Quick Navigation
GDPR & PIPEDA Compliant
Last reviewed: November 18, 2025
Look, we've read plenty of privacy policies that sound like they were written by robots. Let's skip that. At Krython Varis Legal Group, privacy isn't just a checkbox - it's part of our professional DNA.
We're governed by Canadian privacy laws (PIPEDA, mainly), plus we work with clients across borders, so we've also built our practices around GDPR, UK data protection laws, and various international standards. That's not because we love paperwork (trust me, we don't), but because protecting your information is absolutely critical to what we do.
This policy explains what info we collect, why we need it, how we protect it, and what rights you've got regarding your data. It covers everyone who interacts with us - potential clients, actual clients, website visitors, the works.
Last reviewed: November 18, 2025
Direct Information (Stuff You Give Us)
When you reach out or work with us, we'll collect things like:
- Contact details: Name, email, phone numbers, business address - the usual suspects
- Company information: Your organization's name, industry, structure, key personnel
- Matter-specific data: Whatever documents, contracts, corporate records, IP assets, or other materials you share related to your legal needs
- Financial info: Billing details, payment information (though we don't store full credit card numbers ourselves)
- Communications: Emails, letters, recorded calls (we'll tell you if we're recording), meeting notes
Automatic Collection (Tech Stuff)
Our website and systems automatically gather:
- Technical data: IP address, browser type, operating system, device info
- Usage patterns: Which pages you visit, how long you stick around, where you came from
- Cookies: Small files that help the site work better (more on this below)
- Log files: Standard server logs that capture access times and technical errors
Sensitive Information
Depending on your matter, we might handle sensitive categories like financial records, intellectual property secrets, merger plans, or other confidential business data. We only collect this when it's necessary for the legal services you're asking us to provide.
Last reviewed: November 18, 2025
We're pretty straightforward about this. Your information gets used for:
Legal Services Delivery
This is the main event. We use your data to provide the legal services you've hired us for - drafting contracts, handling M&A transactions, protecting your IP, sorting out disputes, ensuring compliance, whatever we've agreed to do for you.
Communication & Updates
Keeping you in the loop about your matter, responding to inquiries, sending relevant legal updates (when you've asked for them), scheduling meetings, that sort of thing.
Billing & Administration
Processing payments, maintaining our books, tracking time (yeah, the infamous billable hour), sending invoices, handling accounts.
Legal & Professional Obligations
We've got certain duties under law society rules and anti-money laundering regulations. Sometimes we need to verify identities, check for conflicts of interest, maintain proper records, or report suspicious activities (rarely, but it happens).
Improving Our Services
Understanding how people use our website, identifying areas where we can do better, developing new service offerings that actually make sense.
Last reviewed: November 18, 2025
Here's where we get a bit technical, but it matters. We take security seriously because frankly, we've seen what happens when firms don't.
Where Your Data Lives
Our primary servers are located in Canada. Some services we use (cloud storage, email platforms) might store data in the US or EU, but only with providers who meet Canadian adequacy standards and have proper data protection agreements in place.
Security Measures
- Encryption: Data in transit uses TLS/SSL. Data at rest is encrypted using industry-standard protocols.
- Access controls: Only team members who need access to your information get it. We use multi-factor authentication and role-based permissions.
- Physical security: Our offices have controlled access, surveillance, and secure document storage.
- Regular audits: We review our security practices regularly and update them as threats evolve.
- Incident response: We've got procedures in place if something goes wrong (knock on wood).
- Staff training: Everyone here gets regular security training because humans are usually the weakest link.
How Long We Keep Stuff
We're required to keep client files for at least 10 years after a matter closes (law society rules). Some documents might need to be kept longer depending on the type of work - tax stuff, corporate records, litigation files can have different retention requirements.
For non-client inquiries and website data, we keep it as long as there's a legitimate business reason, then it gets securely deleted.
Last reviewed: November 18, 2025
Given that we specialize in cross-border work, this one's pretty important. Your data might cross international borders for a few reasons:
When & Why Data Crosses Borders
- Multi-jurisdictional matters: If your deal involves parties in different countries, we might need to share info with co-counsel, regulatory bodies, or counterparties abroad.
- Cloud services: Some of our tech providers operate globally with servers in multiple countries.
- International compliance: Sometimes we're legally required to share information with foreign authorities (think tax treaties, regulatory cooperation agreements).
Safeguards We Use
When data leaves Canada, we make sure it's protected through:
- Standard contractual clauses approved by relevant data protection authorities
- Transfers only to countries with adequate data protection laws
- Privacy shield frameworks where applicable
- Specific consent from you when required
- Attorney-client privilege protections where they apply across borders
We'll always tell you if your specific matter requires international data transfers, especially if you're dealing with particularly sensitive information.
