This Privacy Notice describes how and why BDO Limited, BDO Greenlight and BDO Sator Regulatory Consulting (“we” or “us”) collect and use personal data (i.e. data relating to an identified or identifiable individual) in the course of their business. It applies to personal data provided directly to us by the individuals concerned and to personal data provided to us by companies and other organisations.
We are committed to the protection of personal data and to fair and transparent processing. If you have any questions about this Privacy Notice, you can contact our group Data Protection Officer via email at firstname.lastname@example.org.
BDO Limited is registered as a Data Controller with the Office of the Information Commissioner (www.oicjersey.org) with notification number 51301.
BDO Greenlight Limited is registered as a Data Controller with the Office of the Information Commissioner (www.oicjersey.org) with notification number 18515.
BDO Sator Regulatory Limited is registered as a Data Controller with the Office of the Information Commissioner (www.oicjersey.org) with notification number 19628.
Security of Personal Data
We have policies, procedures and training in place in respect of data protection, confidentiality and information security. We regularly review such measures with the objective of ensuring their continuing effectiveness.
International Transfers of Personal Data
In the course of running our business and providing services to clients we may transfer personal data to third parties located in other countries, including countries outside the EEA. Where we transfer personal data to a country not determined by the European Commission to provide an adequate level of protection for personal data, we will only do so under a form of agreement approved by the European Commission, such as the Standard Contractual Clauses.
Provision of Personal Data to Third Parties
We will only share personal data with third parties where we are legally permitted to do so. We do not provide information to third parties for their own marketing purposes and we do not undertake mailings for third parties. Where we transfer personal data to third parties, we will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.
We may provide personal data to:
- Other BDO Member Firms – we may share personal data with other members of the BDO International Network where required for the provision of services to our clients and/or for administrative purposes.
- Third parties involved in the performance of services – we may also share personal data to third party organisations who assist us in providing services to clients or are otherwise involved in the services we provide to clients.
- Third parties who provide IT services, data processing or functionality – like many professional service providers, we use third party providers to support our business and the provision of services to our clients, such as cloud based software providers, web hosting/management providers, data analysis providers, and data back-up and security/storage providers. We may transfer personal data to such third parties.
- Auditors and advisers – we may transfer personal data to our auditors and advisers as required by law or as reasonably required in the management of our business.
- Third parties where required by applicable law and regulation – we may be requested or compelled to disclose personal data to third parties such as regulators and law enforcement agencies. We will only provide personal data to such parties where there is a legal requirement or permission to do so.
You have rights in relation to any of your personal data held by us as a data controller. Should you wish to exercise your rights, please contact our Data Protection Officer via email at email@example.com. We will endeavour to respond to any request promptly and within any legally required time limit.
You also have a right to update your personal data that we hold. To do so, please either update the personal data via the web page or applications open to you, contact your usual BDO contact or otherwise contact our Data Protection Officer via email at firstname.lastname@example.org.
Where we process your personal data based on your consent, you have a right to withdraw consent at any time. Should you wish to do so, please contact our Data Protection Officer via email at email@example.com.
Finally, in addition to the rights above, you may also have other rights in relation to personal data, including a right to erasure/deletion, the right to data portability and the right to restrict and/or object to our processing of personal data.
Should you wish to complain about our use of your personal data, please contact our Data Protection Officer via email at firstname.lastname@example.org. We will investigate all complaints received and will endeavour to respond to complaints promptly.
You may also complain about our use of personal data to the Office of the Information Commissioner. For further information on your rights and the complaints process, please visit the Information Commissioner’s website: https://oicjersey.org/online-enquiry.
We will only keep personal data for as long as necessary for the purposes for which it was collected, or as required by applicable law or regulation.
Unless there are any overriding legal, regulatory or contractual requirements, we will retain records of services provided (which may include personal data) in accordance with our document retention policy.
Last modified 21st May 2018