We recognize the trust you place in us when you share your personal information. At Metrix Group LLP (Metrix), we are committed to maintaining the accuracy, confidentiality, and security of your personal information.
It is Metrix’s policy to comply with the privacy legislation of Alberta.
What Is Personal Information?
What Personal Information Do We Collect?
We collect and maintain different types of personal information in respect of our current, former and prospective clients. The nature and extent of the personal information collected will depend on the nature of the service that we provide to you. For example, where you have retained us to:
- prepare your tax returns, we may collect the personal information required to complete such returns, including your social insurance number, date of birth, age, gender, marital status, source and amounts of income, deductions and taxes paid and payable, and information concerning your dependents, pensions, RRSP’s, charitable contributions and medical deductions;
- provide audit, review, notice to reader, bookkeeping, or consulting services we may collect the personal information required to perform such services, including the information contained in your accounting records, financial statements and transaction records, payroll and employee withholdings records, and corporate, partnership or similar records; and
- provide estate planning, corporate restructuring or valuation services we may collect their personal information required to perform such services, including the personal information contained in your personal tax returns, corporate tax returns, accounting records, financial statements, transactions records, insurance records, wills, codicils and other testamentary documents and corporate, partnership or similar records.
In order to establish and manage your client relationship with us we may collect your:
- contact information, such as your name, address, business or home telephone numbers
- billing information, such as methods and preferences for billing and payment
- business or other relationship information, such as information related to your agreements, preferences, advisors and decision-makers, and
- feedback and any other information that you may voluntarily disclose to us.
Generally, we prefer to obtain your information directly from you; however, we may also collect your information from other sources if you have consented to have them provide the information to us.
From time to time, we may utilize the services of third parties. As such, we may receive your personal information collected by those third parties. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information.
Why Do We Collect Personal Information?
We collect your personal information so that we can manage and further develop our business relationship with you. As well, we want to provide you with the services that you have requested (for example, personal or corporate tax preparation, audit, review, notice to reader, bookkeeping or budgeting services, estate or tax planning, transactional and corporate restructuring advice, valuations or other consulting services). In addition, we may collect personal information:
- to be able to review the services that we provide so that we may understand your requirements and be able to work to improve our services;
- to be able to advise you of our services or to provided information that we believe may be of interest to you (for example, we may send you our newsletters from time to time);
- to be able to comply with your requests (for example, if you prefer to be contacted at a business or residential telephone number);
- to allow us to communicate with you;
- to protect against error, fraud, theft and damage to your goods and property that are in our possession (for example, your financial records); and
- to comply with applicable legal or regulatory processes.
How Do We Use and Disclose Your Personal Information?
- to comply with valid legal processes such as search warrants, subpoenas or court orders;
- during emergency situations to protect the safety of a person or group, or to protect the rights and property of Metrix;
- where the personal information is publicly available; or
- with our employees, contractors, consultants and other parties who require such information to assist us with managing our relationship with you (for example, income tax lawyers).
We will not disclose your information to third parties to enable them to market their products or services to you without your consent.
Your Consent Is Important To Us
Generally, your knowledge and consent are required for the collections, use and disclosure of your personal information. Depending on the sensitivity of the personal information, your consent may be:
- implied – consent that can reasonably be inferred from your action or inaction;
- deemed (using an opt-out mechanism) – implied consent to collect, use, retain, and disclose personal information unless the individual explicitly denies permission. For example, when you retain us to provide services, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to the provision of such services; or
- express – consent that is given orally, electronically or in writing.
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer. Withdrawal of consent may, however, affect our ability to continue to provide services to you.
We may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
How Is My Personal Information Protected?
We endeavor to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These are designed to protect against loss and unauthorized access, copying, use, modification or disclosure. Metrix follows these processes:
Hard copy client data (for example, paper records; computer media; etc.) are received and stored within our offices in a way that protects them from unauthorized scrutiny. While staff are accessing your data, personal information will be examined. When not being accessed, your data will be stored in a discreet manner. Client data is returned to the client at the completion of the engagement.
