Working with a lawyer can involve giving them a lot of trust, and we take honouring that trust seriously. Tekhnos Law is committed to protecting your privacy and data security—this policy will tell you how we do that.
As a law firm based in Ontario, we are governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and by the Law Society of Ontario’s (LSO) Rules of Professional Conduct. PIPEDA ensures we respect your privacy in how we collect, use, and disclose your personal information in providing services to you. The LSO Rules imposes a strict duty of confidentiality on lawyers to their clients, and provides for solicitor-client privilege.
PRIVACY OFFICER CONTACT INFORMATION
Every organization under PIPEDA must have a designated privacy officer responsible for ensuring compliance. As a solo law practice, Tekhnos Law has one person who is the designated everything. If you have any concerns about your privacy or personal information that you have given Tekhnos Law, need to make a change to your personal information in our possession, or wish to withdraw consent, you may contact her at the following:
WHAT IS “PERSONAL INFORMATION”?
For the purposes of PIPEDA and this policy, personal information is any information that is about you as an identifiable individual. This includes things like your name, ethnicity, marital status, educational level, personal email address, Internet protocol (IP) address, physical details, social insurance number (SIN) or other identification numbers, and financial information.
Personal information does not include business contact information, such as your work title, work address, work email, or work phone number.
Tekhnos Law will only ever collect, use, or disclose your personal information with your consent. There are some important exceptions, which we will explain at the end of this section.
Your consent should be informed. Informed consent means you are aware of why and how Tekhnos Law will collect, use, or disclose your personal information, at the time you give us consent to do so.
Your consent can be implied or expressly given. Where consent is considered implied, we will not seek explicit consent from you, and rely on the assumption that you have consented to the collection, use, and disclosure of your information for particular purposes.
At times, Tekhnos Law may or must obtain express consent from you. In these cases, we will obtain your consent either verbally or in writing, including through electronic communications.
If you retain the services of Tekhnos Law, such as requesting legal advice or legal representation, we will consider you have given implied informed consent to the collection, use, and disclosure of your personal information necessary to carrying out the work that we have agreed to complete for you. This includes collection, use, and disclosure of your information for the purposes listed under the section below, “PURPOSE OF COLLECTION: WHAT DO WE USE YOUR INFORMATION FOR?”
We also rely on your implied consent to disclose the personal information you have given us to third parties if it is a necessary part of the services we are providing you. For example, if we are incorporating a non-profit organization on your behalf, then we rely on your implied consent to disclose the necessary personal information to the relevant government entities.
When you give us your personal information, whether upon request or whether you gave the information without us requesting it from you, we consider that you have given implied informed consent for Tekhnos Law to collect, use, and disclose that information in accordance with the Purposes listed below.
At times, such as if there is particularly sensitive information involved or we would like to use previously collected information for a new purpose, Tekhnos Law will ask you for express consent as to its collection, use, or disclosure, and will give you reasons for the request. We will ask for your consent either verbally (in person, videoconference, or over the phone), or in writing (through mail or electronic communications).
Exceptions to Consent Requirement
Under PIPEDA, Tekhnos Law may collect, use, or disclose your personal information without express or implied consent from you in certain situations, including the following:
- If the notice given in asking for express consent would compromise the availability or accuracy of the information sought;
- If the information is collected as part of investigating a breach of contract or an illegal act in Canadian federal or provincial law;
- Collecting a debt owed;
- To comply with a subpoena, warrant, order, or rules of court; and/or
- If the information is publicly available under certain circumstances, described in the PIPEDA regulations.
Withdrawing Your Consent
You may withdraw your consent at any time, to our collecting, using, or disclosing your personal information. However, please be aware this may be subject to legal or contractual restrictions, and we will require reasonable notice to implement your request. Your withdrawal of consent may also impact our ability to provide you with the services you have requested.
If you would like to withdraw consent from Tekhnos Law for the collection, usage, or disclosure of any of your personal information, please contact us at the information provided at the top of this page.
At this point in time, Tekhnos Law does not engage in marketing communications. Should this change, all such communications sent by email will provide a clear and easy way to opt out of further marketing emails. You may also communicate your wish to opt out through the contact information above.
WHAT INFORMATION DOES TEKHNOS LAW COLLECT?
We will do our best to only collect the minimum information required to provide you with the services you have requested. This includes relevant details of the matter you have asked us to handle, as well as information that the Law Society of Ontario requires us to collect, for identification and verification purposes.
For example, clients who are individuals must provide to us the following information, upon engaging our services:
- Name, home address, home phone number, personal cell phone number, personal email address
- Copy of driver’s license, passport, health card or other government identification
Clients that are organizations must provide to us the following information, upon engaging our services:
- Personal information related to the organization’s shareholders, directors, officers, and employees, including names, office addresses, email addresses, phone numbers, and incorporation information
Where Tekhnos Law collects your personal information on this website is through the contact form. This form collects your name, email address, details of your enquiry, and details regarding your availability, for the purpose of communicating with you regarding potential services that Tekhnos Law may provide to you. If you submit information to us through this form, we will rely on that action as your implied consent to collecting, using, and disclosing to WordPress.com the information shared through that form, for this purpose of exploring a potential retainer, engagement of services, or otherwise connection and collaboration.
