TERMS OF USE, PRIVACY POLICY, AND CLOUD-COMPUTING POLICY
A. TERMS OF USE
Your access to and use of the Kairos Law Corporation (“Kairos Law”, “we”, “us” or “our”) website and any services offered within it (“Service”) constitutes your acceptance of these Terms of Use and the following Privacy Policy (together, “Fine Print”). The Fine Print may be modified from time to time and it is your responsibility to check for updates.
No Lawyer-Client Relationship or Legal Advice
The material posted on or provided by the Service is for general information only, and should not be taken as legal advice. Your interaction with the Service does not give rise to a lawyer-client, advisory, or fiduciary relationship or privilege. If you have a specific problem, please contact one of our lawyers.
No Liability
We assume no liability or responsibility for any errors or omissions in any content provided through the Service. Links to third party websites are provided as a convenience only, and are not an endorsement of their content or a representation as to their accuracy. Use of the Service is at your own risk and, subject to this Fine Print, the Service is provided on an “as is” and “as available” basis without any representations or warranties of any kind, express or implied.
Communications Not Confidential
Any communications or information exchanged through the Service or third party websites may not be confidential, and use of such communication mediums are at your own risk.
British Columbia Law Applies
The use of the Service and the interpretation of this Fine Print will be governed by the laws of British Columbia and the laws of Canada applicable therein. You consent and submit to the exclusive jurisdiction of the courts of British Columbia sitting at Vancouver in any action or proceeding related to the Service.
Copyright
All rights reserved. The Service contains information, communication, software, program code, images, sounds, music, graphics, photos, videos and other materials and services (collectively, “Content”). You agree that the Content is protected by Canadian and international intellectual and industrial property rights, including copyrights, trademarks, and other proprietary rights. Your use of the Content or Service existing now or in the future will be in accordance with such rights and this Fine Print.
B. Privacy Policy
1. YOUR PRIVACY
Kairos Law Corporation (“Kairos Law.”, “we”, “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) sets out the basis on which any personal information we collect from you or that you provide to us in conjunction with your access, navigation, and use of the Kairos Law website and any services offered therein (“Service”). Please note that access and use of the Service does not constitute engagement of legal services or the formation of a lawyer-client relationship in any manner. This Policy governs only individuals’ use of the Service. Any confidentiality matters as between lawyer and client will be governed by an engagement letter, should you choose to retain us as your lawyers.
Please read the following carefully to understand our practices regarding your personal information. This Policy complies with the Personal Information Protection Act (British Columbia) (“PIPA”) and the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”) as applicable (collectively, “Acts”).
2. INFORMATION WE COLLECT & HOW WE USE IT
We may collect and use Personal Information and Non-Personal Information from you when you access or use the Service. In this section, we will describe the type of information that may be collected and how that information may be used.
2.1 Personal Information
“Personal Information” means personally identifiable information that specifically identifies someone as an individual and includes the items listed below.
2.1.1 Paying a Retainer or Invoice Online through LawPay
When you sign an engagement letter to retain us as your lawyers, you will have the option of paying for your retainer and invoices through the Service. We use LawPay Canada (“LawPay”) to process all online payments. Any Personal Information you provide, including billing information, is provided directly to LawPay. We will receive and store the confirmation of your payment from LawPay, which will include:
name and billing address;
purchase order number; and
date and time of payment.
We use this information to track our billing process and provide you with the Service. We will not receive or store your banking information or credit card numbers.
2.1.2 Using the Service
We may collect Personal Information about you as part of your use of the Service.
2.1.3 Contacting Us
When you choose to contact us through the Service, we may collect, store and use the Personal Information that you provide us, such as your name, email address, phone number and other information you choose to provide in the content of your message, so we can respond to your inquiry.
2.1.4 Other Uses of Your Personal Information
We may also use Personal Information that we collect to help provide you with better service. Among other things, the Personal Information we collect enables us to improve our services, communicate with you and fulfill your requests for products, services and information.
2.2 Non-Personal Information
“Non-Personal Information” means: (1) information that does not directly identify you; and (2) “aggregate” and “de-personalized” information, which is data we collect about the use of the Service from which personally identifiable information has been removed.
2.2.1 Cookies, Beacons and Tracking
When you access or use the Service, we (or a third party provider) may use “cookies” and other technologies such as pixel tags, locally shared objects, clear GIFs and web beacons, to track what you view and interact with on the Service. We treat information collected by cookies and similar technologies as Non-Personal Information.
A “cookie” is a small bit of record-keeping information that is sent to your computer. The cookies that we use do not include Personal Information and may be used to:
help you navigate around the Service,
monitor how many people are using the Service, and
track trends.
Most browsers are initially set up to accept cookies, but you can disable cookies or set your browser to indicate when a cookie is being sent. However, disabling cookies may affect your ability to use the Service.
