WRD LLP

Using the law and creative thinking to foster flourishing and sustainable enterprises

Privacy Policy

Who We Are

WRD LLP is an Ontario law firm. We provide legal advice and legal service. To perform that function, we must protect the privacy or our clients and of everyone with whom we interact. We are committed to using personal information responsibly and only to the limited extent needed to better serve our clients.

Application of Privacy Policy

This Privacy Policy regulates how we internally use, protect and disclose to third parties during commercial activities. It applies to any personal information within our possession, whether we get it via email, via electronic form submission, through our website or any other means.

This Privacy Policy applies to our partners, officers, employees, contractors (including lawyers practising in association with us) and authorized representatives (“Staff”). It is at all times subject to the requirements of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”). Additionally, how we use or disclose your personal information may also be subject to the requirements of Canada’s anti-spam legislation, formally known as,

An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23.

We will refer to the above statute as “CASL”. Finally, all information we collect is subject to the requirements of solicitor-client confidentiality and privilege found in the Rules of Professional Conduct from the Law Society of Ontario. Its use is also subject to the conflict of interest requirements in the Rules of Professional Conduct.

Governing Law

This Privacy Policy is governed by the laws of Ontario and the laws of Canada as applicable herein. It is not a contract and will be treated as a non-contractual set of policies and practices binding on WRD LLP Staff under Principle 4.1.4 of Schedule 1 found in PIPEDA.

Accountability for Your Privacy

At WRD LLP, our Privacy Information Officer is our Chief Relationship Officer. The Privacy Information Officer is responsible for ensuring that Staff complies with this Privacy Policy. The Privacy Information Officer can be contacted at:

WRD LLP
16th Floor, 401 Bay Street
Toronto, Ontario, M5H 2Y4

Attention: Robert Wakulat, Chief Relationship Officer, robert@wrdlaw.ca

Our Privacy Information Officer is a member of WRD LLP’s Executive Committee and a partner. He works closely with our Chief People Officer and Chief Technology Officer to ensure that privacy policy is properly implemented and enforced.

Responsibilities of our Privacy Information Officer

The Privacy Information Officer is responsible for,

  1. implementing procedures contained in this Privacy Policy to protect personal information;
  2. training our Staff to comply with this Privacy Policy and PIPEDA and communicating to Staff information about changes and updates to our Organization’s policies and practices relating to Personal Information;
  3. enforcing this Privacy Policy and correcting any potential or actual instances of breach; and
  4. reviewing and responding to any communication or notice relating to this Privacy Policy or PIPEDA.

The initial response to a privacy-related inquiry must be in writing and must include the name and contact details of the Privacy Team member providing the response.

Our Purpose

WRD LLP is a corporate law firm. We collect, use, and disclose personal information for the following purpose: 

Our mission is to use the law and creative thinking to foster flourishing and sustainable enterprises.  Pursuant to that mission, we provide legal services (including advice, negotiation and drafting) in exchange for fees. Those services fall within the practice areas set out on our website at wrdlaw.ca.  When providing services and collecting our fees, we collect and use personal information, and we disclose that information, as required by law or pursuant to our client’s instructions.  

(“Purpose”)

If we change the purpose set out above we give notice of the change on our website and we will post an updated Privacy Policy.  

Personal Information We Collect and Use  

To fulfill our purpose, we collect the following kinds of personal information: 

  1. Our client’s name, address, cell phone number, email and other information necessary to identify our clients pursuant to the By-Laws of the Law Society of Ontario;   
  2. A copy of driver’s license, passport, health card or other government identification that we need to identify or verify an individual’s identity;
  3. Corporate records, minute books, shareholder agreements, share certificates and other particulars setting out shares and interests in business entities owned by shareholders; and
  4. Financial information about individuals, including salaries and dividends, as those form part of contracts, financial records and other information maintained by our corporate clients. 
  5. Personal information about job duties, business plans, strategies, legal relationships, personal relationships and other data as set out in emails, contracts, corporate documents and instruments relating to ongoing mandates for our clients.  

We collect and store all information electronically on password protected cloud servers that require permissions for access.   Any paper documents are scanned and uploaded to our secure servers.  Once scanned, WRD LLP sends the paper documents back to their owner in the ordinary course of its business.  

