top of page
Privacy Policy

PRIVACY POLICY

Our Client Privacy Policy is designed to help ensure a proactive application of data privacy expectations.

Privacy Policy

The nature of today’s business operations requires the collection and use of personal information. Expectations surrounding the safeguarding of data and the effectiveness of controls over the collection, use, and disposal of such information are at increasingly high levels. The consideration and application of relevant controls, risks, policies, and procedures surrounding data and information security are key components of the accountability and integrity of an organization’s operations.

 

​

Purpose

 

LEACIF LLC (the “Firm”) is committed to maintaining robust privacy protections for its users. Our Client Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.  

 

For purposes of this Privacy Policy, “Service” or "Services" refers to the Firm’s services for which you have engaged us, or for which you are otherwise interacting with us or providing data and information for. The terms “we,” “us,” and “our” refer to the Firm. The terms “Client”, “you”, and “yours” refer to you as a user of our Service. By accessing our website, email, or our Service, including all related applications, you consent to our collection, storage, use, and disclosure of your personal data and information as described in this Privacy Policy.

 

​

Agreement, Notice, and Communication

 

The Firm executes a formal agreement communicated via this Privacy Policy, and communicates notices of updates or changes to the Privacy Policy to users of our Service, as described below. 

 

We encourage and expect all stakeholders to this Policy to recognize their responsibility in implementing and maintaining data privacy and security controls and best practices.

 

​

Use of formal contracts

 

As a condition of performing or providing Service and consent for information transfer, the Firm requires the formal execution of a letter of engagement, the Firm’s Client Policies, Terms and Conditions Addendum, and Client Privacy Policy. Client engagement letters and related agreements are updated annually, and may include a separate letter of engagement for each type of Service to be performed. Each engagement agreement lists the Services to be provided in a Services Addendum, for which the data and information will be necessary and utilized. 

 

As a condition of employment with the Firm, all staff members are required to formally execute agreements with the Firm, including an employment agreement containing non-disclosure and non-solicitation agreements, and conformance with the Firm’s Data and Information Security and Privacy Plan and its related policies.

 

Updates and notice and consent thereof

 

Updates may be made to this Privacy Policy, engagement letters, terms and conditions, and other policies annually, or as otherwise deemed necessary by Firm management.

 

New updates or changes to the Privacy Policy or related policies will be communicated as they become applicable and appropriate to do so. Updates and changes affecting the use of private information and data will require consent from the Client prior to implementation, unless otherwise required by law.  

 

​

Revocation of consent to use or retain data and information

 

To request a revocation of your consent to the Firm’s collection, usage, or retainage of your data and information, you may contact our Firm’s administrator at policies@leacif.com. Removal, destruction, or erasure of data or information will occur in accordance with the Firm’s data and record retention policies, or as required by law. Notification of a removal, destruction, or erasure of requested data and information will be provided via written notice as deemed appropriate, including electronic letter, email, or certified mail. Requests not in accordance with the Firm’s data and record retention policies, or as required by law, will not be granted. The nature of the public accounting profession requires applicable record retention criteria to remain intact, and for which you give consent to understanding and agreeing to as a condition of providing information to the Firm.

 

​

Collection and Creation

 

The Firm communicates the intention to collect data and information and create records thereof within our system at various points during the data collection process. The major points of data collection occur during the initial contact or inquiry from a potential Client, upon engaging and onboarding a new Client, and during the performance of Services for a Client.  

 

​

Consent

 

In the event that an individual or entity contacts or inquires of the Firm, the individual may either explicitly give consent to information collection based on the information they provide via the contact form on our website, or explicitly or implicitly give consent with information provided via phone call, email, completion of the Firm’s onboarding organizers, or another method of communication. Data collected from the individual or entity may be used for evaluation and scoping purposes related to the Firm potentially proposing to perform Services for the Client. For other uses of data provided, Client must provide explicit consent to the other use(s), such as providing consent to being included on a Firm newsletter email list. General updates and Firm announcements that are informative or impacting the nature of Services may be sent to Clients and potential Clients of the Firm, such as Firm Holiday and office closure dates.

 

As a new or current Client, you explicitly provide consent to the collection and creation of records related to your business and personal data and information, including sensitive personally identifiable data and information, when executing this Privacy Policy, an executed engagement letter agreement, and related policies, terms, conditions, and services addendums and agreements attached to the engagement letter and previously described. You will implicitly provide consent to data and information collection and records creation by providing the Firm with ongoing access to data and information necessary to perform the Service agreed upon. For other uses of data provided by the Client that would be considered outside of the scope of the Service agreed upon, the Client must provide explicit consent to the other use(s), such as providing consent to provide specific information to a third-party on your behalf..