HOW DO WE COLLECT AND STORE YOUR INFORMATION?
In nearly all cases, we collect the information directly from you, through electronic communications, verbally, over the phone, in face-to-face meetings, on paper, or through portable devices such as USB keys if appropriate.
We may also collect information about you from other available sources, including (but not limited to):
- Information that is publicly available, including your website, media coverage, public registries, or government databases;
- Other professionals who have served or worked with you; or
- Other parties, witnesses, or participants involved in a matter with you, in the context of litigation or a commercial transaction.
We store collected information in forms or otherwise in documents generated in the course of our work. The documents themselves are stored on an offline, encrypted, and password-protected computer hard drive, in a 2-FA secured Dropbox folder encrypted with Boxcryptor, or in a 2FA-secured and encrypted ProtonMail inbox.
Tekhnos Law is a paperless office and does not keep physical copies of documents. In the event we print physical copies, such as for reading or copyediting, the documents are destroyed and discarded immediately after the task that required the hardcopy is completed.
PURPOSES OF COLLECTION: WHAT DO WE USE YOUR INFORMATION FOR?
Tekhnos Law will only use your personal information for the purposes that we have explained to you upon or before collecting it, such as the purposes set out in this policy. If, afterward, we wish to use the information for a different purpose, we will obtain further consent from you specifically for that purpose. For example, if we collected your personal information in order to provide you with legal services, and later want to use that information for unrelated research, we would ask for your consent again. The only times this would not happen are if the use, collection, or disclosure falls under one of the consent requirement exceptions listed above.
The following is a list of purposes for which Tekhnos Law will collect, use, and/or disclose your personal information. By retaining our services, you consent to our collecting, using, and disclosing the personal information you give us to fulfill one or more of the following purposes, in the course of carrying out our work in providing services to you, or as required or permitted by law.
- Providing you with requested services such as legal advice, legal representation, consultation, and/or legal and policy research;
- Corresponding with you or your authorized representatives regarding your file;
- Corresponding with third parties as necessary in carrying out work on your file, such as regulators or other lawyers;
- Complying with our obligations and responsibilities under the Law Society of Ontario Rules of Professional Conduct and Bylaws; complying with accounting and insurance requirements; and complying with the law where doing so requires collecting, using, or disclosing your information;
- Conducting due diligence related to taking on a new client or opening a new file, such as checking for conflicts of interest;
- Carrying out administration, billing, and accounting activities, such as preparing retainer agreements or letters of engagement, creating and sending invoices, collecting and processing payments, maintaining bookkeeping and time tracking records, maintaining communications records, and taking action to collect on unpaid accounts;
- Engaging other professionals in the course of carrying out work we have agreed to do, to improve our services, or to increase the value and quality of the work done for you—for example, working with outside counsel, expert witnesses, or consultants;
- Efficiently and cost-effectively delivering services to clients, and managing and improving operations—for example, disclosing information to a printing business, a virtual assistant, or an administrative software platform;
- Detecting, investigating, and protecting against error, negligence, breach of contract, fraud, theft and other illegal activity;
- Protecting and enforcing our legal rights; and/or
- Communicating relevant legal and policy updates and current developments that we think you may be interested in, communicating updates regarding Tekhnos Law, or engaging in outreach for potential collaboration towards shared objectives.
Tekhnos Law does not currently engage in email marketing such as sending regular firm updates, sending newsletters, or maintaining a subscription mailing list. This may change in the future. If and when that occurs, Tekhnos Law will post a notice on this website indicating the change, and provide a clear and straightforward option to give or withdraw consent to this new purpose. You may also opt out of any email marketing communications by contacting us at firstname.lastname@example.org or at the contact information provided at the top of the page.
DISCLOSING YOUR INFORMATION: WHEN, HOW, TO WHOM, AND WHY?
From time to time, Tekhnos Law may need to disclose your personal information to a third-party contractor, in order to carry out our work for you. Examples include a printing service, document scanning, storage, or outside professional advice.
If we have to disclose your personal information to a third party for any reason, we will disclose the minimum necessary to complete the relevant task, on a need-to-know basis, through electronic communications, in-person communications, or over the phone or videoconferencing. We will also use best efforts to ensure the third party is also subject to PIPEDA or privacy laws in their own jurisdiction, subject to privacy laws and professional confidentiality obligations, or bound to privacy and data protection compliance through contractual clauses or confidentiality agreements. By retaining our services, you consent to Tekhnos Law disclosing your personal information to third parties in the course of providing services to you.
Tekhnos Law does not and will never sell your personal information or data, knowingly give your data to marketers or advertisers, or trade on giving away personal information to third parties (for example, trading or providing a client mailing list to another law firm or organization).
There are some circumstances under which Tekhnos Law may disclose your personal information without your consent, as listed under “Consent Requirement Exceptions” above. This includes, for example, if we are required by law to disclose the information, and if the information is already on the public record and disclosure is directly related to the reason that the information is on the public record.
