We're pretty serious about protecting your information - it's kinda what we do for a living.
Look, we get it - nobody actually enjoys reading privacy policies. But since we're lawyers who specialize in tech compliance and data privacy, we figured we'd make ours actually readable.
Panyax Engine Legal Services operates out of Toronto, helping companies navigate corporate law and stay compliant with ever-changing tech regulations. This policy covers our website, client portal, and any interactions you have with us - whether you're a potential client poking around, an existing client, or just someone who ended up here by accident.
Key Point: We're subject to Canadian privacy laws (PIPEDA, primarily) and if you're in a jurisdiction with stricter requirements - like the EU or California - those apply too. We're not gonna play games with your data.
Here's the deal - we collect different types of info depending on how you interact with us:
Sometimes we'll get information from corporate registries, public databases, or other parties involved in your legal matters - but only when it's relevant to representing you.
We're not selling your data to advertisers or doing anything sketchy. Here's what we actually do with it:
Representing you, drafting documents, handling negotiations, filing stuff with regulators - y'know, actual legal work.
Responding to inquiries, sending updates about your matters, occasional newsletters if you opted in.
Meeting our professional obligations, preventing fraud, complying with law society rules and legal requirements.
Making our website better, understanding what services folks need, improving how we work.
Attorney-Client Privilege: Anything covered by solicitor-client privilege gets extra special treatment. We take that seriously - it's literally one of the foundational principles of our profession.
For those in jurisdictions that care about this (EU folks, this one's for you):
We don't blast your info around, but sometimes we need to share it with:
Cloud storage, email systems, document management, payment processors - all under strict confidentiality agreements.
If we bring in co-counsel or expert witnesses for your matter, they'll need access to relevant info. Still covered by privilege.
When legally required - subpoenas, court orders, law society investigations, that sort of thing.
If we merge with another firm or sell the practice, client files would transfer under the same confidentiality obligations.
No Selling: We don't sell client data. Period. That'd be both unethical and probably get us disbarred.
Here's the tricky part - law firms have to keep stuff for a long time. Like, a really long time.
Client files typically get retained for at least 10 years after a matter closes (longer for certain types of corporate work). This isn't us being packrats - it's mandated by law society rules and limitation periods.
For non-client inquiries, we'll keep your contact info for a reasonable period (usually a couple years) unless you ask us to delete it sooner.
Website analytics and marketing data gets cycled out more frequently - we're not hoarding that stuff indefinitely.
Depending on where you're located, you've got various rights regarding your personal info:
| Right | What It Means | Limitations |
|---|---|---|
| Access | Request copies of your personal data | May redact privileged or third-party info |
| Correction | Fix inaccurate information | Can't alter legal documents already filed |
| Deletion | Request we delete your data | Can't delete if we're legally required to keep it |
| Portability | Get your data in a usable format | Applies to data you provided to us |
| Objection | Object to certain processing | We'll assess based on legal obligations |
To exercise any of these rights, shoot us an email at contact@panyaxengine.info or call (416) 555-2847. We'll respond within 30 days (usually faster).
We handle sensitive corporate and legal info all day, so security isn't optional - it's fundamental to what we do.
TLS for data in transit, AES-256 for data at rest. Client portal uses multi-factor authentication.
Role-based permissions, need-to-know basis, regular access reviews. Staff trained on confidentiality.
Enterprise-grade servers, regular backups, disaster recovery plans, security audits.
That said, no system is 100% bulletproof. If we ever have a data breach affecting client info, we'll notify affected individuals and regulators as required by law.
Yeah, we use cookies. Not the delicious kind - the digital tracking kind.
You can disable cookies in your browser settings, but some parts of the site might not work properly. Most browsers let you control cookies pretty granularly these days.
We don't use advertising cookies 'cause we're not running ads - legal services marketing doesn't really work that way.
We're based in Canada, and most of our data stays in Canada. But some of our service providers (like cloud storage) might process data in the US or other countries.
When data goes cross-border, we make sure there are appropriate safeguards - standard contractual clauses, adequacy decisions, that sort of thing. Canada's privacy laws already require this, and we go beyond the minimum requirements.
For EU Clients: We comply with GDPR transfer requirements. If you're in the EU and have concerns about this, let's talk about additional safeguards we can put in place.
Privacy laws keep evolving (trust us, we deal with this for clients all the time), so we'll update this policy as needed.
We'll post the updated version here with a new "Last Updated" date. For material changes, we'll send an email to active clients. If you're just a website visitor, checking back periodically is a good idea.
Continued use of our services after changes means you're cool with the updated policy. If you're not cool with it, let us know and we can discuss your options.
Got questions about how we handle your data? Wanna exercise your privacy rights? Just generally curious about something in here?
Suite 2100, 181 Bay Street
Toronto, ON M5J 2T3, Canada
You also have the right to lodge a complaint with Canada's Privacy Commissioner or your local data protection authority if you think we've mishandled your personal information. Though we'd appreciate the chance to address your concerns directly first.
Got a specific question or request about your personal data? Fill this out and we'll get back to you within 48 hours.