Table of contents

Privacy Policy
Scope and Application
What Personal Information We Collect
Purposes for Collecting and Using Personal Information
Cookies and Analytics
Third-Party Service Providers and Disclosure
Legal Basis for Processing and Consent
Retention of Personal Information
Protection of Personal Information
Accuracy and Updating Your Information
Your Rights: Access, Correction, and Choices
Inquiries, Questions, and Complaints
Changes to this Privacy Policy

Privacy Policy

Whitestone Law Professional Corporation (“Whitestone”, “we”, or “us”) is committed to protecting your privacy and safeguarding personal information in our custody. As an Ontario-based law firm, we abide by the requirements of Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy principles . This Privacy Policy explains how we collect, use, disclose, and protect personal information obtained through our website and related services. It is drafted conservatively to meet current legal requirements and to anticipate forthcoming changes (such as Canada’s proposed Consumer Privacy Protection Act (CPPA)), all while avoiding over-commitment and minimizing legal exposure.

Scope and Application

This Privacy Policy applies to personal information we collect from the following categories of individuals:

  • Website Visitors: Individuals who visit or interact with our website (including via cookies or analytics tools).
  • Prospective Clients: Individuals who submit inquiries, contact forms, or book consultations seeking our legal services.
  • Newsletter Subscribers: Individuals who sign up to receive our email newsletters or legal updates.

By using our website or providing personal information to us, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using the site or submitting personal information.

What Personal Information We Collect

We only collect personal information that is reasonably necessary for the purposes identified in this Policy or as otherwise permitted by law. The types of information we collect vary based on your interactions with us:

Personal Information from Website Visitors

When you visit our website, we may collect limited information about your device and browsing activity. This can include:

  • Technical Information: IP address, browser type, operating system, device identifiers, and the dates/times of your visits.
  • Usage Data: Pages or content viewed, links clicked, and other interactions with our site.
  • Cookies and Similar Technologies: Our site uses cookies and tracking pixels (e.g., Google Analytics cookies) to collect information about how you navigate the site. These cookies may record information such as your preferences and browsing sessions. (See Cookies and Analytics below for details.)

This information is generally collected through automated means when you use our site. It helps us understand how our site is used and improve its functionality. Technical and usage data are typically not used to identify you by name, and may be analyzed in aggregate or de-identified form.

Personal Information from Prospective Clients

If you are a prospective client contacting us through our website forms, by email, or by phone, we will collect the information you provide. This may include:

  • Contact Information: Your name, email address, telephone number, mailing address, or other contact details.
  • Inquiry Details: The content of your message or description of your legal matter, which may include personal details relevant to your case (e.g. information about your business, dispute, or personal circumstances). We ask that you limit the information you send at the inquiry stage to only what is necessary for us to understand your request. Please do not include sensitive personal information (such as financial, health, or confidential details) in initial inquiries unless requested, as unsolicited sensitive information may not be protected (see the Confidentiality note in our Terms of Service) .
  • Referral Information: If you were referred to us or indicate how you found us, we may record that information (e.g. name of referring person or website).

We collect this information directly from you with your knowledge and consent when you fill out a form or otherwise provide it to us. We will use it only for the purposes of responding to your inquiry, evaluating whether we can assist you, conducting conflict checks, and contacting you to schedule a consultation or provide requested information.

Personal Information from Newsletter Subscribers

If you subscribe to our email newsletter or legal updates, we will collect:

  • Contact Details: Your name and email address (and any other information you expressly provide, such as your company or areas of interest).
  • Marketing Preferences: Your consent to receive communications and any preferences you indicate (for example, which topics you are interested in).

We collect this information directly from you through the newsletter sign-up form. You will always have the option to unsubscribe from our mailings, and each email will include an unsubscribe link. We will only send you newsletters if you have opted in.

Purposes for Collecting and Using Personal Information

Whitestone will identify the purposes for which personal information is collected at or before the time of collection, and will not use it for other purposes without your consent or as required/authorized by law . The primary purposes for which we collect and use personal information include:

  • Providing Legal Services: For prospective clients who engage our services, we use personal information to assess and address your legal needs, to communicate with you, and to perform conflict of interest checks. (Any further information collected after engagement will be handled under our professional obligations and, if applicable, a client retainer agreement, which is outside the scope of this website policy.)
  • Responding to Inquiries: To reply to messages or requests you send us, including scheduling consultations or providing information about our services.
  • Newsletter and Publications: To send you our newsletters, legal updates, event invitations or other materials if you subscribed. We use your contact information to deliver these communications, and you may opt out at any time.
  • Website Operation and Improvement: To monitor, maintain, and analyze usage of our website. Information such as cookies and analytics data helps us troubleshoot technical issues, understand user interests, and improve site content, layout, and security.
  • Legal and Regulatory Compliance: To fulfill our legal obligations, such as maintaining records required by the Law Society of Ontario or other governing bodies, complying with court orders, and responding to lawful information requests. For instance, we may be required by law to verify identities for anti-money laundering (AML) purposes or retain certain records for a minimum period. We will collect and use personal information for such compliance purposes only as allowed or mandated by applicable laws.
  • Protecting Our Rights and Users: To protect the integrity of our website, our legal rights, and the rights or safety of others. For example, we may use information to detect and prevent fraud, cyber-attacks, or other threats. If necessary, we may use personal information to pursue available remedies or defend against legal claims.

Whitestone does not sell your personal information to any third parties. We will only use or disclose personal information for the purposes above or as otherwise disclosed to you at the time of collection, or as permitted by law. If we intend to use your information for a new purpose not described here, we will obtain your consent unless an exception in law applies.

Cookies and Analytics

Our website uses cookies and similar technologies to enhance user experience and gather data about traffic and usage patterns. Cookies are small text files placed on your device when you visit a website. We use the following types of cookies:

  • Necessary Cookies: These are essential for the operation of our site (for example, to load pages or remember basic settings). Without these, the site may not function properly.
  • Analytics Cookies: We use third-party analytics services (such as Google Analytics) to collect information about how visitors use our site . Google Analytics uses cookies to record data like your IP address (which Google may anonymize), browser type, the pages you visit, and the time spent on our site. We receive aggregated reports from these analytics, which help us understand overall visitor engagement (for example, which articles are most read) and improve our content. The information collected via Google Analytics is subject to Google’s privacy policies. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser settings to refuse cookies.

You have control over cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies or alert you when cookies are being sent. Please note that disabling cookies might affect some features of our site (for instance, videos or interactive features may not work properly if their cookies are blocked).

By using our site without disabling cookies, you consent to our use of cookies as described. For further information on how we use tracking technologies or any updates to our cookie practices, you may contact us (see Contact Us section below).

Third-Party Service Providers and Disclosure

Whitestone may share personal information with third-party service providers and partners who assist us in operating our business and website. We only share the information necessary for these providers to perform their services, and we require them to protect your information and use it only for the purposes we specify. Key third-party services we use include:

  • Website Hosting and IT Providers: Our website is hosted on servers provided by reputable cloud service providers. Personal information (such as contact form submissions) may be stored on these servers. We use providers that implement security measures and are bound by confidentiality obligations.
  • Email and Communications Services: We may use third-party email services or marketing platforms (for example, an email newsletter service) to send out newsletters or to manage contact form data. If you subscribe to our newsletter, your email address and name may be stored with that service provider for the purpose of sending you emails.
  • Analytics Services: As noted, we use Google Analytics (a service provided by Google) for website traffic analysis. Google may process certain data as our service provider. We have configured our analytics to avoid collecting more data than necessary for statistical purposes, and to respect any applicable privacy settings (such as IP anonymization, where enabled).
  • Professional Advisors and Affiliates: On occasion, we may share information with our professional advisors (such as auditors, insurers, IT security consultants) or affiliated organizations for legitimate purposes, such as obtaining professional advice or managing risks. Any such sharing will be done confidentially and in compliance with privacy obligations.
  • Legal Requirements and Protection: We may disclose personal information if required by law or by a regulatory authority. For example, we might have to provide information in response to a subpoena, court order, or law enforcement request. Additionally, if necessary to protect our rights, enforce our website Terms of Service, or protect the rights, property or safety of our firm, our clients or others, we may disclose information as allowed by law .

Some of our service providers may be located outside of Canada (for instance, Google’s servers or an email newsletter service might be in the United States). Personal information stored or processed in another country may be subject to that country’s laws (for example, information in the U.S. might be accessed by U.S. authorities under their laws). We take reasonable measures to ensure that our providers protect personal information to standards comparable to those required in Canada. However, when you submit personal information to us, you acknowledge that it may be transferred to and processed in jurisdictions outside Canada.

Whitestone does not trade, rent, or sell personal information to any third parties for marketing or other purposes. We will also not disclose your personal information to third parties for their own independent use without your consent, except as described above or as required/permitted by law.

egal Basis for Processing and Consent

As a law firm operating in Canada, our collection, use, and disclosure of personal information is generally based on your consent or as otherwise authorized by law . By providing us with personal information (for example, by filling in a contact form, subscribing to a newsletter, or sending us an email), you are consenting to our collection and use of that information for the purposes outlined in this Policy.