Cookies

Our website is a static site.  It does not use cookies. If that changes, we will update our privacy policy accordingly. 

Links to Other Websites

From time to time, we may introduce on our website links to other sites run by third parties.  We would encourage you to review the privacy policies on those sites before providing your personal information. They may be less stringent than ours. Please note that we do not accept responsibility for privacy practices, policies or actions for those third parties. 

Obtaining Consent

Implied Informed Consent

When collecting, using and disclosing personal information about you, we rely on your implied consent when you give us personal information about an individual. All of that information is subject to solicitor client privilege and confidentiality.  However, we only rely on implied consent when collecting, using and disclosing the personal information in accordance with our Purpose.

Please note that there are instances where we receive personal information from a client that does not relate to or belong to that client.  For example, where a corporate client provides us with contact information and salary information for a new employee so that we can draft a new employment contract, or involve that employee in a share ownership plan. In those circumstances, we will operate as a third party for processing under Principle 4.1.3 of Schedule 1 of PIPEDA.

Express Informed Consent

When PIPEDA allows us to proceed without consent, or we imply your consent (as discussed above), we do not seek express consent. In all other cases, our Staff will contact you (either by telephone, email or in person), identify a new purpose for which we need your information and seek your express consent.  We do not collect personal information from children (anyone under 18) over the telephone or in person without a parent’s express oral consent. 

If we are collecting the information online, we will request that you supply personal information via online forms. We do not knowingly collect information from children (anyone less than 18 years old).  However, when collecting personal information electronically (by online form or email) we do not verify the age of the person from whom we are collecting. In the absence of any indication to the contrary, we will assume anyone supplying us with information online is over 18 years of age. Parents are strongly encouraged to discuss responsible internet use and personal information disclosure with their children.  

Withdraw Consent

You can withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by sending an email to our Privacy Information Officer at the contact information above.  In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide legal advice or services. We will inform you of any implications connected to withdrawing your consent. 

If you have asked us to put you on an email mailing list to provide you with certain information on a regular basis, and such emails constitute CEMs under CASL, you may ask us to remove you from the list at any time (using the unsubscribe instructions provided with each email and on the site where you signed up).

Limiting Collection, Use, Disclosure and Retention

We use our best efforts to limit the personal information we collect, use and disclose solely those details we need to fulfill our Purpose. We have designed our standard forms only to collect the information that we foresee we will need.  We do not collect, use and disclose personal information using deceptive, fraudulent or unlawful means, and we do not conduct video surveillance. 

Need-to-Know Disclosure

When using and disclosing information to third parties like printers, consultants, professionals and suppliers, we only disclose on a need-to-know basis.  Also we only disclose with the appropriate contractual safeguards as contemplated in Principle 4.1.3 of Schedule 1 of PIPEDA. 

Retaining Records

We keep records of the work performed and services provided by us in accordance with applicable regulatory requirements and professional standards (including those found in the Rules of Professional Conduct). These records may include personal information. Our records are stored with safeguards against inappropriate or unauthorized access. We retain contact information about individuals for the period of time the individual subscribes to any newsletters, blogs and seminars (as applicable) and does not opt-out or continues to respond to such services.

Destruction of Personal Information

We destroy electronic information by deleting it and, when hardware is discarded, we ensure that the hard drive is physically destroyed. For information on paper, our law firm complies with all file storage and destruction criteria established by the Law Society of Ontario

Ensuring Accuracy

In order to fulfill our Purpose to a high quality standard, we ask you to update your personal information and maintain appropriate contact preferences from time to time.  You also have the right to contact us in order to verify that the information we have on file is accurate. 

We do not, as a practice, contact you in order to ensure that the personal information we have in accurate. We may take reasonable steps to do so when using that information in course of providing legal services, provided our Staff is in regular contact with you.  Otherwise, we strongly encourage you to contact us and ensure that the information we have in your file is up-to-date. 

Our Safeguards to Protect You

We respect your privacy and will protect that privacy as vigorously as possible. The methods we use include:

  • Storing personal information in electronic files that are secure and to which access is restricted. Where we have personal information in paper form, we store those in paper files in a locked filing cabinet.  
  • Using cloud storage technology that is secured, encrypted and only permits limited access to those we allow; and
  • Password-protected computers (including on laptops, desktops and smart-phones) and the use of technology safeguards, such as encryption and intrusion detection, to prevent hacking or unauthorized computer access.

