VALUES
Mallya & Mallya, Chartered Accountants (the “Firm”) has a responsibility to protect personal information regarding its clients and employees. The Firm believes that protecting client and employee privacy is vitally important and has developed a privacy policy designed to meet these needs and to conform to the
The Information Technology Act (hereinafter IT Act) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 specifies regulations for privacy. This policy covers the collection, use and disclosure of personal information by Mallya & Mallya , Chartered Accountants.
The Code of Conduct and professional ethics of the Institute of Chartered Accountants of Ontario requires that Chartered Accountants in Practice and their staff maintain the confidentiality of client and former client information, as well as the confidentiality of Firm information, except in rare and very specific circumstances. Further, the code prohibits use of confidential information for personal advantage, for the advantage of a third party or to the disadvantage of a client, former client, or the Firm, unless consent has been obtained from the client, former client, or the Firm.
Personal Information
Personal information includes any factual or subjective information, recorded or not, about an identifiable individual.
This includes information in any form, such as
- Age, name, ID numbers, income, or religion, ethnicity, etc.
- Opinions, evaluations, comments, social status, or disciplinary actions; and
- Employee files, credit records, loan records, personal records, existence of a dispute with a client, or intentions
Personal information does not include the name, title, business address or telephone number of an employee of an organization.
The Firm collects personal information only for the following reasons:
- To provide the services that have been requested and to maintain commercial relations;
- To understand its client’s needs and recommend products and services accordingly;
- To manage the Firm’s business which includes owner and employee matters; and
- To meet legal and regulatory requirements.
The Firm will not use personal information for any other reason without consent and will only share information with third parties to assist in completing the above uses. Any third party’s use must adhere to the Firm’s privacy policies or be allowed by the legislation. Examples would be an outside payroll service, an agent hired to perform a service for a client or employee, a collection agency, a law enforcement agency or emergency services.
Cookies
We may from time to time use certain information commonly called cookies on your computer to save you time as a Visitor and User of our website. We do not collect personal information in this fashion. If you do not wish this convenience, your browser will likely enable you to reject cookies.
Accountability
The Firm is accountable for all personal information in its possession, including any personal information disclosed to third parties for processing or other administrative functions. The Firm has appointed a Privacy Officer, who is part of management, for the Firm’s privacy policies and enforcement. All staff has been trained on privacy issues.
Identifying Purposes
The Firm shall identify the purpose for which personal information is collected before collecting it.
Obtaining Consent
The Firm has, and will continue to obtain consent, whether expressed or implied, to use or disclose the personal information of its clients and employees. The method used to obtain consent is dependent on the sensitivity of the information, the circumstances surrounding the collection, and what is construed as reasonable in the circumstances.
Limiting Collection
The Firm will always strive to obtain only the information that is necessary for any given circumstance. Information will always be collected by fair and lawful means.
Limiting Use, Disclosure and Retention
Personal information collected by the Firm will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information will be retained only if necessary for the fulfilment of those purposes.
Being Accurate
Personal information will be as accurate, complete, and up-to-date as is necessary on order to fulfil the purposes for which it is to be used. The Firm will use its best efforts to keep all information up-to-date.
Use of Appropriate Safeguards
The Firm will safeguard all employee and client information against unauthorized access, disclosure, copying, use or modification. The Firm has developed and implemented a security policy to protect personal information. The implementation includes the use of physical measures (i.e. restricted access to our office, alarm systems and locked filing cabinets), technological tools (passwords, encryption and anti-virus software) and organizational controls (confidentiality agreements, staff training and limiting access on a “need to know” basis). As part of its employee training, the Firm has ensured that employees are made aware of the importance of maintaining the security and confidentiality of personal information.
Being Open
Clients and employees may, at any time, review the Firm’s policies and practices regarding the management of personal information.
Giving Individual Access
Upon request, a client or employee shall be informed of the existence, use and disclosure of their information, and will be given access to it. An individual will be given reasonable access to their information and may immediately correct any personal information if its accuracy and completeness is challenged and found to be deficient.
Providing Recourse
All complaints regarding the management of personal information will be investigated immediately and, if necessary, measures will be taken to correct information handling practices and procedures. The Firm will review and revise its Privacy Policy on a regular basis to ensure complete compliance with the Act and to ensure that client and employee interests are fully met.
This policy was last updated on 1 st Mar. 2018