Privacy Policy

This privacy notice describes how BDO Limited ('we', 'us') collects and processes personal information about our clients (‘you’); how we use and protect this information, and our clients rights in relation to this information.

 

This privacy notice applies to all personal information we collect about you. Personal information is information, or a combination of pieces of information that could reasonably allow an individual to be identified. 

 

Information we collect

How we use your personal information and the basis on which we use it

Your rights over your personal information

Information Sharing

Information Security

Information Transfer

Contact Us

Complaints

Changes to the Privacy Notice

 

 

Information we collect

We collect personal information that is required as a consequence of our contractual relationship with you, to enable us to carry out our contractual obligations to you. Failure to provide this information may prevent or delay the fulfilment of these obligations. 

The categories of information that we may collect include the following in respect of you where you have a direct relationship with us and in respect of the shareholders and directors of your company and various of its employees:

  1. personal details (e.g. name, social insurance number, tax identification number, ID number, passport number, age, date of birth);
  2. contact details (e.g. phone number, email address, postal address or mobile number);
  3. employment details (e.g. job title etc.);

 

How we use your personal information and the basis on which we use it

We use personal information to:

  1. carry out background checks prior to accepting you as a client;
  2. contact you with questions and other information regarding the services we are providing to you;
  3. ensure that our records are kept accurate and up to date where you, your employees or contractors work on or visit our facilities;
  4. ensure we issue accurate invoices for our services;
  5. send you messages about products and services which we think will be of interest to you;
  6. comply with legal obligations to which we are subject

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

  1. to fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, to carry out various outsourced services such as payroll, expatriate immigration services, tax compliance services etc. and for ensuring you are able to access our premises when required;
  2. to comply with our legal obligations to you or to a third party ( e.g to comply with a court order);
  3. to meet our legitimate interests so that: we are able to provide the services you request; our services function correctly in relation to your business; any complaints or concerns can be promptly relayed to you; we can respond to any questions or concerns you might have; we may carry out research and analysis to ensure products and services we offer are relevant to you, and; our records are kept up to date and accurate; and
  4. send you direct electronic marketing messages to the extent you have consented to receiving such messages in accordance with applicable law.

 

Your rights over your personal information

Please let us know if any of the personal information that we hold about you changes so that we can correct and update the information on our systems.

You can view, delete (to the extent allowed by Law), correct or update the personal information you provide to us.

In certain circumstances you may object to specific processing activities, require us to restrict how we process your personal information, and ask us to provide you with your data in a usable format or share your personal information in a usable format with another company.  Where you have given your consent to a particular type of processing, you may withdraw that consent at any time.

To exercise any of the above rights, please contact your relationship partner.

 

Information Sharing

In general, we do not share your personal information with third parties unless we have a lawful basis for doing so.

We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery and payment processing. This may mean that we have to share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.

Other situations in which we may disclose your personal information to a third party, are:

  1. where permitted by law, to protect and defend our rights and property;
  2. to fulfil our contractual obligations to you in respect of the services you have requested us to provide to you for example with regard to various outsourced services; and
  3. when required by law, and/or public authorities;

 

Information Security

We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. We require all employees and principals to keep personal information confidential and only authorised personnel have access to this information.

 

Data Retention

We will only keep personal data for as long as necessary for the purposes for which it was collected, or as required by applicable law or regulation.

Unless there are any overriding legal, regulatory or contractual requirements, we will retain records of services provided (which may include personal data) in accordance with our document retention policy.

 

Information Transfer

Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided. When we do so, we transfer the information in compliance with applicable data protection laws. Where the transfer is to a country outside the EEA we use the European Commission's approved Standard Contractual Clauses, and for transfers to other BDO Member Firms, we use the BDO Global Privacy Policy, BDO’s Binding Corporate Rules for Controllers and Processors.

 

Contact Us

If you have questions or concerns regarding the way in which your personal information has been used, please contact our Data Protection Officer (DPO), at dpo@bdo.com.cy or +357 22 495707.

 

Complaints

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of Cyprus at commissioner@dataprotection.gov.cy

 

Changes to the Privacy Notice

We may modify or update this privacy notice from time to time. You will be able to see when we last updated the privacy notice because we will include a revision date. Changes and additions to this privacy notice are effective from the date on which they are posted. Please review this privacy notice from time to time to check whether we have made any changes to the way in which we use your personal information.

 

25 April 2018