Privacy Policy

Privacy Policy

Effective Date: February 5, 2024

This Privacy Policy (the “Policy”) provides rules and regulations outlining the proper conduct for maintaining the privacy of client information collected and stored by Crowe BGK (“Crowe”). Specifically, it outlines the types of information that we gather about you while you are using our website, and the ways in which we use this information. This Policy also applies to all activities that may involve personal client information at Crowe BGK. The concept of "personal information", within the meaning of this Policy, includes any information relating directly or indirectly to a client that is required in completing the engagement. Personal information includes SIN’s, names, contact information, telephone numbers and email addresses of individuals.  

Personal information collected shall be limited to information that is necessary for the purposes identified by Crowe and be collected by fair and lawful means.

Crowe BGK LLP is a member of Crowe Global, a Swiss verein. Each member firm of Crowe Global is a separate and independent legal entity. Crowe BGK LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Global or any other member of Crowe Global.

Please read this Privacy Policy carefully. By visiting and using the Site, you agree that your use of our Site, and any dispute over privacy, is governed by this Privacy Policy.

Privacy Officer:

Ingrid Jensen

Chief Operating Officer 

[email protected]


Collection and Use of Information from the Site

We may collect, store and process personal or other information that you supply to us through your use of the Site.  For example, individuals who applied for registration as a Member Firm may be contacted by Crowe Global and individuals who contacted us with their information may be contacted to answer their inquiries.

Crowe Global and Crowe BGK collect personally identifying information from our users through the Site’s pages, and from time to time there may be other pages where information may be sought which will seek similar information.  Generally, this information includes names, phone numbers, e-mail addresses, passwords and employment information for registration or opt-in purposes.

We also collect and store information that is generated automatically as you navigate online through the Site. For example, we may collect information about your computer's connection to the Internet, which allows us, among other things, to improve the delivery of our web pages to you and to measure traffic on the Site.  The Site may also automatically recognize and store information about the type of browser you are using; your Internet Protocol (“IP”) address; the time, date, and length of your visit; and the referring site.  We also use a standard browser software feature called a “cookie,” in order to enhance your experience with the Site. Cookies are small files that your web browser places on your hard drive for record-keeping purposes. By showing how and when visitors use the Site, cookies help identify how many unique users visit us, track user trends and patterns, and may help deliver advertisements or other notices.  They also may prevent you from having to re-nter your preferences on certain areas of the Site where you may have entered preference information before.   Cookies may not expire unless you manually delete them or set your browser to reject them.  If you do not accept cookies, you may have difficulty navigating the Website, or the performance may not be the same.  The Site also may use web beacons (single-pixel graphic files also known as “transparent GIFs”) to access cookies and to count users who visit the Site or open HTML-formatted email messages. 

We may use the information we collect from you while you are using the Site in a variety of ways, including using the information to customize features and advertising that may appear on the Site. Crowe BGK may also share information you provide us with Crowe Global and its Member Firms who may use your information to contact you as a prospective Member, client or for similar business purposes.  Similarly, in cases where Crowe Global or its other Members may collect information from you directly, they may share such information with us.  In cases where your information is collected by Crowe Global or its other Members, their respective privacy policies would also apply to their use of your information, and those policies may differ from ours.  If you have any questions regarding the privacy policy of Crowe Global or one of its other Members, you should contact Crowe Global or the other Member directly for more information. 

We may also provide your information to third parties such as data processors or other service providers or advertisers in order to improve your experience with us, the Site, or Crowe Global and its other Members, or to provide you with information about related products and services.  

If you do not wish your information to be used for any of the above described purposes, email: [email protected] and specify the purposes for which you do not want your information to be used.  Please allow us a reasonable time to remove your information from these purposes and cessation of these purposes may therefore not be immediate.

Additionally, Crowe BGK may disclose your information to the extent that such disclosure is required by law or to such an extent as we reasonably believe such disclosure is necessary to protect our legal interests. We reserve the right to cooperate with legal authorities and to release such information to comply with legal process.  Your information may also be transferred to a third party in the event of a sale, acquisition, merger or bankruptcy involving Crowe BGK, or the change in Member Firm for a specific jurisdiction.

