Personal Information Protection Policies and Procedures

At MyBudgetFile Inc., (as follows, “MBF,” “we” or “us”) we are devoted to providing our clients with unprecedented service. Providing this service involves the collection, use, and disclosure of some personal information about our clients, and protecting their personal information is our highest priority. This includes any information we may share with contractors, subcontractors or any agents we require in the usual and ordinary course of business.

While we have always respected our clients’ privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result of a number of laws and legislation. We are compliant with:

Furthermore, all personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in this policy and with criteria outlined in the Generally Accepted Privacy Principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

We will inform our clients of why and how we collect, use and disclose their personal information, obtain their consent wherever required, and reasonably handle their personal information.

This Personal Information Protection Policy, in compliance with all applicable laws and legislation, outlines the principles and practices we will follow in protecting our clients’ personal information.  Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’ personal information and allowing our clients the ability to request access to, and correct their personal information.

Part 1: Collecting and Using Personal Information

1.1 The purposes of collecting personal information are only for what is necessary for MBF to conduct business. You, the client, voluntarily provide us with any personal information. We will communicate the purposes for which personal information is being collected, before or at the time of collection and we will never gather information without your consent.

1.2 It’s your data, our services provide you the framework required to manage and operate your organization successfully, and what you choose to store in the application is entirely up to you. Additionally, we do not monetize or share this information with any third parties.

1.3 We operate a system into which you and/or other authorized users in your organization may upload, manipulate, store, and download your own personal information and that of other employees necessary to produce and manage your organization’s financial budget.  MBF does not use this personal information except to provide technical and operational support to you and other authorized users of the system in your organization. We do not monetize or share this information with any third parties.

1.4 We will only collect data that is necessary to fulfill the following purposes:

Implementation

We require contact information from certain key individuals within a client’s organization to establish a business relationship. This information provides us the main point of contact to your organization. Information required typically includes:

  • First and Last Name
  • Organizational Title
  • Work Address
  • Work Postal/Zip Code
  • Work Phone Number
  • Work Email Address

Support

As a part of our commitment to our clients, we strive to provide you with exemplary customer support to assist you with any questions you may experience. Information that you provide to us is voluntary, and we urge you to not send any personal information to us through unsecured channels such as email. However, information that we encounter while assisting you may include the following data pertaining to you and other employees of the organization:

  • First and Last Name
  • Work Address
  • Work Postal/Zip Code
  • Work Phone Number
  • Work Email Address
  • Organizational Title
  • Salary Information
  • Work Hours
  • Benefit Program Enrolment Information
  • Employee Identifiers

 Marketing and Sales

We do not use third-party marketing services or sell your information in any manner. However, we do collect information to suggest and provide services that may be beneficial to you. The information we collect is provided voluntarily, and we never collect information from other sources unless it’s publicly available information or directly from you. Some information may include:

  • First & Last Name
  • Organizational Title
  • Address
  • Phone Number
  • Email Address

Analytics

Our corporate website uses Google Analytics to help analyze how users experience our site. Google Analytics uses “cookies,” which are pieces of information used to collect and log information about visitor behaviour. Your IP address is also collected, although it cannot be used to identify a computer user, it is used purely for determining the generic geographic location of visits. All information collected is anonymized and helps us understand what we can do to improve our services. No personal information is collected unless you explicitly submit information through a fill-in form on this website.

The anonymous information generated by your cookies are then transmitted to Google. The information is processed and compiled to view statistical reports, which helps us optimize content, assist with marketing, and better meet your informational needs.

Here is a browser plug-in tool that can be used to explicitly opt-out of our analytical program.

Part 2: Consent

2.1 We will obtain client consent to collect, use or disclose personal information (except where, as noted below, we are required to do so without consent).

2.2 Consent can be provided orally, in writing, electronically, and is explicitly done through an authorized representative of your organization. Furthermore, it may be implied where the purpose of collecting, using or disclosing the personal information would be considered obvious, and the client voluntarily provides personal information for that purpose.

2.3 Consent may also be implied where a client is given notice and a reasonable opportunity to opt-out of his or her personal information being used fora particular purpose and where the client does not opt-out.

