Suresh Madaan CPA Professional Corporation
Effective Date: March 2026 | Version 1.01
What This Means for You
We collect only the personal information needed to prepare your tax return and provide our professional services. We do not sell, rent, or trade your information to anyone. We use technology tools including AI to help us work efficiently, but your data is never used to train AI models. You have the right to see what information we hold about you and to request corrections at any time. If you have questions, contact our Privacy and Compliance Officer at corpm@sm-cpa.ca or 403-456-2242.
This Privacy Policy describes how Suresh Madaan CPA Professional Corporation (the “Firm”, “we”, “us”, or “our”) collects, uses, discloses, retains, and protects the personal information of our clients and other individuals in the course of providing professional accounting, tax preparation, and related financial services.
This Policy applies to all personal information collected by the Firm, whether in paper or electronic form, and governs the practices of all employees, contractors, and associates acting on behalf of the Firm.
1. Applicable Legislation
The Firm is subject to the following privacy legislation:
Personal Information Protection Act (Alberta) (PIPA): The primary applicable statute governing collection, use, and disclosure of personal information in the course of providing services as a provincially regulated professional firm in Alberta.
Personal Information Protection and Electronic Documents Act (PIPEDA): The federal statute applicable to the extent that any activities of the Firm fall within federal jurisdiction or involve interprovincial or international transfers of personal information.
Where PIPA and PIPEDA overlap, the Firm will apply the more protective standard. This Policy is intended to satisfy the requirements of both statutes.
2. Accountability — Privacy Officer
The Firm has designated the Principal of Suresh Madaan CPA Professional Corporation as Privacy and Compliance Officer, who is accountable for the Firm’s compliance with this Policy and applicable privacy legislation.
Contact: Privacy Officer, Suresh Madaan CPA Professional Corporation, Unit 226, 4851 Westwinds Dr NE, Calgary, Alberta T3J 4L4. Tel: 403-456-2242. Email: corpm@sm-cpa.ca.
The Privacy Officer is responsible for: developing and maintaining this Policy; receiving and responding to privacy complaints and access requests; ensuring staff training on privacy obligations; and overseeing the Firm’s response to privacy breaches.
3. Personal Information We Collect
We collect only the personal information necessary to provide the professional services for which you have engaged us. This may include:
3.1 Identity and Contact Information
Full legal name, date of birth, Social Insurance Number (SIN)
Home address, mailing address, telephone numbers, email address
Government-issued photo identification (for client verification purposes)
3.2 Financial and Tax Information
3.21 Personal Information — Individual Clients (T1)
Employment income, commissions, tips, and all employment benefits, whether or not a T4 has been issued.
Investment income including interest, dividends, and trust distributions, whether received or accrued;
T4, T5, T3, T4A, T4PS, T4RSP, T4RIF, T4A(OAS), T4A(P), and all other tax slips and information returns;
Capital gains and disposition records, adjusted cost base (ACB) information for shares, real property, and other capital assets;
Rental income records, expense receipts, and property details including ownership structure;
Self-employment and sole proprietorship income and expense records, invoices, and supporting documentation;
Moving expense records, employment expense logs including vehicle mileage, home office usage, and meals and entertainment where applicable;
Retirement and pension income, RRSP/TFSA/FHSA contribution records, and HBP/LLP repayment schedules;
Spousal, child support, and alimony arrangements where relevant to tax filing;
Disability, childcare, tuition, and other personal credit documentation and receipts;
Prior year T1 returns, notices of assessment and reassessment, and loss carry-forward schedules;
Immigration and residency status, entry and departure dates where relevant to residency determinations and departure tax obligations;
Income earned through digital platforms, online marketplaces, and gig economy platforms (e.g., Airbnb, Uber, Etsy, Amazon Marketplace), including platform-issued information statements.
