L. Kerry Vickar Business Law Clinic (the “Clinic”) is a pro bono legal clinic operated by the Faculty of Law at the University of Manitoba. The primary purpose is to provide free legal assistance to small businesses, start-ups, entrepreneurs, innovators, non-profits, arts, culture and community organization that can not afford a lawyer to provide legal information and assistance using law students to help to meet needs throughout Manitoba.
We are dedicated to maintaining high standards of privacy and confidentiality with respect to the Personal Information we receive from our clients and others, in accordance with the principles set out under the Personal Information Protection and Electronic Documents Act and applicable provincial privacy legislation.
For the purposes of this policy, “you” refers to a client.
This Policy details our practices concerning the collection, use and disclosure of Personal Information you provide to us.
Our obligations apply to all of our officers, employees, agents or representatives who provide services to or on behalf of us in connection with our delivery to you of our services and information, as well as our website.
We urge you to read this Policy to gain a clear understanding of how we may collect, use and disclose your Personal Information in the course of our delivery of services or information, or in the course of your use of our website.
If you do not consent to the collection, use and disclosure of your Personal Information in accordance with this Policy, do not provide us with any Personal Information.
You also have the right to withdraw your consent to our collection, use and disclosure of your Personal Information at any time upon reasonable, advance notice. However, you cannot withdraw your consent retroactively. It is important to note that most of our services can only be provided if we receive the required Personal Information from you. Consequently, should you choose not to provide us with the required Personal Information, we may be unable to offer services to you.
WHAT IS PERSONAL INFORMATION?
We define “Personal Information” as any information, recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information.
This Policy does not cover business contact information (e.g. name, title, business address, telephone and fax numbers, and e-mail address) when used for business purposes, or aggregated data from which the identity of an individual cannot be determined. We retain the right to use business contact information and aggregated data in any way we determine appropriate.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect Personal Information about you that you provided in writing, including via electronic media, verbally over the telephone or in person.
We will not passively collect information by electronic means. To access and request services through the site, you may need to provide certain Personal Information. We will only use this Personal Information to provide our services and information to you.
MEMBERSHIP APPLICATIONS AND SURVEYS
We may collect information when you voluntarily complete a membership application or online survey or other processes. We collect, use or disclose this information in a manner consistent with this Policy. We may also collect email addresses during any membership application, survey or other processes, but you may indicate that you do not wish to receive unsolicited electronic communications from us. We comply with Canada’s Anti-Spam Legislation with respect to the sending of commercial electronic messages.
APPOINTMENTS FOR SERVICES
When a person wishes to make an appointment for services, he or she is asked to supply one or more items within the following classes of information:
- Account identification information
- Personal Information
- Financial information (e.g. credit card information, or any other payment information for billing purposes)
- Address information, including purpose of appointment and other information
We collect this information for billing and delivery purposes. We also use it to contact the individual about their request and needs. In addition, we may use this information for future communications purposes.
SECURITY & SAFETY INFORMATION
We may collect Personal Information about guests and visitors who attend our physical premises. This information may include the person’s name, address, organization, telephone number and email address. We collect, use and disclose this information for safety, health, security and emergency preparedness purposes related to our staff, guests and visitors located on our premises. We may install video cameras or other recording devices in the public access areas of our premises. We will post signs notifying individuals of the existence and purpose of recording devices.
COLLECTION OF INFORMATION THROUGH OUR WEBSITES AND ELECTRONIC COMMUNICATIONS
We may collect information about your use of our services, website(s), social media or when you request our services, or register for, interact with, or use our services or website(s), contact us for information, or respond to emails or other communications.
By accessing and browsing our website(s), you agree that we may collect, use and disclose any information we collect about you through our website(s) as described in this Policy and any Policy Statement included on our website(s).
Our web server automatically collects visitor information in the form of the visitor’s domain or Internet Protocol (IP) address, as well as information about the pages being accessed, the date and time of your visit to our website(s), the documents that you view, the searches you performed, and the website you were on prior to visiting our website(s). We use this information to better serve visitors by managing our sites, diagnosing any technical problems, and improving the content of our website(s). We may also track your activity on other websites or our social media accounts that you visit.
For the transfer and receipt of certain types of sensitive information such as financial information, visitors may be re-directed to a secure server or another site.
WHY WE MAY COLLECT PERSONAL INFORMATION
We use only fair and lawful methods to collect Personal Information. We collect certain information from you for the purposes of fulfilling our mandated objectives. These purposes include:
- Communicating with you to determine your needs
- Providing services
- Running our programs
- Managing appointments and your participation including determining your needs
- Permitting affiliated suppliers to provide services to you
- Managing our relationships with you
- Distributing information, invitations and and other communications that may be of interest to you
- Providing for the safety, health, security and emergency preparedness of our staff, guests and visitors who are located on our premises
- Responding to questions and concerns
- Meeting legal or regulatory requirements
- Communicating for any other purpose for which we have your consent
- Using your Personal Information to generate anonymous or aggregated data that we will use and disclose in our sole discretion.
