skip to main content

Privacy Policy

Effective Date December 2022

ABOUT THIS POLICY

This policy provides notice of our information collection and use practices by RKL LLP, and its affiliates (together, “RKL,” “us,” or “we”). It applies to information that we collect from you when you interact with us. This applies to both online and offline information collection, including your use of any websites or subdomains operated by us. Your use of this platform indicates you agree to our collection, use, and disclosure of your information as described in this Privacy Policy.

COULD RKL LLP HAVE YOUR INFORMATION?

RKL LLP connects with individuals for many different reasons. Those interactions may result in us directly or indirectly gaining access to information about you. By identifying the category or categories of your relationship with RKL LLP, set out below, you will be able to easily understand what categories of information we may collect about you, our purpose for collecting your information, and whether we share your information with others.

Employment

  • As a Principal or Partner
  • As an Employee
  • As a Contractor or Intern As an Applicant or Prospective Applicant for employment at RKL LLP
  • As a result of an RKL LLP Employee or Applicant’s disclosure (for instance, emergency contact, tax dependent, reference)

Our Clients

  • As an Individual Client of RKL LLP
  • As an Employee of a Corporate Client of RKL LLP
  • As a result of an interaction you had with a RKL LLP Client (for instance, you are a customer of a Client for whom we audit invoices)

RKL LLP Alliance

  • As an employee of a member of an RKL LLP Alliance
  • As a result of an interaction you had with an RKL LLP

General Public Interactions

  • As a visitor to RKL LLP websites
  • As a participant at an RKL LLP event, training program, or conference
  • As a participant or guest at an RKL LLP hosted public event

 

CATEGORIES OF INFORMATION WE COLLECT

Depending on your relationship with RKL LLP we may collect specific categories of information about you. Below is a description of categories of information that we may collect, with each followed by a list of the relationship group(s) (i.e., the groups noted above) with respect to which we may collect that category of information.

Personal Identifiers and Demographic Information

This includes: state and federally protected classes of individual information, contact information such as your name, phone number and email, and other types of general information that may be used to identify you.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions
  • Location Data

This category include things like your city, state, country and time zone. Although not often collected by RKL LLP location data may also include the global latitude and longitude of your location.

Client Relationship Information

This includes information that we may request from you or you may choose to provide for our records about you as a client and the services we provide you. This may include things such as your business contact information, your background/history, services you have obtained from us, unique identification numbers associated with you, and other information our client servers may gather about you to serve you better, such as family members’ names.

  • Our Clients
  • RKL LLP Alliance

Client Financial Services Information

This category includes the information we may request from you or you may choose to provide RKL LLP as part of financial services that we provide you, such as tax filings. This information may include compensation plans, information necessary for tax filings and other state or federal disclosures, corporate records, investments, and other similar types of information.

  • Our Clients
  • RKL LLP Alliance

Health Information

The types of information in this category may include dietary or allergy restrictions, disabilities, items related to your insurance or insurance claims, information found in medical charts such as date of admittance, diagnosis and prescriptions, and other health information.

Our access to your health information most often comes from dietary and allergy restrictions you provide us when you attend a catered event. Additionally, your health information may be provided to us either directly from you, your employer or in connection with a client as part of providing tax, audit or consulting services where required for the services provided (such as an audit of hospital billing records).  We also have health information related to our employees’ use of our insurance plan.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions

Biometric & Bodily Information

Not to be confused with Health Information, this category refers to types of information such as DNA, photographs, audio/visual recordings, and various bodily scans like facial or fingerprint scans. It also includes sensory information that may be used to identify you.

We have a limited amount of Biometric & Bodily Information. We may have photographs either provided by you or for security purposes and building access. Additionally we have audio/visual recordings for training and conference events, and at your choosing you may provide us with fingerprint and facial scans to access certain physical or electronic environments or to showcase innovative technologies we may offer as your service provider.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions

Internet or Network Activities

This category includes information we gather when you interact with our websites or systems, such as IP (internet protocol) address, search history, completion of web forms, session IDs, as well as other site usage information gathered through cookies hosted on our website. OurCookie Policy will provide you with more information about our cookies and how we use them to enhance your experience and better serve you.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions

Location Data

This category include things like your city, state, country and time zone. Although not often collected by RSM, location data may also include the global latitude and longitude of your location.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions

Employment Information

This category includes any information related to your previous and current employment. This includes your employer, compensation, title, and information found on W2s and other similar types of tax documents. Additionally, we may have information for direct deposits, information contained in your resume and cover letter, IDs for company issued equipment, and any information related to your application or employment at RKL LLP.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions

Education Information

This category includes information such as where you attended school, degrees you obtained, areas of study, graduation date, scholarships awarded, school email and grade point average (GPA). Usually we have this information because you applied for a position with RKL or you otherwise provided the information directly to us. Occasionally we provide audit services to educational institutions where we may have access to your education information as a result.

