2.1 Identifying the purpose of use
MMS identifies the purposes for which it collects personal information from clients before it is collected.The firm collects personal information from clients and uses and discloses such information only to provide the professional services that the client requested. The types of information that may be collected for this engagement, and the purposes for which it is collected, are set out in this Policy.We collect Your IP address for the purposes of system administration, including diagnosis of problems with the firm’s server and administration of the firm’s website. All information collected will be done in a fair and lawful manner.
2.2 Obtaining your consent
MMS obtains a client’s consent before collecting personal information from that client.The Terms and Conditions of every professional services engagement are documented in each Engagement Letter. These Terms and Conditions include an explanation about how MMS Accounting & Bookkeeping Services may use and disclose your personal information. By signing the engagement letter, you will be providing your consent to the collection, use and disclosure described in the Terms and Conditions.
Such personal information could include:
- Home & work addresses
- Home, work, & cell phone numbers
- Personal identification numbers (e.g., social insurance numbers, credit card numbers)
- Financial information (credit ratings, payroll information, personal debts)
- Personal information (e.g., employment history, references to criminal records)
- Information linked to the type of client, for example:
- Information in medical records (with respect to organizations such as hospitals or medical practices)
- Information related to race, religion, sexual preference, receipt of welfare or subsidized housing (with respect to various types of not-for-profit and government entities)
- Source data in claims and in-force databases (with respect to insurance companies)
- Personal information of customers, employees and others having dealings with the company
2.2 Obtaining your consentEmployment candidates will also be advised of the purposes for which their personal information is being collected and you will be provided an opportunity to consent to the collection, use and disclosure as described.
What happens if you choose not to give us your consent? What if you withdraw your consent at a later date?
You always have the option not to provide your consent to the collection, use and distribution of your personal information, or to withdraw your consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to provide you with our services.
2.3 Limiting collection, use, and disclosure of Personal Information
The firm uses or discloses personal information only for purposes for which it has consent, or as required by law. We may also disclose personal information without consent:
- To comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies. It is important to note that accounting firms are not protected by client/solicitor privileges.
- To a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law.
- To an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.
2.2 Obtaining your consentAs required by professional standards, rules of professional conduct and regulation, the firm documents the work it performs in records, commonly called “working paper” files. Such files may include personal information obtained from a client. Working papers are safeguarded against inappropriate access, as discussed under guiding principle “2.5”.
We also use it to enable us to provide you through various channels with information that we believe are of interest to you. This includes such matters as:
- New services we provide,
- Conferences and other professional development courses we hold,
- Notice of changes in the law or accounting practices that may be of interest to you, and
- Other professional or business developments.
If you do not wish to receive such information, you may opt out by sending an email to firstname.lastname@example.org
or by advising your MMS contact and we will discontinue sending you information other than in regard to your account.
The firm retains personal information only as long as necessary to fulfill its purposes.
Working paper files and other files containing, for example, copies of personal tax returns are retained for the time period required by law and regulation or for the time period as specified in the firm’s retention of client information policy.
The firm regularly and systematically destroys, erases, or makes anonymous personal information no longer required to fulfill the identified collection purposes, and no longer required by laws and regulations.
The personal information collected from a client during the course of a professional service engagement may be:
- Shared with the firm’s personnel participating in such engagement;
- Disclosed to partners and team members within the firm to the extent required to assess compliance with applicable professional standards and rules of professional conduct, and the firm’s policies, including providing quality control reviews of work performed;
- Provided to members of the organization’s audit committee and board of directors, and others in the company that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit
2.4 Providing access and accuracy
Subject to legal requirements provided by the Privacy Act or the Access to Information Act, the firm will respect your right of access to your Personal Information by informing you of its procedures and requirements for responding to your request for access. MMS will act diligently to give you access, at minimal or no cost wherever possible. In certain exceptional circumstances, MMS may not be able to give you access to your Personal Information. For example, some Personal Information banks may contain references to other persons or to the firm’s proprietary information.
You can challenge the accuracy of your Personal Information and request corrections if you believe there are errors or omissions. You may also require in certain circumstances that an annotation be attached to your Personal Information reflecting any correction requested but not made, or that such annotation or correction be notified to certain individuals. Clients are encouraged to contact the firm’s engagement contact in charge of providing service to them to update their personal information.
The firm will take all reasonable steps to ensure Personal Information used on an ongoing basis is as accurate, up-to-date, and complete for the purposes in which it was collected; MMS will rely on you to inform it of any required corrections.
The firm protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.
Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Firm employees are authorized to access personal information based on client assignment and quality control responsibilities.
Authentication is used to prevent unauthorized access to personal information stored electronically. Encryption is used to prevent unauthorized access to personal information received or sent over the internet.
2.6 Responding to your privacy concerns
The firm will respond to your questions and investigate diligently any complaints with respect to your Personal Information.
2.7 Complying with applicable privacy legislation
Your, and the firm’s rights and obligations regarding privacy are governed by applicable legislation in Canada. The application and interpretation of this Policy and of our guiding privacy principles are subject to and will comply with such legislation.