Privacy Policy

(Effective from June 18, 2025) 

This is the full version of our Privacy Policy. Read the summary of our Privacy Policy.

The Privacy Policy contains the following sections:

1. OVERVIEW
2. PERSONAL INFORMATION
3. COLLECTION OF PERSONAL INFORMATION
4. PURPOSES OF PERSONAL INFORMATION COLLECTION, USE AND DISCLOSURE
5. LIMITS TO COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
6. CONSENT
7. DISCLOSURE / SHARING OF PERSONAL INFORMATION
8. TRANSFER OF PERSONAL INFORMATION ABROAD
9. PERSONAL INFORMATION RETENTION
10. PRIVACY SAFEGUARDS
11. YOUR RIGHTS
12. PERSONAL INFORMATION MANAGEMENT PROGRAM
13. PRIVACY OFFICER
14. DETAILS ON THE COLLECTION, USE AND DISCLOSURE OF DATA ON OUR WEBSITE
15. LINKS TO SITES
16. CONTACT US
17. UPDATING THIS POLICY

1. OVERVIEW

a) The IPH Group

IPH Limited (ABN 49 169 015 838) is the holding company for a number of international intellectual property (IP) professional services firms operating under different brands (each, an IPH Service Firm) and certain adjacent businesses. Certain IPH Service Firms also offer their services in some countries in collaboration with and with assistance by allied professional services firms with which they have exclusive contractual arrangements (each, an Alliance Firm). IPH Limited, the entities comprising the IPH Service Firms, the Alliance Firms and the IPH adjacent businesses are in this Privacy Policy (hereafter, the Policy) collectively referred to as the IPH Group.

In Canada, the IPH Group includes the following entities:

• Smart & Biggar LLP is a limited liability partnership that carries on the business of a law firm and solely provides legal services in Ontario, Quebec and British Columbia. Smart & Biggar Alberta LLP is a limited liability partnership that carries on the business of a law firm and solely provides legal services in Alberta. Smart & Biggar LP is a limited partnership that carries on the business of a patent and trademark agency and provides all related and other services that are not legal services provided by Smart & Biggar LLP or Smart & Biggar Alberta LLP.

Smart & Biggar is committed to respecting your privacy and protecting your personal information, which is why we have implemented a privacy program and appointed a Privacy Officer.

The purpose of this Policy is to inform you of how Smart & Biggar collect, use, disclose, retain, manage, share and protect your personal information, and how you can contact us if you have queries about our management of your personal information.

To provide you with quality services, we need to have access to certain personal information about you. We make sure that our employees manage this information with all the necessary discretion and diligence in compliance with the legal and regulatory requirements in force.

By engaging us to provide professional services or submitting personal information to us, you accept the terms of this Policy, and consent to our collection, use, disclosure, communication, retention, and management of your personal information as described in this Policy.  

We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes to this Privacy Policy will be published by posting an updated Privacy Policy on our website and are effective upon posting.  The posting of a new or revised version of the Policy on our website shall be considered sufficient notice to you, and by continuing to use the website or by submitting Personal Information to us, you are consenting to any changes to our Policy.  

You are welcome to print or download this Privacy Policy at any time. If you would like a hard copy of this Privacy Policy, or if you would like us to email or mail you a copy of this Privacy Policy, you can contact our Privacy Officer.

b) Compliance with legal obligations

We respect the privacy of all individuals who provide personal information to us. The IPH Group operates in multiple jurisdictions, currently including Canada, Australia, New Zealand, Philippines, Singapore, Malaysia, Indonesia, Thailand, Hong Kong SAR and China. The IPH Group entities operating in those jurisdictions are bound by the respective privacy and personal data protection legislation in those jurisdictions. For such IPH Group entities, where a requirement of any applicable legislation in the relevant country is inconsistent with this Policy, that legislative requirement will apply.

Any IPH Group entity operating in a country is bound to comply with the applicable privacy legislation in that country. For Smart & Biggar in Canada, this includes the Personal Information Protection and Electronic Documents Act and all applicable provincial privacy laws.

