PRIVACY POLICY

Effective Date: April 13, 2026

1. Introduction

Zamani Advocates ("we," "us," "our," or "the Firm") is committed to protecting the privacy of personal information entrusted to us. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Health Information Protection Act, 2004 (PHIPA) where applicable, the Law Society of Ontario's Rules of Professional Conduct, and other applicable privacy laws.

This Privacy Policy applies to personal information collected through our website at [www.zamaniadvocates.ca] (the "Website") and through our provision of legal services.

2. Accountability

The Firm is responsible for personal information under its control. However, the Firm cannot guarantee absolute security of personal information shared over the internet.

3. Personal Information We Collect

We may collect personal information in the course of providing legal services and operating the Website, including:

(a) Information you provide directly: your name, contact details (address, telephone, email), identification documents (for client intake and "know your client" requirements under By-Law 7.1 of the Law Society of Ontario), billing and payment information, information relating to your legal matter, and any other information you choose to share with us.

(b) Information about others: in the course of representing clients, we may receive personal information about parties adverse in interest, witnesses, beneficiaries, or other individuals relevant to a matter.

(c) Information collected automatically through the Website: IP address, browser type and version, device identifiers, pages visited, date and time of access, referring URL, and similar technical information, collected through cookies, server logs, and analytics tools (including, where applicable, [Google Analytics / Squarespace Analytics / other]).

(d) Personal health information: where relevant to a legal matter (for example, in employment, insurance, or similar files), we may receive personal health information about a client or a third party. Such information is handled in accordance with Section 9 below.

4. Purposes for Which We Collect Personal Information

We collect, use, and disclose personal information for purposes identified at or before the time of collection, including:

(a) providing legal advice and representation;

(b) communicating with clients, prospective clients, opposing parties, courts, tribunals, and other persons in connection with legal matters;

(c) conducting conflict checks and complying with client identification and verification obligations imposed by the Law Society of Ontario;

(d) billing, accounting, and collecting fees;

(e) complying with applicable law, court orders, regulatory requirements, and the Rules of Professional Conduct;

(f) responding to inquiries submitted through the Website;

(g) administering, maintaining, and improving the Website; and

(h) other purposes to which you have consented.

5. Consent

We obtain consent to the collection, use, and disclosure of personal information in a manner appropriate to the sensitivity of the information. Consent may be express or implied, depending on the circumstances and the information involved.

By retaining the Firm, or by providing personal information to the Firm, you consent to the collection, use, and disclosure of that information for the purposes set out in this Privacy Policy, and as otherwise authorized or required by law.

You may withdraw consent at any time, subject to legal and professional restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide legal services to you. To withdraw consent, please contact our Privacy Officer.

6. Use and Disclosure of Personal Information

We use personal information only for the purposes identified at the time of collection or for purposes reasonably compatible with those purposes. We do not sell personal information.

We may disclose personal information:

(a) to the Firm's lawyers, law clerks, paralegals, articling students, and employees who require access for the purposes identified above;

(b) to third-party service providers (including cloud-storage providers, document-management providers, IT service providers, accounting services, couriers, and process servers), under contractual obligations of confidentiality and security;

(c) to opposing counsel, courts, tribunals, or other parties as necessary in connection with a legal matter and as authorized by the client;

(d) to regulatory and law-enforcement authorities where required or permitted by law, including pursuant to subpoena, court order, or an investigation by the Law Society of Ontario;

(e) to successors in the event of a merger, reorganization, or sale of all or part of the practice, subject to appropriate confidentiality protections; and

(f) with your consent.

Personal information may be stored or processed in jurisdictions outside of Ontario or Canada (for example, through cloud-based service providers). In such cases, the information may be subject to the laws of those jurisdictions, including lawful access by government authorities.

7. Limiting Collection

We collect only the personal information that is necessary for the purposes identified. Information is collected by fair and lawful means.

