Last revision date: July 18, 2023
Richter (“Richter” or “the Firm”) is committed to protecting and safeguarding the privacy of your personal and financial information.
This policy covers the collection, use and disclosure of personal information by Richter and its partners, employees and consultants. It is intended to meet the standards prescribed by the Personal Information Protection and Electronic Documents Act and its regulations (“PIPEDA”), Canada’s anti-spam legislation (“CASL”), as well as substantially similar provincial privacy laws and regulations of general application, including but not limited to the Personal Information Protection Act (British Columbia), the Personal Information Protection Act (Alberta) and the Act respecting the protection of personal information in the private sector (Quebec). In addition to being subject to these laws, we are bound by the confidentiality rules established by the professional orders and institutes of chartered accountants.
- What is personal information?
- What personal information do we collect?
- How do we collect your personal information?
- How do we use your personal information?
- Who do we provide your personal information to?
- Where do we keep your personal information?
- What do you need to know about third parties and third-party websites?
- How do we keep your personal information confidential in our dealings with our affiliates and third parties?
- When and how do we get your consent, and how can you withdraw it?
- How long can we use, disclose or keep your personal information?
- How do we manage information about minors?
- How do you access your personal information?
- What happens if the personal information we have is inaccurate?
- How quickly do we respond to your written requests for information?
- How can you contact us?
What is personal information?
This policy does not apply to personal information concerning the performance of an individual’s duties within a company, such as the individual’s name, title and position as well as the address, email address and telephone number of the individual’s place of work, to make or facilitate contact in connection with the individual’s employment, business or occupation.
Information that is aggregated and/or anonymized and cannot be associated with an identifiable individual is not considered personal information.
What personal information do we collect?
The types of personal information we collect depend on a variety of factors, such as the type of services or products you request or use, applicable legal and regulatory requirements and the means by which you communicate with us. Personal information collected may include:
- Contact information, such as your name, email address, phone number or account information
- Identity information, including government-issued identification, which enables us to establish and verify your identity, name, date of birth and occupation
- Financial and accounting information, such as your professional and financial background, income, net worth, investment knowledge and objectives, and loan information, which enables us to determine your eligibility for and ability to benefit from products or services
- Activities on Richter websites or apps, such as pages and events viewed and your clickstream data, account logins, preferences and IP addresses if they can be used to identify you as an individual
- Geolocation information collected when you browse Richter websites or use Richter apps or monitoring services;
- Information from another individual that you provide, which may include information about beneficiaries or insured spouses, common-law partners or dependants
- Cybersecurity information, such as monitoring data, alerts and reports we receive from third parties in the course of providing our monitoring services;
- Any other information you provide
How do we collect your personal information?
We always collect personal information lawfully and legitimately. We collect this information directly from you, through online technologies, through third-party social networks or indirectly from third-party sources if we have received your consent or are permitted to do so by law.
Typically, such information is collected when you:
- Retain the services of Richter
- Use our websites, apps and social networks
- Speak with one of our representatives
- Subscribe to publications
- Log in to our sites or submit to publications
- Submit a request through one of our “Contact Us” email boxes
- Register for events (webcasts, seminars, conferences, publications or media alerts) through our websites or mailing lists or through the registration processes on some of our sites
Directly from you
We may collect personal information directly from you by mail, email or telephone, through our Richter websites or apps, or in any other direct manner, e.g., when you provide us with the information necessary for us to provide you with services or you request information from us. You may voluntarily provide us with unsolicited personal information, including through the Richter websites or third parties that provide services to Richter for data collection purposes.
Through online technologies
We may also collect certain types of information about you through our monitoring services that you choose to subscribe to, such as alerts, reports and monitoring data. Please note that our monitoring services may use third party software components governed by the terms and privacy practices of those third parties. For more information, please see Section 7 (“What Should You Know About Third Parties and Third Party Websites?”).
Third-party social networks
We may collect your personal information if you interact with us through our social media pages and accounts (e.g., Facebook, Twitter, Instagram). For example, we collect personal information that our respective social media platforms allow us to collect from our subscribers. We may also collect any content you upload to our social media pages.
How do we use your personal information?
