Privacy Policy

At Danyliw & Mann, we provide business management, bookkeeping, payroll, tax, and related advisory services. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit our website, contact us, or use our services. We comply with the Personal Information Protection and Electronic Documents Act and other applicable Canadian privacy laws governing the collection, use, disclosure, retention, and protection of personal information. We aim to explain the points that matter most: what we collect, why we collect it, who we share it with, how long we keep it, and what happens when information is stored or processed outside Canada. PIPEDA requires privacy information to be understandable and readily available, and meaningful consent requires us to explain the key elements clearly.

What we collect
Depending on the service, we may collect personal and business contact details, financial information, banking and payment details, tax and payroll records, government-issued identifiers, identity-verification documents, transaction and disbursement records, communications with you, engagement records, and limited website or device information such as IP address, browser information, login details, form submissions, and cookie or analytics data where those tools are used. Some of the personal information we collect may be sensitive. We protect this information using safeguards appropriate to its sensitivity and the risks associated with its collection, use, disclosure, storage, and retention. We only collect information that is reasonably necessary for the purposes described below.

Why we collect and use information
We use personal information to provide and manage our services, verify identity, communicate with you, prepare filings and reports, process payments and disbursements, maintain our books and records, protect against fraud and misuse, improve our operations, respond to legal and regulatory obligations, and handle access requests, complaints, and security incidents. If we want to use personal information for a new purpose that is not already described or reasonably expected, we will explain that new purpose and obtain any consent required by law before using the information for that purpose.

Consent and legal handling
We generally collect, use, and disclose personal information with your knowledge and consent. The form of consent may vary depending on the sensitivity of the information and the context. For sensitive information, we may rely on express consent. In some situations, we may collect, use, or disclose information without additional consent where permitted or required by law, including to comply with legal, tax, court, regulatory, fraud-prevention, or anti-money-laundering obligations. You may withdraw consent, subject to legal or contractual restrictions and reasonable notice, but if the information is required to provide a service or comply with law, we may not be able to continue some or all services.

FINTRAC and other legal reporting
If we act in a way that makes us subject to Canada’s anti-money-laundering and anti-terrorist financing rules, we may need to verify identity, collect transaction and source-of-funds details, keep records, and submit mandatory reports to the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC") or other authorized authorities. This can apply, for example, where we receive or pay funds on behalf of a client or carry out other activities covered by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ("PCMLTFA"). We handle this information to comply with law and to protect the integrity of the financial system while applying privacy safeguards.

Who we share information with
We may share personal information with service providers and processors that help us deliver, host, secure, support, or administer our services; with financial institutions, payment or disbursement partners, and professional advisers; and with government agencies, regulators, tax authorities, law enforcement, or courts where disclosure is required or permitted by law. When service providers process information for us, we require them to protect it and use it only for authorized purposes.

Storage in Canada and outside Canada
We primarily use servers and systems located in Canada, but some of our trusted cloud, software, backup, communications, or support providers may process or store information outside Canada, including in the United States. Under Canadian privacy law, these cross-border processing arrangements are allowed, but we remain responsible for the personal information under our control. Information processed outside Canada is subject to the laws of the foreign jurisdiction and may be accessible to courts, regulators, law enforcement, or national security authorities in accordance with those laws.

How we protect information
We use safeguards appropriate to the sensitivity of the information. Depending on the circumstances, these may include role-based access controls, staff confidentiality obligations, privacy and security training, secure file handling practices, authentication controls, encryption in transit and at rest where supported, monitoring and logging, locked storage, restricted office access, vendor due diligence, and secure destruction procedures. No method of transmission or storage is completely risk-free, but we work to protect information with physical, organizational, and technological safeguards appropriate to the sensitivity involved.

Privacy Incidents
If we become aware of a privacy or security incident involving personal information, we will take reasonable steps to assess, document, contain, and investigate the incident. Where required by law, we will notify affected individuals, privacy regulators, and/or other relevant organizations.

How long we keep information
We keep personal information only as long as necessary for the purposes described above and for related legal, tax, accounting, regulatory, and dispute-management requirements. As a general guide, tax records are often kept for at least six years from the end of the last tax year they relate to. Where FINTRAC rules apply, certain reports and transaction records must generally be kept for at least five years. Records of privacy breaches must be kept for at least two years under PIPEDA. When information is no longer required, we securely delete, erase, or anonymize it.

Access and correction
You may ask whether we hold personal information about you and request access to it, subject to limited legal exceptions. You may also ask us to correct information that is inaccurate or incomplete. To help protect privacy, we may ask you to verify your identity before responding. Please send your request in writing using the contact details below. We aim to respond within 30 calendar days unless the law allows an extension.

Complaints and privacy questions
If you have a privacy question, concern, or complaint, please contact our Privacy Officer first. If you are not satisfied with our response and PIPEDA applies, you may also contact the Office of the Privacy Commissioner of Canada. PIPEDA requires us to make our complaint process simple and accessible.

U.S. clients
If you are located in the United States, you may have additional privacy rights under applicable state law. Those rights vary by state and may depend on legal thresholds, exemptions, and whether the information is handled in a consumer or commercial context. Contact us and we will review your request under the laws that apply to your information and our business.

Minors
Our services and website are intended for adults and business representatives. If you provide us with information about a spouse, dependent, employee, or another individual in connection with a return, filing, payroll matter, or other service, you confirm that you are authorized to do so.

Contact us
Privacy Officer
Danyliw & Mann
Email:
Phone: 905-638-7532
Mail: 3190 Harvester Road, Suite 202 Burlington, Ontario L7N 3T1