This policy aims to ensure the protection of personal information and define the procedures for the collection, use, disclosure, storage, destruction, and management of information by M-A Séguin CPA Inc., including management, employees, suppliers, etc. Furthermore, it aims to inform any individual concerned about the processing of their personal information by M-A Séguin CPA Inc., whether it pertains to clients, employees, or any other individuals.

RESPONSIBILITY

M-A Séguin CPA Inc. assumes full responsibility for the protection of personal information under its control. The collection, use, disclosure, storage, or destruction of information is governed by this policy with the aim of safeguarding the privacy of every individual.

To ensure the optimal protection of personal information, the person responsible for information protection at M-A Séguin CPA Inc. must:

• Oversee and review internal practices and procedures for the processing of personal information, ensuring compliance with current laws.

• Propose measures to ensure the ongoing protection of personal information in line with privacy impact assessments.

• Implement necessary measures within the company to safeguard information.

• Provide training for staff and ensure compliance with best practices for protecting personal information.

• Coordinate, investigate, and respond to requests and complaints regarding the protection of personal information.

• Communicate with affected individuals and the Commission d’accès à l’information (CAI) in the event of a data breach or any incident.

• Maintain a record of incidents related to personal data.

Protecting personal information is everyone’s responsibility. No retaliation shall be taken against an individual who files a complaint related to the protection of personal information or participates in an investigation process by the Commission d’accès à l’information (CAI).

COLLECTION OF PERSONAL INFORMATION

The personal information collected enables the functioning of M-A Séguin CPA Inc.’s activities in accordance with applicable laws and standards. M-A Séguin CPA Inc. collects personal information only when necessary and for specific and pre-defined purposes. The collection of personal information is carried out directly from the concerned individual and with their consent, unless an exception is provided by law.

In Annex A, you will find a non-exhaustive list of collected information and the intended use of the data. The majority of collected personal information pertains to employees to meet the legal obligations of the company. The disclosure of personal information about other individuals may be requested to assist employees in case of emergencies, for example. It is the responsibility of employees to give their consent before providing us with their contact details.

Regarding client information, data is provided to feed into our Customer Relationship Management (CRM) program, contracts, and billing, but is mostly of a professional nature, such as email and phone number for contact purposes or payment method for services rendered. Payment information is entered, whenever possible, by the client into the CRM and is masked from the rest of the company to ensure confidentiality. For clients who have filled out a form including their credit card information or their business or professional bank account number, the data is accessible only by a small number of employees, such as administration and owners, to process the records.

CONSENT AND ACCURACY OF PERSONAL INFORMATION

M-A Séguin CPA Inc. ensures that the collection of personal information is done for justified, clear, and specific reasons and with the voluntary and informed consent of the individual. Consent is required for any collection, use, or disclosure of personal information. Before collecting personal information, we will ensure to obtain your informed consent in writing and separately, providing clear details about the purpose of the collection and how the information will be used. Your consent is essential to ensure the protection of your personal data.

LIMITATION OF THE USE OF PERSONAL INFORMATION

We collect and use your personal information only when necessary and for the purposes for which consent has been obtained. M-A Séguin CPA Inc. is obligated to provide certain information to satisfy legal and regulatory verification processes and requirements. The use may vary but could serve various purposes as outlined in Annex A.

Information may be disclosed to third parties to the extent necessary for the purposes mentioned in Annex A. M-A Séguin CPA Inc. cannot be held responsible for the behavior and use undertaken by third parties.

Personal information will not be used or disclosed for purposes other than the specific identified objectives, unless required by law.

PROTECTION OF YOUR PERSONAL INFORMATION

M-A Séguin CPA Inc. takes all reasonable precautions and has implemented significant physical and technical measures to prevent unauthorized or illegal use and access to personal information. Thus, the measures in place include, but are not limited to:

• Using information only when necessary;

• Ensuring the confidentiality and protection of personal information that an individual may become aware of in the course of their duties, unless authorized to disclose it by the concerned individual;

• Protecting records with selective and limited access to authorized personnel;

• Securing office access with door locks and access codes;

• Secure shredding of paper records;

• Immediate removal of access following the end of a business relationship.

All individuals are required to contribute to the protection of personal information. If you suspect that sensitive information has been compromised, you must immediately notify the person responsible for the protection of personal information.

DURATION OF RETENTION OF YOUR PERSONAL INFORMATION

M-A Séguin CPA Inc. commits to adhering to the minimum retention periods specified according to the category of personal information and applicable laws, including the Chartered Professional Accountants Act. However, if the collected information is no longer useful for M-A Séguin CPA Inc. and its retention is neither necessary nor mandatory under various legislative frameworks, it will be destroyed, erased, or converted in a way to maintain anonymity.

COMMITMENT TO TRANSPARENCY

M-A Séguin CPA Inc. is committed to transparency regarding the processing, procedures, and purposes of use that govern personal information for clients, employees, interns, and business partners.

ACCESS TO YOUR PERSONAL INFORMATION

An individual may request access to the personal information concerning them and the means used to collect it. Depending on the content of the individual’s file, exceptions may be applicable, such as personal information about others, however, the individual will be informed. In the case of inaccurate information in the file, the concerned individual may request correction.

For any inquiries, withdrawal, and/or modification of personal information, you can write to the email address info@maseguin.ca. At any time, you may withdraw your consent to the disclosure of your personal information. A written request must be submitted to the person responsible for personal information protection at info@maseguin.ca. A response will be provided within 30 days of the date of receipt. When it is not possible to share the requested information, legal justification and support must be provided to explain the decision to the requester.

COMPLAINT PROCEDURE

An individual who believes that their personal information has been collected, retained, used, disclosed, or destroyed in a manner inconsistent with the provisions of this policy can file a confidential complaint with the person responsible for the protection of personal information at the email address info@maseguin.ca. The individual must provide their name, contact information, including a phone number, as well as the subject and reasons for the complaint. It is necessary to provide sufficient details for the complaint to be properly assessed. A response will be provided within 30 days of the date of receipt of the complaint. If the complaint is insufficiently specific, the person responsible for the protection of personal information may request additional information deemed necessary to assess the complaint. The responsible party will conduct an investigation into the received complaints, minimize damages, and implement necessary corrections.

It is also possible to file a complaint with the Commission d’accès à l’information du Québec. However, M-A Séguin CPA Inc. encourages concerned individuals to first communicate with the person responsible for the protection of personal information and to await the conclusion of the prescribed processing process.

APPROVAL

This policy is approved by the person responsible for the protection of personal information within M-A Séguin CPA Inc.

Person Responsible for the Protection of Personal Information:

Marc-André Séguin, CPA

195 Boul Gréber, Suite 207

Gatineau, Québec

J8T 3R1

For any requests, questions, or comments regarding this policy, please contact the responsible person via email.