- Identification and verification obligations
- Responsibility and commitments
- Personal information collected and how it is used
- Limited use, communication and retention of personal information
- Security measures
- Complaint procedure
- Updates to the Policy
- Contacting us
Your privacy is very important to De Grandpré Chait LLP and the members of the firm (hereafter “DGC” or “We”).
Our clients’ trust is our top priority.
This privacy statement has been prepared to assert our commitment to protecting the confidentiality of the information we hold about our customers and to inform you of our practices regarding the collection, use and disclosure of the personal information you provide to DGC.
Identification and verification obligations
The “Règlement sur la comptabilité et les normes d’exercice professionnel des avocats , the Barreau du Québec and other bodies that regulate the legal profession impose certain rules regarding the identification of clients, when opening files or when our services are retained in connection with the use of trust accounts.
These rules provide that every lawyer practising in Québec is required to identify his client for each new file. In addition, the lawyer will, in certain specific circumstances, have to verify the identity of his client. These rules apply even to clients with whom the lawyer has been in a business relationship for many years.
Therefore, when opening a new client account for a corporation or organization, we must collect information about that entity, including its corporate name, contact information, certificate of incorporation or identification number and place of issuance, as well as the general nature of the activities of the corporation or organization that is not a financial institution, public body or reporting issuer. We must also obtain the name, position, address and telephone number of the authorized persons who give instructions relating to the mandate or service agreement. When opening a new account for a natural person (an individual), we need to obtain the individual’s contact details and occupation.
The regulation imposes a further obligation: under certain specific circumstances, we are required to verify the identity of our clients and of some third parties. This verification rule applies only if the mandate or service contract involves a financial transaction, such as the receipt, payment or transfer of funds, or if the lawyer must provide instructions for such transactions, when they are done by means other than electronic funds transfer. Some exceptions further limit the scope of this obligation.
The regulation requires us to take all reasonable means to verify a client’s identity. That verification must be based on documents, data or information from a reliable independent source. We must obtain a copy of this information, to be retained in our file on any paper medium or in a digital format, provided that copies can be easily made at any time.
For a natural person, the documents, data or information we must obtain for our files, from a reliable independent source are: a copy of their passport, driver’s licence or health insurance card. For a company or organization, we must obtain from a competent authority and retain documents, data or information, for confirmation: 1) the existence, name and address of the company or organization; ii) the names and occupations of its directors (unless the company or organization is a securities broker); and iii) the name, address and occupation of all persons owning 25% or more of an organization or company or holding 25% or more of the voting shares of a corporation.
Responsibility and commitments
Personal information collected and how it is used
DGC collects various personal information, including your family name, first name, mailing address, email address, telephone number, job title, financial and banking information, credit card numbers, data about your food preferences, interests and requirements (when you participate in our events), information and statistics on your visits to our website and tracking cookies related to its use, other identifying and verifying information, such as copies of your passport and driver’s licence, information collected in relation to mandates entrusted to us and the services we provide, and data related to member recruitment, namely the contents of the resumes we receive, including publicly available data. These publicly available data sources include:
- The Registraire des entreprises;
- The plumitifs;
- Données Québec;
- Social media;
- Data from the Office of the Superintendent of Bankruptcy.
We require some of this information to accept a mandate. Other information is optional.
1. Collection :
DGC only collects personal information required to:
- 1.1. Establish and maintain commercial and professional relations with you and assess the state of that relationship
- 1.2. Provide legal advice and services
- 1.3. Fulfil our obligations and avoid conflicts of interest
- 1.4. Communicate with you and third parties as part of our mandates
- 1.5. Open a client account to comply with our obligations and code of ethics
- 1.6. Understand your needs and expectations
- 1.7. Verify, as required, our clients’ identity, solvency and credit record or obtain information from rating agencies
- 1.8. Answer your questions about your account and files
- 1.9. Comply with current legal and regulatory privacy protection requirements
- 1.10. Provide advice and services that meet your needs
- 1.11. Develop, improve, market and promote our services
- 1.12. Send you our publications, invitations and other information by postal mail, email, text message or any other method
- 1.13. Develop and manage our databases and administrative systems
- 1.14. Issue invoices, administer accounts, process payments and collect monies due
- 1.15. Recruit and evaluate candidates
- 1.16. Manage risk, prevent fraud and pursue any other legal recourse;
- 1.17. During your visit to our website;
- 1.18. When you use our social media or any other means of communication, including when publishing a comment or complaint;
- 1.19. While visiting our offices, in which case our personnel and our surveillance systems might collect personal information;
- 1.20. In the context of personal protection and safety of people and assets under our control or responsibility;
- 1.21. For protection against potential errors in our files;
- 1.22. For any other resasons or obligations allowed or required by law, or required by our activities.