 

​

Data collection and record creation

 

Data and information may be collected via multiple methods, including electronic methods such as a shared portal, shared folder or document, software platform upload, or email; verbal methods such as video conference, in person meeting, or phone call; or other communication methods including facsimile. 

 

Data records are created within the Firm’s systems in varying manners, depending on the applicability of the data and information. The Firm also utilizes third-party service providers to support its overall systems, objectives, and mission, including service providers utilized both by the Firm and Clients simultaneously, as well as by the Firm itself for its internal business management purposes.  

 

​

Email data collection

 

The Firm utilizes a third-party service provider to collect, retain, and duplicate email information. The Firm’s use for email data collection other than record creation and in the performance of Services is reliant upon its internal monitoring, record retention, and data backup needs. We do not use collected and duplicated email data for other purposes.

 

​

Portal data collection

 

The Firm utilizes a third-party ‘portal system’ service provider to collect and retain information. This portal system will be used throughout the course of your relationship with the Firm. Information and data will be collected, transmitted, accessed, and stored in the portal system. The Firm uses this portal system to communicate and execute engagement agreements with Clients, collect and request information, share sensitive business and personal information, and other uses in the course of interacting with the Firm. By continuing a Service relationship or potential Service relationship with the Firm, you consent to the use of this portal system and its full functionality. Please contact policies@leacif.com for additional information about the portal system and information relating to the service provider’s data and information security and privacy.

 

​

Meeting and call data collection

 

During the course of the Service or potential Service relationship with the Firm, we will engage in several ongoing meetings and calls. Meetings will most often be held via virtual meeting platforms, and in person from time to time. Virtual meetings may be hosted by the Firm, Client, or other third-parties, and may utilize various hosting platforms and virtual meeting service providers. Sensitive business and personal information may be discussed and documented during these meetings. Documentation and other data and information collected during these meetings may be stored and later accessed by the Firm, as it relates to our Service relationship, and for other necessary and reasonable purposes, including the Firm’s record retention and quality management purposes. By continuing a Service relationship or potential Service relationship with the Firm, you consent to meeting and call data collection, use, and storage.

 

​

Collection and processing of information and data by Artificial Intelligence (“AI”) 

 

The Firm uses a communication application to host virtual meetings and to support its phone and other communications support infrastructure needs. This application includes an Artificial Intelligence (AI) component that acts as a ‘note taker’ during online virtual meetings that are hosted using this application. The AI note taker will collect and document information collected during these meetings. This information will then be transmitted, accessed, and stored using the Firm’s other systems. Information collected will be used during the course of providing Services or potential Services to you, and for the Firm’s record retention and quality management purposes. By continuing a Service relationship or potential Service relationship with the Firm, you consent to the data collection and use described here, and use of this Artificial Intelligence functionality. Please contact policies@leacif.com or your engagement partner if you have concerns regarding the use of this functionality.

 

​

Use of third-party services 

​

As a condition of the Firm providing Services to you, you agree to the use of third-party services. You agree that we have no responsibility for the activities of a third-party software or system, and you agree to indemnify and hold us harmless with respect to any and all claims arising from or related to the operation of any third-party system, software, or application.

 

​

Data collection process

 

The Firm establishes data collection procedures with Clients during the onboarding process for new Services in order to support the overall objectives of the Service relationship. Procedures may include an established process for transferring data and information to the Firm, including the method of transfer; the time period or expected due date of information and data transfer; the format of data and information transferred, such as PDF or Excel; and the process for notifying the Firm in the event data and information may not be available as otherwise previously established.

 

The Firm views the data collection procedures established as integral to the data control within its Service model and encourages all Clients to conform to the data collection procedures once established. Conformance to the process assists to enable the integrity and security of the data and information, as deviances can result in more timely identification of information that may have become missing or compromised during the collection process, as well as to curtail opportunities for inappropriate access during the data collection process. 

 

​

Opting out

 

To opt out of data collection and retention, please contact the Firm’s administrator at policies@leacif.com. In general, requesting to opt out of data and information collection, record creation, or use of the related data and information may result in a termination of Service between the Firm and the Client, in accordance with the Client Policies, Terms, and Conditions Addendum.

