We understand the importance of protecting the personal information of our customers and our employees. To earn and maintain your trust we have designed our policy to meet or exceed the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the ten principles set forth in the Canadian National Standard for the Protection of Personal Information, legislation enacted by the United States government, the Circular 230 regulations issued by the United States Treasury Department, and substantially similar state and provincial legislation (collectively, privacy legislation). In addition, we are constantly looking for new and better ways to secure your personal information and to ensure that it is used in a responsible and respectful manner.
Centenal Tax Group, Inc.
Information Security Officer
600 Coolidge Drive, Suite 300,
Folsom, CA 95630
USA Telephone: 855.893.2305
OVERVIEW AND APPLICABILITY
Centenal Tax Group, Inc. and its subsidiaries (hereafter, collectively referred to as Centenal Tax Group, Inc.) support the right to privacy, including the rights of individuals to control the dissemination and use of personal data that describes them, their personal choices, or life experiences. Centenal Tax Group, Inc. supports domestic and international laws and regulations that seek to protect the privacy rights of such individuals, including The Protection of Personal Information and Electronic Documents Act (PIPEDA) enacted by the Canadian Standards Association, legislation enacted by the United States government, the Circular 230 regulations issued by the United States Treasury Department, and substantially similar state and provincial legislation (collectively, privacy legislation) or the order of any court or other lawful authority.
It does not, however, apply to the collection, use or disclosure of the following information by Centenal Tax Group, Inc.:
This policy applies to all Centenal Tax Group, Inc. employees, contractors, temporaries, consultants and other workers. All of these people are expected to be familiar with and fully in compliance with these policies. Workers who are not in compliance are subject to disciplinary action up to and including termination.
This policy also applies to outsourcing organizations that perform information processing services on behalf of Centenal Tax Group, Inc. Use of outsourcing organizations to process personal data must always include a contractual commitment to consistently observe these policies and related Centenal Tax Group, Inc. procedures and standards as specified by the Information Security Department. All outsourcing organizations handling personal data provided by Centenal Tax Group, Inc. must periodically issue certificates of compliance with this policy, and permit Centenal Tax Group, Inc. to initiate independent audits to determine compliance with this policy.
Briefly stated, privacy legislation requires that the consent of an individual be obtained for the collection and use of his or her personal information, that steps are taken to protect personal information and that at least one individual is appointed to monitor compliance with the provisions of applicable privacy legislation.
Centenal Tax Group, Inc. – means Centenal Tax Group, Inc. and its subsidiaries.
Collection – means the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.
Consent – means voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require an inference on the part of Centenal Tax Group, Inc. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
Customer – means an individual who:
Disclosure – means making personal information available to third parties outside Centenal Tax Group, Inc.
Personal information or data – means information about an identifiable individual recorded in any form and includes, but is not limited to, such things as race, ethnic origin, nationality, age, gender, marital status, religion, education, medical information, criminal information, performance reviews, trade union membership, employment and financial history, income, address and telephone number, e–mail address, numerical identifiers such as Social Insurance or Social Security Number, and views and personal opinions. Personal information also includes information about a customer’s product and service subscriptions and usage, credit information, billing records such as credit card number, service and any recorded complaints.
Privacy legislation – means domestic and international laws and regulations that seek to protect the privacy rights of individuals, including The Protection of Personal Information and Electronic Documents Act (PIPEDA) enacted by the Canadian Standards Association, legislation enacted by the United States government, the Circular 230 regulations issued by the United States Treasury Department, and substantially similar state and provincial legislation.
Third party – means an individual, partnership, corporation, public authority, government agency, or any other entity other than the customer or his or her agent or Centenal Tax Group, Inc.
Use or Processing – means the treatment, handling and management of personal information by Centenal Tax Group, Inc. Any operation or set of operations performed on personal data, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, blocking, erasure or destruction. No distinction between data, information, knowledge, or wisdom is made in this policy.
PRINCIPLE 1 — ACCOUNTABILITY
1.2 The name and contact information of the Chief Information Security Officer for Centenal Tax Group, Inc. shall be made available on the Centenal Tax Group websites and shall be made available upon request. The name and contact information for Centenal Tax Group, Inc.’s Chief Information Security Officer is listed in Schedule A of this policy.
1.3 Centenal Tax Group, Inc. shall be responsible for the personal information in its possession or custody, including information that has been transferred to a third party for processing. Centenal Tax Group, Inc. shall use contractual or other appropriate means to ensure a comparable level of protection while the information is being processed by a third party.
