Fasken is a global law firm which values your privacy and cares about the way your personal information is treated.
As a law firm, we collect, use and disclose information on a daily basis in order to render our services in consultation, litigation and transaction. Confidentiality is important to us, as we put professional secrecy at the heart of our client relationship. We use all information, especially personal information, in accordance with the highest ethical standards.
1. Who we are and what we do?
Fasken Martineau DuMoulin LLP and its affiliated entities, including Fasken Martineau LLP, Bell Dewar Inc. and Fasken Martineau DuMoulin (Pty) Ltd. (“Fasken”, “we”, “us” or “our”) is a global law firm. Unless we notify you otherwise, Fasken is the “data controller” and “responsible party” of your personal information, i.e. the organization who alone or jointly determines the purposes for which, and the manner in which, any personal information is, or is likely to be, processed.
2. What personal information do we collect?
We may collect and process different types of personal information in the course of operating our business and providing our services. These include:
- Contact information such as name, physical address, email address and telephone number;
- Biographical information such as job title, employer, photograph and video or audio content;
- Marketing, communication preferences and related information such as meal preferences, feedback and survey responses;
- Billing and financial information such as billing address, bank account and payment information;
- Services information such as details of services that we have rendered to you;
- Recruitment information such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment or association to or with Fasken;
- Website usage and other technical information such as details of visits to our websites or information collected through cookies, your interaction with our online advertising and content and other tracking technologies;
- Information provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include special categories of personal information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sexual orientation, etc.);
- Identification and other background verification data such as a copy of driver’s licence, passports or utility bills or evidence of beneficial ownership or the source of funds to comply with anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
- Any other personal information provided. Please note that if you provide personal information to us about other people (such as your customers, directors, officers, shareholders or beneficial owners), you must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure;
- Where applicable, Records of consent given to us (date, time, means of consent), in circumstances where such consent is need for the processing of personal information; and
- Where we need Special Personal Information, it will happen in the ordinary course of business, in accordance with the applicable law and/or for a legitimate purpose.
We do not knowingly collect information from children or other persons who are under 16 years old. If you are a minor under 16 years old, please do not provide us with any personal information without the express consent of a parent or guardian. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minor children without verification of parental consent, we will take steps to remove that information from our servers.
You cannot send us confidential information until we have confirmed in writing that we represent or act for you or your company or organization. Unsolicited emails sent to us from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, are subject to disclosure to third parties.
3. How do we collect your personal information?
We collect your personal information from yourself and during interactions with you:
- During the course of providing legal services to you
- When you register for seminars, training, newsletters
We also collect information publicly available notably in public platforms, including our website.
4. How do we use personal information?
We may use personal information in the following ways, either with your consent or, where applicable, according an other legal basis under the General Data Protection Regulation (“GDPR”). In each case, we identify the grounds that we rely on to use your personal information:
- To provide our legal and other services and to conduct our business, to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us. Applicable legal basis under the GDPR: contract performance and to carry out actions for the conclusion of the contract;
- To respond to requests for information or enquiries from visitors to our websites. Applicable legal basis under the GDPR: contract performance;
- To facilitate use of our websites and to ensure content is relevant and to ensure that content from our websites is presented in the most effective manner for you and for your device. Applicable legal basis under the GDPR: legitimate interests (to allow us to provide the content and services on the websites);
- For marketing and business development purposes – to provide details of new services, legal updates and invitations to seminars and events where an individual has chosen to receive these. Applicable legal bases under the GDPR: legitimate interests, consent; you may require that this service ceases at any time;
- For research and development purposes (including from a security perspective) – analysis in order to better understand our clients’ services and marketing requirements and to better understand our business and develop our services and offerings. Applicable legal basis under the GDPR: legitimate interests (to allow us to improve our services); you may unsubscribe at any time;
- For recruitment purposes – to enable us to process applications for employment and to assess your suitability for any position for which an individual may apply at Fasken. Applicable legal bases under the GDPR: legitimate interests (to ensure that we can make the most appropriate recruitment decisions for Fasken), contract performance (in order for us to take steps to enter into a contract with someone who requested it);
- To fulfil our legal, regulatory, or risk management obligations – to comply with our legal obligations (performing client due diligence/“know your client”, anti-bribery, sanctions or reputational risk screening, identifying conflicts of interests). Applicable legal basis under the GDPR: legal obligation;
- To fight against fraud and/or other relevant background checks, notably as may be required by applicable law and regulation and/or best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them). Applicable legal basis under the GDPR: legitimate interests (to cooperate with law enforcement and regulatory authorities, to ensure acceptable risk profile and to assist with the prevention of crime and fraud). Where we process special categories of personal information we may also rely on substantial public interest (prevention or detection of crime) or legal claims;
- To enforce our legal rights, to comply with our legal or regulatory reporting obligations and/or to protect the rights of third parties. Applicable legal basis under the GDPR: legal obligations;
- To ensure that we are paid – to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings). Applicable legal basis under the GDPR: contract performance;
