RSM Canada Privacy Policy

Effective Date July 2015 (last updated April 10, 2023)

  1. Introduction
  2. Personal Information Collected
  3. Cookies, Google Analytics and Other Tracking Technologies
  4. Interest Based Advertising
  5. How We Use Personal Information
  6. How We Disclose Personal Information
  7. Other Online Services
  8. Your Choices
  9. Data Retention
  10. Electronic Communication
  11. Data Security
  12. Data Transfer
  13. Updates to Privacy Policy
  14. Contacting Us

1.     INTRODUCTION

This Privacy Policy provides notice of our information collection, use, and disclosure practices by RSM Canada LLP, RSM Canada Consulting LP, RSM Canada Limited and our affiliates (together, “RSM,” “us,” “our,” or “we”). This Privacy Policy applies to our processing of your Personal Information (defined below) including through www.rsmcanada.com (the “Website”), through offline means such as at RSM events, or through the provision of our services requested by you or by our clients, such as professional, tax, or audit services (the “Services”). This Privacy Policy does not apply to other online services that we make available but do not link to this Privacy Policy. We may provide you additional privacy notices at the point of collection of your Personal Information on the Website including particular subdomains of rsmus.com, such as the Website’s careers portal.

For information on Personal Information processed by tracking technologies (e.g., cookies) on the Website, see our Cookie Policy.

2.     PERSONAL INFORMATION COLLECTED

Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with you. Personal Information does not include information that is anonymized. For clarity, information has been anonymized when it is reasonable to expect in the circumstances that the information cannot be reverse engineered to identify the person directly or indirectly.

We may obtain your Personal Information from the following sources:

  • Directly from you. Such as when you register or maintain a Website account with us, sign up to receive e-newsletters, register for events, or fill out online forms.
  • Our clients. Clients of our Services may provide us Personal Information about you. For example, our clients may provide Personal Information related to their employees, customers, or suppliers. Personal Information may be in the form of, or included in, documentation provided to us to perform our Services. 
  • Our vendors. Our vendors may provide us Personal Information related to you in the process of providing us their services. For example, vendors may disclose to us your dietary preferences to accommodate in-person events.
  • Tracking technologies. Such as when you visit the Website, which may have first party and third-party technology integrations (e.g., cookies) that help facilitate and personalize your visit to the Website or to other online services. For more information see our Cookie Policy.
  • External sources. Such as data resellers, government publicly available records, from your employer, and from referrals or business professionals in your network. This does not include our vendors.

Personal Information we collect about you may differ based on how you interact with us, but may include:

  • Identifiers. This includes names, contact information, addresses, Internet Protocol address, or other similar identifiers.
  • Personal Records. This includes your signature, telephone number, education, and employment.
  • Commercial information. This includes records of personal property, services purchased, obtained, or considered purchasing.
  • Characteristics of protected classifications. This includes age, gender, nationality or citizenship, and race or ethnic origin.
  • Internet or Other Electronic Network Activity. This includes Internet Protocol address, device identifiers, mobile network, operating system details, language preferences, referring URLs, length of visits, traffic data, pages viewed, and information regarding interactions with the Website.
  • Geolocation Data. This includes global latitude and longitude of your location.
  • Audio, electronic, visual, or similar information. This includes audio recordings of customer services calls or video recordings of online webinars.
  • Professional or Employment-Related Information. This includes your job title, employer, and other professional background information.
  • Account and Profile Information.  If you register an account, you may provide Personal Information such as your name, age, date of birth, gender, address, email address, telephone number, and username/password.
  • Payment Information.  You may provide certain payment information, such as credit card, debit card, account number or other payment method information, as well as billing address information.
  • Information Necessary to Perform Our Services.  This includes any information we obtain from the sources listed above in relation to providing our Services such as payment-related information, information on financial conditions, such as bank account information, salary details and other benefits, insurance data and the license plate number of a company car, information on insurances and occupational pensions, tax information and documentation such as tax equalization and tax return files, compensation data, travel information, birth certificates, marriage licenses, degrees, working and living arrangements, immigration data, work permits, payroll information, and health information such as treatment history and absence data such as medical certificate and information on sick leave, leave of absence, or parental leave.
  • Background Check Information. We may run background checks in relation to our Services before, during or after provision of such Services. Information involved may include reputational and financial checks, conflicts, anti-money laundering, government sanction checks, and politically exposed persons checks.
  • Legal Records and Documentation. We may process information related to your legal records for our protection, protection of our clients and others, as well as to perform our Services. Legal records may include court records, information on pending or completed litigation or other legal actions, and active disputes.
  • External Service Information.  We may obtain information about you from external services, such as where you choose to use a Website feature provided by an external party. We may also supplement certain information that we collect from you with outside records. External parties may provide us with information about you in connection with a co-marketing agreement or in connection with a tracking technology.
  • Inferences. We may process inferences drawn from any other Personal Information we process to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes. 