PRINCIPLE 2 — IDENTIFYING PURPOSE
Centenal Tax Group, Inc. will identify the purpose for which personal information is collected at or before the time the information is collected. The purposes for which information is collected, used or disclosed by Centenal Tax Group, Inc. must be those that a reasonable person would consider appropriate in the circumstances.
2.1 Centenal Tax Group, Inc. will document the purposes for which personal information is collected in order to comply with the Openness requirement (See Principle 8) and the Individual Access requirement (See Principle 9).
2.2 Identifying the purposes for which personal information is collected at or before the time of collection allows Centenal Tax Group, Inc. to determine the information it needs to collect to fulfill these purposes. The Limiting Collection requirement (See Principle 4) requires Centenal Tax Group, Inc. to collect only that information necessary for the purposes that have been identified.
2.3 The identified purposes for which personal information is collected shall be specified at or before the time of collection to the customer from whom the personal information is collected. Depending upon the way in which the information is collected, this shall be done orally or in writing.
2.4 When Centenal Tax Group, Inc. proposes to use personal information that has been collected for a purpose not previously identified, it will identify the new purpose before using such personal information. Unless the new purpose is required by law, or consent is otherwise not required pursuant to privacy legislation, the consent of the individual shall be obtained before the personal information is used for the new purpose.
2.5 Individuals responsible for collecting personal information on behalf of Centenal Tax Group, Inc. will explain to customers the purposes for which the information is being collected, including any purposes that may not be immediately obvious to the individual.
2.6 The purposes for which the personal information of customers is collected may include, but is not limited to:
2.7 Information gathered automatically by Centenal Tax Group, Inc. through its website may be used for technical, research and analytical purposes. Information collected through surveys, existing files and public archives may be used by Centenal Tax Group, Inc. to analyze its markets and to develop or enhance service offerings.
2.8 We collect the following personal information from you about your designated third-party representatives: email address, mailing address, phone number and use this information for the sole purpose of completing your request or for whatever reason it may have been provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at email@example.com.
PRINCIPLE 3 — CONSENT
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where consent is not required by privacy legislation as, for example, where the collection, use or disclosure of personal information is solely for journalistic, artistic or literary purposes.
3.1 Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Generally, Centenal Tax Group, Inc. will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to the use or disclosure of personal information may be sought after the information has been collected but before the personal information is used (for example, when Centenal Tax Group, Inc. wants to use information for a purpose not previously identified). In obtaining consent, Centenal Tax Group, Inc. shall use reasonable efforts to ensure that a customer is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer.
3.2 Centenal Tax Group, Inc. will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes.
3.3 In obtaining consent, Centenal Tax Group, Inc. will take into account the sensitivity of the personal information and the reasonable expectations of its customers. Consent will not be obtained through deception.
3.4 The way in which Centenal Tax Group, Inc. seeks consent may vary, depending on the circumstances and the type of information collected. Centenal Tax Group, Inc. will generally seek express consent when the information is likely to be considered sensitive. It will rely on implied consent only where collection and use of the personal information is directly related to a transaction or exchange of information in which the individual is directly participating. Consent may also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
3.5 Consent may be obtained in any one of the following ways:
3.6 Generally, the use of products and services by a customer constitutes implied consent for Centenal Tax Group, Inc. to collect, use and disclose personal information for all identified purposes.
3.7 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Centenal Tax Group, Inc. will inform individuals of the implications of withdrawing consent. Customers may contact Centenal Tax Group, Inc. for more information regarding the implications of withdrawing consent.
PRINCIPLE 4 — LIMITING COLLECTION
Centenal Tax Group, Inc. shall limit the collection of personal information to that which is necessary for the purposes identified by the company. Personal information shall be collected by fair and lawful means. We may collect the following personal information from you:
4.1 Centenal Tax Group, Inc. will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified. Centenal Tax Group, Inc. shall specify the type of information collected as part of its information handling policies and practices, in accordance with the Openness requirement (See Principle 8).
4.2 The requirement that personal information be collected by fair and lawful means is intended to prevent Centenal Tax Group, Inc. from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. Consent to the collection of personal information must not be obtained through deception.
PRINCIPLE 5 — LIMITING USE, DISCLOSURE AND RETENTION
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it was collected. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at firstname.lastname@example.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
5.1 Where Centenal Tax Group, Inc. intends to use personal information for a purpose not previously identified, Centenal Tax Group, Inc. shall document the new purpose and shall obtain the consent of the individual prior to using the information for a new purpose.