2.4 Subject to certain exceptions (e.g., the personal information is necessary to provide the service, or the withdrawal of consent would hinder the performance of a legal obligation), clients can withhold or withdraw their consent for MyBudgetFile Inc., to use their personal information in certain ways.  A client’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a service.  If so, we will explain the situation to assist the client in making the decision.

2.5 We may collect, use or disclose personal information without the client’s knowledge or consent in the following limited circumstances:

  • When the collection, use or disclosure of personal information is permitted or required by law
  • When the personal information is available from a public source (e.g., a telephone directory, public website, business card)
  • When we require legal advice from a lawyer
  • To investigate an anticipated breach of an agreement or a contravention of law

Part 3: Using and Disclosing Personal Information

3.1 We will only use or disclose clients’ personal information where necessary to fulfill the purposes identified at the time of collection or for a purpose reasonably related such as:

  • To contact our clients directly about products, updates, and new services that may be of interest
  • To conduct client surveys to enhance the quality of our services
  • There’s a legal authority for disclosure (e.g., an audit, to collect a debt, protection against fraud, investigation, etc.)

3.2 We will not use or disclose client personal information for any additional purpose unless we obtain consent to do so.

3.3 We will not sell client lists or personal information to any third-parties or entities.

Part 4: Retaining Personal Information

4.1 If we use client personal information to make a decision that directly affects them, we will retain that personal information for at least one year so that the client has a reasonable opportunity to request access to it.

4.2 Subject to part 4.1, we will retain client personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose.

Part 5: Ensuring Accuracy of Personal Information

5.1 We will make reasonable efforts to ensure that personal information is accurate and complete where it may be used to make a decision about the client.

5.2 Clients may request correction to their personal information at any time to ensure its accuracy and completeness.  A request to correct personal information may be made in writing or verbally and must provide sufficient detail to identify the personal information and the correction being sought.

5.3 If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year.  If the correction is not made, we will note the clients’ correction request in the file.

Part 6: Securing Personal Information

6.1 We are committed to ensuring the security of personal information to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

6.2 The following security measures will be followed to ensure that personal information is appropriately protected:

  • Locked filing cabinets
  • Physically secured offices
  • User ID’s
  • Passwords
  • Encryption
  • Firewalls
  • Need-to-know basis for information
  • Restricting employee access
  • Secure storage of encrypted backup copies of data

6.3 We will use appropriate security measures when destroying clients’ personal information such as

  • Anonymizing any data used for development or testing
  • Shredding documents
  • Deleting electronically stored data after retention period is up or has no immediate required purpose

6.4 We will continually review and update our security policies and controls to ensure ongoing security.

Part 7: Providing Clients Access to Personal Information

7.1 Clients have a right to access their personal information, subject to limited exceptions.

7.2 A request to access personal information must be made in writing, by contacting our privacy officer. We require sufficient detail to identify the personal information being sought.

7.3 Upon request, we will also tell clients how we use their personal information and to whom it has been disclosed if applicable.

7.4 We will make the requested information available within 30 business days or provide written notice of an extension where additional time is required to fulfill the request.

7.5 If a request is refused in full or in part, we will notify the client in writing, providing the reasons for refusal and the recourse available to them.

Part 8: Questions and Complaints – The Role of the Privacy Officer or Designated Individual

8.1 The Privacy Officer is a designated internal employee responsible for ensuring MyBudgetFile’s compliance with this policy and the applicable legislation and best practices.

8.2 Clients should direct any complaints, concerns or questions regarding MyBudgetFile’s compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the client may also write to the Privacy Commissioner of their jurisdiction (listed below).

8.3 The Privacy Officer is responsible for communication to all affected districts in the event of a security related event.

Contact information for MyBudgetFile’s Privacy Officer:

Email: privacy@mybudgetfile.com

Phone: (780) 968-1087

For more information on privacy laws, or how to file a complaint, contact your local privacy commissioner or state attorney general here:

Canada

U.S.

Definitions

Personal Information – Information about an identifiable individual. This information may include first and last name, employee ID, salary, etc. Personal information does not include contact information (below).

Contact information – Information that would enable an individual to be contacted at a place of business. This information may include name, position title, business telephone number, business address, business email or business fax number.

Privacy Officer – This is the individual designated responsibility for ensuring that MyBudgetFile complies with this policy and all applicable laws, legislation and best practices.