HOW WE USE PERSONAL INFORMATION
Our use of Personal Information is limited to the purposes described in this Policy, unless we expressly tell you otherwise. We do not sell, trade, barter, exchange or disclose for consideration any Personal Information we have obtained from you.
WHEN WE MAY DISCLOSE YOUR PERSONAL INFORMATION
As a general rule, we hold all information collected in strict confidence. Except in limited circumstances, we do not reveal this information to anyone unless you have expressly or implicitly authorized us to do so.
In such cases, we will secure written agreement from any other organization that they will use the information we provide to them solely for the purpose of providing services to you or us. We will also secure their agreement, in writing, that they will not use, allow access to, or disclose, your Personal Information to any other party, except with your consent or where required to do so by law. We will also require that these organizations have appropriate physical, technical and organizational safeguards to protect your Personal Information.
We may transfer your Personal Information to various third party suppliers for purposes of carrying out our activities, for example, suppliers of services to us. These parties are obligated to maintain your Personal Information in confidence and not to use or disclose it for unauthorized purposes.
There are circumstances where the use and/or disclosure of Personal Information may be justified or permitted, or where we may be obliged to disclose information without consent. These circumstances may include:
- Where required by law or by order or requirement of a court, administrative agency or other governmental tribunal
- Where we believe, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group
- Where it is necessary to establish or collect fees
- Where it is necessary to permit us to pursue available remedies or limit any damages that we may sustain
- Where the information is public as permitted by law
- Where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity
- Where it is necessary to determine whether to proceed with a prospective appointment or transaction or complete the transaction, or where it is
necessary to carry on the activity that was the object of an appointment or completed business transaction.
When this occurs, we will not disclose more information than is required.
CROSS-BORDER TRANSFER OF INFORMATION
We may transfer Personal Information to a service provider which is located outside of Canada where privacy laws may offer different levels of protection from those in Canada. Your Personal Information may also be subject to access by and disclosure to the local courts, law enforcement and national security authorities under the applicable foreign legislation.
By providing your Personal Information to us, you agree that we may collect, use and disclose it in accordance with this Policy and as otherwise permitted or required by law. However, we may seek your consent to use or disclose Personal Information after it has been collected in cases where we wish to use or disclose the information for a purpose not previously identified or expressed in this Policy.
If you need to provide us with Personal Information about other individuals (such as your employees, employer, supervisor, etc.), you represent and warrant to us that you will obtain their consent where required by law and prior to your disclosure to us. Consent is required for us to use and disclose the Personal Information of these individuals for the specific purpose(s) for which you made the disclosure.
WITHDRAWAL OF CONSENT
You may withdraw your consent to us collecting, using and disclosing your Personal Information at any time, subject to reasonable notice and any legal and/or contractual restrictions.
THE ACCURACY AND RETENTION OF PERSONAL INFORMATION
We will always endeavour to ensure that any Personal Information provided to us and in our possession is accurate, current and complete. If we become aware that Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use reasonable efforts to inform third parties.
We keep your Personal Information only as long as it is required for the reasons it was collected. This period may extend beyond the end of a client relationship with us, but it will only be held as long as it is necessary for us to communicate with you or to have sufficient information to respond to any issues that may arise. When we no longer require your Personal Information, we have procedures to securely destroy, delete, erase or convert it into an anonymous form.
PROTECTION OF PERSONAL INFORMATION
We endeavour to maintain appropriate physical, procedural and technical security safeguards at our offices and information storage facilities to prevent any unauthorized access to, or loss, misuse, disclosure or modification of Personal Information. This also applies to our disposal or destruction of Personal Information.
We further protect Personal Information by restricting access to those employees who need access to provide services or information. If an employee misuses Personal Information, we will consider the act a serious offence for which we may take disciplinary action up to and including terminating employment. If any individual or organization misuses Personal Information, we will consider it a serious issue and may take action up to and including terminating any agreement between us and that individual or organization.
We audit our procedures and security measures from time to time to ensure that they remain effective and appropriate.
A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving your Personal Information under our control, we will notify you and the appropriate Privacy Commissioner(s) if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.
ACCESS TO YOUR PERSONAL INFORMATION
You have the right to access and review the Personal Information we hold about you subject to certain restrictions recognized in applicable laws. We will endeavour to provide the information in question within a reasonable time. When we will not or cannot disclose information, we will provide the individual making the request the reasons for non-disclosure.
Further information concerning this Policy and procedures may be obtained by contacting us as set out in the Contact Information section below.
Despite our efforts, errors sometimes do occur. If you identify any Personal Information that is out-of-date, incorrect or incomplete, please contact us and we will make the corrections promptly. We will also use every reasonable effort to communicate these changes to other parties who may have inadvertently received incorrect or out-of-date personal information from us.
We will not charge you for verifying or correcting your Personal Information.
