GGT Chartered Professional Accountants
PRIVACY POLICY
PRIVACY PHILOSOPHY
GGT Chartered Professional Accountants (the “Organization”) values its relationship with its customers and is
committed to protecting the privacy rights of its customers. We are, therefore, committed to maintaining the
accuracy, confidentiality and security of personal information. This privacy policy explains how we collect, use,
disclose and safeguard the personal information you provide to us.
By providing personal information to us, you consent to our collection, use and disclosure of your personal
information in accordance with this privacy policy.
INTRODUCTION
For the purposes of this privacy policy, “personal information” shall mean information that is, or can be, about or
related to an identifiable individual.
PRINCIPLES
As part of the Organization’s commitment to treat your personal information with respect, we follow these 10 fair
information principles (the “Principles”) as set out in Generally Accepted Privacy Principles (GAPP) developed by
the Chartered Professional Accountants of Canada and the American Institute of Certified Public Accountants.
Principle 1 – Management
Principle 2 – Notice
Principle 3 – Choice and Consent
Principle 4 – Collection
Principle 5 – Use, Retention and Disposal
Principle 6 – Access
Principle 7 – Disclosure to Third Parties
Principle 8 – Security for Privacy
Principle 9 – Quality
Principle 10 – Monitoring and Enforcement
Each of the Principles apply to the Organization’s practices as follows:
Principle 1 – Management
We will maintain and protect the personal information under our control. We have policies and procedures for
ensuring privacy and security of data, which are strictly enforced to protect the individuals from whom we may
collect personal information. We have a Privacy Officer who is responsible for ensuring our compliance with the
Principles and this privacy policy. If you have questions about this privacy policy or our use of your information, or
if you need help changing your personal information, please contact the privacy officer by email at
[privacyofficer@yourorganization.ca] or contact us at:
Drew Tellier, CPA, CA
GGT Chartered Professional Accountants
230 – 5010 Richard Road SW
Calgary, Alberta T3E 6L1
Phone: 403-475-8033
Fax: 403-475-0931
We have implemented policies and procedures that implement this Privacy Policy, which includes communication
and providing training to our employees on these policies and procedures.
Principle 2 – Notice
The Organization will identify to you the purposes for which it will collect or use personal information before or at
the time the information is collected.
The Organization collects the personal information of customers for purposes of [whatever your organization uses
the personal information for, such as providing goods and services to customers]. In addition, the Organization also
collects, uses and discloses your personal information:
▪ [Provide information to customers on other goods and services that may be of interest to them.]
▪ [Provide additional details, if applicable.]
If a new purpose is identified for the use of the information collected, the new purpose will be explained prior to its
new use. Unless the new purpose is required by law, your consent is required before information can be used for that
purpose. This consent will usually be obtained in writing; however, it may on occasion (depending on the
circumstances) be obtained verbally, in person or by telephone.
Principle 3 – Choice and Consent
Except where required or permitted by law, your informed consent is required for the collection, use or disclosure of
your personal information. Should we wish to make use of your personal information for a secondary purpose (such
as a mailing list), your consent will be obtained and you may opt-out of this secondary use whenever you wish.
By providing personal information to us, you consent to the collection, use and disclosure of your personal
information in accordance with this privacy policy.
You may withdraw your consent at any time; however, by doing so, the Organization may not be able to provide
you with the goods and services that you requested.
Principle 4 – Collection
The personal information collected by us shall be limited to those details necessary for the purposes identified to
you. We may collect this information from you [via the Internet, over the telephone, in person or from third-party
sources, such as credit reporting agencies].
What Types of Personal Information May We Collect?
The type of personal information we may collect depends on, and is related to, the reason (or purpose) such personal
information was provided to us.
The following is a description of the types of personal information that we may request:
▪
▪
[contact information, such as your name, mailing and/or email address, and home telephone number]
[credit card or other billing information]
Note: Specify what additional information will be collected, if any, and clarify if the above-noted
circumstances are accurate. Further, please consider the extent to which it is necessary for certain forms of
personal information to be collected for the stated purpose.
Principle 5 – Use, Retention and Disposal
We will only use or disclose your personal information in accordance with the purposes for which it was originally
collected unless you have otherwise consented, or when required or permitted by law. We will keep your personal
information only for as long as is required to fulfill the purpose for which it was collected or as required by law.
