How we handle your information and protect your rights
Look, we get it - nobody really enjoys reading privacy policies. But since we're lawyers who specialize in tech compliance, we figured we'd better practice what we preach. We've tried to keep this straightforward and honest about what happens with your info when you work with us or visit our site.
We're gonna be upfront here - when you reach out to us or become a client, we need certain information to actually help you. Here's what we typically collect:
The basics: your name, email, phone number, business address. Pretty standard stuff you'd expect any law firm to ask for. If you're incorporating a business or we're handling employment matters, we'll need more detailed info like your date of birth or social insurance number - but only when it's legally necessary.
For corporate clients, we collect company details - legal entity info, director names, shareholder data, that kind of thing. If you're hiring us for M&A work, there's gonna be financial documents and due diligence materials involved. It's part of the territory.
When you visit our website, we pick up the usual web stuff - IP addresses, browser type, which pages you looked at, how long you stuck around. Nothing creepy, just what helps us make sure the site's working properly and figure out what content people actually care about.
Emails, phone call notes, meeting summaries - we keep records of our conversations. It's not just good practice, it's required under our professional obligations. Plus, it helps us remember what we discussed six months down the line.
We're not in the business of selling your data or using it for anything sketchy. Here's what we actually do with the information you share:
Yeah, we use cookies - and no, not the chocolate chip kind (though our office does keep those stocked too). Here's the breakdown:
These are necessary for the website to function. Things like remembering you're logged into our client portal or keeping items in your download cart. Can't really turn these off without breaking the site.
We use Google Analytics to see how people use the site. Which pages get visited most, where folks tend to drop off, that sort of thing. Helps us make the site less annoying to navigate. These are aggregated and anonymized - we're not tracking you personally.
Remember your language preference or text size settings? That's these guys. Makes your experience more consistent when you come back.
You can manage cookie preferences through your browser settings. Just know that blocking certain cookies might make parts of the site less functional. Your call though.
We don't operate in a vacuum - there are some third-party services we rely on to run our practice efficiently. Here's who we work with and why:
We use secure, Canadian-hosted cloud services for document storage. All data is encrypted and these providers are contractually bound to maintain confidentiality.
Our email system and video conferencing tools are enterprise-grade with end-to-end encryption. We've vetted them for compliance with Canadian privacy laws.
For credit card payments, we use PCI-DSS compliant processors. We don't actually store your payment card details on our systems.
Tools like CanLII and commercial research databases. These help us stay current on case law and regulations. They don't get access to your personal info.
All our third-party vendors sign data processing agreements and are required to meet the same privacy standards we follow. If they're handling Canadian data, they're subject to PIPEDA too.
Security isn't just a checkbox for us - it's kinda our whole thing given that we advise tech companies on compliance. Here's how we protect your information:
Our office has controlled access - you can't just wander in off the street. Files are stored in locked cabinets when not in use, and our IT infrastructure is in a secure server room. We also have a clean desk policy for when staff leave for the day.
Staff only get access to the information they actually need to do their jobs. Everyone's signed confidentiality agreements (on top of their professional obligations). We run regular training on privacy and security best practices - because the best firewall in the world won't help if someone falls for a phishing email.
Real talk: No security system is 100% bulletproof. We do everything reasonable to protect your data, but if there's ever a breach that affects you, we'll let you know ASAP and tell you what happened and what we're doing about it. That's required under PIPEDA anyway, but we'd do it regardless.
This one's pretty important to us. Beyond privacy laws, we've got solicitor-client privilege to think about. That's a legal protection that goes way beyond what PIPEDA requires.
Everything you tell us in our capacity as your lawyers is confidential. We can't disclose it without your permission, with very few exceptions (like if there's an imminent risk of serious harm, or we're legally compelled by a court order). This protection is fundamental to the lawyer-client relationship.
Even after we're done working together, the duty of confidentiality continues indefinitely. We're required to keep your files for a minimum period (usually seven years for most matters), and they remain protected the whole time.
As a Canadian law firm dealing with commercial activities, we're covered by the Personal Information Protection and Electronic Documents Act (PIPEDA). Since we advise clients on this stuff, we'd better be following it ourselves, right?
PIPEDA's built around these principles, and here's how we apply them:
| Principle | How We Comply |
|---|---|
| Accountability | Our Privacy Officer oversees compliance and is available to address concerns |
| Identifying Purposes | We tell you why we're collecting info before or when we collect it |
| Consent | We get your okay before using your info (except where legally required) |
| Limiting Collection | We only ask for what's actually necessary for the legal work |
| Limiting Use & Disclosure | Info is only used for the purposes you agreed to |
| Accuracy | We keep records up to date and correct errors when you let us know |
| Safeguards | Security measures proportionate to the sensitivity of the info |
| Openness | This privacy policy and our willingness to answer questions |
| Individual Access | You can request to see what info we have about you |
| Challenging Compliance | You can file a complaint if you think we've dropped the ball |
If you want to get into the nitty-gritty of PIPEDA, you can check out the Office of the Privacy Commissioner's website. Or just ask us - we're pretty familiar with it at this point.
Under PIPEDA and our professional obligations, you've got several rights when it comes to your personal information. Here's what you can do:
You can ask to see what personal info we have about you. We'll provide it within 30 days (or let you know if we need a bit more time). There might be some exceptions where solicitor-client privilege applies to certain documents.
Found an error in your info? Let us know and we'll fix it. If there's a dispute about accuracy, we'll note your concern in the file.
For things like marketing emails, you can withdraw consent anytime. For info needed to provide legal services, withdrawing consent might mean we can't continue the representation - we'd talk through the implications first.
Want to know how we made a decision that affects you? You can ask for an explanation of the reasoning and what factors were considered.
Just reach out to us using the contact info below. We'll need to verify your identity first (can't just hand over client info to anyone who asks), but the process is straightforward. There's no fee for reasonable requests, though if you're asking for extensive records we might charge a small admin fee to cover copying costs.
Privacy laws evolve, technology changes, and our practices might shift as we grow. So yeah, this policy isn't set in stone forever.
For minor updates (like fixing typos or clarifying existing practices), we'll just update the "Last Updated" date at the top. For material changes that affect how we use your info, we'll notify active clients directly via email and post a notice on our website for at least 30 days.
We keep an archive of previous versions, so if you want to see what changed, just ask. Transparency's kinda important to us.
Pro tip: Bookmark this page and check back occasionally if privacy stuff matters to you. Or just hit us up with questions whenever - we're used to explaining this stuff.
Got questions about this policy? Want to exercise your rights? Think we screwed something up? Here's how to reach us:
Email: privacy@orthogonalix.info
Phone: (416) 555-0187
For privacy-specific inquiries, this is your best bet
Email: contact@orthogonalix.info
Address: 2450 Bay Street, Suite 710
Toronto, ON M5S 3J1
For general inquiries or other matters
We aim to respond to privacy inquiries within 5 business days. For access requests or complex issues, it might take up to 30 days - but we'll acknowledge your request right away and keep you posted on timing.
If you don't think we've adequately addressed your privacy concern, you can file a complaint with the Office of the Privacy Commissioner of Canada. They're the federal authority for PIPEDA complaints. You can reach them at 1-800-282-1376 or through their website at priv.gc.ca.
We're happy to walk you through any part of this policy or discuss how we handle your specific situation. Privacy and data protection are literally what we do for clients, so don't hesitate to ask.