3. COOKIES, GOOGLE ANALYTICS AND OTHER TRACKING TECHNOLOGIES

In addition to any Personal Information or other information that you choose to submit through the Website or offline, we and our vendors may use a variety of tracking technologies, including cookies, that collect certain information whenever you interact with the Website, such as device identifier, your IP address, location, other unique identifier, all of the areas within the Website that you visit, and the length and time of the visit.

We may combine certain automatically-collected information with other information we obtain about you, which may include data we obtain from external parties. You can set your browser to refuse cookies from the Website, but if you do so, you may not be able to access or use portions of the Website, or certain offerings on the Website may not function as intended or as well. 

Our Website may use Google Analytics and other comparable technology. Google uses cookies to analyze how you use our Website. The information collected by the cookies is sent to a Google server in the United States and stored there. Google will use this information to evaluate your use of our Website. Additionally, Google may transfer this information to a third party when required by law or in accordance with their terms. By using our Website, you consent to the collection, use, and disclosure of your Personal Information by Google in the manner described. You can withdraw your consent at any time by following the instructions found on this page: https://tools.google.com/dlpage/gaoptout?hl=en.

For information on Personal Information processed by tracking technologies (e.g., cookies) on the Website, see our Cookie Policy.

4. INTEREST BASED ADVERTISING

We (and our service providers) may use the information we collect, for instance, IP addresses and unique mobile device identifiers, to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones, tablets, or computers), or work with providers that do this, in order to better tailor content and features and provide you with a seamless experience across devices. If you wish to opt out of cross device tracking for purposes of interest-based advertising, you may do so through your device settings.

We may tailor ads to your interest based on your browsing of our Website and elsewhere on the internet, which may include sending you an ad on a third-party service (such as the Facebook app.) after you have left the Website using re-targeting technologies. This type of advertising is often called “interest-based” or “personalized” advertising—and when it occurs on mobile apps, “cross-app” advertising (collectively, “Interest-Based Advertising”).

You can reject or disable Interest-Based Advertising, tailored ads, or re-targeted ads by managing your browser settings or the Facebook app settings.  However, please note that if you disable cookies and/or meta pixels, you may be unable to access some customized features on the Website. 

To disable the use of Interest-Based Advertising, log in to the Facebook site on your browser and go to “Ad Settings” under the “Settings” tab.  If you are using the Facebook app on your mobile device, you can go to “Ad Settings” by clicking on the “Setting & Privacy” tab, then selecting “Settings”, “Ad”, and “Ad Preferences”.

To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. You can learn more about Interest-Based Advertising and how to opt-out of receiving tailored advertising by visiting (i) the Network Advertising Initiative’s Consumer Opt-Out link; or (ii) the Digital Advertising Alliance’s Consumer Opt-Out link

Please note that even if you opt-out, you may still receive advertisements from us.  However, the advertising will not be tailored to your interests. Also, we do not control any of the above opt-out links or whether any particular company chooses to participate in these opt-out programs.

5. HOW WE USE PERSONAL INFORMATION

We may use the Personal Information we collect or receive about you for the following purposes including the purposes set out below.  Unless otherwise noted, the description below covers our activities in the twelve months preceding the Effective Date, as well as our current practices.

Identifiers 

Sources:

  • Directly from you
  • Our clients
  • Our vendors
  • Tracking technologies
  • External sources

Purposes:

  • To provide you with access to the Website features
  • To enable external party features
  • To perform necessary and appropriate internal functions, such as records maintenance and developing or improving the Website
  • To communicate with you
  • To respond to your requests for technical support, online services, or to any other communication you initiate
  • To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations 

Personal Records

Sources:

  • Directly from you
  • Our clients
  • Our vendors
  • External sources

Purposes:

  • To perform necessary and appropriate internal functions, such as records maintenance
  • To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Commercial Information

Sources:

  • Directly from you
  • Our clients
  • Our vendors

Purposes:

  • To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Characteristics of Protected Classifications 

Sources:

  • Directly from you
  • Our clients
  • Our vendors
  • External sources

Purposes:

  • To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Internet or Other Electronic Network Activity

Sources:

  • Tracking technologies

Purposes:

  • To provide you with access to the Website features
  • To enable external party features
  • To perform necessary and appropriate internal functions, such as developing or improving the Website
  • To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations 

Geolocation

Sources:

  • Tracking technologies

Purposes:

  • To provide you with access to the Website features
  • To enable external party features
  • To perform necessary and appropriate internal functions, such as developing or improving the Website
  • To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Audio, electronic, visual, thermal, or similar information

