The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal private-sector privacy law. It sets out ground rules for how McDermott + Bull must handle personal information. 

Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:

  • Age, name, ID numbers, income, ethnic origin, or blood type.
  • Opinions, evaluations, comments, social status, or disciplinary actions.
  • Employee files, credit records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire services, or change jobs).

McDermott + Bull has outlined below our Ten Privacy Principles based on the Privacy Principles established in Canada’s PIPEDA.


M+B’s Ten Privacy Principles

Personal information is information that can be used to identify or contact you individually, and other information that McDermott + Bull needs to provide you with our services. To view the list of personal information we collect, please refer to the Information Use section within McDermott + Bull’s general Privacy Policy.

McDermott + Bull has 10 Privacy Principles, based on those established in the PIPEDA. McDermott + Bull has implemented policies and practices to give effect to these principles.

Principle 1 – Accountability

McDermott + Bull is responsible for personal information under its control. McDermott + Bull has designated a Privacy Officer who is accountable for our compliance with our Privacy Policy and PIPEDA. McDermott + Bull’s Privacy Officer is accountable for our compliance with PIPEDA, but other employees at McDermott + Bull may be responsible for day-to-day collection and processing of personal information and may also be delegated to act on behalf of the Privacy Officer. The identity of the Privacy Officer designated by McDermott + Bull to oversee the organization’s compliance with the principles shall be made known upon request.

McDermott + Bull is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. McDermott + Bull will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party. McDermott + Bull has implemented policies and practices to give effect to the principles, including:

  • Implementing procedures to protect personal information.
  • Establishing procedures to receive and respond to complaints and inquiries.
  • Training staff and communicating to staff information about the organization’s policies and practices.
  • Developing information to explain the organization’s policies and procedures.

Principle 2 – Identifying Purposes

Canadian residents have a right to know how their information will be used. McDermott + Bull will explain why we need your information before or at the time we collect it if the purpose is not already clear. We will assume that the purpose is clearly identified when we use your personal information to:

  • Provide you with the services you have requested.
  • Communicate with you about the services you have requested.
  • Ensure that you are properly registered to use our services and to receive any associated technical support.
  • Inform you of any important service revisions or updates.

For more information about the business purposes for the information we collect, please refer to the Information Use section of our Privacy Policy. When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose.

Aggregate data is general information about a group of people and does not identify you individually. McDermott + Bull may combine your information with that of others to generate aggregate data that can be used to improve our services or develop new ones. For example, we may tell a third party how many users have subscribed to a service, but not identify that you personally are a subscriber.

Principle 3 – Consent + Disclosure

McDermott + Bull will collect, use, and disclose your personal information for the purposes we have identified above and only with your knowledge and consent before or at the time of collection, except where permitted or as required by law or defined in this Privacy Policy. For more information on the purposes for which the information will be used, please refer to the Information Use section of our Privacy Policy.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw your consent, please click here to make a request to delete your information.

Principle 4 – Limiting Collection

McDermott + Bull will collect personal information only for the purposes we have identified or for the primary uses described above. We shall collect information only by fair and lawful means. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified. For more information, please refer to the Information Collection section within our Privacy Policy.  

Principle 5 – Limiting Use + Disclosure + Retention

McDermott + Bull will not use or disclose your personal information other than for the purpose for which it was collected unless we receive your consent or unless we are required or permitted to by law. When providing information in response to a legal inquiry or order, we will verify its validity and disclose only the information that is legally required. McDermott + Bull will make reasonable efforts, with the bounds of the law, to notify you should your personal information be subject to disclosure.

McDermott + Bull will keep your personal information only for as long as it needs to for the purposes identified above, as required by law, or as necessary to resolve any disputes you may have concerning our services. McDermott + Bull will follow internally set guidelines and use care in the disposal, destruction, or de-identification of personal information to prevent unauthorized parties from gaining access to such information.

Principle 6 – Accuracy

McDermott + Bull will maintain accurate, complete, and up-to-date personal information as required for the identified purposes associated with its collection. The extent to which personal information is accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual. McDermott + Bull will not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected. Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

Please click here to request an update to your personal information or to let us know if your contact or other personal information changes.

Principle 7 – Safeguards

McDermott + Bull protects the personal information in our possession and control by using security safeguards appropriate to the sensitivity of the information. The security safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. McDermott + Bull will protect personal information regardless of the format in which it is held. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.

The methods of protection should include:

  • Physical measures, for example, locked filing cabinets and restricted access to offices.
  • Organizational measures, for example, security clearances and limiting access on a “need-to-know” basis.
  • Technological measures, for example, the use of passwords and encryption.

McDermott + Bull employees are aware of the importance of maintaining the confidentiality of personal information. Care will be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.

To learn more regarding McDermott + Bull’s security measures and how we handle security incidents, please refer to the Security and Information Security Incident Response sections in our general Privacy Policy.

Principle 8 – Openness

This Privacy Policy is an overview of information about our policies and practices relating to the management of personal information. McDermott + Bull reviews its privacy practices regularly, and those practices are subject to change. To learn more information regarding our changes in privacy practices, please refer to the Updates + Changes to This Policy section in our general Privacy Policy.

Principle 9 – Individual Access

Upon receiving your request, McDermott + Bull will inform you of the existence, use and disclosure of your personal information and will give you access to that information. You may challenge the accuracy and completeness of your information and have it amended as appropriate. McDermott + Bull will respond within 30-days of the initial request. To submit such request, please refer to the Update + Access + Delete Your Profile section of our general Privacy Policy.

Principle 10 – Challenging Compliance

McDermott + Bull maintains procedures for addressing and responding to all inquiries or complaints from its users about McDermott + Bull’s handling of personal information. We will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. Our Privacy Officer and employees working at the Officer’s direction may seek external advice where appropriate before providing a final response to individual complaints. McDermott + Bull shall investigate all complaints. If a complaint is found to be justified, we will take appropriate measures, including, if necessary, amending our policies and procedures.

If you have any inquiries or complaints regarding the compliance with the above principles, please contact our Privacy Officer by clicking here.

Contact Us

If, at any time, you have questions or concerns about McDermott + Bull’s PIPEDA commitment, please click here to contact our Privacy Officer.

For more information regarding PIPEDA, please click here.