Privacy Policy

We're straight up about how we handle your information. No legal mumbo-jumbo here - just clear explanations of what we collect and why.

Last Updated: 2025-11-13
Quick Navigation
Download PDF

Look, we get it - privacy policies can be a real snooze-fest. But here's the thing: as lawyers who've dealt with data breaches and compliance nightmares, we actually care about this stuff. This isn't some copy-paste job from a template site.

At Helrion Voidforge Legal, we're bound by the Law Society's professional standards, PIPEDA requirements, and honestly, just basic human decency. When you trust us with your legal matters, you're sharing sensitive information. We don't take that lightly.

This policy breaks down exactly what information we collect, why we need it, and what we do with it. We've tried to keep the legalese to a minimum (ironic, we know), but where technical terms are necessary, we'll explain 'em in plain English.

Quick Note: If you're already a client, this policy works alongside your retainer agreement. If something conflicts, your retainer agreement wins out since that's what you actually signed.

Personal Information

When you reach out to us or become a client, we'll typically collect:

  • Contact details: Name, email, phone number, business address - the usual stuff you'd expect
  • Business information: Company name, position, industry details if you're representing an organization
  • Identification documents: Sometimes we need government-issued ID for conflicts checks or regulatory requirements
  • Financial info: Billing addresses, payment details for retainer agreements
Legal Matter Information

This is where it gets more detailed. Depending on your case, we might need:

  • Documentation related to corporate disputes, contracts, or IP portfolios
  • Technical specifications for patent applications or cybersecurity assessments
  • Corporate records, financial statements, or M&A documentation
  • Communications with opposing parties or regulatory bodies
  • Witness statements, expert reports, or other litigation materials
Website Usage Data

Our website automatically picks up some technical info when you visit:

  • IP address and general location (city/province level, not your exact address)
  • Browser type, device info, and operating system
  • Pages you visited, time spent, and how you found us
  • Referring websites and search terms used
Important: Don't send confidential case details through our website contact form until we've established a formal attorney-client relationship. Seriously - use that form for initial inquiries only.

We're not in the business of selling your info or spamming you with marketing emails. Here's what we actually do with your data:

Legal Services & Representation
  • Providing the legal services you've hired us for (kinda the whole point)
  • Running conflict checks to make sure we can represent you ethically
  • Communicating about your case and sending necessary updates
  • Preparing documents, filings, and court submissions
  • Collaborating with expert witnesses, consultants, or co-counsel when needed
Administrative Purposes
  • Processing payments and managing billing (everyone's gotta get paid)
  • Maintaining accurate client records and case files
  • Complying with Law Society regulations and professional standards
  • Managing our client intake and onboarding process
Legal Obligations
  • Responding to court orders, subpoenas, or regulatory inquiries
  • Meeting reporting requirements under Canadian law
  • Preventing fraud, money laundering, or other illegal activities
Business Operations
  • Improving our website and client experience
  • Sending occasional updates about legal developments that might affect you (we're pretty selective about this)
  • Analyzing trends to better serve clients in your industry

We won't use your information for purposes outside what's described here without getting your explicit consent first.

Since we operate in Canada, we're bound by the Personal Information Protection and Electronic Documents Act (PIPEDA). Here's how we line up with those requirements:

Consent

Most of the time, we're collecting and using your info based on your consent - either explicit (you sign something) or implied (you contact us for legal services, so obviously we need your contact info to respond). For sensitive legal matters, we'll always get explicit written consent.

Legitimate Interests

Sometimes we process data because it's necessary for legitimate business purposes, like:

  • Running conflict checks before taking on new clients
  • Maintaining accurate billing records
  • Protecting against fraud or legal claims
  • Complying with our professional obligations as lawyers
Legal Obligations

We're required by law to collect and retain certain information. For example, the Law Society mandates specific record-keeping practices, and anti-money laundering regulations require client identification procedures.

Contractual Necessity

When you hire us, we need certain information to fulfill our obligations under the retainer agreement. Can't represent you without knowing who you are and what your case is about, right?

Privacy Officer: We've designated a Privacy Officer who handles all data protection matters. You can reach them at contact@helrionvoidforge.info with any privacy-related questions or concerns.