3.22 Business and Corporate Information — Corporate Clients (T2) and Unincorporated Businesses
Corporate financial statements including balance sheet, income statement, statement of retained earnings, and notes, prepared under ASPE or applicable framework
General ledger, trial balance, chart of accounts, and supporting accounting records
Shareholder information including share register, shareholder agreements, minute books, articles of incorporation, and corporate resolutions
Shareholder loan account details, director loan balances, and related party transaction records including intercompany loans and management fee arrangements
Associated corporation information for purposes of small business deduction (SBD) allocation and Part IV tax calculations
Ownership structure details including holding companies, operating companies, family trusts, and partnerships where relevant to tax planning or compliance
Partnership information, partnership agreements, and T5013 slips where applicable
Corporate tax installment schedules, payment records, and prior year T2 returns and notices of assessment
Business income and expense records, invoices, receipts, and supporting documentation for all deductions claimed
Vehicle usage logs, home office calculations, and travel and entertainment records where business expense deductions are claimed
Capital cost allowance (CCA) schedules, asset additions, dispositions, and Class records
Eligible capital property and intangible asset records where applicable
Dividend declarations, resolutions, and T5 slip issuance records
3.23 Common — All Clients (Personal and Corporate)
Social Insurance Number (SIN), Business Number (BN), and other government-issued identification numbers
Banking information as required for direct deposit, tax payment arrangements, or payroll processing
GST/HST registration and filing information, input tax credit (ITC) records, and HST election documentation
Payroll records, T4 summaries, Records of Employment (ROEs), and WCB/WHS Alberta premium filings
Foreign property holdings with total cost exceeding $100,000 CAD and related T1135 reporting information
Foreign affiliate interests and T1134 reporting information where applicable
Trust arrangements, bare trust interests, and T3 filing obligations where applicable
Prior year tax returns, notices of assessment and reassessment, audit correspondence, and objection or appeal records
CRA My Account and My Business Account access information and correspondence
Banking and financial institution correspondence relevant to the engagement Government-issued photo identification for client verification purposes
4. Purposes for Collection, Use, and Disclosure
We collect, use, and disclose personal information only for the purposes identified at or before the time of collection, and only with appropriate consent, except as otherwise permitted or required by law:
Communicating with you regarding your engagement, including responding to CRA correspondence on your behalf
Complying with our professional obligations under CPA Alberta standards and the Income Tax Act (Canada)
Maintaining professional records as required by our governing body
Marketing of other professional services offered by the Firm, including notifications of new service offerings, tax tips, and relevant regulatory updates
5. Consent
5.1 General Consent
By engaging our services and signing the Engagement Letter, Privacy Consent Form, or both, you provide informed consent to the collection, use, and disclosure of your personal information for the primary purposes described in Sections 3 and 4. Consent captured in the Engagement Letter incorporates the terms of this Privacy Policy by reference.
We will not use or disclose your personal information for any other purpose without obtaining additional consent, except as required or permitted by law.
5.2 Consent on Behalf of Others
If you provide us with personal information about another individual (for example, a spouse, dependent, or business partner), you represent and warrant that you have obtained that individual’s consent for the collection, use, and disclosure of their information for the purposes described in this Policy.
5.4 Withdrawal of Consent
You may withdraw your consent to any or all uses of your personal information at any time by providing written notice to the Firm’s Privacy Officer. Please note that withdrawal of consent may limit or prevent the Firm’s ability to provide some or all of the professional services for which you have engaged us. Withdrawal of consent will not affect the lawfulness of any collection, use, or disclosure made prior to the withdrawal.
6. Disclosure to Third Parties
6.1 Mandatory Disclosures (No Consent Required)
The following disclosures are required by law or professional obligation and do not require your separate consent:
Canada Revenue Agency (CRA): Filing of tax returns, elections, and forms on your behalf, and responding to CRA correspondence, audits, or reviews as directed by you.
Provincial Tax Authorities: Applicable provincial returns and filings.
CPA Alberta — Practice Reviews: In accordance with our professional obligations under the CPA Alberta bylaws, client files are subject to periodic practice review by CPA Alberta as our self-regulating body. Practice reviewers are bound by strict confidentiality requirements. This disclosure is a mandatory professional obligation, not discretionary.
6.2 Discretionary Disclosures (Your Direction Required)
The following disclosures will only be made when expressly directed by you:
Your bank manager, mortgage lender, or financial institution.
Your legal counsel or notary
Your insurance agent or financial advisor
Any other third party you authorize in writing
6.31 Technology and AI Tools
In the course of providing our professional services, the Firm uses cloud-based software and artificial intelligence (AI) tools to support tax preparation, document management, research, and client communication. These tools process personal information only as necessary to perform our professional services and are selected and managed in accordance with this Privacy Policy, the Personal Information Protection Act (Alberta), and PIPEDA.
