Privacy Policy

Your privacy matters to us - here's how we handle your information

Last Updated: November 18, 2025 | Version 3.2 (View History)

Quick Navigation

Look, we get it. Privacy policies are usually boring as hell, and most people don't read them. But here's the thing - when you're dealing with corporate law and international trade matters, your information is sensitive. Really sensitive. So we've tried to make this as straightforward as possible.

At Thornex Arion Legal, we've been handling complex cross-border transactions and corporate governance issues since 2007. Over those years, we've learned that trust isn't just about winning cases - it's about how we handle every piece of information you share with us.

This policy explains what data we collect, why we need it, and how we protect it. We're fully compliant with Canada's PIPEDA (Personal Information Protection and Electronic Documents Act) and where applicable, GDPR for our European clients. But compliance isn't just about checking boxes - it's about doing right by you.

Quick Note: If you're just browsing our website, we collect minimal info. If you become a client, well, that's different - we'll need more details to represent you properly. Either way, we'll be upfront about it.

Personal Information You Give Us

When you reach out or become a client, we'll typically collect:

  • Contact Details: Name, email, phone number, business address. Pretty standard stuff.
  • Business Information: Company name, role, industry details - helps us understand your needs better.
  • Legal Matter Details: Whatever you tell us about your situation. This is protected by solicitor-client privilege, by the way.
  • Financial Information: For billing purposes and conflict checks. We use secure payment processors for this.
  • Identification Documents: Sometimes required for anti-money laundering compliance and client verification.
Stuff We Collect Automatically

Like most websites, we gather some technical data:

  • Website Usage: Pages you visit, time spent, how you found us. Helps us improve the site.
  • Device & Browser Info: IP address, browser type, operating system. Standard web analytics.
  • Cookies & Similar Tech: More on this below, but yeah, we use cookies. You can control them though.
For International Clients: Cross-border transactions mean we might need additional documentation to comply with international trade regulations and customs laws. We'll always tell you what we need and why.

We're not in the business of selling your data or spamming you. Here's what we actually do with your information:

Providing Legal Services

This is the main reason we need your info. Can't represent you in an M&A deal or handle customs disputes without knowing who you are and what's going on. We use your data to:

  • Assess your legal needs and provide advice
  • Draft documents, file paperwork, represent you in negotiations
  • Communicate with opposing counsel, courts, government agencies
  • Conduct legal research specific to your matter
Running Our Business

Pretty straightforward business operations:

  • Billing and accounting (gotta keep the lights on)
  • Conflict of interest checks (required by our professional obligations)
  • Maintaining client files and records (legal requirement - we keep these for 10 years in Quebec)
  • Managing appointments and deadlines
Communication & Updates

We'll reach out to:

  • Respond to your inquiries (obviously)
  • Send case updates and important deadlines
  • Share relevant legal updates that might affect your business - but only if you've opted in
  • Occasionally invite you to events or webinars we think you'd find useful
Compliance & Legal Obligations

Sometimes we don't have a choice - the law requires us to:

  • Keep records for regulatory purposes
  • Report certain transactions to authorities (anti-money laundering requirements)
  • Respond to valid court orders or legal processes
  • Maintain professional liability insurance records
Important: Your case information is protected by solicitor-client privilege. We won't disclose it without your consent unless legally required to do so (which is super rare and we'd fight it if we could).

We're pretty selective about who gets access to your information. Here's the full breakdown:

Within Our Firm

Your information is shared on a need-to-know basis with:

  • The lawyers and paralegals working on your file
  • Our administrative staff (for scheduling, billing, document management)
  • Senior partners for quality control and conflict checks
Service Providers We Trust

We work with carefully vetted third parties who help us operate:

  • Cloud Storage Providers: We use enterprise-grade, encrypted cloud services for document management
  • IT & Security Firms: They maintain our systems and keep them secure
  • Payment Processors: For handling credit card payments and wire transfers
  • Expert Witnesses & Consultants: When your case requires specialized knowledge
  • Court Reporters & Translation Services: For depositions and international matters

All these providers sign strict confidentiality agreements and are contractually bound to protect your data.

Professional Advisors

Sometimes we need to consult with:

  • Accounting firms for tax implications in transactions
  • Co-counsel in other jurisdictions (especially for international trade matters)
  • Professional liability insurers (if there's a claim against us)
Legal & Regulatory Requirements

We may disclose information when:

  • Required by court order or subpoena (we'll notify you unless prohibited)
  • Necessary to comply with anti-money laundering laws
  • Required by the Quebec Bar or other regulatory bodies
  • Needed to establish or defend our legal rights
Business Transfers

If we merge with another firm or sell our practice (unlikely but possible), your files would transfer to the successor firm. You'd be notified in advance and have options if you're uncomfortable with the change.

We Will NEVER:
  • Sell your personal information to marketers or data brokers
  • Share your case details for marketing purposes
  • Disclose privileged communications without your explicit consent

Under Canadian privacy law (and GDPR for our European clients), you've got some pretty solid rights. Here's what you can do:

Access Your Information

You can request a copy of all the personal data we hold about you. We'll provide it within 30 days (usually faster). There's no charge unless the request is super complex or repetitive.

