We recognize the trust you place in us when you share your personal information. At Hawkings Epp Dumont LLP (HED), we are committed to maintaining the accuracy, confidentiality, and security of your personal information.
It is HED's policy to comply with the privacy legislation of Alberta.
We collect and maintain different types of personal information in respect of our current, former and prospective clients. The nature and extent of the personal information collected will depend on the nature of the service that we provide to you. For example, where you have retained us to:
In order to establish and mange your client relationship with us we may collect your:
Generally, we prefer to obtain your information directly from you; however, we may also collect your information from other sources if you have consented to have them provide the information to us.
From time to time, we may utilize the services of third parties. As such, we may receive your personal information collected by those third parties. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information.
We collect your personal information so that we can manage and further develop our business relationship with you. As well, we want to provide you with the services that you have requested (for example, personal or corporate tax preparation, audit, review, notice to reader, bookkeeping or budgeting services, estate or tax planning, transactional and corporate restructuring advice, valuations or other consulting services). In addition, we may collect personal information:
We will not disclose your information to third parties to enable them to market their products or services to you without your consent.
Generally, your knowledge and consent are required for the collections, use and disclosure of your personal information. Depending on the sensitivity of the personal information, your consent may be:
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer. Withdrawal of consent may, however, affect our ability to continue to provide services to you.
We may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
We endeavor to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These are designed to protect against loss and unauthorized access, copying, use, modification or disclosure. HED follows these processes:
Hard copy client data (for example, paper records; computer media; etc. are received and stored within our offices in a way that protects them from unauthorized scrutiny. While staff are accessing your data, personal information will be examined. When not being accessed, your data will be stored in a discreet manner. Client data is returned to the client at the completion of the engagement.
Client data received over the phone is stored within our voice mail systems until the intended staff member retrieves the information. The data may contain personal information. Staff members have their own unique voice mail number. Once the voice mail message is received, it is deleted from the memory system.
Client data received via e-mail is stored on our server computers (see comments below) as well as on our stand-alone desktop and notebook computers. This data may contain personal information. All staff have their own e-mail address. Messages are retrieved either directly from the e-mail or alternatively the message is printed and filed in the client's file. These e-mail messages, once retrieved, are eventually deleted from the stand-alone desktop and notebook computers.
Our staff will access our working paper files. When not being used they will be stored in a discreet manner within our paper filing system. Certain files may be locked within the paper filing system to prevent unauthorized access.
Our computers files (for example, program files and client data files) are stored within our server computer system. This system is password protected. As well, our servers are physically segregated from the staff work area within their own room. This server room is secured and access is limited to selected individuals. Daily tape backups are performed on the server computers. Tapes are stored in secure on-site storage compartments plus off-site. Tape backups are password protected.
Our computer files (for example, program files and client data files) will also be stored on portable notebook and/or stand-alone desktop computers. These computers are password protected. Staff members have their own password. Passwords are updated periodically. Client data files will only be stored on these stand-alone computers while our staff are working on your file. This is the typical situation when our staff work on location at the client's premises using our notebook computers. Our staff are very careful to control these notebook computers while they are away from the office. For example, the computers are not left in staff vehicles over night. On overnight trips away from our offices, the computers will stay with the staff personal to whom they have been assigned (for example, in a hotel room). Client data files previously stored on either desktop computers or notebook computers will be transferred to the server computer. This will be done at the end of the day, in the case of desktop computers, or when the staff person returns to the office, in the case of notebook computers. Once the transfer of client data is complete, the files are deleted from the desktop and/or notebook computers.
Notebook computers are stored in secure rooms when not in use (for example, overnight when staff are away from work).
HED consults with contract external network administrators who give us advice on security issues, in addition to their role as providers of expert services on an as needed basis.
Our offices (Edmonton, Lloydminster and Whitecourt) have security systems (for example, motion detectors; monitoring agencies). All staff have their own unique passwords. Each office has several access doors. The public access "main entrance" doors are open during office hours (generally 8:30 AM to 5:00 PM). These doors will be closed if the reception desk in each office is not occupied (for example, during lunch break). Service and staff access doors are always locked, requiring combinations codes to gain access.
We endeavor to ensure that the personal information retained by us remains accurate, complete and relevant for the purposes identified. If your personal information changes please let us know so that we may update our records. When requesting a change to your personal information, we may request specific information from you to enable us to confirm your identity and right to update or change the personal information that we hold. In some circumstances, we may not agree with your request to change your personal information and will instead endeavor to append an alternative text to the record in question.
You may ask to review your personal information held by us. If you want to review your personal information, please contact our Privacy Officer. Please note that any such communication must be in writing.
When requesting access to your personal information, we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact our Privacy Officer.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
We have designated a Privacy Officer to oversee our compliance with our privacy policies. Should you have any questions about this policy, including any complaints, our Privacy Officer may be reached at:
Mail: 10476 Mayfield Road
Attention: Dianne Unrau, CPA, CA
Phone: (780) 489-9606
Fax: (780) 489-9689
We endeavor to monitor compliance with our privacy policies and procedures on a regular basis. Should you have a concern, please contact our Privacy Officer. If you are dissatisfied with our response, you may be entitled to make a written submission to the Alberta Privacy Commissioner:
Office of the Information and Privacy Commissioner
640 – 5th Avenue SW
Hawkings Epp Dumont LLP