4-Information We Collect

5-How We Collect Information

• Direct submission by clients
• Website forms and interactive features
• Email communications
• Phone conversations
• In-person meetings
• Automated technologies or interactions (e.g., cookies, pixel tags, web beacons)
• Public records and databases
• Third-party service providers
• Social media platforms
• Mobile applications
• Surveys and feedback forms
  

6-SMS Text Messaging

"Text Messaging Opt-In and Consent: 
Fiscal Integrity Group values your privacy and is committed to protecting your personal information. We collect and store text messaging opt-in data and consent solely for the purpose of providing our services to you. We hereby affirm that this information, including your phone number and any related opt-in or consent data, will not be shared, sold, rented, or otherwise disclosed to any third parties, except as required by law or with your explicit permission. This data is maintained securely and used exclusively for communication between Fiscal Integrity Group and you, our valued client.

SMS Terms & Conditions

7-Use of Information and Legal Basis

We use the collected information for the following purposes, each with its corresponding legal basis:

• Providing tax preparation and accounting services (Legal basis: Contractual necessity)
• Conducting tax planning and consulting (Legal basis: Contractual necessity)
• Processing payroll (Legal basis: Contractual necessity)
• Performing bookkeeping services (Legal basis: Contractual necessity)
• Communicating with clients about their accounts and services (Legal basis: Legitimate interests)
• Improving our services and website functionality (Legal basis: Legitimate interests)
• Complying with legal and regulatory requirements (Legal basis: Legal obligation)
• Detecting and preventing fraud (Legal basis: Legitimate interests)
• Conducting internal analytics and research (Legal basis: Legitimate interests)
• Providing personalized tax and financial advice (Legal basis: Contractual necessity)
• Marketing our services to you (Legal basis: Consent)
• Responding to your inquiries and support requests (Legal basis: Legitimate interests)
• Maintaining and updating client records (Legal basis: Legal obligation)
• Conducting risk assessments and due diligence (Legal basis: Legal obligation)
• Defending against legal claims (Legal basis: Legitimate interests)

8-Information Sharing and Disclosure

8.1. We do not sell, rent, or trade client information to third parties. We may share information in the following circumstances:

• With your explicit consent
• To comply with legal obligations
• To protect our rights, privacy, safety, or property
• In connection with a business transfer or acquisition
• To enforce our contractual rights
• To professional advisors, such as lawyers, auditors, and insurers

8.2. Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

• Cloud storage providers
• Email service providers
• Payment processors
• Software vendors
• IT support and maintenance providers
• Professional liability insurance providers
• Document destruction services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

8.3. Professional Obligations

As tax and accounting professionals, we may be required to disclose information:

• To tax authorities during audits or investigations
• To other professionals assisting with your financial matters (with your consent)
• In response to a court order or subpoena
• To professional regulatory bodies during practice reviews

9-Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of sensitive data at rest and in transit
• Secure socket layer (SSL) technology for all web communications
• Next-generation firewalls and intrusion detection/prevention systems
• Regular security assessments, penetration testing, and vulnerability scans
• Employee training on data protection, confidentiality, and cybersecurity best practices
• Multi-factor authentication for accessing client data
• Regular software updates and patch management
• Physical security measures for our offices, including access controls and surveillance
• Data backup and disaster recovery procedures with regular testing
• Comprehensive incident response plan for potential data breaches
• Data loss prevention (DLP) solutions
• Mobile device management (MDM) for company-issued devices
• Network segmentation to isolate sensitive data
• Strict access controls based on the principle of least privilege
• Continuous monitoring of our systems for suspicious activities
  

10-Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods include:

• Tax returns and supporting documents: 7 years from filing date
• Client correspondence: 7 years from last contact
• Payroll records: 4 years from tax year end
• Engagement letters: 7 years from termination of services
• Financial statements: 10 years from creation date
• Client intake forms: 7 years from last service date
• Electronic backups: 7 years on a rolling basis
• Website logs: 1 year from creation date

11-Your Rights and Choices

You have certain rights regarding your personal information, including:

• Access to your personal information
• Correction of inaccurate or incomplete information
• Deletion of your personal information (where applicable)
• Objection to or restriction of certain processing activities
• Data portability
• Right to withdraw consent for marketing communications
• Options for limiting certain types of data collection or use
• California residents have additional rights under the California Consumer Privacy Act (CCPA), and EU residents have rights under the General Data Protection Regulation (GDPR). To exercise these rights, please contact us using the information provided in Section 3.
  

12-Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete the information as soon as possible.