These tools and platforms may have incidental access to your personal information solely for the purpose of delivering the services for which you have engaged the Firm. AI tools are used under commercial and enterprise agreements that contractually prohibit the use of client data for AI model training. Client data processed through these tools is encrypted in transit and at rest, retained only for the minimum period necessary for service delivery, and automatically deleted in accordance with the applicable provider’s data retention schedule.
The Firm does not permit the permanent storage of personal information within AI tools beyond what is necessary for the immediate task. The Firm retains control as the data controller at all times. All third-party service providers and AI tool providers operate as data processors bound by contractual terms that restrict processing to the sole purpose of delivering the requested service. No client data is sold to, shared with, or made accessible by any third party for purposes unrelated to the Firm’s engagement.
AI-generated outputs are reviewed by our professional staff before being relied upon or communicated to clients. The Firm regularly reviews its use of technology to ensure continued compliance with the Personal Information Protection Act (Alberta), PIPEDA, and applicable professional standards.
6.32 Third-Party Service Processors
In the course of providing services, we use certain third-party technology platforms and service providers who may have incidental access to client information. These include:
Artificial intelligence tools used to support tax preparation, research, document organization, and communication (e.g., Anthropic Claude, Microsoft Copilot)
Tax preparation software (e.g., ProFile, QuickBooks or equivalent)
Cloud storage and document management platforms (e.g., Microsoft OneDrive, Dropbox)
Email and communication platforms (e.g., Microsoft Outlook, Teams)
Remote access and support tools (e.g., TeamViewer)
Document sharing and secure file exchange platforms used for client portal access and file delivery
Electronic signature and document execution platforms (e.g., DocuSign, Dropbox Sign, or equivalent)
Payment processing platforms used for fee collection where applicable
These platforms collect and retain signing metadata including IP address, timestamp, device information, and signing certificate data as part of the audit trail required to authenticate executed documents. This metadata is retained by the platform provider in accordance with their own privacy policies and applicable law.
All third-party processors are required to maintain the confidentiality and security of client information and to use it only for the purposes for which it was shared. You are encouraged to review the privacy policies of these third-party platforms directly, as their data handling practices, server locations, and retention periods are governed by their own terms and are outside the direct control of the Firm. In particular, some platforms may store data on servers located outside Canada, including in the United States, which may be subject to different privacy laws and government access requirements.
Your consent to the use of these processors is captured in the Privacy Consent Form.
We do not sell, rent, or trade your personal information to any third party for commercial purposes.
7. Retention and Destruction
The Firm maintains a two-tier records management approach consisting of active records and archived records. We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law and professional standards.
7.1 Active Records – Retention guidelines:
Tax records and working papers: Retained for a minimum of six (6) years following the taxation year to which they relate, consistent with CRA requirements under the Income Tax Act. Records may be retained longer where an objection, appeal, or CRA audit is pending.
Corporate and business records: Retained for a minimum of seven (7) years.
General correspondence: Retained for a minimum of six (6) years.
Third Party and Artificial Intelligence (AI): Data processed through Third Party and AI tools is subject to the provider’s retention schedule and is automatically deleted thereafter.
Active records may be retained beyond these minimum periods where a CRA audit, objection, appeal, or legal proceeding is pending or reasonably anticipated, or where our professional obligations under CPA Alberta standards require longer retention.
7.2 Archive Records
Upon expiry of the active retention period, records are not necessarily destroyed. The Firm may transfer records to a secure digital archive where they may be retained indefinitely for the following purposes:
Protection of the Firm’s legal and professional liability interests
Historical reference in connection with future engagements or amended filings
Response to CRA requests, audits, or assessments where no limitation period applies
Compliance with CPA Alberta professional standards and practice review requirements
Defence of complaints, disputes, or legal proceedings that may arise after the active retention period
Archived records are maintained with the same physical and electronic safeguards as active records. Access to archived records is restricted to the Principal and designated staff on a need-to-know basis. Archived records are not used for any new purpose beyond those identified above and in Section 4 of this Policy.
Upon expiry of the applicable retention period, personal information that is no longer required will generally be securely destroyed or anonymized using appropriate methods, including secure shredding of paper records and secure deletion or overwriting of electronic records.
