE

We collect personal information from our clients in order to properly and accurately represent them, and such, in accordance with PIPEDA. The information that we collect may also include information of other entities with whom our clients conduct business. This may be needed in order to facilitate our services to our clients. Any changes in the use of the information that we collected shall be done with the express consent of our clients. This means that if we collected client information for a certain purpose and later needed to conduct a separate, unrelated matter for the same client, we will obtain the client's consent prior to using the information for the separate, unrelated matter. 

 

CONSENT

Collection of personal information includes an individual's name, age, income, heritage, medical records, Social Insurance Number, marital status, education level, and more. Consent can be either express or implied. Our standard retainer provides an express consent provision. Consent to use, collect and disclose your personal information may be implied by your conduct with us. This may include correspondence and communications about retaining our services. By engaging us, consent may be implied. Throughout the duration of our engagement, we will continue to obtain necessary personal information in order to accurately represent you, and such, in accordance with PIPEDA. We make attempts to collect information directly from our clients, but may need to collect information indirectly from other sources, when necessary, all of which is completed in a legal manner consistent with PIPEDA. Legal exceptions to having to obtain consent include as follows:

  • if asking for express consent has the effect of compromising the accuracy of the information;

  • collection of information is in the best interests of our client;

  • information is in a witness statement and the collection is needed to settle an insurance claim;

  • to comply with the law, including warrants, subpoenas, and investigations.

 

Clients may withdraw their consent. This withdrawal may be subject to certain restrictions depending on the circumstances. If that's the case, reasonable notice may be required.

USE AND DISCLOSURE OF INFORMATION

  1. Personal information provided to us by our clients may need to be disclosed to third parties in order for us to properly represent and act in our clients' best interests. We only disclose information required by a third party in order to complete the tasks for which the information was needed. This may include, for example, having to disclose personal information to a government authority in order to register our client with a regulatory government body.
     

  2. When information is provided to us, whether upon our request or not, the delivery of such information is deemed to be done with consent, and we may collect, use, and disclose that information.
     

  3. Notwithstanding the foregoing, our clients' personal information shall be treated with the strictest confidence, and thus, any personal information shall not be disclosed without consent, unless otherwise required by law. However, as a profession bound by a code of conduct, such code may require the disclosure of personal information pursuant to such code under certain circumstances.
     

  4. In accordance with our professional obligations, rules and regulations, we may be subject to audit by its professional governing body. Such an audit may require the disclosure of sensitive client information. Auditors and file reviewers are subject to the same code of confidentiality, and therefore client information shall not be disseminated.
     

SECURITY AND RETENTION OF INFORMATION

Pursuant to our professional code of conduct, we are required to retain information of our clients in accordance with the terms therein. We adhere to the requirements of our professional code of conduct. We will only retain personal information for as long as it is necessary to complete the tasks for which we were retained. We shall discard all of our clients' personal information, whether digitally stored or otherwise, and shall comply with applicable law in doing so. During the destruction process, all information that we hold shall be kept confidential.

SAFEGUARDING INFORMATION

We hold physical records and electronic records. Physical records are safeguarded by a secure premises. Electronic records are safeguarded by cybersecurity prudence and efficient practices. We ensure that all of the hardware is password-protected. Important communications to third-parties or other entities containing sensitive client information shall be encrypted through the use of secure-software communications and password-protected PDFs, where applicable. We use public and private clouds to store and secure client data across all of our devices. Public cloud use is through one or more of Google, Microsoft, Dropbox, and more. Private cloud use is done with the storage of files and records on secure servers using a private cloud network with, typically, more than one hard drive working in tandem through usage of a NAS (Network Attached Storage) and specific configurations.

REQUEST FOR ACCESS TO INFORMATION

Individuals have the right to submit a written request to have their information removed from our records, and to access and verify their information. Where permitted by law, we will respond to any request in the timeframe provided for under PIPEDA. Access may not be granted in certain circumstances, including the following:
 

  1. Information protected by solicitor-client privilege;

  2. Information that could be reasonably expected to reveal confidential commercial information;

  3. Information disclosed to law enforcement;

  4. Information produced in a formal dispute; and

  5. All other exceptions under PIPEDA.
     

Information that clients have with us may be corrected and amended upon written request. Notice must be provided with the updated information so that our records can be duly updated to reflect the changes. Individuals may challenge any information that is incorrect or incomplete by giving us notice.

CONTACT

Should you have any questions or concerns regarding this privacy policy, do not hesitate to contact us using the below contact information. We shall respond to inquiries as soon as practicable.


B&B Law

200-238 Elm Street
Sudbury, ON
P3C 1V3

info@bandb-law.com

bottom of page