This Privacy Policy sets out how we will use and protect any data (including Personal Information) collected by us when you visit our website, together with other Personal Information you may provide to us or which we acquire through our day to day business. We also have specific policies about:
Together, these three policies make up the Hansra Law Privacy Policies.
Whilst we aim, as a business, to give information about our privacy commitments directly to all the people whose data we hold, we do acquire some Personal Information in an indirect or incidental way (for example, we acquire Personal Information about our staff’s family members when we ask our staff to provide emergency contact numbers). Therefore, one of the purposes of this Privacy Policy (together with our other two privacy policies referred to above) is to provide privacy information to every person whose data we hold, including those with whom we do not have a direct relationship.
We will ensure that your Personal Information is handled in accordance with the law. The relevant law here is: (i) the Personal Information Protection and Electronic Documents Act (PIPEDA), and (ii) all similar or related legislation relating to the processing of Personal Information and/or privacy applicable to Hansra Law from time to time, as in force at the date of this Agreement, or as re-enacted, applied, amended, superseded, repealed or consolidated (together the “Data Protection Legislation”).
1.1 We may hold Personal Information because:
1.1.1 you supply it to us, for example, when you or your organization seek legal advice from us; or complete a form, make an enquiry, request to join our Alumni network, or otherwise interact on our website or other online platforms; or when you attend our seminars or other events or sign up to receive information from us, including training; or when you correspond with us by phone, email or other electronic means, or in writing, or when you enter into conversations with our lawyers, consultants and staff; or when you or your organization offer to provide, or provides services to us;
1.1.2 we learned it from someone else, either in the context of providing legal services to our clients, or in the context of our business more generally;
1.1.3 of the use of cookies (please see our Cookies Policy for further information) and tracking software which enables us to identify when legal updates, event invitations and other similar email communications (including embedded links within them) are opened; or
1.1.4 it is publicly available.
1.2 We may collect (and use for the purposes set out in this Privacy Policy) the following information about you:
1.2.1 Identity and contact information
1.2.2 Financial and payment information
1.2.3 Information about those related or otherwise connected to our staff
1.2.4 Information about clients and those who work with or are connected with clients or the matters that we are asked to advise on.
1.2.5 Information about individuals who are our suppliers or other business contacts (and individuals who are employed by our suppliers and business contacts)
1.2.6 Profile and usage information
1.2.7 Physical access information and dietary requirements information
1.2.8 Other special category data
1.3 We use your Personal Information:
1.3.1 to provide our services;
1.3.2 to run our business affairs, including internal record keeping;
1.3.3 to carry out verification checks, for example in relation to anti-money laundering and know your client procedures;
1.3.4 to comply with our legal obligations, including reporting obligations;
1.3.5 to manage access to our premises and for security purposes;
1.3.6 to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
1.3.7 send business or marketing communications (such as legal updates) which we think may be of interest (we will provide a simple mechanism for you to unsubscribe from such communications if you so wish);
1.3.8 to organize and hold marketing events in connection with the promotion of our business;
1.3.9 to carry out our Corporate Social Responsibility Programme.
1.4 The legal basis on which we hold your Personal Information is primarily for the purpose of pursuing our legitimate interests as a business which provides legal advice and services. In some instances we may rely on your express consent to use your Personal Information, but we will let you know (and give you the chance to withdraw consent) if we do. In some instances we may use your Personal Information in order to enable us to perform a contract which we have in place with you.
We will only keep your Personal Information for as long as we reasonably require and, in any event, only for as long as PIPEDA, the Law Society of Ontario’s Rules of Professional Conduct, and our own internal rules and policies allow.
3.1 Where it is necessary for the performance of our contract with you (or the organisation you represent) or for our internal business processes, we may share your Personal Information with certain third parties who reasonably need it in order to perform a function for you or the business which you represent, or provide a service to us – such as other advisers on a matter, other parties to transactions or disputes, or, in the case of suppliers to Hansra Law, providers of IT and HR related products and services. By submitting your Personal Information to us, you acknowledge that such third parties may receive and process your Personal Information. We will never sell your Personal Information to third parties.
3.2 In addition, it may be necessary to disclose your Personal Information if we are under a duty to disclose your Personal Information in order to comply with any legal obligation (such as anti-money laundering obligations), to carry out an internal investigation, enforce any agreement we have with you or with a related party, or protect the rights, property, or safety of Hansra Law and/or our clients, partners, employees or other personnel. This includes exchanging information with other companies and organisations for the purposes of fraud and crime prevention and protection.
3.3 In processing your Personal Information, it will sometimes be necessary for us to transfer your Personal Information outside of Canada to our staff or third parties such as overseas advisors or service providers. It may also be accessed by staff operating outside of Canada who work for us or for one of our suppliers. This includes people engaged in, among other things, the provision of support services to us. We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Policy and Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside of Canada. We may enter into contracts with entities based outside of Canada, where this is required by Data Protection Legislation.
3.4 This website includes links to third party websites, such as LinkedIn or Twitter. Please note that when you click on a link to such a website, you will be leaving our website and accessing their website. As such, the operators of those websites are solely responsible for any personal data which they collect about you, once you have left our website and accessed their website, and such data will be collected in accordance with their own privacy policies.
4.1 You have certain rights in relation to your Personal Information – for example the right to request that we erase your Personal Information (or part thereof) at any time, which we will comply with unless we have a lawful reason to keep your information (for example, to comply with our legal obligations).
4.2 You also have the right, subject to certain exemptions, to:
4.2.1 see the Personal Information we hold about you, and withdraw any consent you may have given to us to hold and use that Personal Information;
4.2.2 ask us to make any changes to ensure that any Personal Information we hold about you is accurate and up to date; and
4.2.3 in some cases ask us to transfer any information we hold about you to a specified third party.
If you wish to exercise any of these rights, please contact us at the email address set out below.
4.3 Please ensure that any Personal Information you provide us with is accurate and complete and you notify us of any changes to your Personal Information as soon as possible so that we can update our records.
You may request access to any personal information we hold about you. Summary information is available on written request. More detailed requests that require archive retrieval or copying costs may be subject to reasonable reimbursement for our actual costs.
5.1 Hansra Law may amend this Policy at any time. Any changes to this Policy will be posted on our website at www.hansralaw.ca (“Website”). Your continued use of our Website will be deemed acceptance of any amendments or updates to this Privacy Policy. If you do not consent to the amendments or updates, please stop using the Website.
5.2 In the event that any change affects the purpose or the way we collect, use, or disclose your personal information, we will obtain any additional consent required from you under applicable privacy laws.
Should you wish to exercise any of the rights set out above, or if you have any questions or concerns about the way in which we have handled your Personal Information, please contact Sukhi Hansra, who is the person responsible at Hansra Law for managing how we look after Personal Information. Alternatively you have the right to make a complaint to the Privacy Commissioner of Canada, the supervisory body in Canada, at 112 Kent Street, Ottawa, ON K1A 13H.