We may use the personal information you submit to provide programs and services, manage our operations, carry out marketing activities or conduct research and analysis, or otherwise to the extent permitted or required by law:
To provide services
We use your personal information for the purpose of providing services, which take the following forms:
- Identifying you
- Providing professional services
- Providing monitoring services
- Creating, administering and maintaining your accounts
- Responding to your requests for information about Richter services and events and to your questions
To manage our operations
We use your personal information to manage our operations, including to:
- Roll out and manage our apps and IT systems
- Enable you to participate in events
- Inform you of changes to our services, conditions or policies and send you messages, notices or alerts
- Identify cyber threats, fraud and other crimes and protect ourselves and others from errors and fraud
- Keep the public and our users and employees safe
- Respond to requests, warrants and orders from courts and other agencies in accordance with our contractual, legal and regulatory obligations
- Ensure the continuity of our services
To carry out marketing activities
We use your personal information for our marketing activities, including to:
- Send you publications, invitations to events and invitations to our internal activities
- Gather your opinions and feedback through surveys
- Register you for our events
To conduct research and analysis
We may use your personal information to conduct research and data analysis based on the tracking and analysis of current or previously collected information for the following purposes:
- Improve and manage our services and activities or develop new ones
- Measure the effectiveness of our services, activities, events and marketing
- Understand how visitors interact with our website and make sure it works properly
To the extent permitted or required by law
Whenever possible, we use your information in aggregate and/or anonymized form. To better serve you, we may collect the information you provide in person, online, by phone or in writing.
We identify the purposes for which we use your personal information at the time we obtain it and your free and informed consent from you prior to each specific use. When you consent to our use of your personal information, your consent covers all processing activities performed for the same purpose. When your personal information is used for multiple purposes, Richter will seek your consent for each purpose.
Is personal information disclosed to third parties?
We do not exchange or sell your personal information. We disclose your personal information to third parties only as described in this policy and, in particular, as set out below and in accordance with local privacy legislation.
With your express or implied consent, to individuals or entities outside of Richter in accordance with applicable laws
To Richter’s subcontractors and service providers who need to know this information or require it in the course of their duties
As part of a transaction, subject to applicable legal requirements. We may decide to outsource all or part of our operations to a third party, merge with another entity or carry out any other form of legal transaction. If your personal information is required for such transactions, we will comply with legal requirements for the disclosure of personal information and ensure that your personal information is treated in accordance with applicable privacy legislation.
To the extent permitted or required by law. Applicable laws may permit or require the use, communication or disclosure of personal information without consent in specific circumstances. This may include but is not limited to transferring, communicating (both orally and in writing), sending or making available or accessible your personal information to another person or entity without your consent if we reasonably believe that disclosure is necessary to mitigate or prevent a threat to the life, health or safety of a person or for public safety, for a law enforcement agency to take certain measures (e.g., to prevent, detect, investigate, prosecute or punish criminal offences) or if we believe that such action is necessary to protect and/or defend our rights, property or personal safety as well as those of the public and our users and employees.
You must inform us immediately if you become aware that your personal information has been provided to us by another person without your consent or if you have not obtained consent before providing us with another person’s personal information, by contacting the privacy officer using the contact information provided below (Section 15).
Where do we keep your personal information?
The personal information provided to us by our clients is stored primarily on servers in Canada. However, unless prohibited by contractual agreements or legal obligations applicable to specific clients, Richter may transmit personal information outside of Canada or also use the services of certain providers located outside of Canada, including processing and storage by service providers. Personal information that is “in the cloud” can be stored on multiple servers in multiple locations around the world. Please be assured that Richter has taken the necessary steps to protect the personal information handled by its service providers. However, to the extent that personal information is transmitted outside of Canada, it is subject to the laws of the country in which it is held and may be disclosed to the government, courts or law enforcement or regulatory authorities of that country in accordance with the laws of that country.
What do you need to know about third parties and third-party websites?
Our sites, including www.richter.ca, may sometimes contain links to external websites, including websites related to events, government entities, non-profit organizations and social networks. Those websites are not governed by this policy.
In addition, our monitoring services described in Section 3 (“How Do We Collect Your Personal Information?”) may use third-party components, such as monitoring, threat detection and analysis software.
Where personal information is collected by such third parties, such information is subject to the privacy policies of the third parties in question. Richter encourages you to consult the privacy policies of these third parties.
How do we keep your personal information confidential in our dealings with our affiliates and third parties?
We have put in place physical, contractual and technological security measures to protect your personal information from loss, theft, unauthorized access, unauthorized disclosure, copying, misuse or alteration. Only Richter partners, employees or subcontractors with a business need to know personal information or who require such information as part of their duties are granted access it.
