Privacy Policy
Last updated: December 27, 2016
The purpose of this Privacy Policy is to inform you about the types of Personal Information the Medlink (as follows, "we" or "us") collects, uses and discloses personal information in the possession of, or under the control of its clients to the extent required to fulfill its professional responsibilities and operate its business. The firm is committed to maintaining the privacy of personal information provided by its clients and protecting all personal information in its possession or control.
This Privacy Policy sets out a summary of the principles and procedures that Curtis-Villar LLP follows in meeting its privacy commitments and, as applicable in light of the foregoing, complying with the requirements of the laws and regulations under applicable privacy laws in Canada, including the Personal Information Protection and Electronic Documents Act. From time to time, we may make changes to this Privacy Policy. The Privacy Policy is current as of the "last revised" date which appears at the bottom of this page. We will treat Personal Information in a manner consistent with the Privacy Policy under which it was collected unless we have your consent to treat it differently. This Privacy Policy applies to any information we collect or receive about you, from any source.
PRINCIPLE #1 — Accountability
Curtis-Villar LLP is accountable for all personal information in its possession or control. This includes any personal information that Curtis-Villar LLP has collected firm receives directly from clients who are individuals, or indirectly, through clients that are organizations (e.g., corporations, government entities, not-for-profit organizations).
Curtis-Villar LLP has:
Established and put into effect policies and procedures aimed at properly protecting personal information;
Educated its partners and employees regarding such policies and procedures and their roles and responsibilities in protecting personal information; and
Appointed a Chief Privacy Officer to oversee privacy issues at Curtis-Villar LLP
If you have any questions about the firm’s privacy policies and practices, please contact Victoria Curtis by email at vcurtis@curtisvillar.ca, by phone at 519-763-2268, or by letter addressed to 30 Norwich Street East, Guelph, ON N1H 2G6.
The firm identifies the purposes for which it collects personal information from clients before it is collected.
The firm collects personal information from clients and uses and discloses such information only to provide the professional services that the client has requested. The types of information that may be collected for this engagement, and the purposes for which it is collected, are set out under Principles 3 and 4 of this privacy statement.
PRINCIPLE #2 — Collection of Your Personal Information
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use.
The firm collects personal information from clients and uses and discloses such information only to provide the professional services that the client has requested. The types of information that may be collected for this engagement, and the purposes for which it is collected, are set out under Principles 3 and 4 of this privacy statement.
We collect Your IP address for the purposes of system administration, including diagnosis of problems with the firm’s server and administration of the firm’s website. All information collected will be done in a fair and lawful manner.
Our website does use cookies. A “cookie” is information that our website places on your hard disk so that it can remember information about you the next time you visit our website (so that we can provide you with personalized services), measure traffic patterns (so that we can learn which browsers are commonly used), and estimate audience size (so that we can know which visitors have seen particular parts of the website). You can still navigate through our website without the use of cookies, but your access and the functionality of the website may be limited.
PRINCIPLE #3 — Anti-Spam Policy
We explain your options and obtain your implicit or explicit consent at the time of or prior to collecting, using or disclosing your Personal Information. We will always collect your Personal Information by fair and lawful means.
Our Anti-Spam Policy permits us to send you email and other electronic messages only if we have your Express or Implied consent.
You may withdraw your consent to receive any emails and other electronic messages from us at any time.
If you provided your express consent to us to receive our emails and other electronic messages, you agreed that we may send email and other electronic messages to you for any of the reasons listed below under “How We Use Your Information”.
All emails and electronic messages sent to you will be compliant with Canada’s Anti-spam legislation and will include: our name, mailing address, telephone number, our website address, a link where you can unsubscribe from our messages, the email address of a person you can contact about our messages, and, as applicable, the name or business name of the person sending the messages on our behalf and a statement indicating who the sender is and on whose behalf the message is sent.
If we have your consent to contact you with electronic messages, we may send you electronic messages in order to:
Provide you with information you have requested from us
To share industry news and information with you
Offer you services
To solicit you to purchase services, including through Controlled Electronic Messages
To gather information from you to improve our services
To communicate with you in general
PRINCIPLE #4 — Disclosure of Your Personal Information
The firm obtains a client’s consent before collecting personal information from that client.
