Your Privacy Rights
From January 1, 2004, all Ontario organizations engaged in commercial activities must comply with the federal Personal Information Protection and Electronic Documents Act, also known as PIPEDA.
GR is responsible for the personal information we collect, use and disclose. To ensure this accountability, we have developed this policy and educated our lawyers and staff about our policies and practices.
"Personal Information" means information about an identifiable individual but does not include the name, title, business address, or telephone number of any employee of any organization.
Why Does GR Collect Personal Information From You?
We collect personal information from our clients to:
- provide legal services to you, in accordance with your instructions;
- bill you for legal services rendered;
- provide information to you about developments in the law; and
- advise you of upcoming firm events, or market our legal services to you, help us make credit decisions about clients, prevent fraud, check the identity of new clients and prevent money-laundering.
How Do We Collect Your Personal Information?
We collect information only by lawful and fair means and not indiscriminately. We may collect personal information directly from you at the start of a retainer, or in the course of our representation.
Sometimes we may obtain information about you from other sources such as
- your insurance company;
- your real estate agent, mortgage brokers or lenders in a property transaction;
- credit bureaus or consumer reporting agencies;
- a government agency or registry;
- your employer, if we are acting for you at your employer’s request;
- your accountant;
- other consultants retained by you to assist with your legal concerns;
- other parties involved in the same matter in which we are assisting you.
Consent for the collection, use and/or disclosure of personal information may be obtained orally or in writing and may be expressly given or implied. We may also from time to time when we are providing services to you ask us to give your written consent to the use and disclosure of specific personal information. In determining how we obtain your consent, we will take into account the sensitivity of your personal information that we are collecting, using and/or disclosing.
If You Don’t Consent
The choice to provide GR with personal information is always up to you. Upon request, we will explain your options of refusing or withdrawing consent to the collection, use and disclosure of your personal information and will record and respect your written choices. However, your decision to withhold particular details may limit GR’s ability to provide our services to you. This measure is necessary to protect the integrity of the services offered by GR. Furthermore, any refusing or withdrawing of consent is always subject to any overriding legal requirements or commitments.
Disclosure Of Your Personal Information
Under certain circumstances GR may disclose your personal information:
- when we are required or authorized by law to do so;
- when the legal services we are providing require us to give your information to third parties (for example, to a lender or the other party in a real estate or mortgage transaction) your consent will be implied unless you tell us otherwise;
- where it is necessary to establish or collect fees;
- if we engage expert witnesses on your behalf;
- if we retain other law firms in other jurisdictions on your behalf;
- if we are involved in negotiations for the merger or transfer of our practice;
- if the information is already publicly known.
Updating Your Information
Since we use your personal information to provide legal services to you, it is important that the information be accurate and up-to-date. If, during the course of the retainer, any of the information changes, or if you should become aware that the personal information which we have is incorrect, please inform us so that we can make the necessary changes.
Is My Personal Information Secure?
GR takes all reasonable precautions to ensure that your personal information is kept safe from loss, unauthorized access, modification or disclosure. Among the steps taken to protect your information are:
- premises security;
- restricted access to personal information;
- deploying technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access;
- internal password and security policies;
- obligation of each lawyer to maintain client confidentiality under the Rules of Professional Conduct of the Law Society of Ontario;
- where necessary or appropriate, by requiring third parties to sign a confidentiality agreement.
As GR is responsible for any personal information under its control, including personal information that GR may transfer to a third party for processing, we will use contractual or other means to provide a comparable level of privacy protection when personal information is being processed by a third party on GR's behalf.
Access to Your Personal Information
You may request access to any personal information we hold about you. Summary information is available on written request. More detailed requests that require archive retrieval or copying costs may be subject to reasonable reimbursement for our actual costs.
Can I Be Denied Access To My Personal Information?
Your rights to access your personal information are not absolute. We may deny access when:
- denial of access is required or authorized by law (for example, when a record containing personal information about you is subject to a claim of legal professional privilege by one of our clients);
- information relates to existing or anticipated legal proceedings against you;
- granting you access would have an unreasonable impact on other people’s privacy;
- to do so would prejudice negotiations with you;
- to protect our firm’s rights and property;
- the request is frivolous or vexatious.
If we deny your request for access, or refuse a request to correct information, we will explain why.
GR does not use your Social Insurance Number as a way of identifying or organizing the information we hold about you, but we may need it for income tax reporting purposes if we hold or invest funds for you in our trust accounts.
How Long Do You Keep My Personal Information?
We retain your personal information for as long as is reasonably necessary for us to complete our dealings with you, or as may be required by law or for purpose of compliance with our professional obligations.
Although PIPEDA does not apply to our employee information, we have elected to follow privacy “best practices” in this area. If you apply to GR for a job we need to consider your personal information as part of our review process. We normally retain information from candidates after a decision has been made, unless you ask us not to retain your information. If you accept a job with us, the information will be retained in accordance with our privacy procedures for personnel records. We may also disclose this information to our payroll and employee benefits providers.
Communicating With Us
Email is not a 100% secure medium and you should be aware of this when contacting us to send personal or confidential information.
If you have any questions or wish to review your personal information, please write to our privacy officer at:
Bay Adelaide Centre – East Tower
22 Adelaide Street West, Suite 3600
Toronto, ON M5H 4E3
If you are not satisfied with our response you may contact the Privacy Commissioner of Canada at:
112 Kent Street
Ottawa, ON K1A 1H3