We will use your personal information to:
▪ [process business transactions]
▪ [addressing inquiries or complaints about goods and services]
▪ [purchase of goods and services]
▪ [participation in marketing promotions]
Principle 6 – Access
Upon your written request, we shall inform you of: (i) the type of personal information we have collected; (ii) how
we have used your personal information in the past, and how we may in the future; and (iii) whether or not we have
disclosed your personal information to any third parties (and, if so, to whom). You may ask about the accuracy and
completeness of your personal information, and you may request that it be changed, if appropriate.
Please note that before we are able to provide you with any information or correct any inaccuracies, we may ask you
to confirm your identity and provide additional information to help us to respond to your request.
Please submit your request to:
Customer Service
[GGT Chartered Professional Accountants]
[Address]
[Telephone number]
[Fax number]
Principle 7 – Disclosure to Third Parties
Except as explained in this privacy policy, as required by law or regulation or as otherwise consented to by you, we
do not disclose any personal information to third parties. The following are the limited instances where we may
disclose your personal information to the following third parties for the following uses:
▪
▪
[to marketing firms to conduct marketing and sales promotions or customer surveys]
[to our fulfillment centre that processes and ships sales orders]
Note to Draft: We have provided a few generic reasons why information may be disclosed to third parties;
however, please describe in as much detail as possible all other circumstances under which the Organization
would disclose any personal information to a third party.
Principle 8 – Security for Privacy
The security of your personal information is a priority to the Organization. The Organization is responsible for
protecting personal information under its control, including personal information that has been transferred to, or
received from, a third party.
In the event that personal information is transferred to a third party, the Organization will take steps to ensure that
such recipients safeguard the Personal Information and use the information only for authorized purposes. Some
examples of such measures are as follows:
▪
▪
▪
▪
[physical security measures, such as restricted access facilities and locked filing cabinets]
[electronic security measures for computerized personal information, such as password protection, database
encryption and personal identification numbers]
[organizational processes, such as limiting access to such personal information to a selected group of
individuals]
[contractual obligations with third parties that require access to personal information, by agreements
stipulating the confidentiality of the information and requiring them to protect and secure the personal
information]
Note to Draft: Please indicate if the foregoing is accurate, and clarify and correct details where appropriate.
Please describe in as much detail as possible all other methods of protection that the Organization has in
place, if applicable, including anonymization of data, etc.
Only employees with a business need to know, or whose duties reasonably so require, are granted access to personal
information and shall be required to respect the privacy of that information.
Our Employees and Your Personal Information
In the course of daily operations, access to private, sensitive and confidential information is restricted to authorized
employees who have a legitimate business purpose and reason for accessing it. As a condition of their employment,
all employees of the Organization are required to follow this policy. Employees are informed about the importance
of privacy and they are required to agree to a code of conduct that prohibits the disclosure of any personal
information to unauthorized individuals or parties.
Unauthorized access to and/or disclosure of personal information by an employee of the Organization is strictly
prohibited. All employees are expected to maintain the confidentiality of personal information at all times, and
failing to do so will result in appropriate disciplinary measures, which may include dismissal.
Principle 9 – Quality
We shall make every reasonable effort to ensure your personal information is accurate, complete and up-to-date. You
are responsible for advising the Organization of any inaccuracies or changes to your personal information. Any
such inaccuracies or changes may be reported to Customer Service.
Principle 10 – Monitoring and Enforcement
If you have questions about this policy or our use of your information, or if you need help changing your personal
information, please contact the privacy officer by email at [privacyofficer@yourorganization.ca], or contact us at:
Privacy Officer
[GGT Chartered Professional Accountants]
[Address]
[Telephone number]
[Fax number]
Websites Governed by this Privacy Policy
The website that is governed by the provisions and practices stated in this privacy policy is:
[www.yourorganization.ca].
The Organization’s website may contain links to other third party sites that are not governed by this privacy policy.
Although we endeavour to only link to sites with high privacy standards, our privacy policy will no longer apply
once you leave the Organization’s website. Additionally, we are not responsible for the privacy practices employed
by other third-party websites. Therefore, we suggest that you examine the privacy statements of those sites to learn
how your information may be collected, used, shared and disclosed.
Updating this Privacy Policy
Any changes to our privacy policy and information handling practices will be acknowledged in this policy in a
timely manner. We may add, modify or remove portions of this policy when we feel it is appropriate to do so. You
may determine when this policy was last updated by referring to the date at the bottom of this page.
BY PROVIDING PERSONAL INFORMATION TO US, YOU SIGNIFY YOUR CONSENT TO OUR
COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH
THIS PRIVACY POLICY.
Last revised Wednesday, March 9, 2016
3758382.2