5. With whom do we share personal information?
Fasken is a global law firm and as such, any personal information that we collect may be shared with and processed by any Fasken entity within our network. We may also share personal information with certain third parties such as:
- Third-party service providers and/or partners who provide website, application development, hosting, maintenance, and other services to us. These third parties may have access to, or process personal information as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information;
- Law enforcement and governmental entities when required by law. For greater clarity, we may disclose personal information or other information if required to do so by law or in the good faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies;
- An acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets; and
- We will only use personal information to fulfil the primary purpose and applicable legitimate purpose it was collected for, or for a purpose compatible with that primary purpose.
6. How long do we keep personal information?
We will only keep personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy Privacy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which personal information will be kept, please contact us as set forth in the “How to contact us?” section.
7. Where do we store personal information and international transfers?
As a global law firm, personal information may be stored and processed in any country where we have facilities or in which we engage third party service providers (i.e. Canada, United States, United Kingdom and South Africa). You consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country of residence. While such information is outside of your country of residence, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
8. How do we protect personal information?
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate physical, technical and administrative safeguards to protect personal information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. We have taken steps to ensure that the only personnel, under a duty of confidentiality, who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe personal information has been compromised, please contact us as set forth in the “How to contact us?” section.
9. What rights does someone have in relation to its personal information?
Under certain circumstances and in accordance with applicable data protection laws, an individual has the following rights:
- Access: entitled to ask if we are processing information and, if we are, request access to personal information. Subject to applicable law and, where applicable, payment of a possible fee, this enables the individual to receive a copy of the personal information we hold and certain other information about him or her or it;
- Accuracy: we are required to take reasonable steps to ensure that the personal information in our possession is accurate, complete, not misleading and up to date; and
- Correction: entitled to request that any incomplete or inaccurate personal information we hold be corrected.
Under the GDPR, you may be entitled to the following additional rights:
- Erasure: entitled to ask us to delete, destroy or remove personal information in certain circumstances. There are certain exceptions where we may refuse a request for erasure or destruction, for example, where the personal information is required for compliance with law or in connection with claims or required by contract between the parties;
- Restriction: entitled to ask us to suspend the processing of certain personal information, for example to establish its accuracy or the reason for processing it;
- Transfer: request the transfer of certain personal information to another party;
- Objection: one may challenge when we are processing personal information based on a legitimate interest (or those of a third party) or for certain direct marketing purposes. However, we may be entitled to continue processing information;
- Automated decisions: contest any automated decision made where this has a legal or similar significant effect and ask for it to be reconsidered; and
- Consent: where we are processing personal information with consent, withdrawal of consent in the circumstances permitted by law.
Finally, you have also a right to make a complaint with a data protection supervisory authority, in particular in the country/province/state where you normally reside, where we are based or where an alleged infringement of data protection law has taken place.
To exercise any of these rights, please contact us as set forth in the “How to contact us?” section.
11. How to contact us?
Fasken Martineau DuMoulin LLP
Attn: Privacy Officer
800, Place Victoria, Suite 3500
Montréal, Québec, H4Z 1E9, Canada