As a Chartered Professional Accountant (CPA) in British Columbia, I am committed to maintaining the highest standards of confidentiality, integrity, and professionalism. Protecting your personal information is a core part of that commitment and a requirement under the CPA Code of Professional Conduct (British Columbia).

This policy applies to all services I provide, including tax preparation and filing (T1 and other returns), bookkeeping, accounting, and assurance engagements up to and including Review engagements, as well as advisory and consulting services.

Governing Legislation

This policy is designed to comply with:

• The Personal Information Protection Act (BC PIPA), SBC 2003, c. 63, which is the primary privacy legislation governing how private-sector organizations in British Columbia collect, use, and disclose personal information

• The Personal Information Protection and Electronic Documents Act (PIPEDA), to the extent it applies to interprovincial or international activities

• The CPA Code of Professional Conduct (British Columbia), Rule 208 — Confidentiality of Information

• Canada Revenue Agency record-keeping requirements

What Information Is Collected

The type of personal and financial information I collect depends on the services you have engaged me to provide. This may include:

Identity and contact information

• Full legal name, date of birth, and social insurance number (SIN)

• Home address, telephone number, and email address

• Marital status and information about dependents

Financial and tax information

• T-slips, investment statements, rental income records, and other income documentation

• Business financial records, bank statements, and receipts

• Prior year tax returns and notices of assessment

• GST/HST records and payroll information

• Financial statements, trial balances, and supporting working papers

Business information (where applicable)

• Corporate structure, ownership, and signing authority

• Contracts, invoices, and supplier or customer information

• Internal controls documentation and audit evidence for Review engagements

Other information

• Any additional information you provide in the course of our engagement that is necessary to deliver the services described in your engagement letter

I collect only the information that is reasonably necessary for the purposes identified below. You will always be informed of the purpose at or before the time of collection.

How Your Information Is Used

Your personal and financial information is collected and used for the following purposes:

• Preparing and filing personal and corporate income tax returns with the Canada Revenue Agency

• Performing bookkeeping, write-up, and accounting services

• Conducting Review engagements in accordance with Canadian Standards on Review Engagements (CSRE 2400)

• Communicating with the Canada Revenue Agency on your behalf, including responding to reviews, audits, or requests for information

• Providing tax planning and financial advisory services

• Meeting professional, legal, and regulatory obligations, including those imposed by CPA British Columbia

• Issuing invoices and processing payments for professional services

I will not use your information for any purpose beyond those described above or in your engagement letter without your prior consent.

Third-Party Service Providers

In delivering services to you, I use the following software platforms, which may store or process your personal or financial information:

• Intuit Profile — professional tax preparation software used to prepare and file T1 and other returns with the CRA

• CaseWare — engagement management and working paper software used for Review and other assurance engagements

• QuickBooks Online (Intuit) — cloud-based accounting software used for bookkeeping and financial reporting

Each of these providers maintains their own privacy and data security practices. Intuit and CaseWare operate under privacy programs that include data residency and security commitments relevant to Canadian professional accounting practices. I take reasonable steps to ensure that any third-party provider I use offers an appropriate level of protection for your information.

I also use secure cloud storage and may use secure communication and video conferencing tools to conduct meetings and exchange documents. In all cases, access to your information is limited to what is necessary for the engagement.

Your information is not sold, rented, or traded to any third party. Disclosure to third parties occurs only:

• With your explicit consent

• As required to fulfill the engagement (e.g., filing with the CRA on your behalf)

• As required by law, court order, or regulatory authority

• As required by my professional obligations to CPA British Columbia

Employees and Subcontractors

I may be assisted by employees or subcontractors in delivering services. Any such individuals are bound by confidentiality obligations consistent with the CPA Code of Professional Conduct and are permitted to access your information only to the extent necessary to perform their assigned tasks. I remain responsible for the handling of your personal information by anyone working under my direction.

Confidentiality

As a CPA, I am bound by Rule 208 of the CPA Code of Professional Conduct (British Columbia), which imposes a strict duty of confidentiality with respect to all client information acquired in the course of a professional engagement. This duty survives the end of our engagement relationship.

Your information will not be disclosed to any other person or organization without your consent, except where disclosure is required by law or by my professional obligations as a CPA.

Retention of Records

I retain engagement records and personal information for a minimum of seven (7) years following the completion of the relevant engagement, in accordance with:

• CRA requirements for tax preparers and the general six-year record-keeping rule

• CPA British Columbia professional standards for engagement documentation

• Applicable limitation periods under BC law

Physical records are stored securely with restricted access. Electronic records are stored in password-protected systems or encrypted cloud environments. When records are no longer required, they are destroyed in a secure manner — paper records by shredding and electronic records by secure deletion.

Data Security

I take reasonable technical and organizational precautions to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction. Security measures include:

• Password protection and two-factor authentication on software platforms and cloud storage

• Encrypted file transfer for the exchange of sensitive documents

• Restricted access to client files on a need-to-know basis

• Secure physical storage for paper records

Please be aware that no method of transmission over the internet is completely secure. If you have concerns about how to transmit sensitive information, please contact me before sending and I will advise on the most appropriate method.

Your Rights Under BC PIPA

Under the Personal Information Protection Act (BC), you have the right to:

• Access — Request access to the personal information I hold about you, subject to limited exceptions provided by law

• Correction — Request that inaccurate or incomplete information be corrected

• Withdrawal of consent — Withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal and professional obligations (note that withdrawal of consent may affect my ability to complete or continue an engagement)

• Complaint — File a complaint with the Office of the Information and Privacy Commissioner for British Columbia (OIPC) if you believe your privacy rights have been violated

To exercise any of these rights, please contact me directly using the contact information provided in your engagement letter or on this website. I will respond to requests within 30 business days, as required by BC PIPA.

Changes to This Policy

I may update this privacy policy from time to time to reflect changes in my services, applicable law, or professional standards. The most current version will always be available on this website. The date at the top of this policy reflects when it was last revised. Continued use of my services following any update constitutes acceptance of the revised policy.

Contact

If you have any questions about this privacy policy or how your information is handled, please contact me via the contact page.

Reece D. Millar, CPA