Organizations that collect, use and/or disclose personal information in the course of commercial activities must comply with the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) set out by the Canadian government. PIPEDA gives you rights concerning the privacy of your personal information. Personal information is information about an identifiable individual. It includes information such as age, income, opinions, home location and family but does not include the name, title, business address or telephone number of an employee of an organization.
Principle 1 — Accountability
FVI is responsible for personal information under our control and has designated a Privacy Officer to be accountable for our organization’s compliance with the following principles.
Principle 2 — Identifying Purposes
The purposes for which personal information is collected shall be identified by us at or before the time the information is collected. Presently, FVI’s collection and use of personal information about clients is primarily for the purpose of providing professional services. Each engagement letter includes an explanation of why FVI requires the information and with whom it may be shared in order to provide professional services.
The collection and use of personal information about clients, prospective clients and contacts may also occur from time to time for the purpose of sending non-client specific information or invitations to events hosted by or involving FVI.
Any new purposes will be identified prior to their use. Your consent will be obtained for the new uses, except where such uses are required by law, including collection in the course of an investigation.
Principle 3 — Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Every FVI professional services engagement is documented by an engagement letter, which includes a discussion about how FVI may use and disclose your personal information. By signing the engagement letter, the client will be providing its consent to the collection, use and disclosure as described in the engagement letter.
Certain types of information may automatically be collected when you visit this website and through emails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses and “cookies”:
IP Address – An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes.
The collection of this automated information will allow us to better understand and improve our website.
Principle 4 — Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by us in discharging our professional responsibilities and conducting our business. Information shall be collected by fair and lawful means.
Principle 5 — Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.
We make reasonable efforts to retain personal information only for the time the information is necessary to comply with an individual’s request or until that person asks deletion of the information.
Principle 6 — Accuracy
Personal information that we manage shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. If any of your personal information changes, we require details of those changes for our own uses and for the uses of third parties to whom such information is disclosed.
Principle 7 — Safeguards
We have adopted reasonable security policies and procedures to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite our best efforts, we cannot be absolutely guarantee security against all threats. To the best of our ability, access to your personal information is limited to authorized parties. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Principle 8 — Openness
Upon reasonable request, FVI will make available to individuals specific information about its policies and practices relating to the management of personal information. Any requests for said information shall be made as follows:
Principle 9 — Individual Access
Upon request, you will be informed of the existence, use, and disclosure of your personal information and will be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 — Challenging Compliance