PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA)
The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how all private sector organizations in Ontario handle personal information of clients, employees, and other. Personal information is defined as information that can identify an individual and information about an identifiable individual.
GENERAL DATA PROTECTION REGULATION (GDPR)
For any of our clients or partners with operations in Europe, we ensure we abide by the General Data Protection Regulation with respect to the transfer of data inside and outside of Europe.
WHAT INFORMATION WE COLLECT AND WHY
We need our clients to provide us with all the relevant facts and information related to our engagement. This information will include personal information about our clients and about other individuals with whom our clients conduct commercial transactions.
CONSENT FOR COLLECTION, USE, AND DISCLOSURE
Unless permitted by law, either before or when we collect personal information, we will obtain consent, explain how we intend to use the information, and will obtain consent if we wish to use personal information for any other purpose. We will limit the personal information we collect to what we need for the purposes for which we collected the information, and we will use the information only for those purposes. We do not sell any information about our clients or other individuals about whom we have obtained personal or other information. We only disclose personal information to others:
PROTECTION OF INFORMATION
Our client files are accessible by all staff electronically and in hard copy. Every member of our firm has been trained on and is committed to our privacy policies and procedures to safeguard personal information.
In accordance with professional regulations, our client files must periodically be reviewed by provincial practice inspectors and by other firm personnel to ensure that we have adhered to professional and firm standards. File reviewers are required to maintain confidentiality of client information.
Our firm is a registrant with the Canadian Public Accountability Board (“CPAB”). Registration with these bodies is required in order to, after March 30, issue audit opinions for publicly listed companies in Canada CPAB requires under their terms of registration to have access to our client files and engagement personnel in the conduct of their practice review and oversight mandates. Accordingly, file information where requested by CPAB will be made available for review and staff and partners of our firm will provide information and where required, give testimony or evidence relating to engagement information and knowledge.
Such information would otherwise be restricted from disclosure under professional rules of confidentiality or under privacy legislation and firm policy. Information obtained from our files and personnel by CPAB may be referred or disclosed to other regulatory bodies and professional bodies which may in turn be used by them in investigations, disciplinary actions and where appropriate, legal or securities related proceedings.
SECURITY AND RETENTION
In recognition of our professional and legal obligations to protect our confidential client information, we have made arrangements to protect against unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction of personal information.We will retain client personal information for a reasonable time period as required by the CPAO’s, CPA Code of Professional Conduct and the terms of our professional liability insurance policy. When no longer required, client personal information will be disposed of in a secured manner.
Our website is not secure. This is because we do not collect, use or disclose personal information through our website. We expressly warn and require individuals not to disclose personal information through our website. If an individual chooses to disclose personal information through our website, that individual does so at his/her own risk.
Our website may present links to other websites. Segal LLP is not responsible for how other parties, through the operation of these other websites, collect, use or disclose personal information. The use and/or privacy protection provided by the operator of a linked website is in no way subject to our firm’s privacy policies or practices.
REQUEST FOR ACTION AND CORRECTION
Individuals have the right to ask, in writing, for access to their own personal information in the custody or under the controls of our firm as permitted under PIPEDA. We will respond to any such requests in accordance with our obligations under PIPEDA. If we are not able to provide access to personal information we have about an individual, we will explain the reason why.
PIPEDA also allows individuals to request in writing for our firm to correct errors or omissions. While we will make every reasonable effort to keep personal information accurate, we will correct any factual error or omissions and, where we feel it is appropriate, inform other organizations to which we have disclosed the incorrect information. If we determine there is no factual error or omission, we will annotate the record with the record that a correction was requested but not made.
Privacy Officer, Segal LLP Chartered Professional Accountants
4101 Yonge St., Suite 502
Toronto, Ontario M2P 1N6
Phone: 416 391 4499
Updated: January 2020