Personal Information Protection Policy

Apostrophe Accounting recognize that our clients are the heart of our business. Our commitment to our clients, partners, sub-contractors and others is to continuously respect and protect the privacy and confidentiality of personal and business information that is entrusted to us in the course of rendering services. As a member of the Certified Professional Accountants Ontario (CPA), we are governed by the Code of Professional Conduct of the CPA. These rules have governed our practice in the past, and will continue to guarantee the privacy and confidentiality of your personal information. 

We will inform our clients of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances. Our firm shall make readily available to our clients and sub-contractors information about the policies and practices relating to the management of their information. 

Apostrophe Accounting’s privacy policy, in compliance with the Personal Information Protection and Electronic Documents Act PIPEDA, outlines the principles and practices we will follow in protecting clients’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’ personal information and allowing our clients to request access to, and correction of, their personal information. 

Scope of this Policy 

This Personal Information Protection Policy applies to Apostrophe Accounting and its sub-contractors. This policy also applies to any service providers collecting, using or disclosing personal information on behalf of Apostrophe Accounting. 

Definitions 

Personal Information –means information about an identifiable individual [E.g. name, birth date, home address and phone number, social insurance number, income, financial information]. Personal information does not include contact information (described below). 

Business Information –means information about an identifiable business [E.g. business name, corporation number, business number, business income, financial information]. Business information is covered in this policy but not by PIPEDA. 

Contact information – means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number. Contact information is not covered by this policy or PIPEDA. 

Privacy Officer – means the individual designated responsible for ensuring that Apostrophe Accounting complies with this policy and PIPEDA. 

Policy 1) Accountability 

1.1 Apostrophe Accounting is accountable for personal information under its control that we receive from, for example, individual clients, partners and sub-contractors, as well as individuals’ personal information that we may receive indirectly, for example, through corporate and government clients. 

1.2 Apostrophe Accounting is also responsible for personal information under our control that is disclosed to third parties for processing or other administrative functions. 

Policy 2) Collecting Personal Information & Identifying Purposes 

2.1 Unless the purposes for collecting personal information are palpable and the client voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection. 

2.2 Your personal information may be disclosed internally and with other affiliated companies in order to allow us to offer services or products that may be of interest to you. Personal information may also be shared internally for the purpose of determining compliance with applicable professional standards, our internal policies, or in the performance of quality reviews. 

2.3 We collect and use personal and business client information that is necessary to fulfill the following purposes

• To verify identity;
• To verify creditworthiness;
• To open and manage an account
• To deliver requested products and services
• To enrol the client in a program;
• To ensure a high standard of service to our clients;
• To assist us in providing services pertaining to the preparation of financial statements;
• For the preparation of your taxation and other returns as required for various governmental and other regulatory purposes;
• To advise you on specialized areas of taxation, personal financial planning, estate planning, business and succession planning, valuation and other business and personal advisory services;
• To understand your needs and determine the suitability of other services we may be able to offer you.

Policy 3) Consent 

3.1 We will obtain client consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent). By providing us with your personal information for the purposes listed, you have implied consent to our collection and use of the information for those purposes. 

3.2 Consent can be provided orally or in writing or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the client voluntarily provides personal information for that purpose. 

3.3 With respect to personal information that you provide for preparation of specific forms and for your taxation and other returns, you consent to our transmitting such personal information to the appropriate governmental regulatory authorities. 

3.4 Clients have the right to withhold or withdraw their consent for Apostrophe Accounting to use their personal information. A client’s decision to withhold or withdraw their consent to certain uses of personal information may prohibit or adversely affect our ability to provide services or complete our professional engagement. If so, we will explain the situation to assist the client in making the decision Policy 

4) Limiting Collection 

4.1 We will limit the collection of personal information to that which is necessary for the purpose(s) which we will identify prior to or at the time of collection. All information will be collected by fair and lawful means. 