Centenal Tax Group, Inc. may disclose the personal information of its customers:
5.3 Except as required or permitted by law, when disclosure is made to a party other than Centenal Tax Group, Inc. or a third party provider of personal information processing services, the consent of the individual shall be obtained and reasonable steps shall be taken to ensure that any such third party has personal information privacy procedures and policies in place that are at least comparable to those implemented by Centenal Tax Group, Inc. Only that information necessary for the third party to provide services is shared. These third party companies do not have access to any financial information and are not allowed to retain, store, or use personal information for any secondary purposes.
5.4 Personal information shall be kept only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, Centenal Tax Group, Inc. shall retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.
5.5 Centenal Tax Group, Inc. has adopted guidelines and procedures with respect to the retention of personal information. Personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained, shall be destroyed, erased or made anonymous in accordance with the Centenal Tax Group, Inc. Document Retention and Destruction Policy.
5.7 Testimonials. We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com.
5.9 As is true of most web sites, we gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
5.10 Newsletter Preferences. You may sign-up to receive [email or newsletter or other communications from us]. If you would like to discontinue receiving this information, you may update your email preferences by [using the “Unsubscribe” link found in emails we send to you or at your member profile on our website or by contacting us at firstname.lastname@example.org.
5.12 Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
PRINCIPLE 6 — ACCURACY
Personal information shall be as accurate, complete and up–to–date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by Centenal Tax Group, Inc. shall be sufficiently accurate, complete and up–to–date to minimize the possibility that inappropriate information may be used to make a decision about the individual customer. The extent to which personal information will be accurate, complete and up–to–date will depend upon the use of the information, taking into account the interests of the individual.
6.2 Centenal Tax Group, Inc. will not, however, routinely update personal information, unless this is necessary to fulfill the purposes for which the information was collected. Personal information about customers shall be updated only as and when necessary to fulfill the identified purposes or upon notification by the individual.
6.3 Centenal Tax Group Members will be assigned a unique User ID Number and password and may use that unique information to register on the Member Center of the Centenal Tax Group website. Once registered, members have access to their personal information and may make changes, delete or update their own information.
6.4 Centenal Tax Group, Inc. shall ensure that personal information that is used on an ongoing basis, including information that is disclosed to third parties, is generally accurate and up–to–date, unless limits to the requirement for accuracy are clearly set out.
PRINCIPLE 7 — SAFEGUARDS
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
7.1 Centenal Tax Group, Inc. will implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
7.2 The nature of the safeguards will vary depending on (i) the sensitivity of the information that has been collected, (ii) the amount, distribution and format of the information, and (iii) the method of storage.
7.3 Physical measures such as locked filing cabinets and restricted access to offices, organizational measures such as security clearances and limiting access on a “need–to–know” basis, and technological measures such as the use of passwords and encryption have been adopted by Centenal Tax Group, Inc. in accordance with the standards and procedures defined by the Information Security Department.
7.4 Centenal Tax Group, Inc. streamlines and expedites all of its computerized business interactions with individuals, but at the same time is to be forthright and clear about its privacy policies. To support these objectives and to encourage individuals to use Internet commerce sites and other computerized business systems, Centenal Tax Group, Inc. adopts and supports all generally–accepted standards for web content rating, web site privacy protection, and Internet commerce security, including third–party seals of approval. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at firstname.lastname@example.org.
7.5 Centenal Tax Group, Inc. does not use externally–meaningful identifiers as its own internal individual account numbers. For example, to prevent identity theft, Centenal Tax Group, Inc. customer account numbers must never be equivalent to social security numbers, driver’s license numbers, or any other identifier that might be used in an unauthorized fashion by a third party.
7.6 When they are no longer needed, all copies of personal data, including those on backup tapes, must be irreversibly destroyed according to standards and procedures defined by the Information Security Department. A document describing the personal data destroyed and the reasons for such destruction must be prepared for each destruction process. Documents will be destroyed only if all legal retention requirements and related business purposes have been met.
7.7 A documented risk assessment must be prepared to determine the privacy implications of all significantly new or different uses of personal data. Such a risk assessment must be completed before these uses take place, and must include all steps in the proposed processing, including access, storage, transmission, and destruction. Such a risk assessment must include not only consideration of the risks, but also the security measures to be employed such as access controls, encryption, logs, data retention schedules, and data destruction procedures.
PRINCIPLE 8 — OPENNESS
Centenal Tax Group, Inc. shall make readily available to its customers specific information about its policies and practices relating to the management of personal information.
