Introduction
This policy is designed to comply with the Privacy Act and the Personal Information Protection and Electronic Documents Act. As part of the services provided by Neolegal Inc., we collect personal information from our clients and are committed to protecting that information.
Compliance & Professional Conduct
Neolegal Inc. acts exclusively to provide services limited by the specific program (package) purchased. We are bound by the Code of Professional Conduct of Lawyers, the rules of the Barreau du Québec, and all laws or regulations that apply to our contractual relationships. We act loyally and transparently in the interest of our clients and in accordance with the customs and practices of the legal profession.
Client Records & Consent
When you subscribe to a service, Neolegal will keep your file according to internal rules and applicable laws, storing transmitted information on our servers throughout the contractual relationship.
We seek express consent for the collection of all personal information. Collected information will not be used or communicated without such consent. Neolegal does not hold or request original documents—clients remain responsible for originals that make up their legal file.
For quality control and to comply with the Code of Ethics for Lawyers, conversations between clients and Neolegal representatives may be recorded. These recordings are kept securely and only accessible by authorized personnel.
Payment Information
Neolegal does not keep payment information or data necessary for purchase. Such data is encrypted and destroyed after use according to applicable standards. Our payment providers meet the highest industry standards.
Why We Collect Personal Information
Pursuant to section 14 of the Regulation respecting the accounting and professional practice standards for lawyers, we collect personal information for client identification. This also helps ensure there is no conflict of interest or appearance of conflict of interest.
Security, Governance & Retention
- The person responsible for protecting personal information is the current VP, Legal, supported by the cybersecurity committee (including the CTO).
- Access to client personal information is protected by logins and two‑factor authentication.
- Data is stored in Canada. Backups are performed daily, with a schedule of simulation exercises.
- Cybersecurity training is offered regularly to all employees.
- Internal audits are scheduled to analyze processes and procedures.
- Under sections 9 and 18 in fine of the Règlement sur la comptabilité et les normes d’exercice professionnel des avocats, client files are kept for 7 years after account closure.
- After this period, data is encrypted and anonymized per the Act. During the 7‑year period (and for open files), personal information is accessible only to authorized persons.
Cyber Security Committee
A committee composed of the CTO, CLO, and the person responsible for finances oversees this policy. The committee analyzes information requests and complaints, and reviews cybersecurity processes and data retention. Meetings occur quarterly, and the committee performs overall risk assessments for each IT project.
Requests & Complaints
Email: confidentialite@neolegal.ca or privacy@neolegal.ca
How to report a privacy incident or complaint
- Write to confidentialite@neolegal.ca or privacy@neolegal.ca.
- Describe the reason and nature of the complaint.
- The committee will analyze the complaint or incident.
- Upon receipt, processing timelines will be stipulated.
- The complainant will be updated on progress; additional information may be requested.
- Following the committee’s decision, a response will be sent.
- If justified, clear actions will be taken as soon as possible and communicated to the complainant.
- If not justified, a response will be sent and the file closed.
- If a privacy/security incident occurred, disclosure to appropriate authorities and stakeholders will be executed.
Employee Access Rules
- Only authorized employees at each stage of a mandate may access a client’s file.
- All employees are bound by solicitor‑client privilege and may not divulge information they receive.
- No personal information should be handwritten; if it is, the employee must ensure it is properly destroyed.
Security Incident Process
- The Committee meets to assess the situation.
- The CTO implements technological actions to quickly rectify the situation, according to its nature.
- Impacted parties and risks (including risk of recurrence) are assessed.
- The CLO advises the Commission d’accès à l’information.
- A notification plan is executed for affected customers, partners, employees, Board of Directors, shareholders, and other officers as required.
- An audit is conducted afterward to ensure data is properly protected following the incident.
Incident Log Contents
- Date of the incident
- Names of all persons affected and their relationship with Neolegal Inc.
- Nature of the incident
- Impact of the incident (risk assessment)
- Communication strategy to those involved
- Actions to resolve the incident
- Preventive actions and sustainable solutions to avoid recurrence
The Commission d'accès à l'information will also be informed of relevant risks and of incidents, including when potential incidents create serious risks.
Security with Partners
Neolegal works with various partners (e.g., service providers, legal service contractors, business partners) across sectors such as legal and insurance. We ensure each partner complies with industry best practices and standards, as well as those set forth in applicable privacy legislation.
- All transfers of personal information to partners are performed securely, in consultation with the Technology Department and the CTO.
- No transfer of customer personal information to a partner occurs without the customer’s express consent and only under pre‑established terms and conditions.
- We ensure secure transfers using appropriate information technology.
Contact
Person responsible for personal information: VP, Legal
Email: confidentialite@neolegal.ca
Address: 420 Notre‑Dame Street West, Suite 601, H2Y 1V3