13-International Data Transfers

If we transfer your data across national borders, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Privacy Shield certification (if applicable)
• Binding corporate rules for intra-group transfers
• Derogations for specific situations as provided by applicable law
• Consent for specific transfers after informing you of the potential risks

14-Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website to:

• Improve site functionality and performance
• Analyze site usage and user behavior
• Personalize content and remember your preferences
• Facilitate secure access to client portals
• Enable certain features of our online services
• You can manage your cookie preferences through your browser settings or our cookie management tool. We respect Do Not Track (DNT) signals and do not track, plant cookies, or use advertising when a DNT browser mechanism is in place.

15-Social Media and Third-Party Links

Our website may contain links to third-party websites or social media platforms. This privacy policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the content or privacy practices of these external sites.

16-Automated Decision-Making

FIG does not engage in automated decision-making processes that would produce legal effects or similarly significant impacts on our clients. All significant decisions related to your financial matters are made with human oversight and professional judgment.

17-Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Effective Date" at the top of this policy
• Sending an email notification to clients
• Displaying a prominent notice on our website
• We will obtain your consent for any material changes that affect how we use your personal information, where required by applicable law.

18-Compliance with Laws and Regulations

We comply with applicable laws and regulations, including:

• Internal Revenue Service (IRS) regulations
• State tax agency requirements
• General Data Protection Regulation (GDPR) for EU clients
• California Consumer Privacy Act (CCPA) for California residents
• Gramm-Leach-Bliley Act (GLBA)
• Sarbanes-Oxley Act (SOX)
• State-specific privacy laws
• Professional ethics standards set by accounting and tax professional organizations
• Fair Credit Reporting Act (FCRA)
• CAN-SPAM Act
• Payment Card Industry Data Security Standard (PCI DSS)
  

19-Dispute Resolution

If you have a complaint about our privacy practices, please contact us directly using the information provided in Section 3. We will investigate your complaint and respond within 30 days. If we cannot resolve the issue to your satisfaction, you may have the right to file a complaint with your local data protection authority. For EU residents, you can find your national data protection authority on the European Commission website.

20-Professional Confidentiality

As tax and accounting professionals, we adhere to strict confidentiality standards set by our professional organizations. This includes:

• Confidentiality of client information as mandated by professional ethics codes
• Ethical use of client data in accordance with professional standards
• Professional secrecy obligations as required by law
• Adherence to the AICPA Code of Professional Conduct
• Compliance with IRS rules on tax return preparer confidentiality

21-Employee Training and Awareness

We regularly train our employees on:

• Data protection principles and best practices
• Privacy regulations and compliance requirements
• Handling of sensitive information and personally identifiable information (PII)
• Recognizing and reporting potential data breaches
• Cybersecurity awareness and threat prevention
• Ethical considerations in data handling
• Client confidentiality and professional secrecy obligations
• Proper use of company IT systems and security tools
  

22-Sub-processors and Third-Party Service Providers

We maintain a list of sub-processors and third-party service providers who may have access to your personal information. This list is available upon request and includes:

• The name and location of the sub-processor
• The services provided by the sub-processor
• The types of personal information processed
• The security measures implemented by the sub-processor
• We conduct regular due diligence on our sub-processors to ensure they maintain appropriate security and privacy standards.
  

23-Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processing activities that are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us identify and mitigate potential privacy risks.

24-Privacy by Design and Default

We incorporate privacy considerations into our business processes and systems from the outset. This includes:

• Minimizing data collection to only what is necessary
• Implementing privacy-enhancing technologies
• Conducting privacy impact assessments for new projects
• Ensuring default privacy settings are the most protective

25-Professional Confidentiality

For clients outside the United States, we comply with regulations governing the transfer of personal data across borders, including:

• EU-US Privacy Shield Framework (if applicable)
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Adequacy decisions by the European Commission

26-Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected individuals without undue delay, typically within 72 hours of becoming aware of the breach
• Provide information on the nature of the breach and steps taken to address it
• Offer guidance on measures you can take to protect yourself
• Notify relevant supervisory authorities as required by law
  

27-Vendor Management

We have a comprehensive vendor management program that includes:

• Privacy and security assessments of potential vendors
• Contractual clauses requiring vendors to adhere to our privacy standards
• Regular audits of vendor compliance with our privacy requirements
• Procedures for terminating vendor relationships and ensuring data deletion
  

28-Data Minimization and Purpose Limitation

We adhere to the principles of data minimization and purpose limitation by:

• Collecting only the personal information necessary for specified purposes
• Regularly reviewing and deleting unnecessary data
• Ensuring data is not used for purposes incompatible with the original collection purpose
• Implementing technical measures to enforce these principles

29-Consent