To the extent any EU Personal Data (defined in Appendix 1) is collected, received, managed or processed by an IPH Group entity, such IPH Group entity will comply with the European Union General Data Protection Regulation 2016/279 in accordance with Appendix 1 of this Policy. If this applies to you, it is important that you read Appendix 1 to ensure you are aware of how we will comply with our obligations and review important consent requirements which are included in the Appendix.

2. PERSONAL INFORMATION

We define “personal information” as any information about an identifiable individual, or information that, taken alone or combined with other data, allows an individual to be identified.

3. COLLECTION OF PERSONAL INFORMATION

a) Types of personal information collected

During our interactions with you, whether it be while providing legal and other related services or during our business activities, we may collect certain personal information about you. The personal information we collect is necessary to provide you with the requested services. This includes, but is not limited to:

• Your contact information such as name, address, email, or phone number,
• Identification and other background check information, such as a copy of a passport, driver’s licence, utility bill, proof of beneficial ownership or source of funds,
• Information produced while providing our service that could be understood as personal information,
• Billing information such as billing address, banking information or payment system data,
• Marketing information and communication preferences such as comments, or survey responses,
• Information related to the use of our website including technical information about visits or other information collected through cookies or similar tools,
• In respect of current and potential employees and contractors:

• Recruitment-related information such as resumes, information about your professional or academic background, third party references, criminal conviction records, banking details, social insurance number, certain health information, emergency contact details or other information relevant to potential recruitment,
• Historical information such as names of previous employers, job titles,
• Digital content such as photos, videos, or audio files.

• Any other personal information provided by you or on your behalf.

We only collect sensitive information reasonably necessary for one or more of the purposes specified in this Policy or such other purposes as we may disclose to you at or before the time of collection and if:

• we have the consent of the individuals to whom the sensitive information relates; or
• the information is necessary or required for a legal reason provided under applicable privacy laws or other legislation and applicable privacy laws or other legislation permits the collection, use or disclosure of the information without consent in those circumstances.

b) How is personal information collected

We collect personal information directly from the individual concerned whenever reasonably practicable.

Sometimes, we collect personal information about you from a variety of other independent sources, including publicly available sources (including social media), recruitment agencies, contractors, service providers and business partners. Where information is not obtained directly from the individual concerned, we obtain personal information in accordance with legal requirements.

The circumstances in which we may collect your personal information include, without limitation:

• when you have a face-to-face meeting with our lawyers, students, staff and/or officers;
• when you attend our or third-party presentations, conferences or events;
• when you use our website or the website of an IPH Group entity, including to request to receive a newsletter or other information from us;
• when you provide or offer to provide a product or service to us;
• when you obtain a product or service from us;
• when you communicate with us by e-mail, telephone or in writing;
• when you apply for employment or work experience with us or accept an offer of employment;
• when you enter into a contract with us;
• through share registries and other public registers;
• from other IPH Group entities (where permitted under this Policy);
• where you have consented to third parties sharing it with us, including our suppliers and service providers and other business associates; and
• from publicly available sources, including newspapers and social media platforms such as LinkedIn, Facebook and Twitter.

4. PURPOSES OF PERSONAL INFORMATION COLLECTION, USE AND DISCLOSURE

We collect, use, and disclose personal information for the purposes set out below, for purposes as identified to you at the time of collection, and for other purposes as are permitted or required by law. These purposes include, but are not limited to, the following:

• If you are a client, to verify your identity, establish and manage your client relationship with us, and contact you, including to manage billing and client accounts, collect and process payments, and limit the risk of non-payment,
• Providing legal and other services to our clients as well as for the conduct of our business, including:

• assessing your likely needs for our services,
• filing, prosecuting and maintaining applications for statutory protection of IP including patent, design, trademark and domain name applications and registrations in Canada and overseas,
• conducting patent and trademark opposition proceedings before the patent and trademark offices and regulators in Canada and other jurisdictions, and
• advising on litigation, dispute resolution, appeals, commercial and regulatory legal advice and IP watches and searches,