Unfortunately, no data transmission over the internet or by email can be guaranteed to be 100% secure. As a result, we cannot ensure, warrant or represent that any information transmitted to us electronically will always be protected.

Bring Your Own Device

WRD LLP is a virtual and distributed law firm. We are not tied to a single office and Our Staff can work from any location. This means that WRD LLP operates on a bring-your-own-device basis. To operate within the firm, our Staff are required to download and install certain applications and use cloud-based software on their personal devices.

We expect our Staff to take reasonable steps to ensure that these devices are not lost or stolen.  We also require our Staff to use certain anti-virus and anti-malware protection software that we provide. Our technology infrastructure also allows us to remotely wipe any data from a personal device.  

Data Breach Protocols

Despite our best efforts, there may be a circumstances where WRD LLP experiences a data breach. In those rare instances, we do the following:

  1. Our Privacy Information Officer will work with our technology solution partners to determine the full extent of the breach, including the information that was taken and the individuals affected.  
  2. Based on that information, our Privacy Information Officer (“PIO”), with the assistance of our Chief Executive Officer (“CEO”), will conduct a risk assessment to determine whether the breach carries a risk of “significant harm” has that term is defined under PIPEDA.  
  3. Where the PIO and CEO jointly determine that a risk of significant harm exists, within one (1) day, the PIO will notify the Office of the Federal Privacy Commissioner along with affected individuals. 
  4. The PIO will also determine, in the PIO’s discretion, whether it is appropriate to notify any other organizations or government entities that may be able to assist in reducing or mitigating the harm arising from the breach.  
  5. WRD LLP’s Chief Technology Officer (“CTO”) will remotely wipe the information from any personal computers affected and required the relevant Staff to change their passwords.   The Staff will also be required to re-establish access under the new passwords.   

At WRD LLP, we examine the following questions when determining significant harm: 

  • How sensitive is the personal information at issue?  We consider information sensitive where the disclosure will likely result in humiliation, damage to reputation or relationships, loss of employment opportunities or other business/professional opportunities. 
  • What is the probability that the personal information will be misused?  We consider the probably of misuse to high where the disclosure will place an individual in danger of bodily harm, injury or death.  This includes harm from others, or self-harm (e.g suicide). It could be from a direct threat like a stalker or an indirect threat like cyber-bullying or being subject of an online cyber-mob on social media.  

Regular Review of Safeguards

We recognize that technology and security measures evolve at a remarkable pace.  So at WRD LLP we annually review our personal information safeguards with our technology consultants and in-house experts. We want to ensure that our safeguards exceed best-practices used in the legal profession. 

Open Privacy Practices

It is our practice to post the most up-to-date version of this Privacy Policy on our website at www.wrdlaw.ca.

Your Ability to Access Your Information

If you are a WRD LLP client, you may review any personal information we have on you in our files by contacting your Relationship Lawyer.  If you are not a client/customer, you can make a written request to our Privacy Information Officer. 

Please include sufficient details in your request about the type of information that you would like to see about yourself.  Please sign your request and send it by email and we will contact you within 30 days of receipt.  Please note that we only respond if you are making a request relating to your own personal information.  We will not grant access to personal information about someone else. 

We will be pleased to provide you with access to your personal information as long as it does not fall within an express PIPEDA exception.  Examples of such exceptions include information protected by solicitor-client privilege; information generated in the course of a formal dispute resolution process; information produced in the course of employment or business; or information disclosed to the police or other lawful authorities where we are required to withhold disclosure. 

Costs and Fees

Please note that summary information is available on request, subject to the terms above, but more detailed requests requiring archive or other retrieval costs may be subject to our normal professional and disbursement fees. 

Questions or Concerns

Should you have any questions or concerns about this Privacy Policy or how we handle your information-access request, please direct them to our Privacy Information Officer.  He or she will be pleased to respond and if necessary investigate the matter. 

We reserve the right to change our Privacy Policy at any time by posting a new version on our web site.  In the event of a conflict between this version and another, the version that is later in time prevails. 

Version of July 24, 2020 as of 2:09:23 PM (EST)

Contact Us

Contact us and find how our services can benefit your company.

Contact Us