Sources:

  • Directly from you
  • Our clients
  • Our vendors
  • External sources

Purposes:

  • To perform necessary and appropriate internal functions, such as records maintenance
  • To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations
  • To comply with health and safety obligations

Professional or Employment-Related Information

Sources:

  • Directly from you
  • Our clients
  • Our vendors
  • External sources

Purposes:

  • To perform necessary and appropriate internal functions, such as records maintenance
  • To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations 

Inferences drawn from any of the information identified in this section to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes

Sources:

  • Directly from you
  • Our clients
  • Our vendors
  • External sources
  • Tracking technologies

Purposes:

  • To perform necessary and appropriate internal functions, such as records maintenance and developing or improving the Website

6. HOW WE DISCLOSE PERSONAL INFORMATION

Your Personal Information is not disclosed to third parties without your permission, except as described below.

Service Providers. We may disclose your Personal Information to our service providers for certain business purposes as set out below. Personal Information is provided in order for them to provide us services such as payment processing, advertising services, marketing partners, web analytics, data processing, IT services, customer support and other services. These service providers have access to your Personal Information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your Personal Information for any other purpose.

Category of Personal Information and Purposes for Disclosure to Service Providers

Identifiers 

  • Helping to ensure security and integrity
  • Debugging to identify and repair errors in functionality
  • Short-term, transient use
  • Performing services needed to operate our business
  • Internal research for technological development and demonstration
  • Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and Website

Personal Records

  • Performing services needed to operate our business

Commercial Information

  • Performing services needed to operate our business

Characteristics of Protected Classifications 

  • Performing services needed to operate our business

Internet or Other Electronic Network Activity 

  • Helping to ensure security and integrity
  • Debugging to identify and repair errors in functionality
  • Short-term, transient use
  • Performing services needed to operate our business
  • Internal research for technological development and demonstration
  • Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and Website

Geolocation

  • Helping to ensure security and integrity
  • Debugging to identify and repair errors in functionality
  • Short-term, transient use
  • Performing services needed to operate our business
  • Internal research for technological development and demonstration
  • Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and Website

Audio, electronic, visual, thermal, or similar information

  • Helping to ensure security and integrity
  • Performing services needed to operate our business
  • Undertaking activities to verify or maintain the quality or safety of our systems and premises, and to improve, upgrade, or enhance our systems and Website

Professional or Employment-Related Information

  • Performing services needed to operate our business

Inferences drawn from any of the information identified in this section to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes

  • Performing services needed to operate our business

Background Check Information

  • Performing services needed to operate our business

Legal Records and Documentation

  • Performing services needed to operate our business

In addition, we may collect and disclose Account and Profile Information, Payment Information, Information Necessary to Perform Our Services, and External Service Information for the following purposes:

  • Provide Services. To provide our Services, including creating and activating accounts, facilitate and manage purchases, processing payments, process transactions, and servicing accounts.
  • Research and Development. We may develop new features and to create new products or improve existing ones, including using Personal Information for internal purposes related to certain research. This may include when you participate in surveys or research activities.
  • Advertising. We may personalize your experience with us by conducting advertising, such as contextual, targeted, or behavioral advertising. For example, this allows us to recommend products you might like or find useful.
  • Marketing Messages. To communicate with you about products or services you have purchased or used; provide you with promotional messages and personalized advertising; to notify you of other products; to notify you of contests, challenges, sweepstakes, and other promotions; to notify you of services we think may be of interest to you; and, for other marketing purposes.
  • Customer Service. To respond to your requests for technical support, online services, product information or to any other communication you initiate, including requests, inquiries, and complaints.

Co-Branded Services. From time to time, we may enter into an arrangement with another company that is not owned by or affiliated with us to provide additional features on the Website. These arrangements may include business partners, sponsors, and co-branded online services (referred to here as “co-branded services”). Any information, including Personal Information, that you provide on one of these co-branded services may be shared with these partners. By participating in activities or providing your information on these co-branded services, you consent to our providing your information to those partners. Separate privacy policies may apply to these partners’ collection, use, and disclosure of your Personal Information.

Business Transactions. In the event of a business transaction, we may disclose Personal Information to prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.

Legal Compliance and Safety. We may also disclose Personal Information for legal compliance, law enforcement, and public safety purposes. For example, to law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Policy, or agreements with third parties, or for crime-prevention purposes.

We may combine your Personal Information with data we obtain from our services, other users, or third parties. We reserve the right to convert, or permit others to convert, your Personal Information into deidentified, anonymized, or aggregated data, as permitted by law.

With Your Consent. We also may share or disclose your Personal Information with your consent or at your direction.