• Sharing personal information with third parties as part of our legal representation or services (for example, to adverse parties, interested parties, foreign lawyers or counsel, courts, experts, witnesses),
• Fulfilling legal, regulatory or risk management obligations towards our clients, including, conducting due diligence with respect to a client, obtaining necessary information, detecting and reporting on risks in terms of money laundering, terrorist financing, corruption, and conflicts of interest,
• Preventing or investigating alleged crime or fraud and/or conducting any background checks and/or for other purposes required or authorized by applicable laws or regulations,
• To monitor the use of our website, to answer questions submitted through our website,
• To enable business development and marketing, more precisely to inform current and future clients about our services, to provide news alerts or information on recent legal developments and to provide invitations to events,
• To send marketing and promotional material that we believe may interest our clients;
• To conduct development and research to ensure that we maintain the standard of security appropriate to the sensitivity of the information we have collected,
• To understand our clients’ requirements and to improve our services,
• To recruit lawyers and staff, process applications and evaluate candidates’ profiles in relation to the requirements of the positions for which we are recruiting,
• As permitted or required by any applicable legal or regulatory obligations or provisions,
• For purposes necessary or incidental to the provision of goods and services to you,
• To manage and enhance our products and services,
• To investigate complaints made by you or about you,
• In the case of employees and contractors:

• to pay compensation, wages, fees and employee & contractor entitlements,
• conduct criminal checks and confirm your immigration status and right to work, and
• to manage your relationship with us,

• For any other purpose for which you have consented or for which we are permitted under applicable law to collect, use or disclose your personal information without consent.

5. LIMITS TO COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION

We strive to limit the collection of personal information to that which is strictly required to fulfill the purposes for which it is collected. In certain circumstances, we may need to collect personal and sensitive information to comply with our legal obligations, such as anti-money laundering and counter-terrorism financing laws. Rest assured that we will not disclose or use your personal information for any other purpose unless you consent to such disclosure, or the disclosure is required or permitted by law.

We may use your personal information if it is necessary to prevent or lessen a serious threat to public health or public safety or if the use of the information is necessary for law enforcement or for the conduct of proceedings before any court or tribunal.

In addition, as you will see in section 10 of this Policy, we limit access to your personal information only to those individuals who have the authority and need to access and use it for a specific purpose.

Please note that for our office in the province of Quebec, we do not voluntarily collect information from persons under the age of 14 without parental consent or the consent of the individual’s tutor and for our offices in all other Canadian provinces we do not voluntarily collect information from persons under the age of majority in their jurisdiction of residence without parental consent or the consent of the individual’s legal guardian.  

6. CONSENT

a) General

By supplying us with your personal information, you consent to our disclosing your personal information for the purposes described in this Policy to organizations within the IPH Group and other organizations that carry out functions on our behalf or assist us to deliver our services, such as our business associates, contractors, agents or service providers.

Generally, we collect information directly from you with your consent unless we are authorized or required by applicable law to collect information indirectly or without your consent. However, in certain situations we may collect personal information about you without your consent, or from third parties, or from publicly available records as permitted by law. For example, we may collect, use or disclose your personal information without your consent for the following reasons:

• When your personal information is lawfully disclosed to us by our client on your behalf while providing legal services,
• For security, medical or legal reasons, where we are unable to obtain your consent,
• For fraud detection, prevention, or law enforcement purposes, where seeking consent would defeat the purpose of the procedure.

Please note that you have the right to refuse to provide us with personal information. You also have the right, subject to reasonable notice and applicable legal or contractual restrictions, to withdraw your consent regarding the collection, use and disclosure of your personal information held by us. The refusal by you to disclose the personal information that we request from you or the withdrawal by you of your consent may prevent us from providing or continuing to provide you with some of our services. If you wish to withdraw your consent, please contact our Privacy Officer at the address listed below in section 16 below.

b) Marketing and other purposes

We may also ask for your consent for secondary purposes, for example, to invite you to events or training sessions, to conduct market studies or to populate our databases. In addition, your consent for secondary purposes may be withdrawn at any time, without affecting the rendering of our services to you.