Tekhnos Law uses the third-party online services listed below in its day-to-day operations. Where reasonably possible, we have chosen services that demonstrate greater care for and commitment to their users’ privacy, through built-in encryption or other enhanced security features, or are subject to strong privacy laws in their home jurisdictions.
Online Services Used by Client: The third-party online services listed above are what Tekhnos Law will default to in carrying out services for and communicating with you. If you use any other services in communicating or working with us—such as, for example, Google Mail for email or Skype for videoconferencing—then Tekhnos Law will consider you have granted us implied consent to use these services and disclose your information to them for processing.
Online Security Caveat
KEEPING YOUR INFORMATION (RETENTION AND DESTRUCTION POLICY)
Tekhnos Law adheres to the Law Society of Ontario Rules of Professional Conduct and Bylaws regarding retention and destruction of documents and information. We will keep your personal information for as long as necessary to provide all of the services and complete all of the work that you have retained us to do.
Beyond that, we will keep and store your information as required or permitted by law, or in accordance with our obligations under the LSO Rules or Bylaws, for a duration that may extend beyond the end of our working relationship. The reason for this retention is to prevent or be able to investigate potential fraud or future abuse, to defend ourselves in the event of future complaints or legal claims, or for operational purposes such as building precedents and maintaining records of work performed and services provided.
We also retain contact information for future communications purposes, which you will always be able to opt out of.
Once we have determined that it is legally and reasonably safe to destroy files or documents containing your information, or if we are legally required to destroy the files or documents, then Tekhnos Law will do this in two ways:
- Electronically, by deleting all known electronic copies of the information in our possession
- Physically, by shredding and discarding all known hard copies of the information in our possession
HOW WE SAFEGUARD YOUR INFORMATION
Tekhnos Law safeguards your information in the following ways:
Physical Measures: Our office is almost entirely paperless, so there is little in the way of physical access to your information. Where information is available in physical form (such as hard copy documents), however, we keep it in secured areas with restricted access, and such documents are destroyed shortly after use. The electronic devices we use (laptop computer and mobile phone) are password-secured and encrypted, and we take great care in ensuring they are not lost, stolen, misplaced, or left unattended when outside of the office or home.
- All electronic devices used at Tekhnos Law to collect, store, or use personal information are password-protected and encrypted, and software updates (often containing security patches) are installed promptly.
- All online service accounts used in the course of our work are password-protected and use two-factor authentication (2FA).
- Tekhnos Law relies on encrypted file storage and email storage, and can send and receive encrypted emails depending on the client’s or recipient’s email set-up. For example, Tekhnos Law can send and receive PGP-encrypted email using a combination of Mozilla Thunderbird, Fastmail, Enigmail, and GnuPG.
- Tekhnos Law also relies on a virtual private network (VPN), anti-virus software, ad blockers, and anti-tracking browser extensions, for additional security.
Travel Measures: Tekhnos Law recognizes that device security and digital privacy are critically important when it comes to international travel, particularly at border crossings that give short shrift to privacy rights. We implement additional device and digital security practices when travelling, especially to jurisdictions that have lesser privacy protections than in Canada, such as the United States. This includes, for example, logging out of or deleting all mobile apps and browser websites before crossing, leaving devices at home and bringing separate travel devices that have been wiped or contain minimal data, turning on a virtual private network (VPN), and/or deleting browsing and usage histories. For more information on digital and device security at the U.S. border, please see this EFF how-to guide.
ACCESS, MODIFY, OR REMOVE YOUR PERSONAL INFORMATION
Access Your Information
You may at any time request to access the personal information that Tekhnos Law has about you. Upon receiving your request in writing, we will respond within 30 days and tell you about the existence, use, and disclosure of your personal information in our possession as well as give you access to it.
There are some situations, under PIPEDA, where we cannot grant you access to your personal information. This includes, for example:
- information that is protected by solicitor-client privilege;
- information that is produced in the course of formal dispute resolution;
- information about another person that would disclose confidential commercial information; and
- information that has been disclosed to law enforcement authorities, under circumstances that require us to withhold disclosing that information to others.
Modify, Correct, or Update Your Information
If you believe that any personal information we have about you is inaccurate, incomplete, or has changed, you may request at any time that we correct, complete, or update it, using the contact information above. We will not actively seek to update your information, so please notify us promptly once you are aware. Once you inform us, we will do our best to ensure that relevant third parties that have obtained your information from us also correct, update, or complete it in their own records.
Remove Your Information
If you would like us to destroy the personal information that we have about you, please see the section near the beginning of this Policy on withdrawing consent.
OFFICE OF THE PRIVACY COMMISSIONER OF CANADA
If you have a privacy complaint and Tekhnos Law has not addressed or resolved it to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada (OPC), using one of the channels provided here.
DIGITAL PRIVACY RESOURCES
If you are concerned about your digital security and would like to implement stronger privacy and data protection in your own life and on your own devices, the following are excellent resources and guides to begin with:
- Electronic Frontier Foundation: Surveillance Self-Defence: Security Starter Pack
- Tactical Tech: Security-in-a-Box
If you are concerned about your online activities being tracked, the following privacy extensions are highly recommended (however, you may find some other browser functions impaired or disabled in the course of your web usage):