We take security seriously - probably more seriously than most firms, given our focus on cybersecurity law. Here's what we do to protect your information:

Technical Safeguards
  • Encryption: All client data is encrypted both in transit (TLS 1.3) and at rest (AES-256)
  • Secure servers: We use Canadian-based data centers with SOC 2 compliance
  • Access controls: Multi-factor authentication for all staff, role-based access restrictions
  • Network security: Firewalls, intrusion detection systems, regular vulnerability scans
  • Secure communications: Encrypted email for sensitive client matters
Physical Security
  • Our Toronto office has controlled access with security cameras
  • Client files are stored in locked cabinets when not in use
  • Clean desk policy - nothing confidential left out overnight
  • Secure destruction procedures for documents we no longer need
Organizational Measures
  • Regular staff training on privacy and security best practices
  • Confidentiality agreements with all employees and contractors
  • Incident response plan for potential data breaches
  • Annual security audits and assessments
Retention Periods

We keep your information for as long as necessary to provide legal services and meet our regulatory obligations:

  • Active client files: Duration of representation plus any appeals period
  • Closed matters: Minimum 10 years as required by Law Society rules
  • Financial records: 7 years per Canada Revenue Agency requirements
  • Marketing contacts: Until you ask us to delete them or 3 years of inactivity

After retention periods expire, we securely delete or destroy all personal information unless there's a legitimate reason to keep it longer (like ongoing litigation).

Breach Notification: If we experience a data breach that poses a real risk to you, we'll notify you within 72 hours and report it to the Privacy Commissioner as required by law. So far, knock on wood, we've never had to do this.

We can't do everything in-house, so we work with carefully vetted third-party service providers. Here's who might see your information and why:

Legal Service Providers
  • Co-counsel & experts: Sometimes we bring in specialists for complex matters
  • Court reporters & process servers: Standard litigation support
  • Expert witnesses: Technical experts for IP and cybersecurity cases
  • Legal research platforms: Services like CanLII, Westlaw, and similar databases
Technology Providers
  • Case management software: Canadian-hosted legal practice management system
  • Cloud storage: Encrypted document storage with Canadian data residency
  • Email services: Business email with advanced security features
  • Video conferencing: Secure platforms for remote consultations
Business Services
  • Payment processors: For credit card and electronic payments
  • Accounting services: Our external bookkeeper (under strict confidentiality)
  • IT support: Managed IT services for infrastructure maintenance
  • Website hosting: Canadian servers for this website
Analytics & Marketing
  • Website analytics: We use privacy-focused analytics tools
  • Email marketing: If you opt-in to updates (Canadian anti-spam compliant)

All third-party vendors sign data processing agreements and are required to maintain security standards comparable to ours. We don't share client information with anyone unless it's necessary for your representation or you've given us permission.

Data Location: Whenever possible, we use Canadian service providers with data stored in Canada. If data must be processed outside Canada, we ensure adequate safeguards are in place and inform you beforehand.

Under PIPEDA and other Canadian privacy laws, you've got rights when it comes to your personal information. Here's what you can do:

Access Your Information

You can request a copy of the personal information we hold about you. We'll provide it within 30 days (might take a bit longer for complex requests). There's no fee unless the request is really extensive.

Correct Inaccuracies

Spot an error in your file? Let us know and we'll fix it. For client files, we'll note the correction rather than deleting the original (gotta maintain accurate records for legal ethics reasons).

Withdraw Consent

You can withdraw consent for certain uses of your data - like marketing communications. Just keep in mind that for active legal matters, withdrawing consent might affect our ability to represent you effectively.

Request Deletion

Want us to delete your information? We'll do it, subject to a few exceptions:

  • We're legally required to keep it (Law Society rules, tax requirements, etc.)
  • It's needed for ongoing litigation or to defend against potential claims
  • Deleting it would prejudice an ongoing legal matter
  • It's in our legitimate interest to retain it (like for conflict checks)
Object to Processing

You can object to certain types of data processing, particularly for marketing purposes. We'll respect your wishes unless we have compelling legitimate grounds to continue.

Data Portability

Want to take your information elsewhere? We can provide your personal data in a structured, commonly-used format where technically feasible.

File a Complaint

If you're not happy with how we've handled your privacy concerns, you can:

  • Contact our Privacy Officer at contact@helrionvoidforge.info
  • File a complaint with the Office of the Privacy Commissioner of Canada
  • Contact the Law Society of Ontario if it relates to our professional conduct
How to Exercise Your Rights

Send requests to:

contact@helrionvoidforge.info

(416) 555-8742

1200 Bay Street, Suite 1850, Toronto, ON M5R 2A5

We'll need to verify your identity before processing requests - standard security practice.

Yeah, we use cookies. But we're pretty minimal about it compared to most sites. Here's the breakdown:

Essential Cookies

These are necessary for the website to function properly. They handle things like:

  • Remembering your cookie preferences (meta, right?)
  • Security features to prevent fraud
  • Load balancing and basic site functionality