The Site may also include links to other websites or provide access to products and services offered by third parties, whose privacy policies we do not control. When you access another website or purchase third party products or services, use of any information you provide is governed by the privacy policy of the site you are visiting who is providing such products or services or collecting your information. 

Cookie List

 

Use of Google Analytics

We may also use Google Analytics Advertiser Features (or other similar services) to optimize our business.

Advertiser features include:

Remarketing with Google Analytics;

Google Display Network Impression Reporting;

DoubleClick Platform Integrations; and

Google Analytics Demographics and Interest Reporting

By enabling these Google Analytics Display features, we are required to notify our visitors by disclosing the use of these features and that we and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to gather data about your activities on our Site.  Among other uses, this allows us to contact you if you begin to fill out our check-out form but abandon it before completion with an email reminding you to complete your order.  The “Remarketing” feature allows us to reach people who previously visited our Site, and match the right audience with the right advertising message.

You can opt out of Google’s use of cookies by visiting Google’s ad settings and/or you may opt out of a third-party vendor's use of cookies by visiting the Network Advertising Initiative opt-out page.

Storage Of Your Information

Your information is stored on Crowe BGK’sservers that deliver our content and messaging, and is kept as long as such information remains potentially useful for the purposes it was collected, and not any longer.  Your information can only be accessed by us, Crowe Global, its Members that subscribe to its Global Directory, and those who help manage its Member portal.   Such Members may also store such information.

 


Collection and Use of Client Information

Should you become a client or use our services, your information may be collected as well. 

An employee or partner may  collect or use a client’s personal information to provide the requested service. For example, we may:

  • Collect and record information about our clients to be able to contact them for the purpose of responding to their request.
  • SIN
  • Cell phone number
  • Office and/or personal email address
  • Home address

An employee or partner is prohibited from collecting or using the personal information of a client or former client of the firm for any purpose other than the duties of the service requested by the client unless such collection or use has been previously approved by the Privacy Officer in accordance with Section 4. For example, an employee or partner cannot:

  • Send bulk mailings to clients who have not given their consent.
  • Use client information for personal purposes.
Any disclosure of personal information to a third-party organization or person is prohibited unless:
  • Personal information collected by Crowe, shall not be used or disclosed for purposes other than for those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes;
  • Crowe shall safeguard all client information against unauthorized access, disclosure, copying, use or modification.

Location of Your Information

Your personal data may be processed by us in the United States in accordance with applicable law.  To the extent your data is transferred by us, to Crowe Global, or between its Members internationally, such transfers will be effected through use of appropriate safeguards under applicable law.  BY AGREEING TO THE CROWE BGK PRIVACY POLICY, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING INTERNATIONALLY OF ANY PERSONAL AND NON-PERSONAL INFORMATION COLLECTED OR OBTAINED BY CROWE BGK.

Retention and Destruction of Personal Information

 An employee or partner of Crowe is prohibited from storing personal information in a location other  than the ones expressly designated below.

 

Types of Personal Information Place of Storage  Shelf life  
Client contact information/coordinates STAR  Indefinite or at client's request
Client Data 

CaseWare, Taxprep, QuickBooks, Sage WriteUp, Sharefile, iFirm, File Servers on local servers 

Indefinite or at client's request
Client contact information File Servers on local servers   At the client's request 


After the retention period set out above, client information must be destroyed

 

Access to Client Information

The Privacy Officer is responsible for assigning and managing access to the various locations of client information.

Security measures

 In the course of their work, an employee or partner must take reasonable precautions to protect the confidentiality of client information to which they have access. In particular, they must:

  • Refrain from disclosing to anyone the access codes to their accounts unless they have express authorization to do so.
  • Must not leave a password in writing in public view.
  • Enable protection mechanisms on their online accounts, including two-factor authentication.
  • Access client information only from their work computer and log out after their work session.
  • Ensure communication with clients cannot be heard by unauthorized third parties.
  • Keep paper documentation containing client information under lock and key.
  • Shred all notes used to respond to a client as soon as they are no longer needed.
  • In communications between employees or partners, avoid transferring client information.
  • Follow client information retention protocols (see section 2.3).

An employee or partner must promptly report to the Privacy Officer any situation of which he or she is aware where personal information held by Crowe may have been compromised.

