1.1 Crowe MacKay LLP is strongly committed to a “best practices” approach to information privacy, for the benefit of our clients, employees and others who interact with our organization.
1.2 Crowe MacKay LLP maintains offices in several jurisdictions across Canada.
1.3 In some jurisdictions across Canada, accounting firms, as organizations, will only be subject to regulation to the extent they are considered to be carrying on “commercial activity”. At Crowe MacKay LLP we have determined that it is appropriate, where practical, to treat all personal information in our organization to the highest standards applying to our organization, regardless of jurisdiction issues. Our privacy commitment is an integral part of our commitment to our clients and our employees.
2. WHY WE COLLECT USE AND DISCLOSE PERSONAL INFORMATION
2.1 We collect personal information about our individual clients for the purposes of providing professional advice and services to them. Usually the scope of advice and service is set out in detail in a formal engagement letter with our client.
2.2 As part of our client services these purposes include evaluating, monitoring and assessing the tax and accounting requirements of our clients, recommending changes to asset structures, recommending changes to liability provisions and risk management, recommending retainer of other consultants such as brokers, legal counsel, insurance agents and cross-border advisors, strategy consultations for items such as tax disputes and inter-jurisdictional arrangements.
2.3 We also collect information about individual shareholders, employees and directors of organizations in the course of providing services to our clients which are organizations. This information is collected as necessary to properly evaluate and plan the structure and activities of these organizations as mandated by our retainer with them. This information is not utilized to review or analyze the personal financial affairs of any of these individuals, unless that is the subject of a separate engagement.
2.4 If an individual client also is involved in organizations for which we are separately retained to provide services, we will use their personal information for the purpose of coordinating the collective financial affairs of the individual and these organizations, as well as cross-checking and verifying the accuracy and consistency of information relevant to both retainers.
2.5 If instructed by you, we will add individual client names and contact details to our client database, in order to allow us to send them newsletters, brochures, tax updates, details of forthcoming seminars and other materials relating to our general services. We understand that not all of our clients may wish to receive this type of material. If a client prefers that we do not send this type of material they can let us know by advising their engagement partner, and their contact details will then not be utilized in this fashion.
2.6 When we partner with others on events, registrant information is shared with co-sponsors, organizers and others in connection with the event. Please check event details for further explanation of how your information might be used.
2.7 To ensure our services meet your expectations we may send you a customer survey. Participations is completed voluntary. We will use responses received to assess and improve our services. Responses will not be shared with third parties without your consent.
2.8 We also collect information to meet legal and regulatory requirements.
3. WHAT KINDS OF PERSONAL INFORMATION WE COLLECT
3.1 We collect a wide variety of personal information in connection with our services. This information primarily relates to the financial, tax and business affairs of our clients.
3.2 In connection with our estate planning and consulting work we collect and analyze information on matters such as personal assets, family relationships, retirement savings, lifestyle intentions, the financial affairs of family members and intended beneficiaries, intended charitable giving, insurance coverage, health status and the tax status of those personal and organizations who may be impacted by the plan.
4. HOW WE COLLECT PERSONAL INFORMATION
4.1 Most of the personal information collected by us is provided directly by the individual. In some cases, information is provided to us by an organization with which the individual is associated as a director, officer or shareholder. In such circumstances, we are relying on that organization to have obtained any necessary or appropriate consents. In some instances, for example in estate planning, a client may also provide us information about other individuals (eg. spouses). Again, we are relying on our client to have obtained any necessary or appropriate consents.
4.2 Occasionally, we are provided information, with consent of our client, directly from other advisers or representatives of our client. Examples include legal counsel, brokers, bankers, insurance agents and predecessor accountants. In these circumstances, we infer that it is appropriate for us, in our best discretion, to disclose client information to these other advisers in the course of working directly with them on client projects, unless specific restrictions are imposed in the engagement letter.
4.3 Information is collected from government and regulatory bodies on instruction of and with the consent of the client.
4.4 Information is also collected from publicly available sources and as permitted by applicable law.
4.5 When you provide us with an email address, we assume we are permitted to contact you via email with respect to our services and communications, unless stated otherwise in our engagement letter.
4.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Depending on the circumstances, this may prevent us from continuing to provide services to a client.
5.1 As accountants, we are concerned with the confidentiality of the personal information entrusted to us in our engagements. Our firm adheres to the highest standards of confidentiality and abides by the accounting institute standards and ethics which apply in the various jurisdictions in which we maintain offices.