We may also contact you to inform you about laws and developments in the field of IP and other products, services, events and resources which we think would be of particular interest to you.

If you opt-out of receiving further communications from us, we will take steps to ensure you do not receive any such further information from us in future. Recipients of our news alerts and other correspondence may notify us at any time should they wish to discontinue receipt of emails and other communications from us.

c) Providing third-party personal information to us

If, at any time, you provide us with information about someone other than yourself, you warrant to us that you have that person’s consent and all other necessary consents to provide such information to us for a purpose specified in this Policy and for us to treat such information in accordance with this Policy. We may need to ask for a written proof of consent from that person when necessary.

7. DISCLOSURE / SHARING OF PERSONAL INFORMATION

To provide you with our services, we may share the personal information we collect with certain third parties. However, rest assured that we will not divulge any information protected by professional secrecy unless you have waived this privilege yourself, we have your authorization, or we are compelled by applicable law to disclose it.

a) Within the IPH Group

We may receive and share personal information from or to other IPH Group entities in accordance with this Policy, including entities located in various jurisdictions, including Canada, Australia, New Zealand, Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong and China; however, each IPH Service Firm (and where applicable its related Alliance Firm) maintains separate case management systems and no case related information is shared with another IPH Service Firm, except where such IPH Service Firm is formally engaged to provide professional IP services for the client, including as a foreign associate.

All disclosure of information by us within the IPH Group is subject to compliance with all legal requirements including but not limited to, applicable legislation governing the conduct of our attorneys and professionals in jurisdictions in which we conduct our businesses, and other IPH Group information sharing and conflicts of interest policies.

b) Other third parties

During our activities, we may disclose your information to third parties. These activities include but are not limited to the following disclosures:

• Third parties in connection with our legal and IP services, including opposing parties, experts, agents, professional advisors, auditors or insurers, etc.,
• Organizations that assist us to deliver our services, such as our business associates, contractors, agents and third-party service providers (including associates in foreign countries), including but not limited to services related to our website (hosting, security, etc.). The personal information provided is then limited to only the information required to enable them to carry out their services and these suppliers are obliged to maintain the confidentiality of this information,
• Governmental public authorities (such as the Canadian Intellectual Property Office) and law enforcement agencies and regulators when required by applicable laws or when necessary for the rendering of our services,
• Courts (such as the courts of Canada and its provinces),
• Our financial, taxation or legal advisors,
• Debt collection companies,
• Our clients (where information has been provided to us by a third party other than our client),
• A purchaser or successor entity and its professional advisors in connection with the sale of our business, a subsidiary of our business, or substantially all of its assets, and
• Organizations established to help identify illegal activities and prevent fraud.

As noted above, we may disclose your personal information to entities that assist us to deliver our services, such as our business associates, contractors, agents or service providers and, as noted elsewhere in this Policy, our Alliance Firms. These third parties may change from time to time. Some examples include technology and internet service providers, data storage providers, digital mail providers who send communications on our behalf and their implementation partners. We may also use graphic designers, printers and posting services to assist us with design, printing and distribution of communications. Where it is necessary for personal information to be provided to a third party in connection with the provision of a service to us, we will take reasonable steps within our power to prevent the unauthorized use or unauthorized disclosure of the personal information.  

In relation to our disclosure of personal information to third parties such as agents and associates in foreign countries, we will make such disclosures when we are instructed to do so by our clients in relation to their matters in order to provide our services, or as may be required by law. You agree that subject to any additional obligations under applicable laws, third parties who receive personal information from us may use and disclose the personal information subject to their respective privacy policies and laws applicable to them. 

We will never, by any means, sell or exchange your personal information for payment. We will not disclose personal information to third parties for the purpose of third-party direct marketing.

