Personal Information Protection Principles
GSLG is accountable for the protection of all personal information within the firm’s possession or control, including any personal information that has been transferred to a third party for regulatory, legal or processing purposes. GSLG will require a comparable level of protection of this information from its third-party relations.
2. Identifying Purposes
Personal information that GSLG collects from clients includes:
- the client’s name and address and other contact information, such as telephone numbers, email address;
- facts the client’s file;
- information about a client’s transactions with us, such as file numbers, account balances, payment history; and
- payment information for pre-authorized payments.
When a client retains GSLG, GSLG will make the client aware of the purposes for which GSLG is requesting the personal information. If GSLG identifies other purposes for which the personal information may be used, GSLG will seek the client’s consent prior to such use. GSLG will advise that it is the client’s right to refuse permission for GSLG to use personal information for any new purposes.
Additional purposes for collecting personal information may be identified to a client before or at the time of collection. However, at a minimum GSLG will collect personal information for the following purposes:
- To verify the customer’s identity;
- To provide the client with legal services; and
- To prevent fraud with respect to both the client and our firm
The knowledge and consent of a client is generally required for the collection, use or disclosure of personal information and GSLG will seek to obtain consent before or when it collects, uses or discloses personal information about a client. A client can provide consent to the collection, use and disclosure of personal information about them expressly or implicitly. However, GSLG will collect, use or disclose personal information without a client’s knowledge and consent only in limited circumstances and as permitted by law, such as in the case of an emergency where the life, health or security of a client is threatened. Subject to certain legal and contractual restrictions and reasonable notice, a client can refuse or withdraw their consent to the collection, use or disclosure of personal information about them at any time.
All existing clients will be informed of what types of personal information have been collected, the purpose for the collection and the procedures available for contacting GSLG with any inquiries. All new clients will be provided an explanation about the collection, use and disclosure of their personal information when requesting service.
4. Limiting Collection
GSLG limits the amount and type of personal information it collects to that which is necessary for the business of legal services and as permitted by law. Personal Information will be collected using procedures that are fair, transparent and lawful.
5. Limiting Use, Disclosure and Retention
GSLG will only use the personal information for the purpose for which it was collected as identified in principle #2, unless consent is given by the client to use or disclose it for another purpose or as is required by law. GSLG will develop explicit retention periods for closed files, after which the personal information will be destroyed or made anonymous. Under certain exceptional circumstances, GSLG may have a legal duty or right to disclose personal information without the client’s knowledge or consent.
GSLG shall take all reasonable steps to ensure that all personal information will be kept accurate, complete and up to date. Clients may challenge the accuracy and completeness of personal information about them and have it amended, as appropriate.
In executing its responsibilities with respect to the confidentiality of personal information, GSLG will employ a number of safeguards, appropriate to the sensitivity of the information, to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Such safeguards will include physical measures, organizational measures and technological measures, for example locked filing cabinets, restricted access to offices, security clearances, limiting access on a “need to know” basis and the use of passwords and encryption. Procedures for implementing these measures will be communicated to all employees and third parties to ensure compliance with this principle.
GSLG will make its policies and practices relating to the protection of personal information available to its clients. GSLG will keep its clients informed of these policies and practices and clients shall be provided access to all related policies and procedures via GSLG’s web page. The information will be available in a format that is easy to understand.
9. Client Access
Any client of GSLG can have access to the personal information about them that GSLG has in its possession or control. Any client may request that their personal information be amended for purposes of accuracy and completeness.
Clients can make their requests by telephone (905-526-2111), via email (email@example.com) or in writing (10 George Street, Suite 200, Hamilton, Ontario, L8P 1C8, Attention: Privacy Officer). Response to a client’s request will be made in a timely and efficient manner.
10. Challenging Compliance