D&H Group LLP collects, uses and discloses personal information in the possession, or under the control of its clients to the extent required to fulfill its professional responsibilities and to operate its business. The Firm is committed to maintaining the privacy of personal information provided by its clients and to protecting all personal information in its possession or control. This Privacy Statement sets out the principles and procedures that the Firm follows in meeting its privacy commitments to its clients and in complying with the requirements of the federal Protection of Personal Information and Electronic Documents Act (“PIPEDA”) and the B.C. Personal Information Protection Act (“PIPA”).
The Firm is accountable for personal information in its possession or control.
- The Firm is accountable for all personal information in its possession or control. This includes any personal information the Firm receives directly from clients who are individuals, or indirectly through clients that are organizations (e.g., corporations, government entities, not-for-profit organizations).
The Firm has:
Established and put into effect policies and procedures aimed at properly protecting personal information;
Educated its principals and employees regarding its privacy policies, and of their roles and responsibilities in keeping personal information private;
and Appointed a Privacy Officer to oversee privacy issues within the Firm.
If you have any questions about the privacy policies and practices of the Firm, Arthur D. Azana, the Privacy Officer of the Firm, can be reached by email at firstname.lastname@example.org, by telephone at 604 731 5881 and by letter at 10th Floor, 1333 West Broadway, Vancouver, B.C. V6H 4C1.
The Firm identifies the purposes for which it collects personal information from clients before it is collected.
- The Firm collects personal information from clients and uses and discloses such personal information only to provide the requested professional services to those clients.
The Firm obtains client consent before collecting personal information from that client.
- Our engagement letters set out your responsibility to obtain any consents required under applicable privacy legislation, for collection, use and disclosure to us of personal information. By signing such engagement letters, you are formally acknowledging this responsibility.
The Firm collects only that personal information required to perform its professional services and to operate its business, and such information is collected by fair and lawful means.
- The principals and staff involved in a particular engagement will access only the information required to complete that engagement or to deal with Firm matters such as invoicing and general correspondence.
The Firm uses or discloses personal information only for purposes for which it has consent, or as required by law. The Firm retains personal information only as long as necessary to fulfill those purposes.
- As required by professional standards, rules of professional conduct and regulation, the Firm documents the work it performs in records, commonly called working paper files. Such files may include personal information obtained from a client.
Working paper files and other files containing, for example, copies of personal tax returns, are retained for the time period required by law and regulation.
The personal information collected from a client during the course of a professional service engagement may be:
Shared with Firm personnel participating in such engagement
- Disclosed to principals and employees within the Firm to the extent required to assess compliance with applicable professional standards, rules of professional conduct, and the Firm’s policies, and to conduct quality control reviews of the work performed;
- In the case of an audit engagement, provided to the members of an audit committee and to the board of directors of a particular organization, and others in the company that might not otherwise have access to the information, in the course of communicating certain aspects of the results of our audit; and
- Provided to external professional practice inspectors (e.g., representatives of the Canadian Public Accountability Board, or the Institute of Chartered Accountants of B.C.), who by law, professional regulation, or contract, have the right of access to Firm files for inspection purposes.
The Firm regularly and systematically destroys, erases, or makes anonymous personal information that is no longer required to fulfill the above collection purposes, and is no longer required by laws and regulations.
The Firm endeavours to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected.
Individual clients are encouraged to contact the engagement principal of the Firm in charge of providing services to them to update their personal information.
The Firm protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.
Authentication is used to prevent unauthorized access to personal information stored electronically.
Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Principals and employees are authorized to access personal information based on client assignment and quality control responsibilities.
For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), the Firm obtains appropriate assurance to affirm that the level of protection of personal information by the third party is equivalent to that of the Firm.
The Firm is open about the procedures it uses to manage personal information.
The Firm responds on a timely basis to requests from clients about their personal information that the Firm possesses or controls.
Individual clients of the Firm have the right to contact the engagement principal in charge of providing services to them to obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the Firm have the right to contact the engagement principal in charge of providing services to them to obtain access to personal information provided by that client. In certain situations, however, the Firm may not be able to give clients access to all their personal information. In such situations, the Firm will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.
The Firm has policies and procedures to receive, investigate, and respond to client complaints and questions relating to privacy.