From time to time, we may provide third parties with information in the form of statistical representations about our users collectively and for the purpose of statistical analysis. Where we provide such information to third parties for this limited statistical purpose, we will not provide information in such a way that your identity may be obtained. To the extent this statistical information does not constitute personal information, neither this policy nor Canada’s Personal Information Protection and Electronic Documents Act or applicable provincial privacy legislation will apply.

c) Other permitted disclosures

If the applicable laws allow us to, we may also disclose your personal information under the following circumstances:

• when you have consented to such disclosure,
• when you would reasonably expect us to use or disclose your personal information in a certain way,
• when the disclosure is for one of the purposes for which the information was obtained or is directly related to the purposes for which the information was obtained,
• when the source of the information is a publicly available publication and, in the particular circumstances, it would not be unfair or unreasonable to disclose the information or applicable law permits its disclosure,
• when authorized or required to do so by a court or under applicable laws or regulations (for example, a subpoena), or where requested by a government agency,
• where we consider a company or an individual may be engaged in fraudulent activity or other deceptive practices of which a governmental agency should be made aware,
• to appropriate persons, where your communication suggests possible harm to yourself or others, or
• when disclosure is reasonably necessary for a law enforcement related activity.

8. TRANSFER OF PERSONAL INFORMATION ABROAD

• We occasionally call upon foreign entities while providing services, for example: for the registration of trademarks or patents in foreign countries.
• to obtain legal or other IP professional services in foreign countries, or
• for administrative and other purposes within the IPH Group to facilitate the conduct of IPH Group’s businesses.

Your personal information may be disclosed to:

• IPH Group entities located in various countries, including in Australia, Canada, New Zealand, Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong, and China and any other jurisdictions in which IPH Group may operate in the future,
• our associates, agents or other legal or professional service provider firms in foreign countries,
• government bodies and other entities that administer IP in overseas jurisdictions, and
• service providers located in various Canadian provinces and service providers located outside of Canada which may include technology and internet service providers, human resource and payroll service providers, data storage providers and digital mail providers to carry out specific mandates in the normal course of business.

Thus, it is possible that some of your personal information may be transferred to places other than your province, territory, state or country of residence. In such case, we will use reasonable efforts to ensure that your personal information is adequately protected by appropriate technical, organizational, contractual, or other lawful means.

You agree and acknowledge that the overseas recipients of your personal information will also be subject to the privacy laws of their local jurisdiction. These overseas privacy laws are likely to be different from the Personal Information Protection and Electronic Documents Act and applicable provincial privacy legislation.  For example:

• if overseas recipients are located within Australia, the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles apply;
• if overseas recipients are located in New Zealand, the New Zealand Privacy Act 2020 and information privacy principles set out in that Act apply;
• if overseas recipients are located in other jurisdictions in which the IPH Group operates, the applicable personal data protection legislation applies.

We maintain policies and procedures regarding our use of service providers outside of Canada.  If you would like to learn more about our use of these service providers, please contact our Privacy Officer, whose contact information is provided in section 16 below.  

You acknowledge and agree to such international data and information transfers with respect to personal information of the nature described above.

9. PERSONAL INFORMATION RETENTION

Personal information is retained for as long as necessary to fulfil the purposes set out in this Policy and to ensure that we comply with our legal, tax or regulatory obligations. After such time, any personal information held by us will be destroyed, deleted, de-identified or made anonymous.

In addition, and as mentioned in the previous section, your personal information may be kept in Canada or abroad. Of course, we will have reasonable security measures in place appropriate to the sensitivity of the information, as well as the relevant contractual agreements, to protect your personal information.

If you wish to learn more about how long we keep your personal information, we invite you to contact our Privacy Officer, whose contact information is provided in section 16 below.

10. PRIVACY SAFEGUARDS

We have security measures in place designed to protect your personal information. We strive to apply the necessary and appropriate security measures to ensure the confidentiality of the personal information in its possession. The standard security measures we use will depend on the type of information collected. In doing so, we follow generally accepted industry standards. The personal information we hold is therefore accessible only to persons who are qualified to have access to it and who consult it only when necessary in the performance of their duties.