If we share your Personal Information with service providers, we ensure that the contracts between RSM and the service providers has appropriate controls and protections in place at the service provider level to protect your Personal Information. Our service providers may, from time to time, sub-contract certain administrative services to other service providers that may not reside in Canada and require access to certain Personal Information to perform contracted services. In this case, RSM’s service providers are responsible for ensuring appropriate security measures and controls are in place to protect your Personal Information from unauthorized use, loss, theft, alteration and destruction. Personal Information available to service providers in foreign jurisdictions may be disclosed to local authorities as may be prescribed by law.

7. OTHER ONLINE SERVICES

The Website may contain links to, or features facilitated by, other online services. For example, you may be able to share content from the Website to your social media profile on an external online service. This Privacy Policy does not apply to the practices of companies that we do not own or control. We provide these external links merely for your convenience and we have no control over, do not review, and are not responsible for external online services or their privacy policies or practices.  If you provide any Personal Information to any third party or through any such third-party website, we recommend that you familiarize yourself with the privacy policies and practices of that third party.

8. YOUR CHOICES

You have the right to access, update and correct inaccuracies in your Personal Information in our custody and control, subject to certain exceptions prescribed by law. If you have a registered account, you may be able to change your preferences as well as update your Personal Information through your account settings.

You may exercise your rights to access, update or correct inaccuracies by logging on to your account or contacting us at dataprivacyoffice@rsmus.com. We may ask you to verify your identity if you are contacting us through email, or phone. You may also designate an authorized agent to make a request to know or a request to delete. In order to be able to act, authorized agents have to submit proof that they are authorized to act on your behalf, or have a power of attorney. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf.

For Personal Information that we have collected that is not accessible through your account, you can request, in writing, that we correct an error or omission to your Personal Information or delete your Personal Information.  We will respond to written requests within thirty (30) days, or alternatively, the timeframe prescribed by the relevant legislation.

9. DATA RETENTION

We keep the categories of Personal Information described above for as long as is necessary for the purposes described in this Notice or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. This generally means holding the information for as long as one of the following apply:

  • Your Personal Information is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the information;
  • Your Personal Information is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the Personal Information was collected;
  • Your Personal Information is reasonably required to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
  • We are otherwise required or permitted to keep your Personal Information by applicable laws or regulations.

To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove Personal Information from our systems and records. 

Where your Personal Information is used for more than one purpose, we will retain it until the purpose with the latest period expires.

10. ELECTRONIC COMMUNICATION

When you sign up for an account and create a profile, or otherwise sign-up to receive information regarding our developments or related products and services, we collect your contact information such as your name, phone number, mailing addresses and email address. If you opt in to receiving our communications, we will use this information to send you communications based on your expressed interests by mail or email.

You will always have the opportunity to unsubscribe from receiving any of our e-mail or other communications at any time by contacting us at dataprivacyoffice@rsmus.com and we will ensure that our e-mails include instructions on how to unsubscribe if you no longer wish to receive future e-mails from us.

If you decide to unsubscribe, we will only contact you (i) for the purposes allowed under applicable law; (ii) to send you notices of changes to our Privacy Policy; or (iii) to receive service related messages.

11. DATA SECURITY

We implement reasonable physical, technological, and organizational safeguards to protect against unauthorized or unlawful processing of Personal Information and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Information. RSM limits access to internal systems that hold Personal Information to individuals who need access for a legitimate business purpose.

12. DATA TRANSFER

Your Personal Information may be collected, used, processed, transferred, and retained in multiple countries including, Canada and the United States, which may be outside the region in which you are situated and may have different privacy or data protection legislation, and may therefore be subject to the laws of these countries. Additionally, and as discussed above, we may also engage service providers to perform certain services on our behalf and to otherwise provide the Services.  These service providers may store, process and transfer Personal Information on servers located outside of Canada in jurisdictions whose data protection laws may differ from those of Canada, such as the United States.  As a result, Personal Information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to the laws in those jurisdictions.  For example, information may be shared in response to valid demands or requests from government authorities, courts and law enforcement officials in those countries. Subject to applicable laws in such other jurisdictions, we will use reasonable efforts to ensure that appropriate protections are in place to require our service providers to maintain protections on Personal Information that are equivalent to those that apply in Canada.

13. UPDATES TO PRIVACY POLICY

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may provide more specific reasonable notice at our discretion (e.g., a banner, pop up, or email to you) if we materially change this Privacy Policy. Any changes to this Privacy Policy will be effective as of the “Last Updated” date at the top of this page, unless otherwise expressly indicate.

14.  CONTACTING US

You may contact us dataprivacyoffice@rsmus.com, 1-800-274-3978, or:

  • Attn: Data Privacy Office
  • 200 S. Wacker Drive
  • Suite 3900
  • Chicago, IL 60606