Intent of Policy
The firm will take measures to ensure the protection of all personal information in its possession or control to the same extent that it uses to protect its own private and proprietary information. This includes any personal information that the firm received directly from clients who are individuals, or indirectly, through clients that are organizations (e.g., corporations, government entities, not-for-profit organizations).
The firm has:
- established and put into effect policies and procedures aimed at properly protecting personal information;
- appointed its Practice Leader as its Chief Privacy Officer to oversee privacy issues at the firm.
Collection of Personal Information
The firm collects personal information from clients and uses and discloses such information, only to provide the professional services that the client has requested. The firm collects only that personal information that is required to perform its professional services and operate its business, and such information is collected by fair and lawful means.
The personal information collected from a client during the course of a professional service engagement may be:
- shared with the firm’s personnel participating in such engagement;
- disclosed to partners and employees within the firm to the extent required to asses compliance with applicable professional standards and rules of professional conduct, and the firm’s policies, including providing quality control reviews of work performed;
- disclosed to members of the organization’s audit committee and board of directors, and others in the company that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit; and
- provided to external professional practice inspectors (e.g., representatives of the Society of Management Accountants), who by law, professional regulation, or contract have the right of access to the firm’s files for inspection purposes.
Before the firm undertakes a professional services engagement, it requires the prospective client to sign an engagement letter or contract. By signing the engagement letter or contract, the client provides its agreement that proper consents to the collection, use and disclosure of personal information as set out in the letter have been or will be obtained (the consent of the individual is the responsibility of the client not the auditor).
Records & Working Papers
As required by professional standards, rules of professional conduct and regulation, the firm documents the work it performs in records, commonly called working paper files. Such files may include personal information obtained from a client. Working paper files and other files containing, for example, copies of personal tax returns are retained for the time period required by law and regulation, including Rules of Professional Conduct.
The firm endeavours to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected. Certain customer and other information is used to conduct our work and needs to be accurate to be relied upon, as a result, updating the information is encouraged on an annual basis.
The firm protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information. Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Partners and employees are authorized to access personal information based on client assignment and quality control responsibilities. Authentication is used to prevent unauthorized access to personal information stored electronically.
For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), the firm obtains appropriate assurance to affirm that the level of protection of personal information by the third party meets or exceeds that of the firm.
Disclosure of Personal Information
The firm uses or discloses personal information only for purposes for which it has consent, or as required by law.
Client Right to Access
The firm responds on a timely basis to requests from clients about their personal information which the firm possesses or controls. Individual clients of the firm have the right to contact the Practice Leader to obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the Practice Leader in charge of providing service to them and obtain access to personal information provided by that client. In certain situations, however, the firm may not be able to give clients access to all their personal information. The firm will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.
Questions, Concerns & Compliance
If you have any questions about the firm’s privacy policies and practices, the firm’s Practice Leader can be reached by email, by phone or by letter.
Types of Personal Information We Collect
Nilson & Company collects certain personal information about you – but only when that information is provided by you or is obtained by us with your authorization. We use that information to prepare your personal income tax returns and to provide various tax and financial planning services to you at your request.
Examples of sources from which we collect information include:
- Interviews and phone calls with you
- Letters or e-mails from you
- Tax return or financial planning organizers
- Financial history questionnaires
Parties to Whom We Disclose Personal Information
Nilson & Company, as a general rule, does not disclose personal information about our clients or former clients to anyone. Our policy is to disclose personal information about our mutual clients to our affiliate, AFT Trivest Management Inc, where such information exchange facilitates the proper and timely conduct of our mutual clients’ affairs. However, to the extent permitted by law and any applicable provincial code of Professional Conduct, certain non-public information about you may be disclosed in the following situations:
- To comply with a validly issued and enforceable subpoena or summons.
- In the course of a review of our firm’s practices in accordance with professional practice inspection requirements, or as necessary to properly respond to an inquiry or compliant from a provincial institute or other body that has the right to examine our practice.
- In the event of a prospective purchase, sale, or merger, provided that we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.
- As a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against a lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.
- To provide information to affiliates or the firm and non-affiliated third parties who perform services or functions for us in conjunction with our services to you, but only if we have a contractual agreement with the other party which prohibits them from disclosing or using the information other than for the purposes for which it was disclosed. (Examples of such disclosures include using an outside service bureau to process tax returns or engaging a records-retention agency to store prior year records.)
Use of Personal Information
We use the information collected under this Policy to perform services within the scope of our engagement.
We may also use your contact information to inform you through communications channels including and to inform you through a communications channel including phone, fax and newsletters about new services to provide information that we think will be of interest to you such as conferences we hold, changes in the law or accounting practices, or other professional or business developments.
Confidentiality and Security of Personal Information
Except as otherwise described in this notice, we restrict access to non-public personal information about you to employees of our firm and other parties who must use that information to provide services to you. Their right to further disclose and use the information is limited by the policies of our firm, applicable law, our Code of Professional Conduct, and nondisclosure agreements where appropriate. We also maintain physical, electronic, and procedural safeguards in compliance with applicable laws and regulations to guard your personal information from unauthorized access, alteration, or premature destruction.