Appropriate physical, technical, and/or administrative safeguards and security measures have been put in place and are maintained to prevent:

• Any accidental or unlawful destruction,
• Accidental loss,
• Unauthorized disclosure,
• Unauthorized modification,
• Unauthorized access,
• Any illegal treatment.

In terms of system security, here are some of the things we do to protect your personal information:

• we store personal information in a variety of formats including on databases, in hard copy files and on personal devices, including laptop computers,
• we retain personal information in secure hard copies and electronic files,
• we use firewalls, standard software protection programs, password access protections and secure servers,
• personal information in files that have been closed and archived may be stored in our offsite storage facility. We take reasonable steps to ensure that any third parties who handle files maintained in offsite facilities (including online data storage facilities) act consistently with this Policy,
• we regularly review our security arrangements to ensure we are taking reasonable and technically feasible steps available at the time to protect your personal information, and
• we take reasonable steps to destroy, erase or permanently de-identify personal information as soon as practicable if it is no longer required (see section 9 above).

We will make our employees, contractors and service providers aware of the importance of maintaining the confidentiality of personal information, and care will be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the personal information. Moreover, we make sure that access to our offices and computer equipment is restricted, that our staff is trained and that our agents and suppliers of goods and services with access to personal information are required to sign confidentiality agreements and implement security measures deemed equivalent.

It should be noted, however, that no method of transmission over the Internet, nor any means of electronic storage is completely secure or error-free. Thus, we cannot guarantee that your personal information is totally protected, for example, from hackers, interference or misappropriation. You acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. You provide information to us via the internet or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorized access to, your personal information where the security of information is not within our control. We encourage you to be cautious when using the Internet.

If you believe that your personal information has been compromised, we invite you to contact us using the contact information listed in section 16 of this Policy.

In the event of a data breach involving a loss of, unauthorized access to or misuse of your personal information, we will report such breach to you and any relevant authority as required by law.

11. YOUR RIGHTS

Depending on applicable laws, you might have the right to obtain access to, rectification or erasure of your personal information, the right to withdraw your consent (if any), and the right not to be discriminated against.  If you are in the province of Quebec, you have additional rights, namely, the right to be informed of a decision based exclusively on automated decision-making (if any), the right to restrict and to object to the use and processing of your personal information by us, and the right to data portability by receiving a copy of all personal information that we have about you in a structured, commonly used and machine-readable format.

a) Making a request

To exercise any of these rights (to the extent available), please submit your request to us by writing to the Privacy Officer as set forth in section 16. Depending on the right being exercised, we will inform you of the procedure to follow, the processing time (delay of response) and the information needed. We will endeavour to process your request within 30 days from the date your request is received. We will inform you if this timeframe is not achievable and extend this timeframe as permitted as applicable law.

We may charge a fee to cover the costs of meeting your request if your request is unfounded or excessive.

Unless we are required or permitted by law to refuse to do so, we will, on request, provide you with details of the personal information we have collected about you or update and rectify your personal information in accordance with your request. Where we are also required by the applicable law to provide further information about the use or disclosure of your personal information, we will do so upon your request.

b) Exceptions

If we do not agree to provide you with access to, or to rectify or erase, your personal information as requested or otherwise meet your requests, we will notify you accordingly. Where appropriate, we will provide you with the reason(s) for our decision and the mechanisms available to complain about the refusal. If the rejection relates to a request to change your personal information, you may make a statement about the requested change, and we will attach this to your record.

In some circumstances, and subject always to legal obligations to the contrary, we may not be in a position to grant access to your personal information or otherwise meet your requests with respect to your personal information, including when:

• your personal information is not retrievable;
• the request is frivolous or vexatious; or
• providing access or otherwise meeting your request:

• is reasonably likely to pose a serious threat to the safety of an individual or the public;
• is likely to impact unreasonably on the privacy of others;
• would reveal information which relates to existing or anticipated legal proceedings between you and us, which information would not be accessible by the process of discovery in those proceedings;
• would impact any negotiations between you and us;
• is unlawful (including being unlawful as directed by a court or tribunal order);
• would likely impact on actions being taken in relation to alleged unlawful activities or misconduct relating to our functions and activities;
• would be likely to impact any enforcement related activities conducted by any enforcement bodies; or
• would reveal evaluative information in connection with a commercially sensitive decision-making process.

