Privacy Policy.

Principles

Introduction

At Lancaster & David, Chartered Professional Accountants, our clients privacy is, and always has been, very important to us. We are dedicated to providing our clients with superior service while protecting their privacy and safeguarding their personal information.

Lancaster & David, Chartered Professional Accountants (the ďfirmĒ), collects, uses and discloses personal information in the possession, or under the control, of its clients to the extent required to fulfill its professional responsibilities and operate its business. The firm is committed to maintaining the privacy of personal information provided by its clients and protecting all personal information in its possession or control. This Privacy Policy sets out the principles and procedures that the firm follows in meeting its privacy commitments to its clients and complying with the requirements of federal and provincial privacy legislation.

Principle #1: The firm is accountable for  personal information in its possession or control

  • The firm is accountable for all personal information in its possession or control. This includes any personal information that the firm received directly from clients who are individuals, or indirectly, through clients that are organizations (e.g., corporations, government entities, not-for-profit organizations).
  • The firm has:
    • established and put into effect policies and procedures aimed at properly protecting personal information;
    • educated its partners and employees regarding its privacy policy and their role and responsibilities in keeping personal information private; and appointed Michael J. David as its Chief Privacy Officer to oversee privacy issues at the firm.
    • If you have any questions about the firmís privacy policies and practices, the firmís Privacy Officer, Michael J. David, can be reached by email at mike@lancasteranddavid.ca, by phone at 604.717.5520 and by letter at Suite 510, 701 West Georgia Street, PO Box 10133, Pacific Centre, Vancouver, BC V7Y 1C6.

Principle #2 The firm identifies the purposes  for which it collects personal information from  clients before it is collected

  • The firm collects personal information from clients and uses and discloses such information, only to provide the professional services that the client has requested. The types of information that may be collected for the engagement, and the purposes for which it is collected, are set out in under Principles 3 and 4 of this privacy statement.

Principle #3 ĖThe firm obtains a clientís consent  before collecting personal information from  that client

  • The engagement letter sets out the clientís responsibility to obtain any consents required under applicable privacy legislation, for collection, use and disclosure to us of personal information. By signing the engagement letter, the client is formally acknowledging this responsibility.
  • Such personal information could include:
    • home addresses
    • home telephone numbers
    • personal identification numbers (e.g., social insurance numbers, credit card numbers)
    • financial information (credit ratings, payroll information, personal indebtedness)
    • personnel information (e.g., employment history, references to criminal records)
    • information linked to the type of client, for example:
      • information in medical records (with respect to organizations such as hospitals or medical practices)
      • information related to race, religion, sexual preference, receipt of welfare or subsidized housing (with respect to various types of not-for-profit and government entities)
      • source data in claims and in-force databases (with respect to insurance companies)

Principle #4 Ė The firm collects only that  personal information required to perform its  professional services and operate its business,  and such information is collected by fair and  lawful means

  • Collecting personal information is essential to our being able to provide the professional services that best meet the needs of both the client and/or authorized third parties. While the personal information we collect may come directly from the client, it may also be provided by other third parties (such as employers, insurance brokers, financial institutions, medical professionals, legal professionals, other professional advisors, etc.)

Principle #5 Ė The firm uses or discloses  personal information only for purposes for  which it has consent, or as required by law. The  firm retains personal information only as long  as necessary to fulfill those purposes

  • As required by professional standards, rules of professional conduct and regulation, the firm documents the work it performs in records, commonly called working paper files. Such files may include personal information obtained from a client.
  • Working paper files and other files containing, for example, copies of personal tax returns are retained for the time period required by law and regulation or for a specified time period.
  • The personal information collected from a client during the course of a professional service engagement may be:
    • shared with the firmís personnel participating in such engagement;
    • disclosed to partners and employees within the firm to the extent required to assess compliance with applicable professional standards and rules of professional conduct, and the firmís policies, including providing quality control reviews of work performed;
    • provided to members of the organizationís audit committee and board of directors, and others in the company that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit; and
    • provided to external professional practice inspectors (e.g., representatives of the Canadian Public Accountability Board, or a provincial institute of chartered accountants), who by law, professional regulation, or contract have the right of access to the firmís files for inspection purposes.
  • The firm regularly and systematically destroys, erases, or makes anonymous personal information no longer required to fulfill the identified collection purposes, and no longer required by laws and regulations.

Principle #6 Ė The firm endeavours to keep  accurate, complete, and up-to-date, personal  information in its possession or control, to the  extent required to meet the purposes for which  it was collected

  • Individual clients are encouraged to contact the firmís engagement partner in charge of providing service to them to update their personal information.

Principle #7 Ė The firm protects the privacy of  personal information in its possession or control  by using security safeguards appropriate to  the sensitivity of the information

  • Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Partners and employees are authorized to access personal information based on client assignment and quality control responsibilities.
  • Authentication is used to prevent unauthorized access to personal information stored electronically.
  • For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), the firm obtains appropriate assurance to affirm that the level of protection of personal information by the third party is equivalent to that of the firm.

Principle #8 ĖThe firm is open about the  procedures it uses to manage personal  information

  • Up-to-date information on the firmís privacy policy can be obtained from the firmís Privacy Officer (see contact information under principal 1).

Principle #9 Ė The firm responds on a timely  basis to requests from clients about their  personal information which the firm possesses  or controls

  • Individual clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to personal information provided by that client. In certain situations, however, the firm may not be able to give clients access to all their personal information. The firm will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.

Principle #10 Ė Clients may challenge the firm's  compliance with its Privacy Policy

  • The firm has policies and procedures to receive, investigate, and respond to clientsí complaints and questions relating to privacy.
  • To challenge the firmís compliance with its Privacy Policy, clients are asked to provide an email message or letter to the firmís Privacy Officer (see contact information under principal 1 above). The firmís Privacy Officer will ensure that a complete investigation of a client complaint is undertaken and will report the results of this investigation to the client, in most cases, within 30 days.