The Terms and Conditions of every professional services engagement are documented in each Engagement Letter. These Terms and Conditions include an explanation about how Curtis-Villar LLP may use and disclose your personal information. By signing the engagement letter, you will be providing your consent to the collection, use and disclosure described in the Terms and Conditions.
Such personal information could include:
Home addresses
Home telephone numbers
Personal identification numbers (e.g., social insurance numbers, credit card numbers)
Financial information (credit ratings, payroll information, personal indebtedness)
Personal information (e.g., employment history, references to criminal records)
Information linked to the type of client, for example:
Information in medical records (with respect to organizations such as hospitals or medical practices)
Information related to race, religion, sexual preference, receipt of welfare or subsidized housing (with respect to various types of not-for-profit and government entities)
Source data in claims and in-force databases (with respect to insurance companies)
Tenant information (with respect to residential leasing companies)
Personal information of customers, employees and others having dealings with the company
Employment candidates will also be advised of the purposes for which their personal information is being collected and you will be provided an opportunity to consent to the collection, use and disclosure as described.
You always have the option not to provide your consent to the collection, use and distribution of your personal information, or to withdraw your consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to provide you with our services. Where a candidate for employment chooses not to provide us with permission to collect, use or disclose personal information we may not be able to employ you.
PRINCIPLE #5 — Accurate, Complete, Up-to-date Information
The firm collects only that personal information required to perform its professional services and to operate its business, and such information is collected by fair and lawful means. We expect you, from time to time, to supply us with written updates to your Personal Information, as applicable.
The partners and staff involved in an engagement need access to some or all of the types of personal information, noted under principle 3 above, to obtain evidence to support the firm’s opinion on the company’s financial statements or to facilitate the completion of special projects as engaged by the client. Such personal information will be a significant component of various transactions and events affecting the financial statements that will be subjected to confirmation, testing, analyses and such other procedures as the firm considers necessary to perform an audit in accordance with generally accepted auditing standards or a special project.
The firm endeavors to keep accurate, complete, and up-to-date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected. Individual clients are Last revised: December 27, 2016
encouraged to contact the firm’s engagement partner in charge of providing service to them to update their personal information.
PRINCIPLE #6 –Limit Use, Disclosure & Retention of Your Personal Information
The firm uses or discloses personal information only for purposes for which it has consent, or as required by law.
We may also disclose personal information without consent:
To comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies. It is important to note that accounting firms are not protected by client/solicitor privileges.
To a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law.
To an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.
As required by professional standards, rules of professional conduct and regulation, the firm documents the work it performs in records, commonly called “working paper” files. Such files may include personal information obtained from a client. Working papers are safeguarded against inappropriate access, as discussed under Principle 8.
We also use it to enable us to provide you through various channels with information that we believe are of interest to you. This includes such matters as:
New services we provide,
Conferences and other professional development courses we hold,
Notice of changes in the law or accounting practices that may be of interest to you, and
Other professional or business developments.
If you do not wish to receive such information, you may opt out by sending an email to support@medlinkimaging.com with the word “Unsubscribe” or by advising your Audit and Accounting contact and we will discontinue sending you information other than in regard to your account.
The firm retains personal information only as long as necessary to fulfill its purposes. Working paper files and other files containing, for example, copies of personal tax returns are retained for the time period required by law and regulation or for the time period as specified in the firm’s retention of client information policy.
The firm regularly and systematically destroys, erases, or makes anonymous personal information no longer required to fulfill the identified collection purposes, and no longer required by laws and regulations.
The personal information collected from a client during the course of a professional service engagement may be:
Shared with the firm’s personnel participating in such engagement;
Disclosed to partners and team members within the firm to the extent required to assess compliance with applicable professional standards and rules of professional conduct, and the firm’s policies, including providing quality control reviews of work performed;
Provided to members of the organization’s audit committee and board of directors, and others in the company that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit; and
Provided to external professional practice inspectors (e.g., our provincial institute the Chartered Professional Accountants of Ontario), who by law, professional regulation, or contract have the right of access to the firm’s files for inspection purposes.