12. PERSONAL INFORMATION MANAGEMENT PROGRAM

In order to protect your personal information, we have put in place policies, practices and procedures relating to the management of the personal information we hold. 

These internal policies and procedures govern the collection, use, disclosure, retention and destruction of personal information, as well as complaint handling, information security and data governance. These policies and practices also provide the framework for the implementation of privacy impact assessments, as well as the prevention of and response to potential privacy incidents.

13. PRIVACY OFFICER

Our senior management has delegated the management of the privacy program to the Privacy Officer. The Privacy Officer is responsible for the internal management and oversight of our privacy program.

The Privacy Officer is responsible for approving and implementing privacy policies and procedures, ensuring that they are functioning properly, and reporting to our senior management on the effectiveness of the program. 

It is also the responsibility of the Privacy Officer to provide you with the necessary support in the event of a question, complaint or request relating to the protection of personal information.

14. DETAILS ON THE COLLECTION, USE AND DISCLOSURE OF DATA ON OUR WEBSITE

Please see our Cookies Policy for information about how our internet service providers record certain statistical information about users of our website and how that information is used.

15. LINKS TO SITES

It is important to understand that this Policy does not apply to other third-party websites that may be accessed through links on our website. We are not responsible for those third-party sites, their content or access. Therefore, any personal information you transmit through these sites is subject to the privacy policies of those sites. It is your responsibility to review their privacy policies to ensure the protection of your personal information.

16. CONTACT US

You may contact us to exercise your rights, or if you have questions about our privacy practices or need assistance with exercising or understanding your privacy choices.

For inquiries, please contact us at:

SMART & BIGGAR

• Smart & Biggar LLP, Smart & Biggar Alberta LLP and Smart & Biggar LP
• Contact Person: Privacy Officer
• Email: privacy@smartbiggar.ca
• Address: PO Box 2999 Station D, Ottawa, ON, K1P 5Y6 Canada

We are committed to responding promptly and accurately to all your questions and concerns about the privacy and security of your personal information and our privacy policies and procedures.

In the event that you have a complaint regarding the exercise of your rights under this Policy, we will respond to your complaint as soon as possible and within 10 working days. Your file will be handled by our Privacy Officer, who will inform you of the procedures to follow. Each complaint will be investigated. If the complaint is justified, the specific situation will be corrected, and you will be informed. We will try to resolve the complaint within 10 working days. When this is not possible, we will contact you within that time to let you know how long it will take to resolve the complaint.

If you believe that we have not adequately dealt with your complaint, you may complain to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca).

17. UPDATING THIS POLICY

We frequently revise this Policy to keep it up to date with applicable legislation and its operations. The posting of the revised Policy on the website shall be considered sufficient notice to you, and by continuing to use the website or by submitting Personal Information to us, you are consenting to any changes to our Policy.

Of all the translated versions of this Policy, unless required by law otherwise, the English version shall prevail in the event of any dispute.

This Privacy Policy was last updated on June 18, 2025.   

Appendix 1

European Union General Data Protection Regulation (the “GDPR”)

1. Application

This Appendix only applies to the collection and processing of “EU Personal Data”. “EU Personal Data” means any personal information of an individual who is located in the European Union (“EU”) (whether the individual is a citizen of an EU country or otherwise). This section will apply to you and the processing of your EU Personal Data if you are located in an EU country. This section does not apply with respect to your personal information if you are located outside of the EU, even though you may be a citizen of an EU country.

For the purposes of this Appendix, the term “process” has the meaning given to it under the GDPR and may include any operation or a series of operations performed on EU Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

EU Personal Data that is collected by us may have been sourced directly from you, a third party (e.g. our European associates) or implied from your use of our services.