 

​

Use, Retention, and Disposal

 

The use of personal data and information is inherent to the nature of the Service the Firm provides. Such data and information that may be used can relate to personal and business financial information, employee information, corporate information, and other data and information relevant to the nature of the Service performed by the Firm. In general, the Firm is unable to perform most services without the use of personal data and information, and generally it would not be anticipated that it would otherwise do so.

 

​

Purpose of data and information use

 

The Firm uses confidential business and personal information and data in the capacity of performing a Service for you, the Client. The intended use of data and information is identified in relation to the Services the Firm will provide within the scope of your engagement agreement.

 

​

Data used for the Firm’s general business or internal improvement purposes

 

The Firm may use your business and personal information and data provided to it in the general course of business or in the course of evaluating the Firm’s processes, potential improvements or changes to the Firm’s processes, or to comply with regulatory and other legal requirements, including participation in a regulated peer review program. You agree data and information may be used individually or in aggregate for these purposes as deemed necessary and appropriate by the Firm’s management.  

​

 

Data used for the Firm’s marketing purposes

 

From time to time, the Firm may use data and information for other communication purposes, such as sending Firm newsletters or mailers. In general, newsletters or mailers may be sent to contacts of the Firm containing relevant information, topics, or updates. Explicit consent of acceptance or ‘opting in’ to these newsletters and mailers is required.

 

Other, general marketing communication may be utilized by the Firm as a form of ‘cold marketing’ to seek new opportunities. Information and data used for these purposes is explicitly provided to the firm or obtained from public sources only.  

 

The Firm does not use personal data and information for other purposes unless required by law or regulation. The Firm's use of personal data and information may be limited in accordance with other explicit privacy and confidentiality agreements in place.

​

 

Data retention and loss prevention

 

The Firm retains personal data and information in accordance with its data and record retention policies, and applicable laws and regulations inherent to operating a public accounting firm.  

​

Data and information are protected from erasure or destruction during the retention period via controls established within the Firm’s document management system, and other business systems. The Firm has implemented controls to prevent, monitor, and detect potential harm to its data retention systems, as well as corrective procedures in the event safeguards should fail.

​

 

Corrections or updates to data and information

 

To request a correction or other necessary update to personal data and information the Firm maintains, please contact the Firm’s policy administrator at policies@leacif.com. The Firm may utilize a data and information change form to facilitate information change requests, when practical. When required either by law or as deemed appropriate by Firm management, the Firm may notify third-parties of changes or corrections made to personal data and information.

 

 

Data disposal

 

The Firm manages requests for the deletion of personal data and information in accordance with its Data and Information Security and Privacy Plan and its related policies. Data and information is disposed of in an appropriate and secure manner, including the use of erasure, redaction, and destruction techniques when appropriate.

​

 

Access

 

During the course of providing Services to you, we may grant view or editable access to shared data and information in a software application, electronic folder, shared portal, or other similar platform.  

 

Access to data and information is granted to individuals during onboarding procedures, and periodically as appropriate. The Firm may use a data and information access form to assist with documenting user access rights and approval thereof when appropriate. In general, the Firm restricts access to data and information to the least amount of access necessary and practical.

​

 

User identity authentication

 

The Firm uses reasonable methods to authenticate user identity prior to granting access to data and information. In some cases, authentication methods may be required by law. You agree to comply with authentication methods and requests as appropriate.

 

​

Multiple-factor authentication

 

The Firm requires the use of multiple-factor authentication when accessing its systems and online platforms used in conjunction with providing Service to you. You agree to implement multiple-factor authentication controls for your own use of and access to these systems, as well as enforce similar use by users under your control or influence. 

​

 

Denial of access to data and information

 

In certain cases as required by the Firm’s policies, legal requirements, or other cases as determined appropriate by the Firm’s management, access or changes to data and information may be denied. If a data and information access or change request is denied, we will notify you in writing in a timely and reasonable manner of the denial and reasons for the denial, including any legal reasons, unless prohibited from doing so by law or Client confidentiality policy.  

 

​

Removal of access to data and information

 

To request the removal of user access to data and information, please contact your engagement partner, engagement administrator, or policies@leacif.com.

 

​

Disclosure to Third-Parties

 

Data and information is disclosed to third-parties both in the normal course of the Firm providing Service to you as well as in instances of specific requests or events that may occur between you and the Firm. In general, information is only disclosed to third-parties for the purpose for which it was collected or created, and within the scope of the Engagement Letter and Services Addendum, or as otherwise previously described or explicitly agreed to.

