Privacy Policy

C&G Professional Services Inc. ("C&G", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you entrust to us. This Privacy Policy explains what personal information we collect, why we collect it, how we use and safeguard it, and the rights you have over it.

This policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and follows its ten Fair Information Principles. It applies to all personal information collected through our website, our client engagements, our forms, and any other interaction with C&G.

1. Accountability

C&G is responsible for all personal information under its control. We have designated a Privacy Officer who is accountable for our compliance with this policy and with PIPEDA. Contact details are provided at the end of this policy.

Where we transfer personal information to third-party service providers for processing on our behalf, we use contractual or other means to provide a comparable level of protection.

2. Why We Collect Personal Information

We collect personal information to provide our anti-money laundering (AML) consulting, forensic investigation, and regulatory advisory services, and to operate our business. Specifically, we use personal information to:

• Respond to enquiries submitted through our website, email, or telephone;
• Provide professional services under client engagements, including AML reviews, compliance program development, FINTRAC/RPAA registration, forensic investigations, and training;
• Onboard clients and conduct internal Know-Your-Customer (KYC) and conflict checks;
• Process applications submitted to our careers page;
• Communicate with clients about engagements and with prospects who have asked to hear from us;
• Meet legal, regulatory, and professional obligations applicable to our work; and
• Improve our website, content, and service delivery.

We will identify the purpose for collecting personal information at or before the time it is collected. We will not use personal information for any new purpose without first obtaining your consent, unless the new purpose is required or permitted by law.

3. Information We Collect

3.1 Information You Provide

You may provide personal information when you contact us, complete a form on our website, book a consultation, apply for a role, or engage us for professional services. This may include:

• Identifying information: full name, job title, employer, country of residence;
• Contact information: email address, telephone number, mailing address;
• Engagement-related information: business details, regulatory status, the nature of your enquiry or compliance matter;
• Client onboarding information (for clients only): corporate registration documents, beneficial ownership information, and other KYC documentation required to satisfy our own regulatory and professional obligations;
• Recruitment information: CV/resume, cover letter, references, credentials, and prior work history; and
• Any other information you choose to share with us.

3.2 Information Collected Automatically

When you visit our website, we may automatically collect limited technical information such as IP address, browser type and version, device type, operating system, referring URL, pages visited, and time spent on pages. This information is used for site security, performance monitoring, and to understand how visitors use the site.

3.3 Information from Third Parties

We may receive personal information about you from third parties only where you have consented to that disclosure, or where the disclosure is otherwise permitted or required by law (for example, public regulatory filings, sanctions databases, or referrals from existing clients).

4. Consent

We obtain your consent before collecting, using, or disclosing your personal information, except where authorised by law. Consent may be express (for example, signing a client engagement letter) or implied (for example, providing your contact details on a contact form so we can respond).

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may affect our ability to provide you with services. To withdraw consent, contact our Privacy Officer using the details below.

5. How We Use Your Information

We use personal information only for the purposes identified in this policy or otherwise communicated to you at the time of collection. We do not sell personal information. We do not use personal information for marketing by third parties.

6. How We Share Your Information

We share personal information only as necessary to deliver our services or as required by law. Recipients may include:

• Service providers that support our business operations, such as our website host, email and form platforms (including HubSpot for client intake forms), document storage, and IT security providers. These providers are bound by contractual confidentiality and data protection obligations;
• Regulators and law enforcement where disclosure is required by law, by a court order, or in response to a lawful request from a Canadian or foreign regulatory or law enforcement authority;
• Professional advisors such as our legal counsel and auditors, where required for the proper conduct of our business; and
• Successors in the event of a corporate reorganisation, merger, or sale of all or part of our business, subject to appropriate confidentiality obligations.

7. Retention

We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation, or professional standards. Client engagement records and KYC documentation are retained for the minimum periods required by Canadian AML legislation and our professional obligations, typically a minimum of seven (7) years from the close of an engagement.

When personal information is no longer required, we securely destroy, erase, or anonymise it.

8. Safeguards

We protect personal information using physical, organisational, and technological safeguards appropriate to the sensitivity of the information, including:

• Encrypted file storage and encrypted communications for sensitive engagement materials;
• Role-based access controls, with personal information accessible only to staff who require it for the performance of their duties;
• Confidentiality obligations binding on every member of the C&G team;
• Secure disposal of physical and digital records at the end of the retention period; and
• Ongoing staff training on privacy, confidentiality, and information security.

9. Your Rights & How to Access Your Information

Subject to the limited exceptions permitted under PIPEDA, you have the right to:

• Know whether C&G holds personal information about you, and request access to it;
• Request correction of inaccurate or incomplete personal information;
• Withdraw your consent to our use or disclosure of your personal information (subject to legal or contractual restrictions); and
• Receive an explanation of how your personal information has been used and to whom it has been disclosed.

To exercise any of these rights, contact our Privacy Officer in writing using the details below. We will respond to your request within thirty (30) days, or notify you in writing if more time is required.

10. Cookies & Website Analytics

Our website may use cookies and similar technologies to remember your preferences, maintain session state, and understand how visitors interact with the site. You can control or disable cookies through your browser settings; doing so may affect the functionality of the website.

Where we use third-party analytics services, those providers may process limited technical data on our behalf in accordance with their own privacy practices and applicable Canadian privacy law.

11. International Transfers

Some of our service providers (including, where applicable, our website host and form platforms) may store or process personal information outside of Canada, including in the United States. Where this occurs, personal information may be subject to the laws of the foreign jurisdiction, including lawful access by foreign courts, law enforcement, and national security authorities. We use contractual safeguards with such providers to require a comparable standard of protection.

12. Children's Privacy

Our services and website are directed to businesses and professionals. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact our Privacy Officer and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. The "Last Updated" date at the top of this policy indicates when it was most recently revised. We encourage you to review this policy periodically.

14. Privacy Officer & Complaints

If you have questions about this policy, wish to exercise any of your rights, or wish to make a complaint about how we have handled your personal information, please contact our Privacy Officer:

If you are not satisfied with how we have addressed your concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca  ·  Toll-free: 1-800-282-1376.

This Privacy Policy is provided for informational purposes and is not legal advice. C&G recommends having this policy reviewed by qualified Canadian privacy counsel before it is published, and updated whenever business practices change.