COOKIES AND SIMILAR TECHNOLOGIES
In browsing the Internet, you will encounter a technology called “cookies”, which are small data files that are saved to your device when you visit our website(s). These are commonly used to provide you specific information from a website, and to provide the website’s operator information about you. We may use both session cookies and persistent cookies. A session cookie is a temporary file which is only active while you are on the website and is erased once you close your browser. Unlike a session cookie, a persistent cookie is not deleted when you close your browser and will remain on your device indefinitely. These cookies are used to improve navigation on websites and to collect aggregate statistical information. This information may be used for advertising and marketing initiatives after you conclude your session on our website. The cookies may also track your activity on other websites or social media platforms that you visit after leaving our website. You may opt out of such tracking by adjusting the cookie settings on your browser.
ADJUSTING COOKIE SETTINGS ON YOUR BROWSER
(B) WEB BEACONS
Web beacons are small graphic images or other programming code (also known as “web bugs”, “1×1 GIFs” or “clear GIFs”) used to keep track of your navigation through the website(s) and your electronic communication with us. We may include web beacons in our web pages and email messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or email can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes including, without limitation, to count visitors to our website, to monitor how users navigate the website, to count how many emails that were sent were actually opened, or to count how many particular articles or links were actually viewed. Web beacons may be used to collect certain personal information (for example, the email address associated with an email message).
(C) EMBEDDED SCRIPTS
An embedded script is a programming code that is designed to collect information about your interactions with our website(s), such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.
LINKS TO OTHER WEBSITES
Our website may contain links to other sites. This Policy only applies to Personal Information that we collect, use and disclose. We are not responsible or liable for the privacy practices of third parties, and we strongly recommend that you review their privacy policies before you disclose Personal Information to them.
ADVERTISING ON SOCIAL MEDIA AND OTHER WEBSITES
We may also use social media cookies to identify who are registered users of the following social media platforms: Facebook, Instagram, Twitter and LinkedIn. We may create customs audiences by matching our clients and members with users of social media platforms in order to deliver more useful information and content. (See Facebook’s Custom Audiences (https://www.facebook.com/business/a/custom-audiences) for more information.) All data matching takes place using secure one-way hash functions, such that no Personal Information of our users is provided to the social media platforms if the user is not already registered with the social media platform. You may opt out of communications via social media platforms. Note, however, that you cannot opt out retroactively. Note also that the following social media platforms allow their users to opt out of receiving third party communications:
Email is our preferred method of communicating with you and others. Unless you object, we may use unencrypted plain text or HTML-based emails when communicating with you. These emails, and other electronic communications from us, may contain information that is confidential or privileged, unless you instruct us not to send such information electronically. While we make every effort to secure all electronic communications within our control, there are inherent risks involved with exchanging information electronically. For example, third parties may accidentally or deliberately intercept this information. We are unable to accept responsibility or liability for any damages you may suffer as a result of the interception, alteration or misuse of information during electronic exchanges.
All our staff members and volunteers will receive training on accessible customer service. As part of this training, all staff members and volunteers will be familiar with our own policies and practice guides. New employees and volunteers will be trained as soon as reasonably practicable. Staff and volunteers will receive ongoing training on accessible customer service in connection with any changes to our policies and practices regarding providing barrier-free access.
We will provide the following information on our website, and will make it available in appropriate formats on request:
- A summary Policy Statement highlighting key aspects for website visitors and users
- A link to this Policy for further information; and
- Contact information should visitors or users have any questions, feedback or concerns regarding privacy and our services
RESPONSIBILITY FOR THE POLICY
Course Instructor for the Clinic:
- Sets, implements and maintains corporate administrative policy and program direction.
- Receives and reviews all feedback related to privacy issues and ensures appropriate follow up with those providing the feedback. Reviews and approves recommendations arising from the feedback
- Coordinates assessments of the impact of the applicable legislation on our services and service delivery
Dean of the Law School:
- Oversee the consistent application of the policy
- Foster an environment that reflects and supports the purpose of the policy.
- Work in compliance with the policy and related processes.
Employees, Volunteers and Third-Party Contractors:
- Work in compliance with the policy and related processes
- Attend training and education sessions on accessible customer service when required
CHANGES TO THIS POLICY
This Policy is in effect as of January 2021 for the Clinic. From time to time, we may review this Policy. We reserve the right to change this Policy, and any of our policies or procedures concerning our practices for handling Personal Information, at any time and without any prior notice. Policy changes will apply to all information collected from the date of the change, as well as to existing information in our records.
Please direct your questions or concerns to us at the Contact Information listed below.
If we are unable to resolve your concerns to your satisfaction, you may contact the Privacy Commissioner of Canada by writing to:
The Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
In the event of questions about:
- Access to your Personal Information;
- Our collection, use, management or disclosure of Personal Information; or
Please contact us at:
Faculty of Law,University of Manitoba,
224 Dysart Road,
Winnipeg, MB R3T 2N2
or email: email@example.com