Your privacy is important to us, and maintaining your trust and confidence is one of our highest priorities. We value your business and are committed to protecting your privacy. We hope that by taking a few moments to read this policy statement, you will have a better understanding of what we do with the information you provide us and how we keep it private and secure.
TYPES OF INFORMATION WE COLLECT
We collect certain personal information about you that is provided to us by you or obtained by us from third parties with your authorization. We use that information to prepare your personal and business income tax returns and may also use it to provide various tax and financial planning services to you at your request. Examples of sources from which we collect information include:
- Interviews and phone calls with you
- Letters or emails from you
- Tax return or financial planning organizers
- Other trusted advisors as per your authorization
PARTIES TO WHOM WE DISCLOSE INFORMATION
As a general rule, we do not disclose personal information about our clients to anyone. However, to the extent permitted by law and any applicable state Code of Professional Conduct, certain nonpublic information about you may be disclosed in the following situations:
- To the IRS or applicable states when we file your income tax returns, whether by mail or electronically. Electronically filed returns are processed through an e-file service provider.
- To comply with a validly issued and enforceable subpoena or summons.
- In the course of a review of our firms practices under the authorization of a state or national licensing board, or as necessary to properly respond to an inquiry from such a licensing board or organization.
- In conjunction with a prospective purchase, sale, or merger of all or part of our practice provided that we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.
- As part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us (although there have been none of these) provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.
CONFIDENTIALITY AND SECURITY OF NONPUBLIC PERSONAL INFORMATION
Except as otherwise described in this notice, we restrict access to nonpublic personal information about you to employees of our firm. Their right to further disclose and use the information is limited by the policies of our firm, applicable law, our Code of Professional Conduct, and nondisclosure agreements where appropriate. We also maintain physical, electronic, and procedural safeguards in compliance with applicable laws and regulations to guard your personal information from unauthorized access, alteration, or premature destruction.
As a result of our confidentiality policy, we require that our clients provide specifically written permission for disclosure to third parties. Examples of parties which we would require written permission before disclosure include, but are not limited to, banks, attorneys and other non-affiliated financial advisers.
ELECTRONIC CONFIDENTIALITY MEASURES
In order to fulfill our commitment to privacy, we take the following measures to ensure that all data within our information systems (IS) are safeguarded. These measures include: employee mandated procedures and policies, adherents to IS best practices, and the employment of security related information technology (IT).
Employee procedures and policies are the first line of defense for protecting data. Because of this, our employees are mandated to protect clients’ information by acting in a cautious and safe manner when dealing with any data related to our clients. An example of these policies would be the requirement that nonpublic client related data may only be stored in company authorized IT systems. Additional procedural safeguards for IT systems and client data include policies for the use of password handling, data exchange, and software usage.
In order to reduce the inherent risk of digitizing information, IT security must be a paramount factor to the decision-making process. We are, therefore, committed to IT related security. Our firm adheres to best practice implementations and utilization for our IT systems. An example of this would be that we mandate that storage be redundant with regular backups, as well as secured from unauthorized physical and logical access. In order to achieve best practices, we contract with third-party IT/IS providers to assist us in the implementation of our technology. These third-parties also help us in performing regular audits and reviews of our IT systems and processes.
Our company uses modern IT security products and services to help safeguard client and company data. This includes, but not limited to:
- redundant storage
- data replication solutions
- hardware and software firewalls
- intrusion prevention systems
- patch management
- device alerting and monitoring
- anti-malware & antivirus software
- multi-factor authentication
- perimeter security gateways
- email filtering
Our firm is committed to utilizing the most up to date and advanced IT security solutions available to us for data protection. As part of this commitment the specific technology and methods will vary with time. Regardless of the exact technology, our firm will always remain dedicated to safeguarding our clients’ information and confidentiality.
It is possible for us, with your authorization, to transmit tax returns and information to you in digital form. Our firm only recommends utilizing secure forms of data exchange. We have several methods of secure data transmission available for our clients. Our staff can consult with you and present options for secure transmittal methods. However, if you request and authorize a non-secure method of transmittal and file exchange, we cannot ensure or warrant the security of any information transmitted. Examples of this would be unencrypted protocols and unverified third-party systems. Non-recommended transmission methods include, but are not limited to FTP servers, SMTP based emails, and HTTP based web services. The protocols used by these services are unencrypted, therefore they are not recommended by our firm for the transmittal of confidential information.
ACCESS TO AND ACCURACY OF YOUR INFORMATION AND YOUR OTHER RIGHTS
In certain jurisdictions, notably the EU and the UK, you have a right: to ask us for a copy of your personal information; to ask us to correct, delete or restrict (stop any active) processing of your personal data and to obtain the personal data you provide to us for a contract or with your consent and to ask us to share (port) this data to another data controller; to object to the processing of your personal information by us in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). These rights may be limited, for example, if fulfilling your request would reveal personal data about another person or breach the privacy rights of others, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. To exercise any of these rights, please contact firstname.lastname@example.org . If you have unresolved concerns, you have the right to make a complaint to the data protection supervisory authority where you live, work or where you believe a breach may have occurred.
WEBSITE DATA COLLECTION
We may collect anonymous information about your web usage via our website. Any unsolicited information collected via the website is to be anonymized, with no personally identifiable information, and will be used for statistical and marketing purposes only. Any and all information collected from our website is for our internal use and will not be given to any third-parties. Any solicited information which is personally identifiable, and or confidential, may also be collected from the website but only in a secure manner. Our website is designed so that sensitive information is to be sent securely. Sensitive information such as credit card transactions are encrypted and secured using modern methods. This includes the web protocol SSL/TLS and as well as signed certificates for site verification.
It is recommended that you verify this security of our website, as well as any other website, before submitting any confidential information. This can be done by confirming the browser status while on the webpage which is soliciting information. Depending on the web browser you are using you can look for a closed lock icon at the top, or bottom, of your browser. By clicking the lock in the browser, you can confirm the certificate of the website has been verified by the browser and that you are communicating to a secure site. You can also look for “https” at the beginning of the web page address which indicates the usage of SSL/TLS.
QUESTIONS OR CONCERNS
Thank you for allowing us to serve your accounting, tax, and financial planning needs.
GC Consultants, Inc – Giuseppe Brusa CPA LLC