Thank you for visiting the website of High Level Wealth Management Inc. (“HLWM”) We are an Alberta corporation that provides independent, evidence-based financial planning and wealth management services to those residing in Edmonton, and surrounding suburban areas.
What personal data we collect and why we collect it
If you book an appointment using our online booking system, we collect and store your name, phone number, and email address. If you also provide your address or make additional comments, we collect and store that information as well. We collect this information to complete the appointment booking process and to allow us to follow up with you about your appointment.
If you are invited to fill out an online questionnaire, we collect and store the answers you provide. We collect this information to better understand your needs and to provide comprehensive financial planning and wealth management services to you as our client.
A cookie is a small file sent from a web server to your computer whenever you visit a website. If you return to the website later, your browser sends the small file to the server to notify the website of any previous activity you engaged in on the site. Once you return to a website, the server can retrieve the cookie file from your local computer to assist in expediting certain functions such as logging in and retrieving account or user data.
Cookies can serve many useful purposes, such as remembering items you had in a shopping cart, logging visited pages on the site, and remembering login details so you don’t have to enter them every time you visit the website. The most common types of cookies are authentication cookies, which servers use to determine whether a user is logged into a site or not.
Embedded content from other websites
Who we share your data with
We do not rent or sell client information to anyone. Nor do we share your information with organizations outside of our relationship with you that would use it to contact you about their own products or services except for as provided for in this policy.
Third party service providers
With your consent, we may share your information with third parties that provide investment products and services. The third parties undertake to use a client’s personal information only for the purposes of carrying out the services they have been retained by us for and must agree in confidentiality agreements or undertakings to safeguard our clients’ personal information.
Financial authorities and regulators
We may also be required to share client information with regulatory authorities having jurisdiction over our activities and operations (such as the Alberta Securities Commission or the CFA Institute). These regulatory bodies or organizations may require access to client personal information (both former and current clients) for regulatory purposes including matters related to financial compliance, investigations of potential regulatory and statutory violations, enforcement or disciplinary proceedings, and reporting to such regulatory bodies.
As required by law
In certain instances, we may be compelled to disclose personal information in response to a legally valid demand, enquiry, proceeding, or order. In these cases, we will take steps to ensure the request is valid and will disclose the personal information necessary to satisfy the inquiry, order, or regulatory body. We may be ordered by a court or regulatory body having jurisdiction over our services to disclose personal information to a third party, or to the court, or to preserve personal information pending the outcome of a legal hearing or pursuant to a regulatory inquiry or hearing. We may also be legally required to disclose information in connection with the collection or repayment of a debt, to assist in the prevention of fraud or other criminal activity, when we obtain legal advice from legal counsel, or in an emergency that affects the health or safety of an individual.
How long we retain your personal information
We will only retain clients’ personal information in our records for as long as it is reasonably needed to fulfill the identified purposes, or as required or permitted by law. Personal information, accessible to clients through their Client Portal, that is meant to provide a historical record and analysis of trends over time (e.g. historical data about a client’s financial assets, net worth, budget, and spending) may be retained indefinitely or until destruction is requested by the client.
Keeping your personal information accurate
If there is a change in your personal information, or you become aware of an error in the personal information we have on file for you, please contact our Privacy Officer, Kent Akgungor, at 780-851-8088 or firstname.lastname@example.org. You must make a written request that provides us with enough detail to enable us, with reasonable effort, to identify you and the personal information and the correction being sought. We will correct inaccurate or incomplete information within a reasonable time and notify you when such changes are completed. There is no charge for correcting your personal information. We will also ensure that any third parties that have received your personal information from us are notified of such changes or corrections.
How to withdraw consent
You may contact us to withdraw your consent at any time provided there are no contractual or other legal requirements limiting such withdrawal. We will explain your options and any consequences of withdrawing your consent, as we may not be able to any longer provide you with certain products or services.
Your rights in relation to your personal information
You have the right to:
know why an organization collects, uses or discloses your personal information.
expect an organization to handle your information reasonably and to not use it for any purpose other than the one to which you consented.
know who in an organization to contact with respect to the protection of your personal information.
expect an organization to protect your information from unauthorized disclosure.
access and update your personal information that an organization holds about you and make sure it is accurate, complete, current, and request correction of your personal information if there is an error or omission.
expect an organization to only retain your personal information for as long as reasonably necessary and to destroy your personal information when requested or when no longer required for the intended purpose, or as permitted by law.
confidentially complain to an organization about how it handles your information and to the Privacy Commissioner if need be.
Where we send your data
Our website is hosted on the Google Cloud (Montreal region), but we also rely on various third parties to provide financial planning and wealth management services to our clients. In the course of doing business with HLWM, your personal information may also be stored with one or more of the following parties, subject to each of their privacy policies. These third parties may process and store your information outside of Canada. In such case, some personal information may be accessible to law enforcement, national security services, or regulatory authorities in accordance with the laws of those jurisdictions where those service providers are located.
Description of Service
Data Storage Location
Client portal hosting (via Amazon Web Services)
Email, calendar, contacts, documents, file storage
Canada, United States, other global locations
Contacts, calendar, app data, messaging, file storage
United States, other global locations
Investment portfolio analysis
Portfolio management tools
Payment processing, accounting
Customer relationship management, appointment booking, digital signatures, file storage
V2 Cloud Solutions
Virtual desktop services
Zoom Video Communications
Canada, United States, other global locations
Canada, United States
Online data backup
How we protect your data
Our clients are our business. As advisors, we are trusted with some of our clients’ most sensitive personal information. We respect that trust and want our clients to be aware of our commitment to protect the personal information they provide in the course of doing business or communicating with us. We collect personal information in compliance with applicable laws and ethical business practices, in order to provide products, services, and to conduct business. We limit the information that we collect to that which is necessary for, or related to, these purposes.
We use a variety of security measures to protect our client’s personal information including:
all devices/computers are password protected;
use of strong, unique passwords for any online services and the use of two-factor authentication where available;
use of encrypted hard drives, online storage, and back-ups; and
waste paper containing personal information will be shredded on site.
In addition to the foregoing, we abide by ten privacy principles, which are based on the federal government’s privacy legislation, the Personal Information Protection and Electronic Documents Act:
Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate.
Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for fulfillment of those purposes.
Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. Where possible, when handling your information we use the Secure Sockets Layer (SSL) protocol, which encrypts any information you send to us electronically. The encryption process protects your information, by obfuscating it before it is sent to us from your computer. Once we receive your transmission, we make commercially reasonable efforts to ensure its security on our system and within any third party systems that we utilize in the course of doing business. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us. In addition, we take other safeguarding measures such as all devices/computers are password protected, we use strong, unique passwords for any online services and the use of two-factor authentication, where available. Additionally, we use encrypted hard drives, online storage, and backups. Finally, all personal information is shredded on site when destroyed and no longer retained in accordance with this policy.
Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Challenging Compliance: An individual shall be able to submit a challenge concerning compliance with the above principles to the designated individual or individuals responsible for the organization’s compliance.
What data breach procedures we have in place
A privacy breach results from unauthorized access to, or collection, use, or disclosure of personal information. At HLWM we have a responsibility for the safekeeping and protection of personal information that we collect and retain on behalf of our clients. Part of our responsibility is to document and report any privacy violations/breaches of such personal information. We have a comprehensive privacy breach policy in place which outlines the procedures to be followed in the event of a privacy breach.