Last Updated: January 28, 2019
“Personal Information” means any information provided to or collected by Smutylo Sigler, in any form, about an identifiable individual, or an individual whose identity may be inferred or determined from the information. This Policy does not cover any information or aggregate information, in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred.
“Processing” means any work we do with Personal Information, including how we change Personal Information into non-personally identifiable information or aggregate information, whether by automated means or not. This includes, but is not limited to, collecting, retaining, using, disclosing, storing, and destroying the information.
Smutylo Sigler does not knowingly or intentionally use, collect, or disclose Personal Information of children or minors.
Subject to our legal obligations, you have the right to request:
- to clarify what Personal Information we have;
- to update inaccurate information;
- to access your Personal Information;
- to have us send your Personal Information to someone else; and
- to restrict what we do with your Personal Information.
You have the right to withdraw your consent of the processing of your Personal Information at any time.
If you are a ‘data subject’ under the European Unions’ General Data Protection Regulation (“GDPR”), you may request information on what data we collect, how the data is used, and whether we are processing your personal data. You may also request information on the purpose of processing, categories of data, who else may have access to your data received by us, the source of information, and how long the information will be stored. Data subjects have the right to correct data we have on you, and request (subject to our legal obligations) us to erase or stop processing data. Where feasible and upon your request, we can provide your personal data in a reasonably accessible format to you or another controller.
PERSONAL INFORMATION WE COLLECT
Smutylo Sigler collects information to determine whether we will enter into a solicitor-client relationship. Once retained, we will hold your information in strict confidence and generally not disclose your information to anyone. However, through the course of the solicitor-client relationship, Smutylo Sigler may need to collect, use, and disclose certain types of Personal Information but will only do so as expressly or implicitly directed or authorized by you unless required or permitted by applicable law.
To serve you better and comply with our obligations under Law Society of Ontario’s Rules of Professional Conduct, when we open a file we collect the information including:
- your full name;
- your contact information, including telephone number and email;
- your employment title, social media and other identifiers;
- your organization and subordinates;
- your payment information;
- any other Personal Information that you voluntarily choose to provide to us.
Please note that some Services may only be offered to you if you provide Personal Information to Smutylo Sigler, and therefore Smutylo Sigler may not be able to offer you certain Services if you choose not to provide us with the required Personal Information.
USING OUR WEBSITE (COOKIES & IP ADDRESS)
When you access our website, we use “cookies” which can help us apply your individual preferences if you have accessed our website before. A cookie is a small text file that a website can send to your browser, which may then store the cookie on your hard drive (log files). Cookies in and of themselves cannot be used to reveal your identity. Many browsers allow you to disable cookie collection if you wish, or inform you when a cookie is being stored on your hard drive.
We only collect aggregated, anonymous statistics including domain names, IP addresses and page views. You may opt out of being tracked by Google Analytics by disabling or refusing the cookies.
HOW WE USE OR SHARE PERSONAL INFORMATION
Smutylo Sigler processes Personal Information for the purposes outlined in this Policy. A few examples of the usages and disclosures of Personal Information include but are not limited to:
- Establishing your identity and compliance with regulations and our legal obligations;
- Invoicing and billing;
- Providing our Services;
- Collecting analytics;
- Maintaining our internal record-keeping;
- Answering your questions and/or providing you with information you have requested;
- Doing market research;
- Keeping your information and preferences up to date;
- Permitting Smutylo Sigler to pursue available remedies or limit any damages that Smutylo Sigler may sustain;
- Any purpose which is required or permitted by applicable law; and
- Carrying out any other purpose which is disclosed to you and to which you consent.
Smutylo Sigler may share Personal Information among its employees and members through the normal course of business for the purposes set out in this Policy or as required by law.
Smutylo Sigler allows certain authorized third party providers to process certain information, including tracking website use or for billing purposes. Smutylo Sigler may also outsource certain administrative functions. To the extent that we can, we engage only third parties and information processors that follow and implement the same or more stringent data protection measures. You acknowledge that you will be subject to the terms and conditions, and privacy policies of our third party providers. Our third party providers include:
- Google Analytics (https://policies.google.com/privacy)
- Docusign (https://www.docusign.com/company/privacy-policy)
- Speedyrails (https://www.speedyrails.com/privacy-policy/)
- WordPress (https://automattic.com/privacy/)
- WP Expert (https://wpexpert.ca/privacy-policy/)
- Gmail (https://policies.google.com/privacy)
- Skype (https://privacy.microsoft.com/en-us/privacystatement)
- Dropbox (https://www.dropbox.com/privacy)
- Cosmolex (https://canada.cosmolex.com/privacy-policy)
We keep payment information on our systems and servers as required by law.
Regarding marketing purposes, Smutylo Sigler will only use your Personal Information with your consent. We will never share your name, email address, or put you on an email list without asking you first.
Smutylo Sigler believes in doing our part to protect the environment and future. To the extent that we can, Smutylo Sigler maintains a paperless and sustainable practice. As such, Smutylo Sigler engages cloud services to store documents and send correspondence.
Smutylo Sigler uses Gmail, Skype, and Dropbox services for communication and documents, as applicable for communication, file management, and storage. Personal Information we store on these mediums are encrypted and password-protected. Some or all of the Personal Information stored on these mediums may be located on servers outside of Canada.
From time to time, we may employ other cloud Services. We believe these services to be sufficiently secure given the nature of the information we routinely store and communicate. Aside from encrypting documents stored in Dropbox, we do not employ any additional safeguards. However, to the extent that we can limit unauthorized dissemination of your Personal Information through the use of Gmail, Skype, and Dropbox, we endeavour to limit any risks or breaches of your privacy.
We do not guarantee that any data or Personal Information transmitted or stored will not be intercepted or otherwise accessed.
Our offices are physically secured by lock, alarm, and security cameras. Only authorized personnel and employees may enter and have access to your Personal Information if we have retained physical copies. All Personal Information is otherwise password-protected and secured on third party platforms (see Cloud Services). If you wish additional security measures be implemented in communicating with you and/or storing your data, please advise us in writing prior to sending us any Personal Information.
Where we reasonably believe that Personal Information in our control has been breached and there is significant risk to you, we will provide:
- a report to the Office of the Privacy Commissioner of Canada;
- a notice to the affected individuals as soon as feasible; and,
- a notice to other affected organizations.
Significant risk includes harm, humiliation, damage to your reputation, relationships, and identity theft. We will consider the sensitivity of the information, the probability of misuse, and any other factors required by law.
We will keep a record of every breach in our security for 24 months from the day when we discover the breach. The record will include any information about the breach. We reserve the right to keep copies of Personal Information to fulfill legal obligations.
PERSONAL INFORMATION RETENTION
In most cases, we will keep case-related Personal Information at least up to 6 years or as required by the Law Society of Ontario. Smutylo Sigler may keep other types of information, i.e. aggregate information, until you or the individual to whom it pertains informs us to cease collecting, using, or storing said information.
If you have any questions or complaints, please contact:
441 Maclaren Street, Suite 200B
Ottawa, Ontario K2P 2H3
Subject to certain exceptions prescribed by law, you will be given reasonable access to your Personal Information and will be entitled to challenge the accuracy and completeness of that information and, to the extent that you have proven such inaccuracy or incompleteness, have it amended as appropriate.