Internal Privacy Policy and Practices

Last revised on September 20, 2023

Introduction

At CP Comptable, we place a great importance on confidentiality and protection of our clients’ sensitive information, in accordance with Law 25 and other relevant regulations. This policy outlines our commitments to privacy, and the practices we implement to ensure data security.

Scope

This policy applies to all confidential information and data, whether collected, stored, processed, or shared within CP Comptable. It encompasses all employees, contractors, and third parties with access to this information.

Data Collection and Usage

  1. We collect personal information necessary for the provision of accounting and tax services in accordance with our clients’ needs. The collected information may include financial, tax, professional, and personal data.

  2. Collected data is used solely for purposes agreed upon with clients and is not used for unauthorized purposes.

  3. We retain data only for the duration necessary to provide the requested services, unless a longer retention period is required by law.

Data Security

  1. We implement appropriate technical and organizational measures to protect data against unauthorized access, use, disclosure, or destruction.

  2. Data access is restricted to employees who need it for their job responsibilities.

  3. We use firewalls, intrusion detection systems, and security protocols to safeguard our systems against online threats.

Personal Information Destruction

  1. All personal information we hold on paper must be shredded.

  2. All digitally held personal information must be completely erased from devices (computers, phones, tablets, external hard drives), servers, and cloud-based tools.

Data Sharing

  1. We only share clients’ personal information with their explicit consent or as required by law.

  2. When engaging third parties to provide services on our behalf, we ensure they adhere to our privacy standards.

Client Rights

  1. Clients have the right to access, correct, delete, or transfer their personal data.

  2. Clients can withdraw their consent at any time, which may affect our ability to provide certain services.

Access Request Procedure

  1. Individuals wishing to access their personal information must submit a written request to the organization’s Privacy Officer, Caroline Perras. The request can be sent via email or postal mail.

  2. Upon receiving the request, an acknowledgement is sent to the individual to confirm that their request has been received.

  3. The request must be processed within thirty (30) days of receipt.

Deindexing and Personal Information Deletion Request Procedure

  1. Individuals wishing to request deindexing and deletion of their personal information must submit a written request to the designated Privacy Officer, Caroline Perras. The request can be sent via email or postal mail.

  2. Upon receiving the request, an acknowledgment is sent to the individual to confirm that their request has been received.

  3. The request must be processed within thirty (30) days of receipt.

    1. The individual is responsible for directly requesting that CP Comptable’s authorizations be cancelled in their records at the Canada Revenue Agency and Revenu Québec.

    2. CP Comptable cannot delete, before a 7-year period, any tax document signed by the individual to comply with legal requirements imposed by government authorities regarding tax preparers.

  4. CP Comptable may refuse to delete personal information:

    1. To continue providing services to the client.

    2. For reasons related to labour law or tax authority requirements.

    3. For legal reasons in case of disputes.

Training and Awareness

  1. We provide regular training to our employees on confidentiality and data security.

  2. We raise awareness among our employees about the risks associated with mishandling data and the need to strictly adhere to this policy.

Compliance with Law 25

We are committed to complying with the requirements of Law 25 and cooperating with competent authorities in the event of data breaches.

Policy Revision

This policy is subject to periodic revisions to reflect legal and technological developments. Updates will be communicated to relevant parties.

Contact Information

For any questions or concerns regarding our privacy policy, please contact us at the following address: caroline@cpcomptable.com.

Policy Responsible Person

The person responsible for policy compliance at CP Comptable is Caroline Perras.

She can be reached by phone at 450-454-1024 or by email at caroline@cpcomptable.com