 

​

Use of third-parties

 

The Firm has developed methods and assessments for evaluating the use of third-party service providers in the normal course of the Firm’s business of providing client services, and in accordance with its Data and Information Security and Privacy Plan and its related policies.

 

​

Disclosure to third-parties not within normal scope

 

In the event of a request for disclosure to a specific third-party, or disclosure of data and information not within the normal scope and purpose of the Service provided by the Firm, the Firm utilizes a Consent to Disclose Information Form to document and retain the authorization and approval of the disclosure. Personal information and data is only disclosed to third-parties of this nature whom you have explicitly requested and agreed to disclose the information to. The Firm is not obligated to, and may choose not to disclose information to a third-party at its discretion, regardless of your request.

​

The Firm applies a reasonableness standard in granting the disclosure request, and may perform a risk assessment, general research, interview, or other action(s) as determined to be appropriate based on the nature of the third-party the information is requested to be disclosed to, prior to disclosing the information. The Firm may limit, delay, or deny the disclosure of any request if it determines it is appropriate or necessary to do so.

 

​

Disclosure by third-parties

 

The Firm does not take steps to evaluate or gain assurance as to the effectiveness of the internal controls of a third-party for which information is disclosed to, however reasonable procedures are in place for disclosing information or onboarding a new vendor relationship. As stated in this Privacy Policy and the Client Policies, Terms, and Conditions Addendum, you agree to the use of third-party systems and are responsible for all data transmitted to or held by a third-party.

 

In accordance with standards and regulations established for tax practitioners and accounting professionals, practitioners are required to have minimum data protection policies in place. The Firm may request a copy or other evidence of these policies from tax practitioners and other accounting professionals prior to disclosing data to the third-party.

​

 

Notice of breach or incident

 

In the event we become aware of a data breach or incident of misuse of personal information and data, whether internally within the Firm or externally by a third-party, the Firm provides notice of the breach or incident in accordance with its Data Privacy and Security Breach Management Plan. In general, the Firm notifies data subjects of the breach and the remedial actions taken (or intended to be taken). The Firm may also take steps to notify law enforcement or regulatory authorities of the data breach or incident of misuse, as appropriate or as required by law.

 

If you become aware of a breach incident affecting data and information you provide to our Firm, you will notify us immediately of the breach at policies@leacif.com or via the Incident Report Form available by adding it to your Client portal. To learn how to create an organizer in your portal, review the Wiki linked here:  https://leacif.taxdome.com/pages/f3f7c112cfd05deec13657f1 

 

​

Data Integrity and Quality

 

Data integrity, quality, reliability, relevancy, completeness, and accuracy are paramount to the success of yours, and the Firm’s operational processes and delivery of Service. The Firm collects and maintains data in a manner consistent with the Firm’s objectives.

 

​

Use of procedures and templates supporting data integrity and quality

 

We have established and may use various documented procedures, organizers, and templates as appropriate to assist with communicating and supporting data and information accuracy, completeness, relevancy, and reliability. These may include but are not limited to:

 

  • Procedures for sending or uploading documents to the Firm.

  • Templates for inputting data.

  • Checklists, forms, and organizers for data requests.

 

We monitor and openly communicate regarding the adherence to data integrity and quality measures on a continuous basis during our Service engagement with you.

 

​

Monitoring and Enforcement

​

The Firm has established processes for monitoring, enforcing, and testing its controls over data security and privacy in order to ensure controls and procedures operate effectively and remain relevant. The Firm strives to address deficiencies to meeting its objectives related to data security and privacy in a proactive manner.  

 

​

Inquiries, disputes, and complaints

 

The Firm documents all inquiries, complaints, and disputes related to data and information security and privacy. If complaints or disputes are not able to be resolved in a reasonable and timely manner internally within the Firm, the Firm may seek the advice or consultation of a third-party technology service provider(s) that relates to the incident. Depending on the nature of the complaint or dispute, the Firm may seek the advice of legal counsel, or other professional counsel or opinion.

 

To report a dispute or complaint over data security and privacy handling or other related instances, or if you have any related inquiries, please contact policies@leacif.com or initiate the communication using the Incident Report Form within your Client portal. 

 

 

Copyright by LEACIF LLC. Do not replicate without permission.

Last Updated: July 2024

Innovate your expectations.

bottom of page