5.2 Our employees receive training and instruction in client confidentiality. All staff are required to sign a specific pledge of secrecy and independence, a copy of which will be made available on request.
6.1 As a general rule, we only disclose personal information of our clients as instructed by them. However, there are a number of exceptions. Circumstances of disclosure without consent include:
- as permitted or required by applicable law (eg. compulsion by court order; investigation of suspected fraud).
- to defend our firm in proceedings arising from statements or opinions issued by us in the course of our professional services (eg. negligence claim on an audit letter).
- to service providers in circumstances where we remain in control of the information (eg. IT outsourcing or customer surveys).
- to subcontractors who provide local expertise in other jurisdictions.
- to professional regulatory bodies, as required by legislation, rules, policies or codes governing our profession.
- between affiliated offices of Crowe MacKay LLP or local subcontractors on a need-to-know basis.
6.2 In certain circumstances, information may be stored, processed or accessed outside of Canada by us, a service provider or a local subcontractor, and such information may be subject to disclosure under the laws of other jurisdictions. These laws may not provide the same level of protection as Canadian privacy laws.
6.3 We sometimes (on client instruction) work with organizations in other jurisdictions which also represent your interests, to coordinate advice. We may need to share information with these other organizations, but only provide the necessary information.
7. PERSONAL EMPLOYEE INFORMATION
7.1 Where an individual is an employee or a candidate for employment, we consider that we have implicit consent to collect, use and disclose employee personal information in circumstances set out below.
7.2 We will only collect, use and disclose personal employee information without express consent when it is reasonable for the particular purpose of the establishment, administration, management and termination of the employment relationship. Administration of the employment relationship will include interaction with benefit providers and others in the provision of our employee benefits and pension plans.
7.3 We will disclose personal employee information to another organization in responding to a request for a reference only when you have provided specific consent for this to occur.
7.4 Personal information of employees can also be collected, used and disclosed without the individual’s consent where required or permitted by applicable law. In other circumstances, the consent of the employee will be required for any use or disclosure of their personal information.
7.5 Types of employee personal information we collect include:
- contact details;
- education history;
- employment history and references;
- Social Insurance Number for government filings;
- medical, spouse and dependent information for benefit plans and emergency contact;
- information voluntarily supplied in resumes and interviews;
- photo ID for security purposes;
- performance reviews and evaluations;
- activity logs and time reports;
- vacation and sick reports; and
- information required for professional body reporting.
8. GIVING ACCESS TO PERSONAL INFORMATION
8.1 Upon written request, we will give an individual or his or her authorized representative (an “applicant”) access to his or her personal information that is in our custody or under our control. We will also let the applicant know what the information is being used for and how and under what situations the information is being or has been disclosed by us.
8.2 If we do not have an actual record of the persons or organizations that the applicant’s personal information has been disclosed to, we will tell them who or what organizations their information may have been disclosed to.
8.3 We may require an applicant to give us evidence of his or her identity so we can ensure that the applicant has the right to access the individual’s personal information but we will only use such information for the purpose of identification and authentication.
8.4 We will act reasonably in searching for an applicant’s personal information.
8.5 We may charge an appropriate fee, when permitted, for processing the request. Information on applicable fees will be provided to an applicant.
8.6 Clients and employees may seek access to their personal information by contacting the Partner in charge at the relevant local office of the firm.
8.7 We may refuse access to all or part of an applicant’s personal information in a number of situations, including:
- the information is protected by any legal privilege;
- the disclosure of the information would reveal confidential business information and it is not unreasonable to withhold the information;
- the information was collected for an investigation or legal proceeding; or
- the information was collected by a mediator or arbitrator.
8.8 If we are reasonably able to sever the information contained in the above exceptions from a requested record, we will give access to the remainder of the information in the record.
8.9 We are required by law to refuse access to all or part of an applicant’s personal information in certain situations, including:
- the disclosure of the information could reasonably be expected to threaten the life or security of another individual;
- the information would reveal personal information about another individual; or
- the information would identify the individual who gave an opinion about another individual and the individual giving the opinion does not consent to the disclosure of his or her identity.
8.10 If we are reasonably able to sever the information contained in the above exceptions from a requested record, we will give access to the remainder of the information in the record.