8. Safeguards
We maintain physical, organizational, and technological safeguards appropriate to the sensitivity of the personal information we hold, including:
8.1 Physical Safeguards
Locked filing cabinets for paper records
Restricted access to office premises
Clean-desk policy for documents containing personal information
8.2 Electronic Safeguards
Password-protected computer systems and encrypted storage
Secure cloud storage platforms with access controls
Firewall, anti-virus, and malware protection
Secure file transfer protocols for electronic document exchange
Regular data backups with offsite or cloud redundancy
8.3 Personnel Safeguards
All employees, associated advisors, and contractors with access to client records are required to maintain strict confidentiality as a condition of their engagement
Staff are informed of their privacy obligations and trained on proper handling of personal information
Access to personal information is limited to those who require it for the performance of their duties
While we maintain reasonable safeguards consistent with industry practice, we cannot guarantee absolute security of information transmitted electronically. Clients who are concerned about electronic transmission may request paper-based communication.
9. Electronic Communication and Data Storage
With your consent (captured in the engagement letter and Privacy Consent Form), we may communicate with you and exchange documents electronically using email, cloud platforms, and other digital tools. You acknowledge the inherent risks associated with electronic communication, including the risk of interception, unauthorized access, data corruption, and malicious software.
This consent extends to the Firm’s use of AI-assisted tools in the preparation and delivery of communications, including document generation and correspondence drafting, subject to professional review before delivery.
You may withdraw your consent to electronic communication at any time by notifying us in writing, following which we will revert to paper-based communication. Please note this may affect processing timelines.
10. Your Rights — Access and Correction
10.1 Right of Access
You have the right to request access to the personal information we hold about you, subject to limited exceptions under PIPA (s.24) and PIPEDA (Principle 9). Access requests must be submitted in writing to the Privacy Officer. We will respond within 45 days of receipt of a complete request, or notify you if an extension is required.
10.2 Right of Correction
If you believe that personal information we hold about you is inaccurate or incomplete, you may request that it be corrected. We will correct information that is demonstrated to be inaccurate and, where appropriate, transmit the corrected information to third parties to whom the information was previously disclosed.
10.3 How to Submit a Request
Privacy Officer, Suresh Madaan CPA Professional Corporation, Unit 226, 4851 Westwinds Dr NE, Calgary, Alberta T3J 4L4 Tel: 403-456-2242 Email: corpm@sm-cpa.ca
11. Privacy Breach Notification
In the event of a privacy breach (unauthorized access to, use, disclosure, or loss of personal information), the Firm will:
Take immediate steps to contain and remediate the breach
Assess whether the breach creates a real risk of significant harm to affected individuals
Notify affected individuals as soon as reasonably practicable where the breach poses a real risk of significant harm, in accordance with PIPEDA’s mandatory breach notification requirements (in force since November 2018)
Report the breach to the Office of the Privacy Commissioner of Canada (OPC) where required by PIPEDA
Notify the Office of the Information and Privacy Commissioner of Alberta (OIPC) where required under PIPA
Maintain a record of all breaches for a minimum of 24 months
If you believe your personal information held by the Firm has been compromised, please contact the Privacy Officer immediately.
12. Questions and Complaints
If you have a question, concern, or complaint about this Privacy Policy or the Firm’s handling of your personal information, please contact the Privacy Officer in the first instance. We will investigate all complaints and respond within a reasonable time.
If you are not satisfied with our response, you may contact the applicable privacy oversight authority:
- Office of the Information and Privacy Commissioner of Alberta (OIPC): www.oipc.ab.ca | Tel: 780-422-6860 | Toll Free: 1-888-878-4044
- Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca | Tel: 1-800-282-1376
12A. Related Documents
This Privacy Policy should be read in conjunction with the Firm’s Engagement Letter, Terms and Conditions (www.smcpa.ca/terms-conditions), and Anti-Spam Policy (www.smcpa.ca/anti-spam), which together form the terms governing our professional relationship with you.
13. Updates to This Policy
This Privacy Policy may be updated from time to time to reflect changes in legislation, regulatory guidance, or the Firm’s practices. The current version of this Policy will be available at the Firm’s office upon request and on our website (if applicable). Material changes will be communicated to active clients.
This Policy was last reviewed and updated: March 2026.
— End of Privacy Policy —