  • Employment
  • Our Clients
  • RKL LLP Alliance Groups
  • RKL LLP Corporate Relationship
  • General Public Interactions

Internal Corporate Information

This category refers to the information that RKL LLP may have in the course of performing our internal business and financial operations. This may include information about our Service Providers and 3rd Party vendors’ employees, business contacts including billing contacts, address and location, and services provided.

  • RKL LLP Corporate Relationship

Inference Data

Inference data refers to any assumptions, conclusions and assertions we may come to about someone, such as predispositions, preferences, risk level and risk tolerance, and abilities and characteristics. These inferences are based on information from the above categories.

  • Employment
  • Our Clients
  • RKL LLP Alliance
  • RKL LLP Corporate Relationship
  • General Public Interactions

 

BUSINESS PURPOSES FOR INFORMATION USE

Keeping in mind your relationship with RKL LLP and the categories of information we collect based on that relationship,

We may use your categories of information for Business Development, Marketing and Event Management. This business purpose includes activities like and similar to:

  • Lead Generation
  • Travel and Expense Reporting
  • Marketing campaigns by mail or email or through our website
  • Hosting internal conferences and training for Clients and Employees
  • Hosting and sponsoring external events for our employees, clients, and the general public

We may use your categories of information to Provide Our Clients with Services. This business purpose includes activities like and similar to:

  • Client Services & Invoicing
  • User Registration & Access Rights Monitoring
  • Tax Preparation & Filings
  • Outsourced Business Services

We may use your categories of information so we can Manage our Client Relationship with You. This business purpose includes activities like and similar to:

  • Event Management & Registration
  • Client On-/Off-boarding & Communication Outreach
  • Physical Building Access to RKL LLP offices
  • Credit Review and Background Screening
  • Contract Engagement, Engagement Letters, and Other Contractual Obligations

We may use your categories of information to Comply with RKL LLP’s Legal, Professional and Regulatory Obligations. This business purpose includes activities like and similar to:

  • Data Subject Access Request Processing
  • Background Screenings
  • Data Loss Prevention and Security Monitoring
  • Professional Certifications and Ethical Compliance
  • Payroll Processing, Reporting, and Administration
  • Personnel and Incident Investigations & Litigation Matters
  • Regulatory & Government Compliance Matters
  • Government Requests and Subpoena Responses
  • Corporate Insurance Management

We may use your categories of information to ensure we are Fulfilling Our Obligations to Our Employees as their Employer. This business purpose includes activities like and similar to:

  • Credit Review and Background Screening
  • Services for Alumni Partners and Principals
  • Employee Insurance, Benefits, and Leaves of Absence
  • Personnel Compensation, Travel, and Expense Reporting & Reimbursement
  • Employee Management, Lifecycle & Records

We may use your categories of information ensure the Physical and Electronic Security of RKL. This business purpose includes activities like and similar to:

  • Mobile Device Management System
  • Network Monitoring & Online Intrusion Detection
  • Physical, Technical, and Administrative Security Reviews
  • Digital User Registration & Access Monitoring
  • Video Surveillance & Building Access Monitoring

We may use your categories of information as part of our process for Manage our Service Providers and 3rd Party Vendors. This business purpose includes activities like and similar to:

  • Order Processing
  • Vendor Payment Reconciliation
  • Accounts Receivable & Payable Processing
  • Vendor Assessments & Security Evaluations
  • Vendor Agreement negotiations, executions, and implementations

We may use your categories of information to Perform our Internal Business Operations. This business purpose includes activities like and similar to:

  • Real Estate Management & Development
  • Strategic Enhancements & New Service Development
  • Building, Office and Day to Day Business Operations
  • Systems Implementation & Support Services
  • Insurance, Tax, and Payroll Preparation & Filing

Please note, we use all categories as otherwise permitted by law or as we may notify you. If your consent is required by law, we will obtain your consent prior to the use and/or collection of your information.

OUR SOURCES OF INFORMATION & HOW WE COLLECT INFORMATION

We collect categories of information in a few different ways.

You or Your Legal Representative / Authorized Agent is our main source when collecting your information in all of the categories above.  We collect your information through a variety of different methods:

  • Emails
  • In Person
  • Over the Phone
  • Employment Applications
  • Electronic Files (e.g. pdfs, word docs, ppt.)
  • Scholarship Applications
  • Charitable Contributions
  • Event Registration Forms
  • Web Forms, including Data Subject Access Requests
  • Paper Documents

Our Clients are another source for collecting your information in all of the categories above. We collect your information through several different methods:

  • Emails
  • In Person
  • Over the Phone
  • Workspace Collaboration Sites
  • Electronic Files (e.g. pdfs, word docs, ppt.)
  • Integrations, APIs, File Transfer Sites.
  • Database and Data Warehouse Access
  • Event Registration Forms
  • Paper Documents

Our Website Cookies and your interaction with our website is an additional source for collecting your information for four of the categories above: Personal Identifiers and Demographic InformationInternet or Network ActivitiesLocation Data, and Inference Data. We collect your information through a few different methods:

  • Pixels
  • Tags
  • Tracking Cookies
  • Marketing Cookies
  • Analytic Cookies

Our Cookie Policy will provide you with more information about our cookies and how we use them to enhance your experience and better serve you.