8.1 Centenal Tax Group, Inc. will be open about its policies and practices with respect to the management of personal information. Customers shall be able to acquire information about Centenal Tax Group, Inc.’s policies and practices with respect to the management of personal information without unreasonable effort.
8.2 Such information shall be made available through each of the Centenal Tax Group, Inc.’s websites and through the Centenal Tax Group, Inc. Intranet sites and shall include:
PRINCIPLE 9 — INDIVIDUAL ACCESS
Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information except where Centenal Tax Group, Inc. is permitted or required by law not to disclose personal information to the individual customer. An individual customer shall be able to challenge the accuracy and completeness of the information disclosed to him or her and have it amended as appropriate.
9.1 Upon request, Centenal Tax Group, Inc. shall inform an individual customer whether it holds personal information about that individual (except where permitted or required by law not to disclose personal information) and shall afford the individual a reasonable opportunity to review the personal information in his or her file at minimal or no cost to the individual. Centenal Tax Group, Inc. shall provide an account of the use that has been made or is being made of the personal information and an account of the third parties to which the personal information has been disclosed. Where reasonably possible, Centenal Tax Group, Inc. shall indicate the source of the personal information.
9.2 In order to safeguard personal information, a customer may be required to provide sufficient identification information to permit Centenal Tax Group, Inc. to account for the existence, use and disclosure of personal information and to authorize access to the individual's file. Any such information shall be used only for this purpose.
9.3 In certain situations, Centenal Tax Group, Inc. may not be able to provide access to all of the personal information that they hold about a customer. For example, Centenal Tax Group, Inc. is not required to provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Similarly, Centenal Tax Group, Inc. may not be required to provide access to information if disclosure would reveal confidential commercial information, if the information is protected by privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal, state or provincial law. If access to personal information cannot be provided, Centenal Tax Group, Inc. shall provide the reasons for denying access upon request.
9.4 In providing an account of third parties to which it has disclosed personal information about a customer, Centenal Tax Group, Inc. shall attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed personal information, Centenal Tax Group, Inc. shall provide a list of organizations to which it may have disclosed personal information about the customer.
9.5 Centenal Tax Group, Inc. will respond to an individual’s request within a reasonable time and in any event within thirty (30) days of the request. The time for responding to a request may be extended for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of Centenal Tax Group, Inc., or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. Centenal Tax Group, Inc. may also extend the time for responding for such period of time as is necessary to be able to convert the personal information into an alternative format. Centenal Tax Group, Inc. will provide notice to the individual of any extension taken within thirty (30) days of the individual’s request and will advise the individual of the right to make a complaint to the Chief Information Security Officer about the extension. They will provide the requested information or make it available in a form that is generally understandable. For example, if abbreviations or codes are used to record information, Centenal Tax Group, Inc. will provide a corresponding explanation.
9.6 Upon request by an individual with sensory disabilities, Centenal Tax Group, Inc. will give access to personal information about the individual in an alternative format if a version of the information already exists in that format or if its conversion to an alternative format is necessary to allow the individual to exercise rights to request correction, challenge compliance of Centenal Tax Group, Inc. under the Challenging Compliance Requirement (See principle 10) or file a formal complaint pursuant to applicable privacy legislation.
9.7 Centenal Tax Group, Inc. shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to the accuracy or completeness shall be noted in the individual’s file. Where appropriate, Centenal Tax Group, Inc. shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.8 A customer can obtain information or seek access to his or her individual file by contacting Centenal Tax Group, Inc.
9.9 Centenal Tax Group, Inc. members will be assigned unique User ID Numbers and passwords and are able to use this information to register for the Member Center on the Centenal Tax Group, Inc. websites. Once registered, the member will have access to their personal information and membership information. Customers are entirely responsible for maintaining the confidentiality of their identifying information, including account numbers, User ID numbers and passwords.
PRINCIPLE 10 — CHALLENGING COMPLIANCE
10.1 Centenal Tax Group, Inc. shall maintain procedures for addressing and responding to all inquiries or complaints from its customers about the companies' handling of personal information.
10.2 Centenal Tax Group, Inc. will inform their customers about the existence of these procedures as well as the availability of complaint procedures.
10.4 Any questions about the security of Centenal Tax Group, Inc.’s websites or within Centenal Tax Group, Inc. should be addressed to email@example.com.
10.5 If for any reason an individual believes that Centenal Tax Group, Inc. has not adhered to these privacy principles, notification should be emailed to firstname.lastname@example.org.