We take your privacy seriously. Here's how we handle your information.
We're a law firm, so yeah, confidentiality is kinda our thing. We collect only what we need to serve you properly, keep it locked down tight, and won't sell your info to anyone. You've got rights under Canadian privacy laws, and we respect them fully.
Look, we get it - nobody really enjoys reading privacy policies. But since we're lawyers who specialize in data privacy and cybersecurity law, we figured we'd better practice what we preach and make ours actually readable.
QuantaVector Legal Solutions operates under the principles of PIPEDA (Personal Information Protection and Electronic Documents Act) and various provincial privacy legislation across Canada. When you work with us or visit our website, certain information gets collected and processed. This policy explains what happens with that data.
We've been doing corporate law and tech transactions since 2018, and we've seen enough data breaches and privacy nightmares to know how important this stuff really is. So trust us when we say we take your privacy seriously - it's not just legal jargon, it's how we run our practice.
When you reach out to us or become a client, we'll collect basics like your name, company name, email address, phone number, and business address. If we're handling transactions or corporate matters for you, we'll also need financial info, incorporation documents, and whatever else is relevant to your legal matter.
For potential clients filling out our contact form, we only grab what's necessary - name, email, phone, and a brief description of what you need help with. That's it.
Our website collects standard technical stuff - IP addresses, browser type, device info, operating system, pages you visit, how long you stick around, and where you came from. We use this to improve the site and understand how people interact with our content.
We don't get creepy with it though. This data helps us figure out if our resources are actually useful and whether the site works properly on different devices.
If you become a client, we'll collect and maintain detailed records related to your legal matters. This includes contracts, correspondence, transaction documents, compliance records, intellectual property filings, and anything else pertinent to the services we're providing.
This falls under solicitor-client privilege and confidentiality obligations, which are even more protective than standard privacy laws. We're legally and ethically bound to keep this stuff confidential.
We're not in the business of selling data or bombarding you with marketing emails. Here's what we actually do with your information:
We process your personal information based on consent, contractual necessity, legal obligations, and legitimate interests. For clients, our engagement agreement covers most of the consent aspects. For website visitors, continued use of the site constitutes consent to our data practices.
We don't sell, rent, or trade your personal information. Period. But there are some situations where we might need to share it:
We work with third-party service providers who help us run our practice - cloud storage providers, billing software, document management systems, IT support, etc. These providers only get access to the data they need to do their job, and they're contractually bound to keep it confidential.
If we're legally compelled to disclose information - court orders, subpoenas, regulatory investigations - we'll comply. But we'll also notify you unless we're prohibited from doing so, and we'll challenge overly broad requests when appropriate.
If QuantaVector is involved in a merger, acquisition, or sale of assets, client information might be transferred. You'd be notified beforehand, and the acquiring party would be bound by the same confidentiality obligations we have.
Sometimes we might need to share information with other parties to provide the legal services you've requested - opposing counsel, government agencies for filings, expert witnesses, etc. We'll get your explicit consent before sharing anything in these situations.
Given that we advise clients on cybersecurity law, we'd look pretty foolish if we didn't secure our own systems properly. Here's what we do:
All data transmission is encrypted using TLS. Client files are encrypted at rest. Our email system uses end-to-end encryption for sensitive communications.
Multi-factor authentication is mandatory. Role-based access ensures people only see what they need to. Regular access reviews keep things tight.
We use Canadian-based cloud providers with SOC 2 Type II certification. Regular security audits and penetration testing keep our defenses strong.
Everyone on our team goes through regular security awareness training. We're all aware of phishing attempts, social engineering, and proper data handling.
That said, no system is 100% secure. If we ever experience a data breach that affects your information, we'll notify you and the relevant authorities as required by law, and we'll be transparent about what happened and what we're doing about it.
Under PIPEDA and provincial privacy laws, you've got several rights regarding your personal information. We make it easy to exercise these rights - just reach out to us.
You can request a copy of the personal information we hold about you. We'll provide it within 30 days, though we might charge a reasonable fee if the request is particularly extensive.
If any of your information is inaccurate or incomplete, you can ask us to correct it. We'll update our records and notify any third parties we've shared the info with, if applicable.
You can request that we delete your personal information, subject to legal and regulatory requirements. As lawyers, we're required to maintain certain records for specific periods, so we can't always delete everything immediately.
If we're processing your data based on consent, you can withdraw that consent anytime. This won't affect the lawfulness of processing that happened before you withdrew consent.
If you think we've mishandled your personal information, you can file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner. We'd prefer you talk to us first though - we're pretty good at resolving issues directly.
We don't keep your data forever, but as lawyers, we're bound by professional and legal requirements that dictate how long we maintain certain records.
We're required to maintain client files for at least 10 years after the matter closes, per Law Society rules. Some documents might need to be kept longer depending on the type of legal work (like corporate records or IP filings).
Billing records, trust account records, and tax-related documents are kept for 7 years minimum to comply with CRA requirements and legal obligations.
Analytics and usage data is typically retained for 2 years. Contact form submissions from non-clients are kept for 3 years unless you ask us to delete them sooner.
Once the retention period expires and there's no legal reason to keep the data, we securely delete or anonymize it. Our document destruction procedures ensure that sensitive information can't be recovered.
If you've got questions about this privacy policy, want to exercise your privacy rights, or need to report a privacy concern, get in touch with us:
QuantaVector Legal Solutions
(416) 788-5200
2500 - 120 Adelaide Street West
Toronto, ON M5H 1T1, Canada
We'll respond to privacy requests within 30 days. If your request is complex or we receive multiple requests, we might need a bit more time, but we'll let you know.
We might update this privacy policy from time to time - usually when there are changes to privacy laws, our practices, or the services we offer. When we make significant changes, we'll notify you by email (if you're a client) or by posting a notice on our website.
The "Last Updated" date at the top shows when the current version took effect. We keep previous versions archived if you want to see what changed.