Policy 5) Limiting Use and Disclosure of Personal Information 

5.1 We will only use or disclose client personal and business information where necessary to fulfill the purposes identified at the time of collection 

5.2 We will not use or disclose client personal and business information for any additional purpose unless we obtain consent to do so. 

5.3 We will not sell client lists or personal information to other parties. 

5.4 We may use or disclose personal or business information without consent in the following limited circumstances:

• When the collection, use or disclosure of personal information is permitted or required by law (i.e. a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction) or to comply with codes of conduct required by regulatory bodies
• For the purposes of collecting a debt, obtain legal advice from a lawyer
• To an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs. 

5.5 In the course of rendering our services, you may disclose to us personal information that you have collected regarding your sub-contractors, customers and other parties. We assure and commit to you that this information will be kept private and confidential and will not be released to any third party, other than as may be required by law, unless we first obtain consent. 

Policy 6) Retaining Personal Information 

6.1 We will retain client personal and business information for at least one year so that the client has a reasonable opportunity to request access to it. 

6.2 Subject to policy 6.1, we will retain client personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose. 

Policy 7) Ensuring Accuracy of Personal Information 

7.1 We will make reasonable efforts to ensure that client personal information is accurate, complete and up-todate as necessary to fulfill the purpose(s) for which it is to be used. 

7.2 Clients may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. 

Policy 8) Securing Personal Information 

8.1 We are committed to ensuring the security of client personal and business information appropriate to the sensitivity level of the information. Our partners and sub-contractors are trained to know and respect our privacy policy, and compliance with our policies and procedures for protecting personal information is a condition of their contract. 

8.2 The following security measures will be followed to ensure that client personal information is appropriately protected: 

• Physically securing office where personal information is held
• The use of industry standard security tools and practices and clearly defined internal policies and practices.
• We will use appropriate technologies, and maintain high security standards to ensure the protection of your information. While we make every attempt to utilize up to date technology to protect your personal information when it is transmitted electronically, you should be aware that no electronic transmission is guaranteed to be completely secure
• Restricting employee access to personal information only to those requiring the information 
• Contractually requiring any service providers to provide comparable security measures 

8.3 We will use appropriate security measures when destroying client’s personal information such as shredding documents and deleting electronically stored information. 

8.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security. 

Policy 9) Providing Clients Access to Personal Information 

9.1 Clients have a right to access their personal information, subject to limited exceptions. 

9.2 A request to access personal information or correct information as necessary must be made in writing and provide sufficient detail to identify the personal information being sought. 

9.3 Upon request, we will also tell clients how we use their personal information and to whom it has been disclosed if applicable. 

9.4 We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. 

9.5 A minimal fee may be charged for providing access to personal information. Where a fee may apply, we will inform the client of the cost and request further direction from the client on whether or not we should proceed with the request. 

9.6 If a request is refused in full or in part, we will notify the client in writing, providing the reasons for refusal and the recourse available to the client. 

9.7 We are committed to maintaining accurate information, and urge you to notify us promptly of any changes in your personal information. 

Policy 10) Questions and Concerns: The Role of the Privacy Officer or Designated Individual 

10.1 The Privacy Officer or designated individual is responsible for ensuring Apostrophe Accounting’ compliance with this policy and the Personal Information Protection Act. 

10.2 Clients should direct any complaints, concerns or questions regarding Apostrophe Accounting’ compliance in writing to the designated individual. The designated individual will respond to questions relating to privacy and attempt to resolve all complaints. If necessary a complete investigation of your complaint will been undertaken and the findings will be reported to you in most cases within 30 days. If the designated individual is unable to resolve the concern, individuals may contact the Information and Privacy Commissioner of Ontario. 

Protecting your privacy is as important to us as it is to you. If you have any questions or concerns about your privacy and our role protecting it, please contact the Apostrophe Accounting designated individual at privacy@apostropheaccounting.ca or at (289) 335-0399.