Our Business Partnerships, Service Providers & 3rd Party Vendors are another source for collecting your information in all of the categories above. We collect your information through several different methods:

  • Email
  • In Person
  • Over the Phone
  • Event Sponsorship Forms & Rosters
  • Contracts, including Service Agreements and Statements of Work
  • Web Forms
  • User Account Portals
  • Electronic Files (e.g. pdfs, word docs, ppt.)
  • Paper Documents
  • Integrations, APIs, File Transfer Sites

Educational Institutes, Professional & Government Licensing Groups and your interaction with these groups is an additional source for collecting your information for six of the categories above: Personal Identifiers and Demographic InformationBiometric Bodily InformationLocation DataEmployment Information, Educational Information, and Inference Data. We collect your information through a few different methods:

  • Email
  • In Person
  • Over the Phone
  • User Account Portals
  • Paper Documents
  • Web Forms
  • Electronic Files (e.g. pdfs, word docs, ppt.)

Publically Available Sources another source for collecting your information for six of the categories above: Personal Identifiers and Demographic InformationClient Relationship InformationBiometric Bodily InformationLocation DataEmployment InformationEducational Information and Inference Data. We collect your information through a few different methods:

  • Social Media
  • Websites (such as professional networking sites & online searches)
  • Online Professional Forums
  • Magazine, Newspaper, Blogs, and Other Reporting Media
  • White Papers and Other Peer Review Publications

 

WE COMBINE INFORMATION

We combine information we collect from you on the website with information we receive from you in person, by email, or by other forms of communication. We also combine information you provide with information we obtain from third parties, service providers, and our affiliates.

WHEN WE SHARE INFORMATION WITH OTHERS

On an as needed and case by case basis, we may share all categories of information above with third parties, service providers, and others as described here:

We share information with our affiliates.

This includes current and future affiliates and other related entities (including RKL Virtual Management Solutions and RKL Wealth Management LLC). We will share this information for our business purposes, business and service development and enhancement strategies, and to otherwise engage in the activities described in this Privacy Policy.

We share information with vendors and service providers. We share personal information with vendors who provide services to us. Refer to the above chart, Categories of Information We Collect, to see the types of information that may be relevant to you.

Our Service Providers are categorized in at least one of the following categories based on the services they provide RKL LLP:

  • Business & Finance Operational Services (such as travel reimbursement, payroll processing, recruitment, AR/AP processing, or other similar services)
  • Legal, Compliance and Advisory Services (such as  attorneys, financial advisors, external consultants, or other similar services)
  • Education & Professional Development Services (such as training, professional licensing, continuing professional education or other similar services)
  • Telecommunication & Mobile Services (such as telephone systems and inter office messaging services)
  • Network, Datacenters & Infrastructure Services (such as internet, intranet, email, software and system architecture)
  • Marketing, Events & Communication Services (such as hosted events, hotel & catering services, sporting events, newsletters, email marketing and other similar services)

We share information with government and regulatory authorities. We share information with government and regulatory authorities in the course of providing services to you, such as preparation of tax returns.

We share information if we must in order to comply with law or to protect our legal interests. We may share information we collect about you to respond to a court order or subpoena. We may share information in response to a government agency or investigatory body request. This may include sharing information with the US or Canadian government. We may share information if necessary to prevent physical harm or financial loss. We may share information we collect when we are investigating potential fraud or other illegal activity.

We share information with any successor to all or part of our business. If all or part of our business is sold, we will share information as a part of that transaction.  If there is a merger or acquisition, we will also share your information. We will also share information as part of a financing or bankruptcy.

We share information as permitted by law and for other reasons we may describe to you.

YOU HAVE CERTAIN CHOICES

We provide you with the following options about how we use information:

EVERYONE

You can opt out of receiving our emails. You can change your mind if you signed up to receive email newsletters, alerts or other marketing emails. To unsubscribe, click the link located at the bottom of our marketing emails.  If you opt out of receiving marketing messages, you will still get non-marketing messages. If you object to our use of your information for direct marketing purposes, please email us at RKLDataPrivacy@rklcpa.com

You can control cookies and tracking tools. Click here to learn more about how we use cookies and other tracking tools.