Last reviewed: November 18, 2025
You've got rights when it comes to your personal data. Here's what you can do:
Access
You can ask to see what personal information we hold about you. We'll provide it in a readable format, usually within 30 days.
Correction
Spot an error? Let us know and we'll fix it. This is important for things like billing addresses and contact info.
Deletion
You can request deletion of your data, though we might need to keep some stuff for legal or professional obligations.
Portability
Want your data in a format you can use elsewhere? We can do that (where technically feasible).
Object
You can object to certain types of processing, particularly for marketing purposes (which we barely do anyway).
Restrict
You can ask us to limit how we use your data in certain circumstances.
Important Limitations
These rights aren't absolute. We might need to refuse or limit your request if:
- It would compromise solicitor-client privilege
- We're legally required to keep the information
- It would harm someone else's rights
- The request is clearly unfounded or excessive (happens rarely, but it does happen)
- It would compromise an ongoing legal matter
Making a Request
Use the form at the bottom of this page or email us at contact@krythonvaris.info with "Data Rights Request" in the subject line. We'll verify your identity (gotta make sure we're giving info to the right person) and respond within the timeframes required by law.
Last reviewed: November 18, 2025
Our website uses cookies - small text files that help things work properly. Here's what we're using and why:
Essential Cookies
These are necessary for the site to function. They handle things like keeping you logged into our client portal, remembering your language preference, ensuring security. You can't really opt out of these without breaking the site.
Analytics Cookies
We use these to understand how people use our website - which pages are popular, where folks are getting stuck, how long they spend reading. This helps us make the site better. We use Google Analytics with IP anonymization turned on.
Functional Cookies
These remember your preferences and choices to make your experience smoother - like keeping your font size settings or remembering which sections you've already read.
What We Don't Do
- We don't use advertising cookies
- We don't sell your browsing data to third parties
- We don't track you across other websites
- We don't use your data for targeted advertising
Managing Cookies
You can control cookies through your browser settings. Most browsers let you block or delete cookies, though this might affect how the site works. Check your browser's help section for instructions.
Last reviewed: November 18, 2025
We work with various service providers who might handle your data. We're picky about who we use and make sure they meet our standards.
Types of Third Parties
- Cloud storage providers: For secure document management
- Email services: Professional email hosting with encryption
- Payment processors: For handling billing (they never give us your full card details)
- Document review platforms: For large-scale document analysis in complex matters
- Video conferencing: For remote meetings (especially handy for international clients)
- Practice management software: Helps us stay organized and efficient
- IT support: For maintaining our systems securely
Our Requirements for Vendors
Any third party we work with has to:
- Sign a data processing agreement that meets legal standards
- Maintain appropriate security measures
- Only use your data as we've authorized
- Delete data when we tell them to
- Notify us immediately if there's a security incident
We regularly review our vendors to make sure they're keeping up their end of the bargain.
Links to Other Sites
Our website might link to other sites - court websites, regulatory bodies, legal resources, etc. We're not responsible for their privacy practices, so check their policies if you're heading over there.
Last reviewed: November 18, 2025
A quick note about how we handle communications, because this trips people up sometimes.
Email Security
Email isn't perfectly secure. Standard email is like sending a postcard - technically, someone could read it in transit. For sensitive matters, we can set up encrypted email or use our secure client portal. We'll recommend the appropriate channel based on what we're discussing.
Privilege Considerations
Communications with us are generally protected by solicitor-client privilege, which is stronger than regular privacy protection. But privilege can be lost if you share our communications with third parties (except in limited circumstances). We'll flag this when it matters.
Marketing Communications
We occasionally send updates about legal developments that might affect your business. You can opt out anytime - there's an unsubscribe link in every email. We won't spam you with sales pitches because honestly, that's not really how legal services work anyway.
Recording Calls
We don't routinely record calls, but if we need to for training or quality purposes, we'll tell you upfront and get your consent.
Last reviewed: November 18, 2025
Changes to This Policy
Privacy laws evolve, our practices improve, technology changes - so this policy isn't set in stone. We'll update it as needed and post the revised version here with a new date at the top.
For significant changes, we'll notify active clients directly. If you're just browsing the website, check back occasionally to see if anything's changed.
Questions or Concerns?
If something in this policy isn't clear, or you've got concerns about how we're handling your data, don't hesitate to reach out:
Email:
Phone:
Regulatory Complaints
If you're not satisfied with our response, you've got the right to complain to:
- Canadian residents: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
- EU residents: Your local data protection authority
- Professional conduct issues: Law Society of Ontario
Data Rights Request Form
Use this form to exercise your data rights. We'll verify your identity and respond within the required timeframe.