A Specialized Marketing Agency for Law Firms (Canadian Operations)
Trial Boost ("Agency," "we," "us," or "our") is a specialized digital marketing and consulting agency providing services exclusively to law firms and legal professionals ("Clients").
This policy outlines our practices in compliance with Canadian privacy laws, primarily the Personal Information Protection and Electronic Documents Act (PIPEDA), and provincial laws like Alberta's PIPA, BC's PIPA, and Quebec's Act respecting the protection of personal information in the private sector (collectively, "Canadian Privacy Legislation").
Accountability: We are responsible for the Personal Information under our control. This responsibility extends to any Personal Information transferred to a third party for processing.
The data we handle falls into two distinct categories, defining our responsibilities under Canadian Privacy Legislation:
Data Category
Description
Our Role (PIPEDA Context)
Agency Website Data
Information collected when you interact directly with our Agency (e.g., job applications, business inquiries, browsing our corporate site).
Organization Responsible (The final say on purpose and means)
Client Marketing Data
Information collected or processed on behalf of our law firm Clients (e.g., leads generated from a Client’s ad, data shared for campaign management).
Organization in Possession/Custody (Processing according to Client instruction)
We identify the purposes for collecting Personal Information before or at the time of collection.
Type of Data
Purpose of Collection
Principle of Consent
Business Contact Info (Name, Title, Firm Name, Business Email/Phone)
To communicate with you regarding your employment, business, or profession.
Business-to-Business Exemption or Implied Consent (when contacting us for a service quote).
Usage & Technical Data (IP, cookies, pages viewed)
To analyze website performance and ensure site functionality.
Implied Consent (via cookie banner and continued use of the site).
When we collect data on behalf of a Client (e.g., a lead form for legal services), the Client (the law firm) is ultimately responsible for obtaining Meaningful Consent from the individual.
Our Responsibility: We ensure that the marketing mechanisms we deploy (e.g., landing pages, ad forms) clearly inform the individual (i) what data is being collected, (ii) the specific purpose (e.g., to receive a legal consultation), and (iii) the identity of the organization (our Client, the law firm) collecting the data.
Sensitive Information: We recognize that information concerning legal matters, health, or financial status is highly sensitive. We ensure the collection methods and transfer protocols for this data meet the highest possible standard of security and are limited only to what is strictly necessary for the Client’s stated legal purpose.
We only use Personal Information for the purposes for which it was collected or for a consistent purpose.
Use: We use Client Marketing Data only to fulfill our contractual obligations to the Client (e.g., optimize their ad performance, pass the lead to their CRM).
Disclosure: We do not disclose Personal Information to third parties except as required to perform our contracted services (e.g., sharing data with the Client's integrated CRM or a call tracking provider under contract).
Retention: We retain Personal Information only as long as necessary to fulfill the identified purpose, which includes the duration of our service contract and a reasonable period thereafter for audit or legal purposes. We have policies in place outlining minimum and maximum retention periods.
We protect Personal Information with security safeguards appropriate to the sensitivity of the information.
Higher Standard: Given the sensitive nature of information handled for law firms, our safeguards are set to a high level, including:
Data Minimization: Only collecting the necessary data.
Encryption: Using end-to-end encryption for data transmission and encryption at rest where technically feasible.
Access Control: Strict role-based access to Client Marketing Data, limited only to personnel who require it for campaign execution.
Breach Reporting: In the event of a security breach involving Personal Data under our control that creates a real risk of significant harm to an individual, we will notify the affected Client (Controller) and the Office of the Privacy Commissioner of Canada (OPC), as required by PIPEDA.
We make this Privacy Policy readily available and provide information about our policies and practices relating to the management of Personal Information.
An individual has the right to be informed of the existence, use, and disclosure of their Personal Information and shall be given access to that information upon written request, subject to certain legal exceptions.
To make an access request regarding data collected directly by the Agency (Agency Website Data): Please contact our Privacy Officer (see Section 2).
To make an access request regarding data collected during a law firm marketing campaign (Client Marketing Data): You must contact the specific law firm directly. As the Processor, we require instruction from the Client (the Controller) before we can release, correct, or delete their data.
We make reasonable efforts to ensure that Personal Information is accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. This includes updating information based on feedback or instructions from our Clients.
Personal Information may be processed and stored outside of Canada (e.g., using US-based cloud hosting or software providers).
In compliance with PIPEDA and provincial laws, when we transfer data outside of Canada, we ensure the following:
We use contractual measures, like service agreements, to require our third-party vendors to provide a comparable level of protection to the data that we provide under Canadian law.
We remain accountable for the data and are required to take all reasonable steps to ensure the foreign third party adheres to this policy and the principles of PIPEDA.