2.2.2 Server Logs
Our servers may log Non-Personal Information about your use of the Service, such as: (1) your search activity, pages viewed, date and time of activity; and (2) any information provided by your computers or mobile devices in connection with your use of the Service, such as browser type, browser language, IP address, mobile carrier, unique device identifier, location, and requested and referring URLs.
2.2.3 Trusted Partners and Sponsored Companies and Organizations
We may use and disclose to our affiliated companies, contractors, trusted partners or persons the collected Non-Personal Information for the purpose of auditing, researching and analyzing usage of the Service, ensuring the technical functionality of the Service and further developing the Service and our other products.
3. DISCLOSURE OF PERSONAL INFORMATION
3.1 How/When the Collected Information is Disclosed
We will never sell, share, transfer or rent your Personal Information for secondary purposes.
In certain circumstances, we may share any or all information we have collected, including Personal Information. For example:
a) we might share your Personal Information during due diligence or in preparation for or after a sale, merger, consolidation, change in control, transfer of substantial assets, reorganization or liquidation;
b) your Personal Information may be transferred to anyone who is helping us make our website and the Service available and functional, like technical agents, payment processing vendors, other subcontractors, and our affiliates and consultants, subject to obligations consistent with this Fine Print;
c) as in any transaction, if you use the Service to provide your credit card information to LawPay for payments, your credit card company will be provided with all relevant information about LawPay, item(s) purchased, cost and other information necessary to process the transaction;
d) if we are required to disclose or share your Personal Information under a legal obligation, in order to enforce or apply our contractual agreements or without your consent pursuant to any of the exceptions in the Acts; and
e) we may share anonymous information (meaning information that does not identify you personally) with or to business partners.
3.2 Data Processing
We may also disclose Personal Information to our service providers for the purpose of processing Personal Information on our behalf or assisting in the operation of the Service. We require that these parties agree to process such Personal Information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
4. CHOICES FOR PERSONAL INFORMATION
If we propose to collect, use or disclose Personal Information for any purpose other than those described in this Policy, we will obtain your consent.
You may choose to withdraw your consent to the collection, use or disclosure of your Personal Information as outlined in this Policy at any time. If you withdraw consent, then we may no longer be able to provide you with full or any access to the Service.
Users are also given the opportunity to “opt-out” of having their Personal Information used for specific purposes, such as receiving newsletters or other information from us.
Withdrawals of consent will not have an effect on personal or other data that we have used or disclosed in accordance with this Policy prior to such withdrawals.
5. THIRD PARTY PRIVACY POLICIES
We may make available third party links through hyperlinks or otherwise enable you to access third party products or services from the Service that are not affiliated with or controlled by us. We are not responsible for those parties, the content of their products or services, or the use of information you provide to them. Providing links or otherwise enabling access to third party products or services does not constitute sponsorship of or affiliation with those people or companies. You recognize and agree that we are not liable for any third parties use of your Personal Information and you should review the privacy policies of these third parties.
6. DATA STORAGE
We take commercially reasonable steps as necessary to ensure that your data is treated securely in accordance with this Policy and the Acts. However, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit through use of the Service and you do so at your own risk.
Your Personal Information may be transferred to and maintained on servers or databases located in Canada and the U.S. in accordance with the Acts, as applicable. You consent to such processing and storage.
7. INFORMATION SECURITY
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Personal Information. We use physical, electronic and/or procedural safeguards to protect our systems and all Personal Information under our control against unauthorized access and use. We only use third party server hosts with certified facilities that contain the industry standard physical, operational and digital security and restriction protocols. All safety and security measures are reasonable and appropriate to the sensitivity level of the information collected.
8. ACCURACY AND ACCESS/CONTROL OVER PERSONAL INFORMATION
We will take reasonable steps to ensure that the Personal Information collected by us or on our behalf is accurate and complete, as required pursuant to the Acts.
We will allow you to access your Personal Information in our custody or control, and you may request that we:
update or correct such Personal Information;
change your preferences with respect to communications and other information received from us; or
delete your Personal Information on our primary system, by submitting a request to sleo [at] kairoslaw.ca, though this may result in your inability to use the Service.
If we are satisfied on reasonable grounds that your request to update or correct your information should be implemented, we will correct your Personal Information on our primary system as soon as reasonably possible. We may retain an archived copy of your records as required or authorized by law.
9. COMMUNICATING WITH YOU BY EMAIL
By providing your email address to us or communicating with us via email, you are deemed to expressly consent to receiving email communications from us in conjunction with the Service that we provide to you.
10. RETENTION OF PERSONAL INFORMATION
We retain Personal Information collected pursuant to this Policy only as long as is reasonably required to fulfill the purposes for which it was collected, or as required or authorized by law.
11. CHANGES TO THIS POLICY
We reserve the right to modify this Policy at any time. We may provide you with notice of such modifications, by sending you an email message or otherwise bringing it to your attention in the Service. Your continued use of the Service will signify your acceptance of the modifications to this Policy. If you disagree with any changes to this Policy, you will need to stop using the Service.
