The Rules of Professional Conduct and related Council Interpretations of the Chartered Professional Accountants of Ontario require that CPAs and staff maintain the confidentiality of client and former client information, as well as the confidentiality of Firm information, except in rare and specific circumstances.
Organizations that collect, use and/or disclose personal information in the course of commercial activities must comply with the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) set out by the Canadian government. PIPEDA gives you rights concerning the privacy of your personal information. Personal information is information about an identifiable individual. It includes information such as age, income, opinions, home location and family but does not include the name, title, business address or telephone number of an employee of an organization.
Principle 1 — Accountability
GMCPA is responsible for personal information under his control and has designated a Privacy Officer to be accountable for our organization’s compliance with the following principles.
Principle 2 — Identifying Purposes
The purposes for which personal information is collected shall be identified at or before the time the information is collected. Presently, GMCPA collection and use of personal information about clients is primarily for the purpose of providing professional services. Each engagement letter includes an explanation of why GMCPA requires the information and with whom it may be shared to provide professional services.
The collection and use of personal information about clients, prospective clients and contacts may also occur from time to time for the purpose of sending non-client specific information.
Any new purposes will be identified prior to their use. Your consent will be obtained for the new uses, except where such uses are required by law, including collection during an investigation.
Principle 3 — Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Every GMPCPA professional services engagement is documented by an engagement letter, which includes a discussion about how CMCPA may use and disclose your personal information. By signing the engagement letter, the client will be providing its consent to the collection, use and disclosure as described in the engagement letter
Certain types of information may automatically be collected when you visit this website and through emails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses and “cookies”:
IP Address – An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes.
The collection of this automated information will allow us to better understand and improve our website.
Principle 4 — Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by us in discharging our professional responsibilities and conducting our business. Information shall be collected by fair and lawful means.
Principle 5 – Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.
Reasonable efforts will be made to retain personal information only for the time the information is necessary to comply with an individual’s request or until that person asks deletion of the information.
Principle 6 — Accuracy
Personal information that we manage shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used. If any of your personal information changes, we require details of those changes for our own uses and for the uses of third parties to whom such information is disclosed.
Principle 7 - Safeguards
Reasonable security policies and procedures have been adopted to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite my best efforts, I cannot be absolutely guarantee security against all threats. To the best of my ability, access to your personal information is limited to authorized parties. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Principle 8 – Openness
Upon reasonable request, GMCPA will make available to individuals’ specific information about its policies and practices relating to the management of personal information. Any requests for said information shall be made as follows:
Giacomo Meggetto, CPA
51 Kaiser Dr.
Principle 9 – Individual Access
Upon request, you will be informed of the existence, use, and disclosure of your personal information and will be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 — Challenging Compliance
The Privacy Commissioner of Canada
112 Kent Street
Canada K1A 1H3