Introduction

This privacy statement explains what information we gather about you, what we use that information for and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.

Who this privacy statement applies to and what it covers

This privacy statement applies to Deloitte LLP (the Administrator) with registered office address at #200 – 8 Adelaide St. West, Toronto, Ontario, Canada. M5H 0A9, and our affiliates and related entities (“Deloitte”, “we”, “us” or “our”). We are committed to protecting your privacy and handling your information in an open and transparent manner. This privacy statement sets out how we will access, collect, use, store, transfer, retain and protect (collectively referred to as “process”) information about you when:

  • providing services to you, your lawyer(s) or our clients;
  • you use “our Website” or;
  • performing any other activities that form part of the operation of our business.

When we refer to “our Website” or “this Website” in this policy we mean the specific webpages of deloitte.com designated as Canada in the upper right hand corner, and to specific webpages with a URL commencing ‘www2.deloitte.com/ca/’. Deloitte.com is comprised of various global, country, regional and practice specific websites, each of which is provided by Deloitte Touche Tohmatsu Limited (“DTTL”) or one of its independent member firms or their related entities (collectively, the “Deloitte Network”). To learn more about DTTL, the member firms of DTTL and their related entities, please see About Deloitte. This privacy statement also contains information about when we share your personal data with other members of the Deloitte Network and other third parties (for example, our service providers). In this privacy statement, your information is sometimes called “personal data” or “personal information”.

About other areas of deloitte.com

Please note that the other country and regional websites contained within deloitte.com are provided by other entities within the Deloitte Network and are not provided by us. Such websites, as well as other websites that may be linked to this Website, are not governed by this privacy statement. We encourage visitors to review the privacy statements on each of these other websites before disclosing any personal information.

What information do we collect?

While providing services to you, or our client and performing due diligence checks in connection with our services (or discussing possible services we might provide), we will collect or obtain personal data about you. We may also collect personal data from you when you use this Website. We may collect or obtain such data because you give it to us in a form on our Website or because it is provided to us directly by a third party. We may also collect or obtain personal data from you because we observe or infer that data about you from the way you interact with us. For example, to improve your experience when you use this Website and ensure that it is functioning effectively, we (and / or our service providers) may use cookies (small text files stored in a user’s browser) and web beacons which may collect personal data. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice. The personal data that we collect may include but is not limited to: your name; address and address history; date of birth and country of residence. We may also collect your IP address, your browser type and language and your access times. The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your direct deposit banking information or your health information. Our Website and services are not designed for, or intentionally targeted at, children.

How we use information about you?

Use of personal information to provide services to our clients

We will use your personal data to provide you or our client with services, including administering claims. As part of this, we may use your personal data in the course of correspondence relating to the services. Such correspondence may be with you, our client, your lawyers, other members of the Deloitte Network, our service providers . We may also use your personal data to conduct due diligence checks relating to the services.

Use of personal information for other activities that form part of the operation of our business

We may also use your personal data for the purposes of, or in connection with:

  • applicable legal or regulatory requirements
  • requests and communications from competent authorities as recognized or instructed by the court
  • services we receive from our professional advisors, such as lawyers, accountants and consultants
  • protecting our rights and those of our clients and our service providers

Use of personal information collected via our Website

The legal grounds we use for processing personal information We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. As a result, we use your personal data for the purposes outlined above because you have voluntarily provided us with your personal data for a specific purpose. To the extent that we process any sensitive personal data relating to you for any of the purposes outlined in the “How we use information about you?” section above , we will do so because you have (a) given us your explicit consent to process that data; or (b) the processing is necessary for the establishment, exercise or defense of legal claims.

Who we disclose your information to?