When and how do we get your consent, and how can you withdraw it?
We generally obtain your consent before collecting your personal information and, in all cases, before it is used or disclosed for any purpose. You may give us your consent in writing or electronically. You may also consent to Richter’s collection, use and disclosure of your personal information by providing it to us in a clearly intentional manner (e.g., by accessing our websites or apps, using our services, submitting an information request, participating in a survey or event, etc.). Richter may also rely on your implied consent to collect, use and disclose your personal information where implied consent is permitted by applicable legislation.
We will not, as a condition of providing our professional services or products, require you to consent to the collection, use, disclosure or protection of information that is not required to fulfill the specified and legitimate purposes for which the information is requested.
If you provide us with information about another individual, we will assume that you are authorized to do so and that you have obtained that individual’s consent to it collection, use and disclosure for the purposes set out in this policy.
Individuals who do not wish to have their personal information collected, used or disclosed should refrain from providing it to Richter. If you have already consented to the collection, use or disclosure of your personal information, you may subsequently withdraw your consent at any time, subject to legal or regulatory requirements or contractual obligations, and with reasonable notice, by contacting the privacy officer using the contact information provided below (Section 15). Our privacy officer can also advise you of the implications of withdrawing your consent.
If you no longer wish to receive commercial electronic messages, please let us know by following the unsubscribe instructions included in each commercial electronic message.
We use technologies such as cookies to track your interactions with our websites and improve your experience. You can remove or disable some of these technologies from your browser (please refer to your browser’s instructions or help page for more information on how to block, delete and manage cookies on your computer or mobile device). You can manage your privacy preferences for certain third parties by using the features of their platforms. Please note that disabling, blocking or deleting some of these technologies, such as cookies, may render some of our website features unusable.
How long can we use, disclose or keep your personal information?
We may keep your personal information, correspondence or comments in a file that is specific to you. We will use, disclose or keep your personal information for as long as necessary to fulfill the purposes for which it was collected, or as permitted or required by law.
How do we manage information about minors?
Richter recognizes the importance of protecting the privacy of minors, particularly in an online environment such as our websites. Richter’s websites are not designed or intended for children under the age of 13. Our policy is that we will never knowingly collect or maintain information provided by anyone under the age of 13. If we learn that we have unknowingly collected personal information about a minor without the consent of their parent or guardian, we will delete that information from our records.
How do you access your personal information?
If you submit a written request to us to review your personal information that we have collected, used or disclosed, we will present it to you to the extent required by law in a generally understandable form with an explanation of any abbreviations or codes used. To exercise your right of access, please contact our privacy officer using the contact information provided below (Section 15).
Before granting you access to personal information on file, used or disclosed, we may ask you to provide us with sufficient proof of identity for that specific purpose only.
We reserve the right to deny access for any reason permitted under applicable law. If we deny access to or correction of personal information, we will provide you with written reasons for such denial within thirty (30) days of your request.
To the extent permitted by law, we also reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive request regarding your access to your personal information, and for any additional copies of the personal information you request. A cost estimate will be provided.
What happens if the personal information we have is inaccurate?
Richter will ensure that your personal information is kept as accurate, complete and up-to-date as possible. We expect you to notify us in writing of any changes to your personal information.
You may challenge the accuracy of the personal information we have about you at any time. Subject to any exceptions permitted or required by applicable law, if you can demonstrate that your personal information in our records is inaccurate or incomplete, we will amend it accordingly and, if applicable, disclose it to third parties who also have access to your personal information.
To discuss the accuracy of your personal information, you may contact the privacy officer using the contact information provided below (Section 15).
Richter will not be liable for any loss resulting from inaccurate, false, imperfect or incomplete personal information provided by you or anyone acting on your behalf.
How quickly do we respond to your written requests for information?
We will respond to each of your written requests within thirty (30) days. If we cannot meet this deadline, we will notify you in writing.
How can you contact us?
Richter is responsible for the personal information under its control and has appointed a Privacy Officer to ensure the Firm complies with this policy.
You may contact Richter to:
- View, update, correct or delete personal information we have about you
- Withdraw your consent
- Obtain information about your access rights
- Discuss privacy issues in general
You may contact the Privacy Officer in writing at:
Chief Privacy Officer
1981 McGill College
Montreal, Quebec H3A 0G6
You can also reach the Privacy Officer by email at email@example.com