We process EU Personal Data in accordance with this Appendix and our Privacy Policy (“Policy”). To the extent of any inconsistencies between other sections of our Policy and this Appendix in relation to the processing of EU Personal Data, this Appendix prevails.

2. GDPR Principles

Any EU Personal Data will be:

• processed lawfully, transparently and in a fair manner;
• collected only for the purposes identified in this Policy or any other agreed specified purposes and not further processed in a manner incompatible with those purposes;
• collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU Personal Data is processed;
• kept current and up to date in accordance with section 10 of this Policy;
• stored in a form which permits us to identify you, but only for the period necessary in relation to the relevant purposes identified in this Policy;
• stored and processed securely to protect EU Personal Data against unlawful or unauthorized access and accidental loss, damage or disclosure in accordance with this Policy.

3. Lawful bases for processing

We will only collect and process EU Personal Data where we have lawful bases. This may include where:

• you have given consent;
• the processing of EU Personal Data is necessary for the performance of a contract with you (such as to deliver the services you have requested or that have been requested on your behalf); or
• the processing of EU Personal Data is necessary for the purposes of “legitimate interests” of the relevant IPH Group entity, provided that such processing does not outweigh your rights or freedoms. Some “legitimate interests” are listed in sections 4 and 5 of this Policy.

Where we rely on your consent to process personal data, you have the right to withdraw, restrict or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and process EU Personal Data, please refer to section 11 of this Policy.

We do not use automatic decision making, such as profiling, to make a decision that may produce a legal effect concerning a data subject of EU Personal Data.

4. Rights of EU Personal Data subjects

In addition to other rights you may have as set out in this Policy, you may exercise the data protection rights set out below in relation to your EU Personal Data:

• Access and Portability: a request can be made by you for a copy of your EU Personal Data (and any other information relating to your EU Personal Data permitted under Article 15 of the GDPR) held by us, in accordance with section 11 of this Policy. In addition, you may request to be provided with such EU Personal Data in a structured, commonly used and machine-readable format (including for the purposes of transferring to another party).

• Restrictions and Objections: You may request that we limit our use of your EU Personal Data or processing by requesting that we no longer use your EU Personal Data or limit how we use your data, this may include where you believe it is not lawful for us to hold your EU Personal Data or instances where your EU Personal Data was provided for direct marketing purposes and now you no longer want us to contact you.

5. Our responsibilities as a “data controller”

Generally, we act as a “data controller” in relation to EU Personal Data.

In our capacity as a data controller we:

• set out in this Policy how we collect Personal Information (including EU Personal Data), how it is stored, to whom such Personal Information is disclosed and how the EU Personal Data is otherwise processed;
• only appoint processors under agreements that the processor will comply with the GDPR;
• will maintain a record of processing activities which are under our responsibility (where required by GDPR);
• cooperate with relevant authorities which enforce the GDPR;
• implement appropriate technical and organizational security measures to protect EU Personal Data and report any data breaches to authorities and affected individuals as required by the GDPR in accordance with section 10 of this Policy.

6. Disclosure to third parties

If we are required to disclose your EU Personal Data to third parties, including data processors or sub-processors, we will notify the third party that it has an obligation to handle any EU Personal Data in accordance with the GDPR.

In the event we are responsible for a transfer of EU Personal Data outside of the EU, such transfer will be for the necessary and lawful performance of our services, including the establishment, exercise or defence of an IP or legal right.

7. Express consent to transfer

Further to section 7 of this Policy, by providing us with your EU Personal Data, you are consenting to the disclosure of your EU Personal Data to third parties outside of the EU. You also acknowledge that we are not required to ensure that those third parties comply with their obligations under the GDPR.

If you have any questions, comments or complaints about our handling of your EU Personal Data or wish to contact us regarding your EU Personal Data, please use the contact details set out in section 16 of this Policy. Your requests will be handled in accordance with section 11 of this Policy.