This Privacy Statement describes how and why BDO LLP (“we” or “us”) and our subsidiaries that: (1) are contracting parties in order to provide or receive services; (2) publicise a position for which you are applying; or (3) you have some other connection to, collect and use personal data (i.e. data relating to an identified or identifiable individual) in the course of business. It applies to personal data provided directly to us by the individuals concerned and to personal data provided to us by companies and other organisations.
We are committed to the protection of personal data and to fair and transparent processing. If you have any questions about this Privacy Statement, you can contact our Data Protection Officer via email at dpo@bdo.co.uk.
To find out more about how and why we process personal data, please refer to the relevant section of this Privacy Statement (using the tabs above).
BDO LLP (a limited liability partnership registered in England with number OC305127 with a registered address of 55 Baker Street, London W1U 7EU) is registered as a data controller under registration number Z5799637.
We have policies, procedures and training in place in respect of data protection, confidentiality and information security. We regularly review such measures with the objective of ensuring their continuing effectiveness. The Privacy Statement was last updated in October 2024.
In the course of running our business and providing services to clients we may transfer personal data to third parties located in other countries that have less stringent data protection laws. Where we transfer personal data to a country not determined by the relevant authority to provide an adequate level of protection for personal data, we will take steps to ensure that personal data will be adequately protected in accordance with applicable law, such as using the Information Commissioner’s Office approved standard contractual clauses.
BDO has implemented a global programme of Binding Corporate Rules ("BCRs"), comprising both a BCR Controller Policy and a BCR Processor Policy. The purpose of the BCRs is to ensure compliance with applicable European and UK data protections laws when transferring UK or EEA originated personal data outside the UK and EEA. The BCRs apply to all BDO Member Firms and to other entities within in the BDO global organisation and require the same level of protection of personal data across all of these entities. When we transfer personal data to other BDO Member Firms (that may be located in countries that have less stringent data protection laws), we do so subject to the BCRs. For more information on the BCRs, please click here.
We will only share personal data with third parties where we are legally permitted to do so. We do not provide information to third parties for their own marketing purposes and we do not undertake mailings for third parties. Where we transfer personal data to third parties, we will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.
We may provide personal data to:
You have rights in relation to any of your personal data held by us as a data controller. Should you wish to exercise your rights right, please contact our Data Protection Officer via email at dpo@bdo.co.uk. We will endeavour to respond to any request promptly and within any legally required time limit.
You also have a right to update your personal data that we hold. To do so, please either update the personal data via the web page or applications open to you, contact your usual BDO contact or otherwise contact our Data Protection Officer via email at dpo@bdo.co.uk.
Where we process your personal data based on your consent, you have a right to withdraw consent at any time. Should you wish to do so, please contact our Data Protection Officer via email at dpo@bdo.co.uk.
Finally, in addition to the rights above, you may also have other rights in relation to personal data, including a right to erasure/deletion, the right to data portability and the right to restrict and/or object to our processing of personal data.
Should you wish to complain about our use of your personal data, please contact our Data Protection Officer via email at dpo@bdo.co.uk. We will investigate all complaints received and will endeavour to respond to complaints promptly.
You may also complain about our use of personal data to the Information Commissioner’s Office. For further information on your rights and the complaints process, please visit the Information Commissioner’s Office website: https://ico.org.uk/your-data-matters/.
We will only keep personal data for as long as necessary for the purposes for which it was collected, or as required by applicable law or regulation.
Unless there are any overriding legal, regulatory or contractual requirements, we will retain records of services provided (which may include personal data) in accordance with our document retention policy.