We are accountable for all personal information in our possession or control, which includes information that we receive both directly (e.g.: clients, partners, employees, etc.) or indirectly (e.g.: government, regulatory bodies, etc.).
KPCPA has: (i) established and effected policies and procedures aimed at properly protecting your information; (ii) educated its staff and associated personnel regarding such policies and procedures along with their roles and responsibilities in protecting personal information; and (iii) appointed a Chief Privacy Officer, to oversee privacy issues.
With our clients
KPCPA may collect, use or disclose personal information for the purposes of providing professional services. Engagement letters issued to clients detail the reasons why we require certain personal information, how it will be used, and whom it may be shared with to fulfil our services. KPCPA may also collect and use personal information about clients, prospective clients, and alumni, for the purposes of sending news and information updates or invitations to events hosted or sponsored by KPCPA.
With our partners and employees
KPCPA collects personal information about partners, employees, and contract personnel in order to remunerate or provide benefits to them, comply with laws and regulations, administer performance management tools, improve internal program offerings, policies and procedures. We will also collect personal information to establish, manage or terminate employment. KPCPA may also aggregate employee personal information to provide business metrics to evaluate the effectiveness of our human resource programs, but this aggregated information will be anonymous.
We may also use or disclose partner or employee information while investigating, negotiating or completing a business transaction (e.g.: purchase, sale, etc.).
When KPCPA collects personal information, we will inform you of the reasons why we require the information, how it will be used, and with whom it may be shared. Collection may occur without knowledge or consent, as permitted by law (e.g.: investigations).
With our clients
KPCPA issues engagement letters, including a section on how KPCPA may use and disclose your personal information. By signing the engagement letter, the clients will provide consent to the collection, use and disclosure of such information.
With our partners and employees
KPCPA will explain your options and obtain your implicit or explicit consent at the time of collecting, using or disclosing your personal information. We will always collect personal information by fair and lawful means (e.g.: application forms). Partners and employees will be advised on the purposes of which their personal information is being collected.
You do not consent, or you withdraw consent
KPCPA clients are always given the option not to provide their consent to the collection, use and distribution of their personal information. Clients may also choose to provide consent initially and withdraw their consent at a later point in time. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to continue our professional services.
Where a partner, employee or an applicant to the firm chooses not to provide us with permission to collect, use or disclose personal information, we may not be able to employ them, continue to employ them or provide them with our wellness and benefits package.
Limitation of Information Collected
KPCPA will limit the amount and type of personal information we collect to that which is reasonably required to provide our services or continue our operations.
Disclosure and Retention
If KPCPA intends to use personal information for any purpose, other than that previously identified, we will obtain consent. However, KPCPA may use personal information without consent for the purpose of acting in respect of an emergency that threatens life, health or security of an individual, or otherwise permitted by law including for purposes of an investigation.
We may also disclose personal information without consent as permitted or required by the applicable federal and provincial privacy laws, including: (i) to comply with a subpoena, a warrant or order made by the court or other body with appropriate jurisdiction; (ii) to comply with the rules of professional conduct, as required by our regulatory bodies; (iii) to a government institution, requesting the information; and (iv) to investigative body, where we believe the information concerns of a breach of an agreement, contravention of federal, provincial or foreign law, or we suspect information relates to national security or international affairs.
In compliance with the professional standards, we keep a record of work performed by KPCPA partners and employees. This may include personal information that may be retained until no longer reasonably required for legal, administrative, audit or regulatory purposes. All records are safeguarded against inappropriate access.
KPCPA retains personal information about current and past partners and employees in accordance with employment laws and standards. We will destroy human resource records containing partner and employee personal information until no longer reasonably required for legal, administrative, audit or regulatory purposes.
KPCPA collects personal information from potential applicants, which is retained for 2 years so that KPCPA may contact the applicant about other positions that may also be of interest. Should another suitable position at KPCPA become available within this 2-year period, KPCPA may contact the applicant to discuss this other position. If KPCPA contacts the applicant to discuss another position, the applicant’s information will be retained for an additional 2-year period. If a candidate is hired, the personal information collected during the application process is retained in order to establish, manage or terminate the employment relationship.
KPCPA protects the privacy of personal information in its possession or control by using safeguards appropriate based on the sensitivity of information. We have implemented security measures (i.e. physical, logical, organizational and contractual) to protect your personal information from loss or theft, unauthorized access, disclosure, copying, use or modification.
Attn: Chief Privacy Officer
143 Willowdale Avenue, Suite #101
Toronto, Ontario, M2N 4Y5
We will inform you of the relevant procedures when you make an inquiry or lodge a challenge or complaint.
Last revised: March 20, 2020