Principle 1 – We Are Accountable For The Personal Information In Our Possession.
Principle 2 – DM will inform you why we are collecting your personal information when the information is collected.
In most instances, DM will collect, use or disclose personal information only to provide professional services to you. Each engagement letter, by reference to the policies in this document, includes an explanation of why we require information, what use will be made of it and with whom it may be shared in order to provide our professional services.
Your personal information may be disclosed internally for the purpose of providing professional services to you, determining compliance with applicable professional standards, DM internal policies, or in the performance of quality reviews. Personal information may also be shared internally in order to allow us to offer services or products that may be of interest to you.
In accordance with professional standards, if you are an audit or attest client, personal information may be shared with the DM audit or attest engagement team and other DM personnel so that it may be used in the audit or attest engagement.
Principle 3 – DM will collect, use or disclose personal information about you only with your informed consent.
How Will We Ask for Consent?
Client Personal Information
What happens if you choose not to give us your consent? What if you withdraw your consent at a later date?
You always have the option not to provide your consent to the collection, use and distribution of your personal information, or to withdraw your consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to provide you with our services.
Principle 4 – DM limits the amount and type of personal information we collect.
We will limit, where possible, the collection of client personal information to that which is required to provide our services or operate our business.
Such personal information we might collect could include
- home addresses
- home telephone numbers including unlisted
- email address
- personal identification numbers (e.g., social insurance numbers, credit card numbers)
- all or part of your financial circumstances
- personnel information (e.g., employment history, references to criminal records)
- information linked to the type of client, for example:
- information in medical records (with respect to organizations such as hospitals or medical practices)
- information related to race, religion, sexual preference, receipt of welfare or subsidized housing (with respect to various types of not-for-profit and government entities)
- source data in claims and in-force databases (with respect to insurance companies)
- tenant information (with respect to residential lending companies)
- Medical advisors
- Circumstances and state of living arrangements
- Insurance agent(s)
- Bankers/financial advisors
- Other accountants
- Trade union affiliation
- Business interests
- Beneficiary information/instructions after death
- Financial transactions
- Information contained in wills
Principle 5 – DM will use and disclose your personal information only for the purposes for which we have your consent. We will keep personal information only as long as necessary to accomplish these purposes.
Use of Personal Information
If we intend to use your personal information for a purpose not previously identified to you, we will obtain your prior consent.
However, we may use personal information without consent where for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual. We may also disclose personal information without consent:
- to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies
- to a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law
- to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs
- for the purpose of communicating with the next of kin or authorized representative of an injured, ill or deceased individual. However, if the individual is alive, the organization must inform the individual without delay in writing of the disclosure;
- Clause 6(10) of the Digital Privacy Act allows disclosure without consent to another organization – for example, from one business to another – in order to investigate a breach of an agreement or a contravention (or anticipated contravention) of a federal or provincial law where it is reasonable to expect that obtaining the consent from the individual for the disclosure would compromise the investigation;
- to a government institution or to the individual’s next of kin or authorized representative if there are reasonable grounds to believe that the individual has been the victim of “financial abuse,” and where it is reasonable to expect that obtaining the consent from the individual for the disclosure would compromise the ability to prevent or investigate the abuse.
- in connection with business transactions, provided certain conditions are met. Business transactions are defined and include, for example, the sale of a business, a merger or the lease of a company’s assets. Organizations that are parties to a prospective business transaction can only use and disclose the personal information if it is necessary to decide whether to proceed with or complete the transaction. In addition, the organization receiving personal information must enter into an agreement to use or disclose the information for the sole purpose of the transaction, to protect it, and to return or destroy the information if the transaction does not proceed. If the transaction is completed, the parties have to enter into an agreement to limit the use or disclosure of the information to the purposes for which it was collected, to protect it, and give effect to any withdrawals of consent. In addition, the information must be necessary for carrying on the activity that was the object of the transaction and individuals must be notified their personal information has been transferred to a new owner.
- for personal information exempted under privacy legislation and regulation.
Retention of Personal Information
In compliance with professional standards, we keep a record of the work performed by us. This record, or “working papers” may include personal information. Working papers are safeguarded against inappropriate access, as discussed under Principle “7”.
Principle 6 – DM will endeavor to keep accurate the personal information in our possession or control.
In order to provide you with a professional level of service, the personal information that we collect about you must be accurate, complete and current. From time to time, you may be asked to update your personal information. You are encouraged to advise us of any changes to your personal information that may be relevant to the services we are providing to you.
Clients are encouraged to contact their engagement partner to update their personal information.
Principle 7 – DM protects your personal information with safeguards appropriate to the sensitivity of the information.
We protect your personal information by using physically secure facilities, industry standard security tools and practices, and defined internal policies and practices. Security measures are in place to protect the loss, misuse and alteration of the information under our control. Personal information collected is stored in secure operating environments that are not available to public access. To prevent unauthorized electronic access to personal information, we maintain information collected in a secure environment.
Principle 8 – DM will be open about the procedures used to manage your personal information.
Principle 9 – At your request, DM will advise you of what personal information we have in our possession or control about you, what it is being used for, and to whom and why it has been disclosed.
As a client, you have the right to review and obtain a copy of your personal information on record in our offices by contacting your engagement partner in writing.
In most instances, you will receive a response to your request within 30 days. If you have any concerns about the access provided to you, you are encouraged to contact our Privacy Officer at firstname.lastname@example.org or at (519) 673-3141.
Principle 10 – DM will use a secure electronic portal to send and receive documents with clients. The terms and conditions of the portal use will be made clear to you upon your first login.
DM provides a Client Portal (secure internet site) to permit secure electronic transfer of documents between the client and DM, as well as ongoing access to certain documents maintained by DM. DM has the sole discretion to decide what types of documents can be uploaded or viewed on the Client Portal. Client login information allows viewing of materials related to its relationship with DM, and provides no ability to view materials for any other party.
DM will use its best efforts to make the Client Portal secure from unauthorized access. The Client Portal will adhere to industry best practices to encrypt and maintain private and confidential communications between the Client’s end user device and the Client Portal server. However, the client recognizes that no completely secure system for electronic data transfer has yet been devised. DM makes no warranty, express or implied, regarding the efficacy of the security of the client portal and shall never be liable for any claimed actual or consequential damages arising from any breach or alleged breach of security of the client portal.
DM will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.
To challenge compliance with this Policy, please forward your concerns in writing to our Privacy Officer. The Privacy Officer will ensure that a complete investigation of your complaint has been undertaken and will report their findings to you in most instances within 30 days.
We know that protecting your privacy is important to you. That is why it is so important to us. If you have any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at email@example.com or at (519) 673-3141.
Principle 12 – DM’s Online Calculators
DM requests user information (‘Registration’) for the sole purpose of confirming and approving valid users prior to use of our online calculators. The data is securely collected and stored as noted in the above principles. DM will not sell or share your data with third parties, use your data for any other purpose other than stated here and we will not use the information to contact you for any reason.