Correct Inaccurate Data

Spot an error in your contact info or other details? Let us know and we'll fix it ASAP. Accurate information is crucial for legal work anyway.

Delete Your Data (With Limitations)

You can ask us to delete your information, but here's the catch - we're legally required to keep client files for 10 years in Quebec (Bar rules). After that retention period, we can delete it. For prospective clients who didn't retain us, we can delete data much sooner.

Object to Processing

You can object to certain uses of your data, like marketing communications. Just tell us and we'll stop. However, we can't stop processing data that's necessary for providing legal services you've retained us for.

Data Portability

Want to take your data to another firm? We'll provide your information in a commonly used format. Your files are yours, after all.

Withdraw Consent

For things that require consent (like marketing emails), you can withdraw it anytime. Won't affect the lawfulness of processing before you withdrew consent.

Opt-Out of Marketing

Every marketing email has an unsubscribe link. Click it and you're done. Or email us directly - we're not gonna make it difficult.

How to Exercise Your Rights

Contact our Privacy Officer:

Email: privacy@thornexarion.info

Phone: (416) 555-0187

Mail: 1250 Rene-Levesque Blvd W, Suite 4200, Montreal, QC H3B 4W8

We'll respond within 30 days. If we need more time (complex requests), we'll let you know why.

File a Complaint: Not happy with how we handled your privacy request? You can complain to the Office of the Privacy Commissioner of Canada or your provincial privacy authority. We'd prefer you talk to us first though - we take this stuff seriously.

We take security seriously - our professional insurance and reputation depend on it. Here's how we protect your information:

Technical Safeguards
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Fancy terms that basically mean it's scrambled so only authorized people can read it.
  • Secure Cloud Storage: We use Canadian-based cloud providers that meet or exceed industry standards.
  • Firewalls & Intrusion Detection: Multi-layered protection against unauthorized access.
  • Regular Security Audits: Third-party penetration testing and vulnerability assessments.
  • Secure Email: Encrypted email options for sensitive communications.
  • Two-Factor Authentication: Required for all staff accessing client systems.
Physical Security
  • Our Montreal office has 24/7 security, key card access, and surveillance
  • Physical files (yes, we still have some) are kept in locked cabinets
  • Visitor logs and escort policies for anyone who's not staff
  • Secure document destruction for anything that's no longer needed
Administrative Controls
  • Staff Training: Everyone gets privacy and security training. We're not perfect, but we're trained to spot issues.
  • Access Controls: Staff only see what they need for their job. No browsing client files out of curiosity.
  • Confidentiality Agreements: All employees, contractors, and vendors sign strict NDAs.
  • Incident Response Plan: If something goes wrong, we have a plan to contain it fast.
What You Can Do

Security is a two-way street. Here's how you can help:

  • Use strong, unique passwords for our client portal
  • Don't share your login credentials
  • Be cautious about phishing emails (we'll never ask for your password via email)
  • Let us know immediately if you think your account has been compromised
  • When emailing sensitive info, ask us about encrypted email options
Data Breach Protocol: If we experience a breach that affects your information, we'll notify you within 72 hours and tell you exactly what happened, what's at risk, and what we're doing about it. We're also required to notify the Privacy Commissioner in certain circumstances.

Reality Check: No system is 100% secure. We do our absolute best, but internet transmission carries inherent risks. That's why we use multiple layers of protection and maintain cyber insurance.

Given that we specialize in international trade and cross-border transactions, data sometimes needs to cross borders too. Here's how we handle that:

Where Your Data Might Go

We primarily keep data within Canada, but it might be transferred to:

  • United States: Some of our cloud service providers have US servers. We use providers that comply with appropriate safeguards.
  • European Union: For EU clients or matters involving EU parties, we may use EU-based services that meet GDPR standards.
  • Other Jurisdictions: When representing you in international matters, we might need to share info with foreign counsel, courts, or regulatory bodies in relevant countries.
How We Protect International Transfers
  • Standard Contractual Clauses: We use approved legal agreements that require foreign parties to protect your data.
  • Adequacy Decisions: We prefer transferring to countries that Canada or the EU has deemed to have adequate privacy protections.
  • Necessity for Legal Services: Many transfers are necessary to provide the international legal services you've hired us for.
  • Encryption in Transit: Data is always encrypted when moving between countries.
For EU Clients Specifically

If you're in the EU, we comply with GDPR requirements for international transfers:

  • We use Standard Contractual Clauses approved by the European Commission
  • We conduct transfer impact assessments for higher-risk transfers
  • You have the same rights under GDPR even though we're in Canada
  • You can contact EU data protection authorities if you have concerns
Your Control: If you don't want your data transferred outside Canada, let us know upfront. It might limit our ability to represent you in certain international matters, but we'll discuss alternatives and respect your preferences wherever possible.

Bottom Line: We're experienced with international data transfers - it's kinda our specialty given the work we do. We know the rules and we follow them. If you've got specific concerns about where your data goes, we're happy to discuss it.

