The Information Technology Act (hereinafter IT Act) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 specifies regulations for privacy. This policy covers the collection, use and disclosure of personal information by Mallya & Mallya , Chartered Accountants.
The Code of Conduct and professional ethics of the Institute of Chartered Accountants of Ontario requires that Chartered Accountants in Practice and their staff maintain the confidentiality of client and former client information, as well as the confidentiality of Firm information, except in rare and very specific circumstances. Further, the code prohibits use of confidential information for personal advantage, for the advantage of a third party or to the disadvantage of a client, former client, or the Firm, unless consent has been obtained from the client, former client, or the Firm.
Personal information includes any factual or subjective information, recorded or not, about an identifiable individual.
This includes information in any form, such as
Personal information does not include the name, title, business address or telephone number of an employee of an organization.
The Firm collects personal information only for the following reasons:
The Firm will not use personal information for any other reason without consent and will only share information with third parties to assist in completing the above uses. Any third party’s use must adhere to the Firm’s privacy policies or be allowed by the legislation. Examples would be an outside payroll service, an agent hired to perform a service for a client or employee, a collection agency, a law enforcement agency or emergency services.
We may from time to time use certain information commonly called cookies on your computer to save you time as a Visitor and User of our website. We do not collect personal information in this fashion. If you do not wish this convenience, your browser will likely enable you to reject cookies.
The Firm is accountable for all personal information in its possession, including any personal information disclosed to third parties for processing or other administrative functions. The Firm has appointed a Privacy Officer, who is part of management, for the Firm’s privacy policies and enforcement. All staff has been trained on privacy issues.
The Firm shall identify the purpose for which personal information is collected before collecting it.
The Firm has, and will continue to obtain consent, whether expressed or implied, to use or disclose the personal information of its clients and employees. The method used to obtain consent is dependent on the sensitivity of the information, the circumstances surrounding the collection, and what is construed as reasonable in the circumstances.
The Firm will always strive to obtain only the information that is necessary for any given circumstance. Information will always be collected by fair and lawful means.
Personal information collected by the Firm will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information will be retained only if necessary for the fulfilment of those purposes.
Personal information will be as accurate, complete, and up-to-date as is necessary on order to fulfil the purposes for which it is to be used. The Firm will use its best efforts to keep all information up-to-date.
The Firm will safeguard all employee and client information against unauthorized access, disclosure, copying, use or modification. The Firm has developed and implemented a security policy to protect personal information. The implementation includes the use of physical measures (i.e. restricted access to our office, alarm systems and locked filing cabinets), technological tools (passwords, encryption and anti-virus software) and organizational controls (confidentiality agreements, staff training and limiting access on a “need to know” basis). As part of its employee training, the Firm has ensured that employees are made aware of the importance of maintaining the security and confidentiality of personal information.
Clients and employees may, at any time, review the Firm’s policies and practices regarding the management of personal information.
Upon request, a client or employee shall be informed of the existence, use and disclosure of their information, and will be given access to it. An individual will be given reasonable access to their information and may immediately correct any personal information if its accuracy and completeness is challenged and found to be deficient.
This policy was last updated on 1 st Mar. 2018