PRIVACY POLICY

Alliant collects, uses, and discloses personal information in its possession or under its control as necessary to fulfill its professional responsibilities and operate its business. The Firm is committed to protecting the privacy of personal information provided by clients and ensuring the security of all personal information it holds. This Privacy Statement outlines the principles and practices the Firm follows to meet its privacy obligations to clients and comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the B.C. Personal Information Protection Act (PIPA).

Accountability for Personal Information

The Firm is responsible for all personal information in its possession or control, whether directly received from individual clients or indirectly through clients that are organizations (e.g., corporations, government bodies, non-profits). To safeguard this information, the Firm has:

• Established policies and procedures for the protection of personal data

• Educated its principals and employees on privacy responsibilities

• Appointed a Privacy Officer to oversee privacy issues

For any questions regarding the Firm’s privacy practices, clients may contact the Firm’s Privacy Officer, Sharaz Chaudhary, via email at sharaz.chaudhary@alliantaccounting.ca, by phone at 604-565-6913, or by mail at 108-15055 54A Ave, Surrey, B.C. V3R 6V9.

Purpose Identification

The Firm identifies the purposes for which personal information is collected from clients before it is gathered. Personal data is only collected, used, and disclosed as necessary to provide requested professional services.

Consent

Before collecting personal information, the Firm obtains the client’s consent. This consent is outlined in the Firm’s engagement letters, which also detail the client’s responsibility to secure any necessary consents for the use and disclosure of personal information under applicable privacy laws. Signing the engagement letter confirms this acknowledgment.

Accuracy of Personal Information

The Firm takes reasonable steps to ensure that personal information it holds is accurate, complete, and up-to-date as needed for its intended purposes. Clients are encouraged to contact the Firm’s engagement principal to update their information when necessary.

Data Minimization and Fair Collection

The Firm collects only the personal information required to provide professional services or operate its business. Information is gathered using lawful and fair methods. Principals and staff involved in an engagement will access only the information needed to complete that engagement or to handle Firm matters, such as billing and communication.

Limiting Use, Disclosure, and Retention

The Firm uses or discloses personal information only for the purposes for which consent has been provided or as required by law. Personal information is retained only as long as necessary to fulfill these purposes. For instance, client-related working papers (which may include personal information) are retained in accordance with legal and regulatory requirements. Personal data may also be:

• Shared with Firm personnel working on the engagement

• Disclosed to professionals reviewing the Firm’s work to ensure compliance with standards

• Provided to external inspectors, such as regulatory bodies, as required by law

• Retained for the legally mandated time frame and then securely destroyed, anonymized, or erased.

Security Safeguards

The Firm protects personal information with appropriate security measures relative to its sensitivity. This includes:

• Physical security for information stored in paper form (e.g., restricted access, locked filing cabinets)

• Electronic safeguards such as authentication systems to prevent unauthorized access

• Ensuring third-party service providers meet the Firm’s security standards for personal data protection

Access to Personal Information

Clients have the right to access their personal information held by the Firm. Individual clients can contact the engagement principal managing their services for access to their data. Authorized representatives of organizational clients can also request access to personal information provided by their organization. In certain cases, the Firm may not be able to provide access to all information, and in such instances, the Firm will explain the reasons for denying access and any potential recourse, unless prohibited by law.

Challenging Compliance

The Firm has procedures in place to address and respond to client complaints and concerns regarding privacy practices. If a client believes the Firm is not adhering to its Privacy Policy, they may submit a complaint to the Privacy Officer. The Privacy Officer will ensure the issue is thoroughly investigated and will report the findings to the client, typically within 30 days.