Public Relations

  • Crowe must respond, within 30 days, to any complaint, request for deletion or access to client information made by a client, unless a legal provision prevents deletion or access. 
  • Complaints and other requests relating to client information must be referred to the Privacy Officer, who must ensure that they are dealt with in a timely manner.

Security Beach Management 

In the event of a privacy incident involving client information held by Crowe, the Privacy Officer shall, with the utmost urgency:

  1. Identify the causes of the incident and stop the leak.
  2. Inform the client concerned.
  3. Report the incident to la Commission d’accès à l’information 
  4. Take the necessary measures to reduce the harmful consequences that may be suffered by the client concerned.
  5. Put in place the necessary measures to prevent the recurrence of such an incident.

The person in charge of client information must also keep a record of confidentiality incidents.

Roles and Responsibilities 

Privacy Officer

    • The Privacy Officer is the person within the organization who ensures compliance with and implementation of this Policy.
    • The Privacy Officer is designated, in writing, by the Management Committee of Crowe. In the absence of such a designation, this function is performed by the COO.
    • The person in charge may delegate this function in writing, in whole or in part, to any person. In particular, they may designate a lawyer to carry out the legal analyses required in Section 4, as well as other people to support them in this task.
    • The name and contact information of the Privacy Officer are published in the Privacy Policy on the Crowe website.

    Cyber Security Committee

      The Cyber Security Committee plays an advisory role in the governance of client information and in the implementation of this Policy. It also ensures the sustainability of documents of historical value held by Crowe, while promoting a pragmatic approach to data management.

      The committee's mandate includes:
      • Monitor Crowe digital transition.
      • Support management in the implementation of Crowe digital transition
      • Advise the Privacy Officer in the implementation of this Policy, cyber security and files related to the digital transition.

      The committee has no decision-making authority.

      The committee meets a minimum of four times a year or more, as required. It is composed of the following persons:

      • Managing Partner
      • COO
      • IT Director
      • S3 – Third Party IT Resource and S# Senior Management

      The committee may invite team members or external experts to obtain their views, as appropriate.

       


      Email Marketing And Opt-Out

      To the extent required by the United States’ Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), or other similar domestic and international regulation, all of the commercial emails sent to you by us will include an unsubscribe link in them. You can remove yourself at any time from our mailing list by clicking on the unsubscribe link that can be found in every communication that we send you. 

      Please note that changes to your email marketing preferences may not be effective immediately, and Crowe BGK may be unable to prevent all commercial email contact from Crowe Global or its other Members, which may require you to separately take advantage of opt-out features provided by Crowe Global or its other Members. 


      Your Privacy Rights

      You have the right to access, transport, update, rectify, or erase your personal data, as well as the right to object to or restrict its processing, transform it into anonymous form, or withdraw from any consent-based uses.  These rights may be exercised by emailing [email protected].  You also have a right to complain to your local data protection authorities if you believe your privacy rights related to your personal information have not been properly observed. 

      Additionally, California’s “Shine the Light” Law (CA Civil Code § 1798.83) allows California residents to request certain information regarding our disclosures, if any, of your personally identifiable information to third parties for their own direct marketing purposes in the prior calendar year. To make such a request, please email: [email protected] with “Request for California Privacy” in the letter subject line.

      When contacting us regarding your rights, you must include sufficient detail for us to locate your file; at a minimum, your name, email and postal address.

      Crowe must respond, within 30 days, to any complaint, request for deletion or access to client information made by a client, unless a legal provision prevents deletion or access. Complaints and other requests relating to client information must be referred to the Privacy Officer, who must ensure that they are dealt with in a timely manner.

      Updates to Privacy Policy

      Crowe BGK reserves the right to update and revise this Privacy Policy at its discretion. You can determine if this Privacy Policy has been revised since your last visit by referring to the “Effective Date of Current Policy” date at the top of this page. Your use of our Website constitutes your acceptance of the terms of the Privacy Policy as amended or revised by us, and you should therefore review this Privacy Policy regularly to ensure that you are aware of its terms. This Policy has been updated in accordance with the requirements of Bill 25 (the Act to modernize privacy legislation).

      If you have questions concerning this privacy policy, please email [email protected].

      © 2024 Crowe BGK LLP