PRIVACY & DATA SECURITY POLICY
Please read and retain for your records
Our Commitment To Privacy
You have entrusted us with your personal information and we recognize our obligation and ethical responsibility to keep information about you secure and confidential. Therefore, to protect and maintain this relationship, we have recited our privacy policy to maintain the confidentiality of the information you have shared with us. This policy covers nonpublic personal information (Client Information), which means personally identifiable information about a client’s current or former relationship with Candy & Schonwald, PLLC.
Client Information That We Collect
The client information we collect is categorized below:
- Information you provide to us to prepare your federal, state and/or local income or other tax return(s);
- Information you provide to us for the purpose of attestation (i.e., audits or financial statements or other agreed upon procedures);
- Information you provide to us for the purpose of reviewing or compiling that information for your internal use or for your distribution to third parties;
- Information you provide to us for the purpose of consulting you in specific matters (i.e., estate planning, business valuations, buy/lease decisions, etc.);
- Information we receive on your behalf (with your authorization and directive) to provide one or more of the above services;
- Information we receive on your behalf because you have authorized us to receive this information by signing Form 2848, Power of Attorney and Declaration of Representative;
- Any other information that we might receive on your behalf in conjunction with providing one or more of the above services.
CLIENT INFORMATION THAT WE SHARE WITH OTHERS
Unless you have requested and directed us to do so, we do not share information with people or organizations outside of Candy & Schonwald, PLLC. If you verbally or through written correspondence authorize us to disclose your personal information to others, we will only disclose that information that you have authorized and we will only disclose this information to those whom you have authorized.
If you provide us with Power of Attorney to represent you before the Internal Revenue Service, we will disclose only that information that we believe is necessary for the IRS to conduct their examination or inquiry. If you provide us with a notice from the IRS, state or local taxing agency, indicating a problem with your account with one or more of these agencies, we will provide to the appropriate agency an explanation and/or documentation from our files in order to attempt to resolve the problem. Although we may correspond with these agencies on your behalf, they usually will not reply to us without the proper Power of Attorney forms signed by you. In the event that we correspond with these taxing agencies, we will provide only that information with which we have been provided and that is relevant in resolving the problem(s).
If we believe the information we would provide to these agencies may place your account in jeopardy or create additional problems for you, we will discuss these potential adverse effects with you prior to us disclosing any information on your behalf.
CONFIDENTIALITY, SECURITY AND DISPOSAL OF INFORMATION
The security of your personal Client Information is very important to us. We restrict access to your Client Information to those employees that have a legitimate business reason to conduct business on your account. We maintain physical, electronic and procedural safeguards that comply with federal standards to guard your Client Information. As such, we dispose of all Client Information containing confidential information by making it unreadable or undecipherable by shredding, erasing, or by other means. We may also dispose of confidential information by contracting with a business engaged in the disposal of records containing confidential information.
PHYSICAL MEDIA SECURITY
- Any printed confidential material is kept under lock and key, or destroyed by a secure shredding service that is NAID (National Association for Information Destruction) Certified.
- All electronic or magnetic media is also kept under lock and key or destroyed. Access to all machines is restricted by password protection.
ELECTRONIC SECURITY MEASURES
- Data is stored on secure servers behind firewalls.
- Network is monitored by an IPS solution that alerts IT to potential threats.
- All servers are protected with up-to-date anti-virus and all servers storing or processing sensitive data are protected by IPS.
- Systems are housed in a secure data center which is monitored around the clock.
DATA INTEGRITY AND AVAILABILITY
- Data is securely mirrored to a secure offsite Disaster Recovery site so that data can be recovered and service restored in the event of a disaster.
- Datacenter is protected by a fire suppression system.
- Databases are clustered for high availability in the event of hardware or software failure.
- Web servers are load balanced for high availability.
MAKING SURE INFORMATION IS ACCURATE
Keeping your account information accurate and up to date is very important. If you ever find that your account information is incomplete, inaccurate or not current, please write, call or email us using the information included in the letterhead on page one. We will promptly update or correct any erroneous information.
HOW TO LIMIT OUR USE OF YOUR CLIENT INFORMATION
Under standards promulgated by the American Institute of Certified Public Accountants (AICPA) and enforced by the Texas State Board of Public Accountancy, it would be unethical for us to disclose or supply client information when the related client has not authorized such disclosure. Therefore, for your Client Information to remain confidential, you need to do nothing nor notify us regarding this limitation.
However, if you have previously authorized us to disclose information to sources other than you (i.e. by providing us with a Power of Attorney executed by you), we will comply with this prior authorization unless you revoke it. To revoke any prior authorizations which you have supplied us, please write us at our address:
3116 Live Oak Street
Dallas, Texas 75204
To ensure that your written request is handled properly, please include your full name, address, social security number and telephone number and the name(s) of all entities for which you are revoking an authorization.