Privacy Policy

Personal Information

“Personal Information” as used in this policy refers to any information about an identifiable person, including employee records and client information, but does not include the name, title, or business contact information of an organization’s employee.

Our Responsibilities (Accountability)

The overall responsibility for ensuring our compliance with privacy laws and this privacy policy rests with the firm’s privacy officer and partners of the firm. Although other individuals within Pace have responsibility for the day-to-day collection and processing of personal information and they may be delegated to act on behalf of the firm’s privacy officer.

Our responsibilities will be:

  • To comply with all 10 of the principles.
  • To appoint an individual to be responsible for our firm’s compliance.
  • To protect all personal information held by our firm or transferred to a third party for processing.
  • To maintain, implement and update personal information policies and practices.

 

Purpose of Collecting Personal Information

We will collect and use personal information for the following purposes:

  • To provide clients access to our professional services.
  • To establish and maintain a responsible relation with our clients and to provide ongoing professional services.
  • To understand our clients and prospective client’s needs and to offer our professional services to meet those needs.
  • To develop, enhance, manage or market our professional services to our clients.
  • To meet legal and regulatory requirements.

 

Consent

It is acknowledged that we will have access to all personal information in our client’s custody that we may require to complete our engagement with the client.

Furthermore, our services are provided on the basis that:

  • Our clients represent to us that before we access such personal information, our clients will have obtained any required consents for collection, use and disclosure to us of personal information required under applicable privacy legislation; and
  • We will collect from our client and use, disclose and retain all such personal information in compliance with this privacy statement.

Consent may be obtained in person, by phone, by mail, via the internet etc.

 

 

Limiting Collection

We will collect personal information by fair and lawful means and will limit the amount and type of personal information we collect to that which is necessary for our identified purposes.

Limiting Use, Disclosure and Retention

We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or client as required by law.

Pace will not sell and/or trade client lists to third party companies and organizations except in event of sale of client list along with all other assets in the business.

Subject to any applicable business, legal or regulatory requirements, we will ensure that the information collected is destroyed in a safe and secure manner. We will render anonymous any information that is no longer required for an identified purpose or a legal requirement.

We consider it to be reasonable to expect an individual to provide updated information in certain circumstances (e.g. change of address and phone number).

Accuracy

We will use our best efforts to ensure that all personal information that is used on an on-going basis is as accurate, complete and up-to-date as necessary for the purpose for which it is to be used.

Safeguards

We will protect personal information with safeguards appropriate to the level of sensitivity of the information. Our safeguards protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.

Our methods of protection include:

  • Physical measures (locked file storage, alarm systems).
  • Technological tools (passwords, encryption, and firewalls).
  • Organizational controls (staff training, agreements).
  • We will exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

Openness

We will ensure our front-line staff is familiar with the procedures for responding to individual inquiries.

We will make available the following:

  • Our firm’s privacy policy upon request.
  • Name or title of the person who is accountable for our privacy policies and practices.
  • Name or title of the person to whom access requests should be sent.
  • How a client can complain to our firm.

 

Individual Access

Individual clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to personal information provided by that client.

Exceptions to access:

We must refuse an individual access to personal information:

  • If it would reveal personal information about another individual unless there is consent or a life-threatening situation.
  • If we have disclosed information to a government institution for law enforcement or national security reasons. Upon request, the government institution may instruct us to refuse access or not to reveal that the information has been released. We must refuse the request and the Privacy Commissioner of Canada must be notified. Also, we cannot inform the individual of the disclosure to the government institution, or that the institution was notified of the request, or that the Commissioner was notified of the refusal.

We may refuse access to personal information:

  • If the information contains commercial information.
  • If disclosure could harm an individual’s life or security.
  • If it was generated in the course of a formal dispute resolution process.

Challenging Compliance

We will investigate all written complaints and respond to all written inquiries. If we find a complaint to be justified, we will take appropriate measures to resolve it.

Clients can also file an opt-out request, a request to access information, report incorrect information and to file a complaint. Please direct the client’s requests or complaints to the privacy officer of the firm.

Privacy Information General Handling Procedures

The following procedures were developed for dealing with private information that we collect during the course of carrying on our business functions. Specific procedures were developed to deal with the handling of information that we have collected; the general procedures will address the following:

  1. Why we collect the information?
  2. Who we collect the information from?
  3. What information we are collecting?
  4. When do we collect the information, when is it updated and when is it deleted?
  5. Where do we store it?

1. Reasons for collecting personal information:

We collect personal information in order to perform our daily business functions.
We collect personal information only to provide the professional services that the client has requested.
We collect personal information to meet regulatory and normal business operating requirements.