Alright, let's talk cookies. Not the chocolate chip kind - the little files that websites drop on your computer. We use them, but not in a creepy way.

Types of Cookies We Use
Essential Cookies (Required)

These keep the site working. Without them, stuff breaks. They handle:

  • Keeping you logged into our client portal
  • Remembering your cookie preferences (meta, right?)
  • Basic security and fraud prevention
  • Load balancing so the site doesn't crash

You can't really disable these if you want to use the site properly, but they don't track you across the internet.

Analytics Cookies (Optional but Helpful)

We use these to understand how people use our site. Specifically:

  • Which pages people visit and how long they stay
  • Where visitors come from (Google, referrals, direct)
  • What devices and browsers people use
  • If something's broken or confusing

We use Google Analytics with IP anonymization turned on. We see trends, not individuals. Like "100 people visited our M&A page this week" not "John Smith from Toronto visited at 3pm."

Functionality Cookies (Optional)

These remember your preferences:

  • Language settings
  • Whether you've dismissed certain messages
  • Your preferred contact method
What We Don't Use
  • Advertising Cookies: We don't do targeted ads. You won't see our ads following you around the internet.
  • Social Media Tracking Pixels: No Facebook or LinkedIn trackers here.
  • Third-Party Marketing Cookies: We don't let data brokers track you on our site.
Managing Your Cookie Preferences

You've got options:

  • Cookie Banner: When you first visit, you'll see a banner where you can accept or decline optional cookies.
  • Browser Settings: You can block or delete cookies through your browser. Google "disable cookies [your browser name]" for instructions.
  • Opt-Out Tools: For Google Analytics specifically, you can use their browser add-on to opt out.
Do Not Track Signals

Some browsers send "Do Not Track" signals. Honestly, there's no industry standard for how to handle these, so we treat everyone the same - minimal tracking, no ads, respect for privacy. If you've disabled optional cookies, we're already not tracking you beyond what's essential.

Other Tracking Technologies

Besides cookies, we use:

  • Web Beacons: Tiny images in emails that tell us if you opened them. Only used for client communications about your case, not marketing spam.
  • Local Storage: Similar to cookies but can hold more data. Used for client portal functionality.
  • Server Logs: Standard web server logs that record IP addresses, timestamps, and pages accessed. We keep these for 90 days for security purposes.
Heads Up: If you disable all cookies, some parts of our website won't work properly. The public pages will be fine, but the client portal requires cookies to function. It's a security thing.

Our services aren't directed at children. We practice corporate law and international trade - not exactly kid-friendly topics.

We don't knowingly collect information from anyone under 18. If you're a parent or guardian and think your kid has somehow given us their information, contact us immediately and we'll delete it.

That said, we sometimes work on matters involving family businesses where minors might have ownership interests. In those cases, we deal with parents or legal guardians, not the minors directly.

Age Verification: When you contact us or use our client portal, you're confirming that you're at least 18 years old or the age of majority in your province (whichever is older). If you're not, please have a parent or guardian contact us instead.

Questions? Concerns? Just Want to Chat About Privacy?

We're here to help. Seriously, don't hesitate to reach out if something's unclear or you've got privacy concerns.

Privacy Officer Contact Information

Name: Maria Calderon, Privacy & Compliance Director

Email: privacy@thornexarion.info

Phone: (416) 555-0187 (ext. 305)

Mail: Thornex Arion Legal, Attn: Privacy Officer
1250 Rene-Levesque Blvd W, Suite 4200
Montreal, QC H3B 4W8, Canada

Policy Updates

We update this policy occasionally to reflect changes in:

  • Privacy laws and regulations
  • Our business practices
  • Technology we use
  • Client feedback and questions

Current Version: 3.2 (November 18, 2025)

When we make material changes, we'll:

  • Update the "Last Updated" date at the top
  • Email active clients about significant changes
  • Post a notice on our homepage for 30 days
  • Keep old versions available (click "View History" at the top to see previous versions)

Minor changes (typo fixes, clarifications, formatting) won't trigger notifications - we'll just update the version number and date.

Your Continued Use

By continuing to use our services after we post changes, you're accepting the updated policy. If you don't agree with changes, you can terminate our services (though we hope you won't!). For active client matters, we'll discuss any significant privacy changes that might affect your case.

Feedback Welcome: Think something should be clearer? Got suggestions? We genuinely want to hear them. Privacy policies should be understandable, not filled with legal jargon that nobody reads. Email us at privacy@thornexarion.info with your thoughts.
Language

This policy is available in English and French (we're in Quebec, after all). If there's any conflict between versions, the English version prevails for interpretation purposes.

Last thing: We know privacy policies are typically boring and full of legalese. We tried to make this one different - straightforward, honest, and actually readable. If we succeeded, great. If not, tell us how we can improve it.

Our Compliance Commitments
PIPEDA Compliant

Canadian Privacy Law

GDPR Compliant

EU Privacy Standards

Bar Certified

Professional Standards