Consent can be express (e.g., you explicitly agree by checking an opt-in box or signing a form) or implied (e.g., when you voluntarily provide information for an obvious purpose, consent is inferred for that purpose) . We will seek express consent when the information is sensitive or when required by law. In other cases, your consent may be implied from your actions, such as when you continue to use our website after being notified of our use of cookies, or when you voluntarily provide information to receive a service.

You have the right to withdraw your consent at any time, subject to legal or contractual restrictions. For example, if you have subscribed to our newsletter, you can withdraw consent by unsubscribing. If you provided personal information to inquire about services, you can request us to stop using and retaining that information (though note that if you later become a client, we may need to keep certain information as required by law or professional regulations). To withdraw consent, please contact us (see Contact Us below). We will explain any consequences of withdrawing consent, as in some cases it may limit our ability to provide you with certain services or respond effectively to your inquiry .

In certain situations, we may collect, use, or disclose personal information without your consent if permitted or required by law. For instance, PIPEDA and other privacy laws include specific exemptions where consent is not needed – such as when information is collected for the purpose of an investigation or legal proceeding, when it’s publicly available as defined by law, or when obtaining consent is impractical for reasons of safety or security. We will only rely on such exemptions in strict accordance with the law. Under the anticipated CPPA, there may be additional provisions for “legitimate interests” or defined “business activities” where consent is not required . While the CPPA is not yet in force, Whitestone is proactively aligning its practices with the principles it embodies, to the extent possible without contravening current law.

Retention of Personal Information

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. The length of time we keep information will depend on the purpose and on any legal or regulatory requirements (such as Law Society of Ontario rules or limitation periods for legal claims). For example:

  • If you contact us but do not become a client, we may retain your inquiry information for a reasonable period (in case you decide to proceed or to defend against any potential conflicts or liability), but we will not keep it longer than necessary.
  • If you subscribe to our newsletter, we will retain your contact information until you unsubscribe or the newsletter program ends. Upon unsubscribe, we will promptly remove you from the mailing list, but may keep a record of your request to ensure we respect your wishes going forward.
  • If you become a client, your personal information will be retained in accordance with our client file retention policies (often, law firms keep client files for a certain number of years after a matter closes, to comply with professional obligations). Such client-related data is handled according to our professional confidentiality duties and may not be governed by this website Privacy Policy after engagement.

In all cases, when personal information is no longer required for the purposes stated or for legal compliance, we will securely delete, destroy, or anonymize the information. We have standard protocols for records management and disposal to prevent unauthorized access during storage or destruction.

Protection of Personal Information

We recognize the sensitive nature of the personal information entrusted to us and take the security of that information seriously. Whitestone has implemented physical, technical, and administrative safeguards appropriate to the sensitivity of the information to protect against loss, theft, misuse, unauthorized access, alteration, or disclosure. These measures include:

  • Physical Safeguards: Restricted access to our offices and files (e.g., locked filing cabinets for paper records, access controls to office premises).
  • Technical Safeguards: Use of secure computer systems and up-to-date encryption protocols. We employ firewalls, antivirus and anti-malware tools, and, where applicable, encryption for data at rest and in transit (for example, our website uses HTTPS for secure data transmission). We also use strong password protections and regularly update and patch software to address security vulnerabilities.
  • Administrative Safeguards: Firm policies and training for our lawyers and staff on the importance of confidentiality and privacy. We restrict internal access to personal information on a need-to-know basis – only those who need the information to perform their duties will have access. We have appointed a Privacy Officer (see Contact Us below) responsible for overseeing our compliance with privacy laws and best practices, and we periodically review our procedures to ensure ongoing security.

Despite these safeguards, please note that no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. You can help protect your information by using caution when sending sensitive details via email or the internet. If you have concerns about the security of your information, please contact us to discuss alternative methods (for example, providing information by phone or in person).

In the event of an unlikely data breach involving your personal information, we will comply with all applicable breach notification laws. PIPEDA requires us to notify individuals and the Office of the Privacy Commissioner of Canada if a security incident results in a real risk of significant harm to you . We will also take immediate steps to contain and investigate any such incident and prevent future occurrences.

Accuracy and Updating Your Information

We endeavor to keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is used. However, we largely rely on you to provide us with accurate information and to inform us of any changes. If your information (such as contact details) changes or if you note any inaccuracies in the information we have about you, please let us know and we will correct or update it promptly. For clients, it is particularly important to keep us informed of changes relevant to your matter (e.g., change of address or phone number) to ensure effective communication.