2. We collect the information from:

  • Pace’s employees and partners.
  • Employees of clients.
  • Members of client organizations.
  • Personal income tax clients.

 

3. Information we are collecting:

Personal information we collect might include the following:

a) Pace’s employees and partners

  • Name
  • Spouse’s name
  • Child/Children/Dependant(s) name(s)
  • Home address
  • Home and/or mobile telephone number(s)
  • Wage and benefit information
  • Resume and/or application
  • Letters of offer and acceptance of employment
  • Written employment contract
  • Payroll information, including social insurance number, bank information
  • Record of employment (ROE)
  • Emergency contact information
  • Performance information, including performance appraisals and communications, core course and mandatory policy sign-off sheets, record of absences from work.

b) Employees of clients

  • Name
  • Spouse’s name
  • Child/Children/Dependant(s) name(s)
  • Home address
  • Home and/or mobile telephone number(s)
  • Payroll information, including social insurance number, bank information
  • Record of employment (ROE)
  • Wage and benefit information

c) Members of client organizations

  • Name and address
  • Fees, charges, subsidies and amounts due to/from the client
  • Childcare information, including name(s) of child/children, age, school name, parents’ names.
  • Bank information

d) Personal income tax return

  • Client name
  • Spouse’s name if applicable
  • Dependant name(s)
  • Social insurance number, spouse’s social insurance number if applicable
  • Birth date
  • Marital information
  • Home and/or business address
  • Telephone number(s)
  • Information on infirmity if applicable
  • Banking information
  • Employment/self-employment information
  • Investment transactions information
  • Other income information
  • Financial history from questionnaires or notes from meeting with client

 

4. Collection/Update/Deletion of Personal Information:

All or some of the personal information discussed in part 2 and part 3 may be collected during the course of carrying out our day to day business functions. For example, we will need an employee’s payroll information in order to perform payroll processing. Information may be recorded on paper and/or electronic means (disks, CD’s and emails).

We consider it to be reasonable to expect an individual to provide updated information in certain circumstances (e.g. change of address and phone number).

We will render anonymous any information that is no longer required for an identified purpose or a legal requirement. Information recorded on paper that is no longer needed is stored in a locked storage room and will be shredded and disposed of by a bonded professional document destruction company. Information recorded electronically that is no longer needed will be purged and deleted in a timely manner.

Personal information and consent may be collected in person, by telephone, by mail, by fax and by email etc.

5. Storage of personal information:

Pace has taken steps to ensure the personal information we collected is stored in a safe and secured manner. The office has alarm monitoring when the business is closed.

To safeguard all personal information we collect:

  • All personal information recorded on paper is secured in locked file cabinets.
  • Personal information recorded in electronic formats that is stored on computers is secured with password protection, firewall, and encryption where applicable.
  • Server computers are stored in a locked room and are monitored by our alarm system.
  • All other forms of electronic media (disks, CD’s) with personal information must be stored in locked cabinets/drawers.
  • Last person to leave office for the day must check all doors and engage the alarm system.
  • Alarm pass code must be changed when an employee or tenant leaves.
  • Upon termination, employee’s access to computers must be disabled immediately (account disabled or change password).
  • Keys to access building and office must be returned upon termination of employment. All keys must be marked “Do Not Copy” on them.
  • Signed confidentiality agreements for all staff and tenant(s) on file
  • Ensure all employees and partners of the firm have read and understood this privacy policy and procedures document.

Pace’s employees and partners personal information:

  • Personal information recorded on paper is stored in a secured file cabinet in the HR partner’s office.
  • Personal information recorded in electronic formats is stored on the server under a secured folder that only the DBL partners have access to.

All other clients’ personal information:

  • Personal information recorded on paper is stored in a secured file cabinet.
  • Personal information recorded in electronic formats is stored on the secured server. All other forms of electronic media (floppy disk or CD’s) with personal information must be stored in locked cabinets.

 

6. Access to personal information:

Subject to any applicable business, legal or regulatory requirements, access to any personal information collected by Pace will be limited to the following rules:

  • Employees and partners of Pace will have access to personal information collected from clients.
  • Personal information collected on Pace’s employees can only be accessed by the partners of the firm. Individual employees of Pace may request to access their personal information from the partners.
  • Individual clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to their personal information.
  • Authorized officers or employees of organizations that are clients of Pace have the right to contact the engagement partner in charge of providing service to them and obtain access personal information provided by that client. For each Pace’s client, we must have a list of authorized personnel that can access that client’s personal information.
  • Absolutely no access to personal information is allowed to any client’s employees not on that client’s authorized personnel list.
  • Exceptions to individual access: please see “Exceptions to access” above.