In connection with one or more of the purposes outlined in the “How we use information about you?” section above, we may disclose details about you to: (a) other members of the Deloitte Network; (b) third parties that provide services to us and/or the Deloitte Network; (c) competent authorities (including courts and authorities regulating us or another member of the Deloitte Network); (d) your lawyers and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “How we use information about you?” section above. Please note that some of the recipients of your personal data referenced in this privacy statement may be based in countries outside of Canada, whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. Further details of the transfers described above and the adequate safeguards used by Deloitte in respect of such transfers are also available from us through email at privacyoffice@deloitte.ca. We may also need to disclose your personal data if required to do so by law, a regulator or during legal proceedings. We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

Protection of your personal information

We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include, but are not limited to:

  • education and training to relevant staff to ensure they are aware of our privacy obligations when processing personal data
  • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis
  • technological security measures, including firewalls, multi-factor authentication, encryption and anti-virus software
  • physical security measures, such as staff security passes to access our premises.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

How long we keep your information for?

We will hold your personal data on our systems for the longest of the following periods: (a) as long as is necessary for the relevant activity or services; (b) any retention period that is required by the court/law or professional standards; (c) the end of the period in which litigation or investigations might arise in respect of the services or (d) as directed by Deloitte’s own internal retention policies or practices, the length of which may vary depending on the nature of the information that is held. Further, any copies of personal data stored in our electronic backups will be destroyed in accordance with that backup’s ordinary lifecycle.

Your rights

You have various rights in relation to your personal data. The rights afforded to you may vary depending on your geographic location and the applicable laws governing how we process your data. To the extent prescribed by applicable law, or under the terms of the settlement agreement, you have a right to:

  • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract)
  • object to our processing of your personal data.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please email privacyoffice@deloitte.ca or write to us at the address below:

Privacy Office

Deloitte LLP 8 Adelaide Street West, Suite 200 Toronto, ON M5H 0A9 Canada

You may also use these contact details if you wish to make a complaint to us relating to your privacy. Where we are provided with personal data about you by our client or our third parties, we encourage you to contact that client or third party directly (i.e., your employer or service provider) if you have questions about how they manage your personal data.

Right to complain

If you are unhappy with the way we have processed your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please email privacyoffice@deloitte.ca.

Changes to this privacy statement

We may modify or amend this privacy statement from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.

Website

We understand that privacy is an important issue. We respect the privacy of every individual who visits this website, the private nature of information provided to or collected on this site is appropriately maintained. In general, you can visit this website without revealing any personal data such as name, telephone number or email address. There are two kinds of information that our website collects: site visitorship data and personal information voluntarily provided to us through forms and subscription.

Visitorship Data

We analyze the visitorship data for trends and statistics (e.g. so we know which are the most and least visited pages on the site). This information is used to improve the content and organization of this site based upon traffic patterns in visitorship preference, ultimately to deliver a better experience to visitors.

Personal Information

We will not collect any personally identifiable information about you (e.g. name, telephone number, email address) unless you provide it to us with your consent. If you choose to give us personal information via the website, such as sending a request for information we will only use it for purposes aligned with your inquiry. If you do not want your personally identifiable information collected, then please do not submit it to us. We do not share or sell personal information to any third party. All information is kept on a secured server. This site may contain links to other websites and we are not responsible for the privacy practices or the content of such websites. We encourage you to review the privacy policies of all websites, especially prior to submitting and personal information.

Cookies and Usage Tracking

We use cookies, small text files that are automatically placed on your computer’s hard drive when you access certain websites, and similar technologies, directly or through third parties, such as web analytics services like Google Analytics. Cookies allow us to store information, such as your domain name, your internet service provider, your operating system, the date and time of access, the pages you visit or the types of searches you perform.   We collect such data, for example, to conduct system administration and report aggregated information to affiliates, business partners and/or vendors who conduct website and application analyses and website performance reviews on our behalf. We use this information to store your preferences and settings, help improve the contents of our websites or applications, to enable you to register to websites and applications, and to compile aggregated statistics to evaluate visitors’ use of our website or website activity, and for internal and market research purposes.