Principle #1: The firm is accountable for personal information in its possession or control.
The firm is accountable for all personal information in its possession or control. This includes any personal information that the firm received directly from clients who are individuals, or indirectly, through clients that are organizations (e.g., corporations, government entities, not-for-profit organizations).
The firm has:
- established and put into effect policies and procedures aimed at properly protecting personal information;
- appointed its Privacy Officer to oversee privacy issues at the firm.
Principle #2: The firm identifies the purposes for which it collects personal information from clients before it is collected.
The firm collects personal information from clients and uses and discloses such information, only to provide the professional services that the client has requested. Each service the firm provides is described in an engagement letter with the client. The engagement letter includes a description of the personal information the firm will require, why it is required, the uses that will be made of the information, and with whom it may be shared in the course of providing the firm’s professional services.
The personal information collected from a client during the course of a professional service engagement may be:
- shared with the firm’s personnel participating in such engagement;
- disclosed to partners and employees within the firm to the extent required to asses compliance with applicable professional standards and rules of professional conduct, and the firm’s policies, including providing quality control reviews of work performed;
- disclosed to members of the organization’s audit committee and board of directors, and others in the company that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit; and
- provided to external professional practice inspectors (e.g., representatives of the Canadian Public Accountability Board, or a provincial organization of chartered professional accountants), who by law, professional regulation, or contract have the right of access to the firm’s files for inspection purposes.
Principle #3 – The firm obtains a client’s consent before collecting personal information from that client.
Before the firm undertakes a professional services engagement, it requires the prospective client to sign an engagement letter or contract. The engagement letter or contract includes a description of the personal information the firm will require, why it is required, the uses that will be made of the information, and with whom it may be shared in the course of providing the firm’s professional services. By signing the engagement letter or contract, the client provides its agreement that proper consents to the collection, use and disclosure of personal information as set out in the letter have been or will be obtained (the consent of the individual is the responsibility of the client not the auditor).
Principle #4 – The firm collects only that personal information required to perform its professional services and operate its business, and such information is collected by fair and lawful means.
Principle #5 – The firm uses or discloses personal information only for purposes for which it has consent, or as required by law. The firm retains personal information only as long as necessary to fulfill those purposes.
As required by professional standards, rules of professional conduct and regulation, the firm documents the work it performs in records, commonly called working paper files. Such files may include personal information obtained from a client.
Working paper files and other files containing, for example, copies of personal tax returns are retained for the time period required by law and regulation, including Rules of Professional Conduct.
The firm regularly and systematically destroys, erases, or makes anonymous personal information no longer required to fulfill the identified collection purposes, and no longer required by laws and regulations.
Principle #6 – The firm endeavours to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected.
Certain customer and other information is used to form an opinion in an audit and needs to be accurate to be relied upon, as a result, updating the information is encouraged on an annual basis.
Principle #7 – The firm protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.
Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Partners and employees are authorized to access personal information based on client assignment and quality control responsibilities.
Authentication is used to prevent unauthorized access to personal information stored electronically. Encryption is used to prevent unauthorized access to personal information received or sent over the Internet.
For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), the firm obtains appropriate assurance to affirm that the level of protection of personal information by the third party is equivalent to that of the firm.
Principle #8 –The firm is open about the procedures it uses to manage personal information.
Principle #9 – The firm responds on a timely basis to requests from clients about their personal information which the firm possesses or controls.
Individual clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to personal information provided by that client. In certain situations, however, the firm may not be able to give clients access to all their personal information. The firm will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.
The firm has policies and procedures to receive, investigate, and respond to clients’ complaints and questions relating to privacy.
If you have any questions about the firm’s privacy policies and practices, the firm’s Privacy Officer can be reached by email at email@example.com, by phone at 604-538-1611 and by letter at:
Leed Advisors Inc.
#302 – 2626 Croydon Drive
Surrey, BC, V3Z 0S8, Canada
At Leed Advisors Inc., we use IP addresses to diagnose problems with our server, to improve the efficiency of our services and to administer our Website. The IP addresses of our visitors are used to gather demographic information, improve marketing efforts and make improvements to our Website. Our Website does not collect or use “cookies”, which are pieces of information stored on the browser of your computer.
Leed Advisors Inc. does not sell, trade or rent your personal information with others. However, personal information will be disclosed, without consent, where required by law or required by our professional regulatory bodies, as required by legislation, rules, policies or codes governing our profession.
Our Website contains links to other sites as a convenience to our users and are not to be seen as an endorsement. We are not responsible for the content of those sites and we are not responsible for the privacy policies of those third parties.
By using our Website, you consent to the collection and use of your information as described in the Privacy Policies of Leed Advisors Inc. Any changes to our privacy policies will be posted to our Website.
Security and Communications
Although our Website takes many security measures to protect the loss, alteration and misuse of the information under our control, we cannot guarantee the confidentiality of information transmitted to Leed Advisors Inc. through our Website or by email. The confidentiality of internet and email communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. Leed Advisors Inc. does not accept liability for any errors or omissions in the context of email messages which arise as a result of Internet transmission.
Contact the Website Administrator
Our Website is a public resource of general information and not intended to be a source of advice. It is our intent to provide accurate and current information on our Website, however, we do not promise or guarantee this information to be correct, complete or up-to-date, and it is subject to change without notice.
© 2011 Leed Advisors Inc. and Leed Advisors LLP. All rights reserved. The website is the exclusive property of Leed Advisors Inc. and Leed Advisors LLP of Suite 302 – 2626 Croydon Drive, Surrey, British Columbia, V3Z 0S8. The information contained on the website of Leed Advisors Inc. is intended for personal and non-commercial use.