12. CONTACT INFORMATION
If you have any questions relating to this Policy or our privacy practices, please write to Kairos Law at: sleo [at] kairoslaw.ca.
C. CLOUD COMPUTING POLICY
1. Introduction
Using web-based cloud computing services, tools and applications (“Cloud Services”) benefits our clients in a number of ways, including lower costs, higher performance and more efficient delivery of legal services. At Kairos Law Corporation (“Kairos Law”), we recognize that the nature of the legal industry requires not only excellent service but also constant and rigorous protection of client data, whether offline or online. We take security and protection of personal information very seriously.
Our policy on cloud computing (“Cloud Policy”) is meant to ensure that client data is protected to the greatest extent reasonably possible, while also enabling us to provide the efficient, responsive service clients have come to expect from Kairos Law. This Cloud Policy is based upon the Law Society of British Columbia’s cloud computing due diligence guidelines (“Law Society Guidelines”) and represents best practice in the legal industry.
2. Scope
This Cloud Policy applies to all team members at Kairos Law and pertains to all client data, no exceptions.
This Cloud Policy concerns all external Cloud Services, including cloud-based email, document storage, project management software, Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), etc. Personal accounts are excluded. Kairos Law team members may not store client data on personal accounts.
This Cloud Policy applies to all clients, excluding those that constitute a “public body” for the purposes of the Freedom of Information and Protection of Privacy Act (“FOIPPA”). FOIPPA requires that personal information in the custody of any public body be stored and accessed within Canada, unless consented to by the individual to whom the personal information pertains. In order to determine whether a client constitutes a public body, see the definition of “public body” in Schedule I of the FOIPPA.
It is imperative that all Kairos Law team members NOT open cloud accounts or enter into cloud service contracts for client-related matters without first completing the security screening (set out below). This is necessary to protect the integrity and confidentiality of client and firm data, and the security of the Kairos Law network.
Each Kairos Law team member must review this Cloud Policy and certify that he or she acknowledges and understands the purpose and following procedures.
3. Policy
Our Cloud Policy comprises two screening stages. First, each Cloud Service undergoes an initial comprehensive security screening before any team member uses it in conjunction with client data. Second, each Cloud Service is then subject to periodic security monitoring for ongoing use.
Stage I: Initial Security Screening. Before initial use of any Cloud Service, Kairos Law considers security factors at two levels:
a) High-level priority considerations: requirements that are carefully measured and must be satisfied in every case, including the following three Law Society requirements:
i. Ownership of client data must not transfer to the Cloud Service or any third party.
ii. Kairos Law must ascertain where the data will be stored.
iii. Client information must be protected to maintain confidentiality and privilege.
b) Low-level considerations: additional issues into which Kairos Law reasonably inquires, in accordance with best practices in the industry.
Stage II: Ongoing Security Monitoring. To ensure the protection of client data is ongoing, Kairos Law reviews Terms of Service of each Cloud Service and track security breaches through a monitoring process. We use GoogleAlerts to keep apprised of security breaches for each Cloud Service we use, alerting us to security issues weekly.
In the Event of a Security Breach:
If a security breach is flagged by GoogleAlerts, then a review of the details of the breach will be conducted to assess whether further action is required:
1. If the breach does not put client or lawyer data at risk, Kairos Law will continue to use the Cloud Service.
2. If the breach potentially puts client or lawyer data at risk, then Kairos Law will remove sensitive client data to ensure reasonable security. The lawyer(s) will temporarily refrain from using the service and gather as much information about the security breach as reasonably possible and will make an assessment. If the breach is determined not to put client or lawyer data at risk, the Cloud Service will remain in use.
3. If the breach does put client or lawyer data at risk, then Kairos Law will work to remove all data from the Cloud Service, will close any accounts with the Cloud Service, and will discontinue use of the Cloud service permanently.
Annual Review of Law Society of British Columbia Cloud Computing Guidelines:
The Law Society Guidelines have been foundational to this Cloud Policy. As Canadian lawyers’ use of cloud computing evolves, we expect the Law Society Guidelines to become more refined and comprehensive. Once per year, a lawyer or law student reviews the Law Society Guidelines to determine whether any amendments have been made. If amendments are made that alter the ethical or allowable use of Cloud Services in the legal industry, then Kairos Law will reassess each Cloud Service used in light of the new guidelines, and will follow the procedure above (as explained in “In the Event of a Security Breach”) to determine whether to discontinue use.
Annual Terms of Service Review:
Approximately every twelve months, Kairos Law will review the Terms of Service and Privacy Policies of each Cloud Service used to determine whether any amendments have been made. If any amendments constitute cause for concern, then Kairos Law will follow the procedure above (as explained in “In the Event of a Security Breach”) to determine whether to discontinue use.
4. CURRENT APPROVED CLOUD COMPUTING SERVICES
Note: this list will be updated from time to time without notification.
1. Microsoft OneDrive Office365
2. Clio Grow and Clio Manage
3. QuickBooks Online
4. Adobe Acrobat Pro