Privacy Policy

Effective Date: 30 May 2025  |  Last Reviewed: 30 May 2025

1. Scope

This Policy describes how BergsteinISF collects, uses, discloses, and safeguards “Personal Information” as defined in:

• Canada’s PIPEDA, S.C. 2000, c. 5;
• U.S. GLBA, 15 U.S.C. §6801 et seq.;
• U.S. COPPA, 15 U.S.C. §6501 et seq.;
• California CPRA (Cal. Civ. Code §1798.100 et seq.) for residents of California;
• Provincial privacy statutes such as Alberta’s Personal Information Protection Act, S.A. 2003, c. P-6.5.

2. Definitions

“Personal Information” means information about an identifiable individual, including “personal data” under Article 4(1) GDPR where applicable. “Processing” means any operation performed on Personal Information.

3. Legal Bases for Processing

1. Consent (PIPEDA s.6.1; CPRA §1798.140(a))
2. Contractual necessity (to perform a retainer or engagement letter)
3. Legal obligation (e.g., Law Society bookkeeping rules)
4. Legitimate interests in operating a law practice balanced against your rights

4. Categories of Data Collected

• Identifiers (name, postal address, e-mail, SMS 622 number)
• Professional or employment-related information
• Financial information if you pay an invoice online
• Internet or device information (IP address, user-agent, access timestamps)

5. How We Use Data

• To evaluate whether we can represent you (conflict checks per ABA Model Rule 1.7 / Law Society of BC Rule 3.4-1)
• To provide legal services under a retainer
• To comply with KYC/AML rules (Proceeds of Crime (Money Laundering) and Terrorist Financing Act, S.C. 2000, c. 17; 31 C.F.R. §1010)
• For legitimate business analytics, security logging, and fraud prevention

6. Attorney-Client Privilege & Confidentiality

Information obtained in the course of a solicitor–client relationship enjoys privilege under the Evidence Act (Canada) and rules of professional conduct. Such information is stored on encrypted systems located in Canada or the United States and segregated from non-client website traffic.

7. Cross-Border Data Transfers

By submitting information you acknowledge it may be transferred to, processed, and stored in the U.S. and Canada. We rely on the PIPEDA “reasonable safeguards” principle and Standard Contractual Clauses where required.

8. Retention

Records are retained for the longer of (i) ten years after matter closing (Law Society of Alberta Rule 119.36) or (ii) the period mandated by 26 U.S.C. §6001 and related Treasury Regulations, after which they are securely destroyed.

9. Disclosure to Third Parties

We do not sell or rent data. We disclose only:

• To service providers bound by confidentiality agreements (cloud hosting, e-discovery platforms)
• To opposing counsel or courts as required for your matter – with your consent
• Where compelled by subpoena, court order, or lawful authority (e.g., Mutual Legal Assistance Treaty, 18 U.S.C. § 3512)

10. Security Measures

Controls include TLS 1.3 encryption in transit; AES-256 at rest; ISO/IEC 27001-aligned policies; regular penetration testing; and role-based access under provincial Law Society cybersecurity guidance.

11. Cookies & Tracking

We use first-party session cookies and anonymous analytics (log-file analysis only, no third-party trackers). You can disable cookies in your browser without affecting core functionality.

12. Marketing Communications

E-mails comply with CAN-SPAM, 15 U.S.C. §7704, and CASL, S.C. 2010, c. 23. Each marketing message contains an opt-out link or SMS keyword STOP (to 622).

13. Your Rights

• Access & Portability (PIPEDA Principle 9; CPRA §1798.100)
• Correction of inaccurate data
• Deletion / Erasure where no privilege or legal hold applies
• Restriction / Objection to processing for direct marketing

Submit requests via the channels below. We will verify identity using reasonable methods (driver’s licence, bar card, etc.) and respond within the statutory timeframe (30 days under PIPEDA; 45 days under CPRA).

14. Children’s Privacy

The Site is not directed to children under 13 years old. We do not knowingly collect information from children in violation of COPPA or the Canadian Digital Charter Implementation Act.

15. Changes to This Policy

Material changes will be announced on this page at least 30 days prior to taking effect, consistent with FTC fair-notice principles (In re Gateway Learning, FTC Dkt. No. 042-3047).

16. Contact

• E-mail: compliance@bergsteinisf.com
• SMS (Accessibility Only): 622