Personal information is information about an identifiable individual. It includes information such as age, income, opinions, home location and family. It does not include the name, title, business address or telephone number of an employee of an organization such as Hutcheson or our corporate clients.
The following principles are set out in the model code for the protection of personal information published by the Canadian Standards Association and form the basis of Hutcheson’s privacy policies and procedures:
Principle 1 – Accountability
Principle 2 – Identifying Purpose
In most instances, Hutcheson will collect, use or disclose personal information about clients only for the purpose of providing professional services. Each Engagement Letter includes an explanation of why Hutcheson requires the information, what use will be made of it and with whom it may be shared in order to provide professional services.
Client personal information may also be disclosed internally for the purpose of determining compliance with applicable professional standards, internal policies, or in the performance of quality reviews. In accordance with professional standards, if a client is an audit or attest client, personal information may be shared with the audit or attest engagement team and other personnel so that it may be used in the audit or attest engagement.
Hutcheson will also collect and use personal information about clients, prospective clients and alumni, for the purpose of sending news and information updates or invitations to events hosted or sponsored by Hutcheson.
Personal Information may also be shared internally in order to allow us to offer services or products that may be of interest to clients.
Hutcheson collects personal information about our partners and employees in order to pay them, comply with laws, provide them with benefits, and generally manage our human resources.
We may also use or disclose partner and employee information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.
We also collect personal information from individuals seeking employment with Hutcheson.
When we collect personal information, we will inform you of the reasons why we require such information, what use will be made of it and with whom it may be shared. Collection may occur without knowledge or consent as permitted by law, including collection in the course of an investigation.
Principle 3 – Consent
How Will We Ask for Consent?
Client Personal Information
The Terms and Conditions of every Hutcheson professional services engagement are documented in each Engagement Letter. These Terms and Conditions include a discussion about how Hutcheson may use and disclose your personal information. By signing the Engagement Letter, the client will be providing its consent to the collection, use and disclosure described in the Terms and Conditions.
Partner and Employee Information
Forms and applications used to provide human resources-related services to partners and employees will describe the purposes for which their personal information is required and with whom it will be shared.
Employment candidates will also be advised of the purposes for which their personal information is being collected.
What happens if you choose not to give us your consent? What if you withdraw your consent at a later date?
Hutcheson clients always have the option not to provide their consent to the collection, use and distribution of their personal information, or to withdraw their consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to continue providing the client with our services.
Where a partner, employee or candidate for employment chooses not to provide us with permission to collect, use or disclose personal information, we may not be able to employ them, continue to employ them or to provide them with benefits
Principle 4 – Limiting Collection
As far as possible Hutcheson will limit the collection of personal information to that which is reasonably required to provide our services or operate our business.
Principle 5 – Limiting Use, Disclosure and Retention
Use of Personal Information
If Hutcheson intends to use personal information for any purpose not previously identified to the individual, we will obtain their prior consent.
However, Hutcheson may use personal information without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, or as otherwise permitted by law including for purposes of an investigation. We may also disclose personal information without consent as permitted or required by applicable federal and provincial privacy laws, including to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction. Information may also be disclosed to comply with rules of conduct required by regulatory bodies to a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.
Retention of Personal Information
In order to comply with professional standards, we keep a record of the work performed by Hutcheson partners and employees. This record, or “working papers”, may include personal information and will be retained until such working papers are no longer reasonably required for legal, administrative, audit or regulatory purposes. Working papers are safeguarded against inappropriate access as discussed elsewhere in this policy.
Hutcheson retains personal information about current and past partners and employees in accordance with employment laws and standards. We will destroy human resources and other files containing partner and employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. Certain additional information may be retained to administer and keep former partners and employees informed about events at Hutcheson as well so that we may consider you for a position at a future date.
Personal information collected from individuals seeking employment with Hutcheson may be retained by Hutcheson for 24 months so that Hutcheson may contact the applicant about other positions that may also be of interest. Should another suitable position at Hutcheson become available within this 24 month period, Hutcheson may contact the applicant to discuss this other position, and the applicant’s information may be retained for an additional 24 months. If a candidate is hired, the personal information collected during the application process will be retained in order to establish, manage and terminate the employment relationship.
Principle 6 – Accuracy
In order to provide clients with a professional level of service and partners and employees with appropriate benefits, the personal information that we collect must be accurate, complete and current. From time to time, clients, partners and employees may be asked to update their personal information. Individuals are encouraged to advise us of any changes to their personal information that may be relevant to the services we are providing.
Clients are encouraged to contact their engagement partner to update their personal information.
Employees and candidates should contact the HR Leader should they need to update their personal information.
Principle 7 – Safeguards
Hutcheson will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). We have instituted measures to prevent unauthorized electronic access to personal information. Electronic information is maintained in a secure environment.
Principle 8 – Openness
Principle 9 – Individual Access
Our clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their engagement partner.
Partners and employees have the right to review and obtain copies of their personal information on record by contacting the firm’s HR Leader.
We will provide, in most instances, a prompt and appropriate response to any request. If an individual has any concerns about the access that is provided, they are encouraged to contact our Privacy Officer.
Principle 10 – Challenging Compliance
Hutcheson will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.
To challenge compliance with this Policy, individuals should forward their concerns in writing to Hutcheson’s Privacy Officer. The Privacy Officer will ensure that a complete investigation of all complaints has been undertaken and will report their findings to the individual in most instances within 30 days.
We know that protecting the privacy of our clients, partners and employees is important. If you have any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at firstname.lastname@example.org or at 1-250-381-2400.