Your Rights: Access, Correction, and Choices

Under PIPEDA, you have certain rights regarding your personal information :

  • Access: You have the right to request information about the personal data we hold about you and to receive an explanation of how it is used and disclosed. Upon written request and authentication of your identity, we will provide you with your personal information under our control, information about the ways in which that information is being used, and a description of the individuals and organizations to whom it has been disclosed, subject to certain exceptions. (Examples of exceptions: we may not be able to disclose information that reveals personal data about another individual without their consent, or information subject to legal privilege, etc.) We will respond to access requests within the timeframe required by law (generally 30 days under PIPEDA, with possible extensions) and will advise you if any fees apply to process your request (only if permitted, and we will provide an estimate and options first).
  • Correction: If any personal information we have is inaccurate or incomplete, you have the right to request a correction or update. If we agree that a correction is warranted, we will make the necessary correction and, where appropriate, inform any third parties who received the incorrect information of the change. If we do not agree to correct certain information (for example, if we consider it accurate or if it consists of an opinion that cannot be proven true or false), we will provide an explanation and you may have the right to have a statement of disagreement appended to the record.
  • Withdrawal of Consent: As mentioned, where our processing of your information is based on consent, you have the right to withdraw that consent (opt out) at any time (subject to legal or contractual restrictions). For instance, you can unsubscribe from newsletters, or request that we not retain your information if you decide not to proceed with our services. We will inform you if withdrawing consent affects our ability to provide you with services or information.

To exercise any of these rights, please contact our Privacy Officer using the contact information in the next section. We may need to verify your identity (for example, by requesting ID or confirmation of certain details) before releasing data to ensure that we do not give your information to an unauthorized person.

Anticipated Additional Rights under CPPA

We strive to be forward-thinking in our privacy practices. Canada’s proposed CPPA, once in force, is expected to introduce additional rights for individuals, such as:

  • Data Portability: The ability to request transfer of your personal information from us to another service provider in certain circumstances (also known as a right to data mobility) .
  • Deletion (Erasure): The right to request deletion of your personal information, subject to specific exceptions (for example, if the information is needed for legal reasons or cannot be isolated from another person’s data) .
  • Information on Automated Decisions: If we were to use automated decision-making systems that have significant impacts on individuals, a right to request information about the use of such systems .

We will update our Privacy Policy and practices as needed once the law is enacted to ensure compliance. Until then, we already offer the ability to unsubscribe from communications and request deletion of information you provided (for instance, if you sent us an inquiry and want it erased, we will accommodate such requests to the extent consistent with our legal obligations). Our goal is to meet or exceed the privacy standards set by current law and upcoming reforms, without misrepresenting our obligations under existing law.

Inquiries, Questions, and Complaints

We welcome questions, concerns, or requests regarding privacy and our data handling practices. Whitestone has appointed a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy laws (Accountability Principle) .

Contact Information for Privacy Inquiries:

Privacy Officer – Whitestone Law Professional Corporation

Email: hello@whitestonelaw.ca

Phone: +1 (647) 555-0123

Mailing Address: 5 Ave Blackburn, Ottawa, ON K1N 8A2

Please contact our Privacy Officer if you:

  • Wish to access or correct your personal information with us;
  • Have any questions or feedback about how we collect or handle personal information;
  • Need to withdraw consent or opt out of certain processing; or
  • Have a concern or complaint about our privacy practices.

We take all privacy complaints seriously. If you file a complaint, the Privacy Officer will acknowledge it, request any further information needed, and investigate the matter. We will provide you with a written response outlining the results of our investigation and any steps taken to address your concerns, where appropriate.

If we are unable to resolve your privacy concern to your satisfaction, you have the right to escalate the issue. Under PIPEDA, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe your rights have been violated . The OPC is the federal regulator that oversees PIPEDA compliance. In Ontario, if your concern relates to personal health information (although our website does not collect health information, this is for general awareness), the relevant body is the Information and Privacy Commissioner of Ontario (IPC). We would provide you with guidance on the appropriate authority if needed.

Changes to this Privacy Policy

Whitestone reserves the right to modify or update this Privacy Policy at any time in order to reflect changes to our practices or to comply with legal requirements. If we make material changes, we will post the updated Policy on our website with a new effective date. We encourage you to review this Policy periodically for any updates. Your continued use of our website or services after any changes to the Privacy Policy are posted will signify your acceptance of those changes, to the extent permitted by law .

This Policy is intended to be compliant with current laws and is drafted to avoid over-promising. In the event of any conflict between this Policy and applicable privacy law requirements, we will act in accordance with the law.

Effective Date: This Privacy Policy is effective as of [Date]. (If none is stated, the effective date is the date of last update, January 2026.)