PRINCIPLE #7 — Security Safeguards
We have implemented physical, organizational, contractual and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees who are granted access to your Personal Information are those with a business 'need-to-know' or whose duties reasonably require such information.
Physical security (e.g., restricted access, locked rooms and filing cabinets) is maintained over personal information stored in hard copy form. Partners and employees are authorized to access personal information based on client assignment and quality control responsibilities.
Authentication is used to prevent unauthorized access to personal information stored electronically. The client portal is used to prevent unauthorized access to personal information received or sent over the Internet.
For files and other materials containing personal information entrusted to a third party service provider (e.g., a provider of paper based or electronic file storage), the firm obtains appropriate assurance to affirm that the level of protection of personal information by the third party is equivalent to that of the firm.
You can visit our Web Site without telling us who you are or revealing any information about yourself, including your email address. However, our web server may collect the IP address and domain you used to access our Web Site, the type and version of web browser and operating system you are using, the number, duration and frequency of visits to our Web Site and the web site you came from and visited next. This anonymous information cannot be traced to a specific individual User - it is used by us simply for the purposes of analytics – for example, to measure the number of visits, average time spent, page views, most popular preferences and other statistics about visitors to the Web Site and to determine the characteristics in which users use our Web Site and services. We may use this data to monitor Web Site performance for systems administration purposes, to make our Web Site easier and more convenient to use, to improve our services and to track information in aggregate form (e.g. how many visitors use the Web Site). This helps us better understand our Web Site traffic, visitor behavior and the impact of campaigns, content and email-driven traffic. By having access to such deeper data insights, we are able to measure, re-evaluate content offerings, map customer buying journeys and provide you with a more personalized visitor site experience, enabling demographic and interest reporting.
We make use of Google Analytics. A description of how Google Analytics collects and processes data is set out in “How Google uses data when you use our partners' sites or apps”.
Please note that we have also implemented the following specific Google Analytics Advertising Features:
Google Display Network Impression Reporting
Google Analytics Demographics and Interest Reporting
Integrated services that require Google Analytics to collect data via advertising cookies and identifiers.
We use cookies, that is, small files that your Web browser places on your computer's hard drive, to remember a User's code, and preferences while the User is using our Web Site, to facilitate navigating different pages on the Web Site, to personalize the users experience when returning to our Web Site, to monitor progression through our Web Site, to identify opportunities to improve the user experience, and to customize ads you see when visiting the Web Site, and third party sites. Also, as a result of us enabling the Advertising Reporting Features, in addition to collecting the information it normally does, Google Analytics collects information via its Google advertising cookies: see https://support.google.com/analytics/answer/2444872#web.
Should you wish to opt out of the Google Analytics advertising features, you may do so at https://tools.google.com/dlpage/gaoptout/.
Our web site contains security mechanisms that protect against the loss, the misuse and the modification of information under our control.
PRINCIPLE #8 — Openness of Procedures
Up-to-date information on Curtis-Villar LLP’s privacy policies can be obtained from Curtis-Villar LLP’s Chief Privacy Officer (see contact information under Principle 1).
PRINCIPLE #9 — Respond on a Timely Basis to Requests about Your Personal Information
We will generally make available to you any Personal Information that we have collected about you, utilized or disclosed, upon your written request, to the extent permitted or required by law. We will make such information available to you in a form that is generally understandable, including explaining any abbreviations or codes.
Individual clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the engagement partner in charge of providing service to them and obtain access to personal information provided by that client. In certain situations, however, the firm may not be able to give clients access to all their personal information. The firm will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.
Clients may challenge the firm’s compliance with its Privacy Policy. The firm has policies and procedures to receive, investigate, and respond to clients’ complaints and questions relating to privacy.
To challenge the firm’s compliance with its Privacy Policy, clients are asked to provide an email message or letter to the firm’s Privacy Officer (see contact information under principal 1 above). The firm’s Privacy Officer will ensure that a complete investigation of a client complaint is undertaken and will report the results of this investigation to the client, in most cases, within 30 days.