KMSS respects the privacy of our clients and our team members. Therefore, this document sets forth the policy of KMSS on the collection, use and disclosure of personal information. In order to comply with provincial legislation (Alberta Personal Information Protection Act), KMSS has developed policies and procedures to maintain the security, confidentiality and privacy of personal information.
KMSS policy will apply to information related to the following individuals:
• All KMSS team members (salary, hourly) and partners
• Contract and Agency personnel
• Client personnel
• Vendor personnel
This refers to Kenway Mack Slusarchuk Stewart LLP Chartered Professional Accountants, Chartered Accountants and KMSS Results Inc.
This refers to information about an identifiable individual, but does not include the name, job title or business address and business telephone number of an individual. Anything that might appear on a business card, or can be found through publicly available information such as the telephone book would not be considered personal information.
This refers to voluntary agreement to the collection, use and disclosure of personal information for specified purposes. Consent may be either express or implied. Express consent can be given orally or in writing, it is unequivocal and does not require any inference on the part of KMSS. Implied consent arises where consent can reasonably be inferred from the action or inaction of the individual.
This includes all persons who are employed by KMSS, contractors, partners, clients and client organization personnel, and vendors and vendor organization personnel.
Introduction to KMSS Policy
At KMSS an important part of our commitment to our clients, team members, suppliers, and contractors, is the provision of high quality service and respecting their right to privacy. Keeping personal information secure and in strict confidence for our clients, team members, suppliers, and contractors is a priority of the firm.
KMSS has designated a Privacy Officer who oversees privacy issues at the firm. Ultimate accountability for KMSS’s compliance rests with the firm’s partners who delegate day-to-day accountability to the Privacy Officer.
KMSS will identify the purposes for which personal information is collected at or before the time the information is collected. Unless additional purposes are identified to an individual, KMSS will collect personal information for the following purposes:
1. To manage and develop KMSS’s business and operations, including personnel and employment matters;
2. To provide professional services to our clients; and,
3. To meet legal and regulatory requirements.
KMSS assumes responsibility to obtain any consent required under applicable privacy legislation, for collection, use and disclosure of personal information.
Consent may be given either verbally, by written communication or through implied consent.
An individual may withdraw consent at any time, subject to legal or contractual restrictions, provided that reasonable notice of withdrawal of consent is given to KMSS. On receipt of notice of withdrawal of consent, KMSS will inform the individual of the likely consequences of the withdrawal of consent, which may include the inability of KMSS to provide certain services for which that information is necessary.
4. Limits on Collection of Personal Information
KMSS collects only that personal information required to perform its professional services and operate its business, and such information is collected by fair and lawful means.
5. Limits on Using, Disclosing and Retaining Personal Information
KMSS uses or discloses personal information only for purposes for which it has consent, or as required by law. The firm retains personal information only as long as reasonably necessary to fulfill those purposes.
As required by professional standards, rules of professional conduct and regulation, the firm documents the work it performs in records, commonly called working paper files. Such files may include personal information obtained from a client.
Working paper files and other files containing, for example, copies of personal tax returns are retained for the time period required by law and regulation.
The personal information collected from a client during the course of a professional service engagement may be:
• Shared with the firm’s personnel participating in such engagement;
• Disclosed to partners and employees within the firm to the extent required to assess compliance with applicable professional standards and rules of professional conduct, and the firm’s policies, including providing quality control reviews of work performed;
• Provided to members of the organization’s audit committee and board of directors, and others in the company that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit; and
• Provided to external professional practice inspectors (e.g. representatives of the Canadian Public Accountability Board, or CPA Alberta), who by law, professional regulation, or contract have the right of access to the firm’s files for inspection purposes.
The firm will retain working papers and other files which may contain personal information for as long as necessary to fulfill the intended purposes and to comply with applicable laws and regulations.
The firm endeavours to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected.
Individual clients are encouraged to contact the firm to update their personal information.
Employees and contractors should inform the firm of any updates to their personal information.
7. Safeguarding Personal Information
The firm protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.
Physical security (e.g. restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Partners and employees are authorized to access personal information based on client assignment and quality control responsibilities.
Authentication is used to prevent unauthorized access to personal information stored electronically.
If any information is entrusted to a third party service provider, the firm obtains appropriate assurance to affirm that the level of protection of personal information is at least equivalent to that of the firm.
Confidentiality and security are not assured when information is transmitted through e-mail or other wireless communication. KMSS will not be responsible for any loss or damage suffered as a result of a breach of security and/or confidentiality when information is transmitted to KMSS by e-mail or other wireless communication or when KMSS transmits information by such means at the request of an individual.
9. Individual Access to Personal Information
The firm responds on a timely basis to requests from individuals about their personal information that the firm possesses or controls.
Upon written request and authentication of identity, KMSS will provide individuals with personal information under its control, information about the ways in which that information is being used, and a description of the individuals and organizations to whom that information has been disclosed.
KMSS may charge a reasonable fee for providing information in response to a privacy access request and will provide a written estimate of any such fee upon receiving an access to information request.
KMSS will make the information available within 30 days of the written request.
Individual clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to their personal information. For example, client information such as copies of financial statements and tax returns will be provided upon request and authentication of identity.
Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to personal information provided by that client.
A KMSS employee or contractor may obtain information or seek access to his or her personnel file by contacting the KMSS Privacy Officer.
Any inquiries, complaints or questions regarding this Policy should be directed in writing to our Privacy Officer by email at firstname.lastname@example.org or by phone at (403) 233-7750 or by letter to:
Kenway Mack Slusarchuk Stewart LLP
Chartered Professional Accountants, Chartered Accountants
Attention: Privacy Officer
1500, 333-11 Avenue S.W.
Calgary, Alberta T2R 1L9