8. Retention

Personal information is retained only as long as necessary to fulfill the purposes for which it was collected, to comply with applicable legal, regulatory, and professional obligations (including the Law Society of Ontario's record-retention requirements), and to establish, exercise, or defend legal claims.

Closed client files are generally retained for a minimum of [7–15] years from the date of closure, consistent with Law Society of Ontario guidance and applicable limitation periods, after which they are securely destroyed or anonymized, except where longer retention is required or appropriate.

9. Personal Health Information (PHIPA)

Where Zamani Advocates receives personal health information ("PHI") from a health information custodian in the course of a legal retainer, the Firm acts as a recipient (and, where applicable, an agent) subject to Section 49 of PHIPA. In such cases:

(a) PHI is used and disclosed only for the purposes for which it was disclosed to the Firm, or as otherwise permitted or required by law;

(b) PHI is protected against theft, loss, and unauthorized use, disclosure, copying, modification, or disposal through physical, technical, and administrative safeguards appropriate to its sensitivity;

(c) PHI is retained only for as long as necessary to carry out the purposes of the retainer and as required to comply with applicable law and professional obligations;

(d) the Firm does not use or disclose PHI for any purpose other than that for which it was disclosed, except as permitted or required by PHIPA or other applicable law.

Where the Firm acts in a role that would make it a health information custodian, it will comply with all applicable obligations under PHIPA.

10. Safeguards

We protect personal information through physical, organizational, and technological security safeguards appropriate to its sensitivity, including:

(a) restricting access to personal information to authorized personnel on a need-to-know basis;

(b) secure storage of paper files;

(c) encryption, access controls, and secure passwords for electronic information;

(d) confidentiality obligations imposed on all lawyers, staff, and service providers; and

(e) secure destruction of personal information when no longer required.

Notwithstanding these safeguards, no method of transmission or storage is completely secure. You should not transmit sensitive or confidential information to the Firm through unsecured electronic channels.

11. Accuracy

We take reasonable steps to ensure that personal information is accurate, complete, and current to the extent necessary for the purposes for which it is used. You are responsible for providing accurate information and for informing us of any changes.

12. Access and Correction

Subject to certain exceptions permitted or required by law (including solicitor-client privilege, litigation privilege, and information about third parties), you have the right to:

(a) request access to personal information the Firm holds about you;

(b) be informed of the existence, use, and disclosure of that information; an

(c) request correction of inaccuracies or completion of incomplete information.

To make such a request, please contact the Privacy Officer in writing. We will respond within the time periods required by applicable law. There may be a reasonable cost-recovery charge for providing access, which will be communicated to you in advance.

13. Website, Cookies, and Analytics

Our Website uses cookies and similar technologies to enable functionality, remember preferences, and analyze traffic. Cookies are small data files stored on your device.

You can configure your browser to reject cookies or alert you when cookies are being set. Disabling cookies may affect the functionality of the Website.

We may use [Google Analytics / Squarespace Analytics / other analytics tools] to collect aggregate information about Website use. These services may set their own cookies and process information under their own privacy policies.

14. Links to Third-Party Websites

The Website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party websites you visit.

15. Breach Notification

In the event of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada, and (where applicable to PHI) the Information and Privacy Commissioner of Ontario, in accordance with applicable law.

16. Challenging Compliance

If you have questions, concerns, or complaints about the Firm's handling of personal information or compliance with this Privacy Policy, please contact the Privacy Officer at the address above. We will investigate all complaints and respond within a reasonable time.

If you are not satisfied with our response, you may contact:

Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3 Telephone: 1-800-282-1376 Website: www.priv.gc.ca

For complaints involving personal health information in Ontario:

Information and Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Telephone: 1-800-387-0073 Website: www.ipc.on.ca

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top of this Policy indicates when it was last updated. Material changes will be brought to your attention through a notice on the Website. Your continued use of the Website or continued provision of personal information after the Effective Date constitutes acceptance of the updated Policy.

18. Contact

Zamani Advocates — dylan@zamaniadvocates.com