Client data received over the phone is stored within our voice mail systems until the intended staff member retrieves the information. The data may contain personal information. Staff members have their own unique voice mail number. Once the voice mail message is received, it is deleted from the memory system.
Client data received via e-mail is stored on our server computers (see comments below) as well as on our stand-alone desktop and notebook computers. This data may contain personal information. All staff have their own e-mail address. Messages are retrieved either directly from the e-mail or alternatively the message is printed and filed in the client’s file. These e-mail messages, once retrieved, are eventually deleted from the stand-alone desktop and notebook computers.
Our staff will access our working paper files. When not being used they will be stored in a discreet manner within our paper filing system. Certain files may be locked within the paper filing system to prevent unauthorized access.
Our computers files (for example, program files and client data files) are stored within our server computer system. This system is password protected. As well, our servers are physically segregated from the staff work area within their own room. This server room is secured and access is limited to selected individuals. Daily tape backups are performed on the server computers. Tapes are stored in secure on-site storage compartments plus off-site. Tape backups are password protected.
Our computer files (for example, program files and client data files) will also be stored on portable notebook and/or stand-alone desktop computers. These computers are password protected. Staff members have their own password. Passwords are updated periodically. Client data files will only be stored on these stand-alone computers while our staff are working on your file. This is the typical situation when our staff work on location at the client’s premises using our notebook computers. Our staff are very careful to control these notebook computers while they are away from the office. For example, the computers are not left in staff vehicles over night. On overnight trips away from our offices, the computers will stay with the staff personnel to whom they have been assigned (for example, in a hotel room). Client data files previously stored on either desktop computers or notebook computers will be transferred to the server computer. This will be done at the end of the day, in the case of desktop computers, or when the staff person returns to the office, in the case of notebook computers. Once the transfer of client data is complete, the files are deleted from the desktop and/or notebook computers.
Notebook computers are stored in secure rooms when not in use (for example, overnight when staff are away from work).
Metrix consults with contract external network administrators who give us advice on security issues, in addition to their role as providers of expert services on an as needed basis.
Our offices (Edmonton, Lloydminster and Whitecourt) have security systems (for example, motion detectors; monitoring agencies). All staff have their own unique passwords. Each office has several access doors. The public access “main entrance” doors are open during office hours (generally 8:30 AM to 5:00 PM). These doors will be closed if the reception desk in each office is not occupied (for example, during lunch break). Service and staff access doors are always locked, requiring combinations codes to gain access.
What If My Personal Information Changes?
We endeavor to ensure that the personal information retained by us remains accurate, complete and relevant for the purposes identified. If your personal information changes please let us know so that we may update our records. When requesting a change to your personal information, we may request specific information from you to enable us to confirm your identity and right to update or change the personal information that we hold. In some circumstances, we may not agree with your request to change your personal information and will instead endeavor to append an alternative text to the record in question.
Can I Access My Personal Information?
You may ask to review your personal information held by us. If you want to review your personal information, please contact our Privacy Officer. Please note that any such communication must be in writing.
When requesting access to your personal information, we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact our Privacy Officer.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
Our Privacy Officer – Dianne Unrau, CPA, CA
We have designated a Privacy Officer to oversee our compliance with our privacy policies. Should you have any questions about this policy, including any complaints, our Privacy Officer may be reached at:
Mail: 10476 Mayfield Road
Attention: Dianne Unrau, CPA, CA
Phone: (780) 489-9606
Fax: (780) 489-9689
Monitoring and Enforcement
We endeavor to monitor compliance with our privacy policies and procedures on a regular basis. Should you have a concern, please contact our Privacy Officer. If you are dissatisfied with our response, you may be entitled to make a written submission to the Alberta Privacy Commissioner:
Office of the Information and Privacy Commissioner
640 – 5th Avenue SW
Revisions and Interpretation
METRIX GROUP LLP