8.11 We will inform the applicant if he or she will be given access to all or part of his or her personal information. If access is to be given, we will inform the applicant of when access will be given. If access to all or part of the applicant’s personal information is refused, we will inform the applicant of the reasons for refusal and the specific exception(s) to the right of access on which the refusal is based. We will also inform the applicant of the name of the person in our organization who can answer questions regarding the refusal, and of the applicant’s right to ask a Privacy Commissioner having jurisdiction for a review of our decision to refuse access.
9.1 We will ensure personal information used or disclosed by us will be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
9.2 We will update personal information about clients and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
9.3 If an individual believes that his or her personal information in our custody or under our control has a mistake in it or is missing some information, he or she may request that we correct the information.
9.4 If we decide that the information should be corrected, we will do so as soon as reasonably possible. As appropriate, we will also send the corrected information to every organization that our records show has received the wrong information.
9.5 If we decide not to correct the information, we will make a note on the individual’s personal information indicating that a correction was requested.
9.6 We will not correct or change an opinion, including a professional or expert opinion. We will make a note on the individual’s personal information indicating that a correction or change was requested.
10.1 We will use reasonable security safeguards to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction. We will protect personal information regardless of the format in which it is kept and used.
10.2 We will protect personal information using physical, administrative and technical safeguards that are appropriate to the sensitivity of the information.
11.1 We will keep personal information only as long as it remains necessary or relevant for the identified purposes, as required under normal business practices, as required by law, or as otherwise stated in retainer letters with our client.
11.2 Our current policy is to permit or consider our closed files to be destroyed any time after 6 years have passed since the file was closed, unless the nature of the file or the engagement circumstances would require otherwise, in our reasonable discretion.
11.3 We will maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. We will destroy, erase or make such information anonymous.
12. PROCEDURE FOR HANDLING COMPLAINTS
12.1 An individual who believes that our organization has not complied with this Policy has the right to make a written complaint about the matter to our organization. We will use our internal compliant handling procedure to investigate and attempt to resolve the matter. Our internal complaint handling procedure is as follows:
- a complaint in writing is made to the Chief Privacy Officer;
- the Chief Privacy Officer conducts an internal review, consulting with the engagement partner and other representative as appropriate; and
- the Chief Privacy Officer will provide a written response to the individual usually within 45 days.
12.2 An individual always has the right to make a complaint to a Privacy Commissioner having appropriate jurisdiction or to ask the Commissioner to review a decision we have made. However, individuals are encouraged to use our internal complaint handling procedure first.
12.3 We will make our complaint handling procedure readily accessible to individuals. We will provide brochures or include information on our website about how to lodge a complaint, the time within which a complaint will normally be handled, and the fact that complaints will be handled by an officer of our organization with appropriate authority to deal with the complaints.
12.4 We may decide not to investigate a complaint if:
- the complaint relates to an act or practice that is not a possible breach of the privacy requirements;
- the complaint relates to an act or practice that is no longer reasonably able to be investigated because of the length of time since it occurred;
- the act or practice relates to an event which occurred prior to the organization being subject to this Policy;
- the complaint is trivial, frivolous or vexatious; or
- the complaint relates to an act or practice that is the subject of court proceedings that have commenced or are intended to be commenced.
12.5 With the exception of complaints that we have decided not to investigate we will investigate and respond to all complaints within a reasonable period of time (usually, within 30 days). If the complaint is found to be justified, we will take appropriate steps to resolve the complaint including, if necessary, amending our policies and procedures (or this Policy).
12.6 A complainant will be expected to provide sufficient details of how the complaint arose, including the identification of the parties involved, if known, copies of any relevant documentation and reasons why the complainant believes his or her privacy may have been breached.
13. MONITORING/REVIEWING THE OPERATION OF THE CODE
13.1 We will monitor compliance with this Policy. Our Chief Privacy Officer will review this Policy annually to ensure that the Policy is still serving its stated purposes; that it is being complied with; that the internal complaint handling procedure is still effective; and to determine if there are any amendments that should be made to improve the operation of the Policy.
14. PRIVACY OFFICER
14.1 Our Chief Privacy Officer can be contacted as follows:
Crowe MacKay LLP
705 Highfield Place 10010 106th Street
Edmonton, AB T5J 3L8
Stay Connected. Sign up to receive our quarterly newsletter, important tax and financial insights, specialized reports and bulletins.
Our Clients Speak
"...We are continually impressed with their knowledge, professionalism, and interest in our business. Hiring a great accountant is an important part of growing a successful business and we've made a very good choice."Justin Archer Managing Director, Berlin Advertising and Public Relations