DGC is committed to collect all personal information by fair and lawful means. When we must collect personal information for a reason other than those listed above, we will advise our clients in advance and obtain all required authorizations to collect, use and disclose such personal information, if applicable.
2. Use and disclosure:
We will ensure that the personal information that we manage will be stored in Canada. However, certain tools we use to secure our email routes messages through a gateway located in England. DGC’s agreement with this third party guarantees the integrity, security and confidentiality of the personal information of its clients.
By filling out our publication subscription form, you consent to receive by email our publications, newsletters, and invitations to conferences and other activities organized by DGC. At your request, we will stop sending you marketing information. Simply follow the unsubscribe instructions found at the bottom of each message we send or email our Marketing Department at email@example.com.
At any time, you may refuse or withdraw your consent to the collection, use, disclosure (except as required by law) or retention of your personal information by contacting Me Martin Raymond, Director of Personal Information, DGC, by telephone at 514.878.3267 ou by email at firstname.lastname@example.org. We reserve the right to refuse certain requests, in compliance with applicable laws. Please note that the withdrawal of your consent may force us to withdraw from representing you and may prevent us from providing the legal services and advice you require.
Please note that in certain particular circumstances, we may send you messages, electronic or otherwise, in accordance with the exceptions set out in the law.
Limited use, communication and retention of personal information
DGC collects personal information from its clients. We ask our clients to update and correct their personal information by informing us whenever possible about any relevant changes. Be advised that we do not systematically update our clients’ personal information unless required for the purposes set out above.
Given the importance of privacy, DGC has implemented security measures appropriate to the sensitivity of the personal information in our custody. DGC maintains an adequate level of physical, procedural and technical security in our offices and where personal information is stored. We limit access to your personal information to the employees who require access to perform their duties. We store paper files containing personal information in filing cabinets to which access is restricted to authorized personnel. To secure personal information in digital format from loss, theft, unwanted intrusions, abusive use, unauthorized modification and malicious attacks, we employ technology solutions, including passwords, firewalls, antivirus and other security software, and the encryption of certain data. DGC houses its servers in secure environments, and specialists manage our computing infrastructure to ensure data protection. All DGC employees are trained in and aware of the importance of protecting the confidentiality of personal information.
Upon request, any person has the right to be informed of the existence of personal information about them, how it is used and the fact that such information has been shared with a third party. If you make such a request, you also have the right to consult the information that DGC holds about you, subject to certain exceptions as provided by the applicable legislation. Upon request, you may obtain a list of the organizations and third parties to which your personal information was or may have been communicated for the purposes set out in this policy. You may also challenge the accuracy and completeness of the information and have DGC amend it as appropriate and as soon as possible, after you have proven such inaccuracy or incompleteness.
To exercise your personal information rights, please submit a written request to Me Martin Raymond, Director of Personal Information, DGC, by telephone at 514.878.3267 or by email at email@example.com . In that request, you must provide sufficient information to allow us to clearly identify you and inform you about the existence, use and disclosure of the personal information that we hold about you. DGC will examine your written request within thirty (30) days of receipt. This delay may be extended by an additional thirty (30) days if meeting the original time limit would interfere with DGC operations or if the request requires research that makes it difficult to meet the original time limit. There are no charges for processing such a request, except in complex cases. DGC reserves the right to refuse any request within the time limit to respond, subject to the applicable privacy legislation. We will fully document any such refusal and inform the person of their legal remedies. If not satisfied by DGC’s response, you may file a complaint with Me Martin Raymond, Director of Personal Information, DGC, by telephone at 514.878.3267 or by email at firstname.lastname@example.org, (see the section below).
Note that if you contact us to exercise your privacy rights, we will verify your identify and whether you are entitled to assert those rights.
Updates to the Policy
By your continued supplying of personal information to DGC or use of its website, following the posting of changes to this Policy, your consent to the Policy changes is explicit.
Please note that the french version of this statement and of our Policy is the official version, and that it prevails over the version translated in english.
DGC ensures that its Privacy statement and Policy are easily accessible through its website, its written communications and its personnel. If you have any questions or comments, or if you would like to inform us of your preferences regarding your personal information, please contact Me Martin Raymond, Director of Personal Information, DGC, by telephone at 514.878.3267 or by email at email@example.com. You may also write to: DGC Customer Service – Director of Personal Information, 800, boul. René-Lévesque Ouest, 26e étage, Montréal, Québec H3B 1X9. We will answer your written request within thirty (30) days of receipt.