CALIFORNIA RESIDENTS

As of January 1, 2020, the California Consumer Privacy Act gives you or your Proxy the right to make certain requests of RKL LLP regarding information that we collect about you. We will not discriminate against you because you have exercised any of your rights under the California Consumer Privacy Act.

Your Rights under the California Consumer Privacy Act

  • Request what categories of information we collect (which may also be referenced above in Categories of Information We Collect)
  • Request that a copy of your information be provided to you
  • Request that your information be deleted
  • Request what categories of Service Providers and 3rd Parties we share your information with

RKL LLP’s Verification Process

Before we can begin to process your request, we must first verify your identity. We will use the following points of information for our verification process.

  • A unique ID assigned to you by RKL LLP (e.g. Client ID, Vendor ID)
  • RKL LLP Line of Business(es) you are associated with
  • Email Address
  • Full Name
  • Phone Number
  • Mailing Address
  • Employer, Service Provider, 3rd Party Vendor or Organization’s Name you are associated with

Request made for categories of information about you require that we verify your identity using at least two of the points of information listed above.

Requests made for specific information require that we use at least three points of information listed above. Additionally you will be required to provide a document signed under penalty of perjury affirming that you are the consumer who you are making the information request about.

For requests made for the deletion of information RKL LLP will require two or three of the points of information above, depending on the sensitivity of the information requested to be deleted.

Proxy Requests. Requests made by a California resident’s proxy will follow the same Verification Process as above. Additionally a proxy is required to provide to RKL LLP a notarized attestation that they are the California resident’s authorized legal representative.

How To Make A Request. You or your Proxy may make a request by selecting the “California Consumer Data Request” button on this page or you may submit your request to us by phone at 1-800-274-3978. An RKL LLP customer service representative will collect the necessary information from you and provide you with details about how you can provide RKL LLP with any additional documentation that may be necessary.

Sales of Information of California Resident. We do not sell California residents’ personal information, including personal information of minors under the age of 16.

NEVADA RESIDENTS

Sale of information of Nevada Residents. We do not exchange Nevada residents’ personal information for money with anyone so they may license or sell the personal information to additional parties. We do not sell personal information of minors under the age of 16.

EUROPEAN UNION RESIDENTS

If you reside in the European Union you may have certain additional rights. EU residents may be able to ask us to restrict how we process information, such as if you believe it is inaccurate, or if you believe that the processing is unlawful but you do not want us to delete the information. It may also apply if we no longer need your information for the purposes described to you but you do not want us to delete it because you need to establish, exercise, or defend a legal claim. It also may apply if you object to profiling or direct marketing. You may also have the right to data portability. Requests may be submitted to RKLDataPrivacy@rklcpa.com.

Our basis for processing information subject to General Data Protection Regulation (GDPR) is typically to perform a contract. Performance of a contract includes responding to your requests. We also process information based on compliance with our legal obligations. From time to time our basis for processing is also consent or legitimate interest.

CANADA RESIDENTS

If you reside in Canada you have certain additional rights. Canadian residents may be able to request access and correction of personal data. Requests may be submitted to RKLDataPrivacy@rklcpa.com.

WE USE REASONABLE SECURITY MEASURES

We use standard and reasonable security measures. The Internet is not 100% secure. We cannot promise that your use of our sites or apps will be completely safe. We encourage you to use caution when using the Internet.

We keep personal information as long as it is legally required, necessary or relevant for the practices described in this Privacy Policy, including the purpose for which we originally collected your information.

WHERE WE STORE INFORMATION

You understand and agree that we may transfer, process and store your information to the US, Canada, India, the United Kingdom, or other countries. Our affiliates or other third party service providers may also transfer, process, or store your information in the US or other countries. Our sites and businesses are subject to US laws, which may not afford the same level of protection as those in your country.

THIRD PARTY LINKS AND TOOLS

We may link to other sites or apps or have third party services on our platforms that we do not control. If you click on a third party link, you will be taken to a platform we do not control. This policy does not apply to the privacy practices of that website or platform. Read other companies’ privacy policies carefully. We are not responsible for these third parties. Our site may also serve third party content that contains their own cookies or tracking technologies. We do not control the use of those technologies.

INFORMATION COLLECTION FROM CHILDREN

Our sites and apps are meant for adults. We do not knowingly collect personally identifiable information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and think your child has given us information, you can email or write to us. Use the address information in the contact us section below. Parents, you can learn more about how to protect children’s privacy on-line here.

YOU CAN CONTACT US

If you have any questions about this Policy or our data practices, you can write to us at:

Attn: Data Privacy Office
1800 Fruitville Pike

Lancaster, PA 17601

You can email us at RKLDataPrivacy@rklcpa.com.

WE MAY UPDATE THIS POLICY

From time to time we may change our privacy policies. We will notify you of any material changes to our Policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.