Logo BDO

PRIVACY STATEMENT

1. Who are we?

1.1. BDO as controller

With this statement (hereinafter referred to as “Statement”), we would like to inform you why and how BDO Belgium, which consists of the Belgian BDO entities (hereinafter referred to as “we”, or “BDO”) collects and processes your personal data. They are collected and stored centrally at BDO. Belgian BDO entities, which are not regarded as third parties vis-à-vis one another, all process your personal data in accordance with this Statement.

Our contact details can be found in point 10 of this Statement.

We are responsible for processing the personal data that we request and use. As a controller, we take the measures to guarantee that you:
  • remain informed about our processing of your personal data and about your rights;
  • continue to control the personal data we process;
  • can exercise your rights regarding your personal data. More information on your rights can be found in point 9 of this Statement.
Within the scope of its service to its clients, BDO is also the processor of its clients’ personal data. This is dealt with in the processing agreement between BDO and its clients and is not part of this Statement.

1.2. Data Protection Officer

We have also appointed a Data Protection Officer. This is an expert on the protection of personal data who provides an additional guarantee that we will process your personal data correctly.

You can contact the officer via the channels mentioned in point 10 of this Statement.

2. What data do we collect about you?

2.1. Personal Data

We understand “personal data” to mean any information referring to a particular natural living person. Where applicable, it contains data on you and/or your representatives, staff, self-employed persons whom you have engaged and/or directors (jointly also referred to hereafter as “you” or “your”).

If we receive personal data on you from your representatives, staff, self-employed persons whom you have engaged and/or directors, you must inform them of the existence and content of this Statement, including our obligations, their rights and the way in which they can exercise such rights. In particular, we collect:
  • from our existing clients: identification and contact details (surname, first name, gender, email address, telephone number, copy of identity card, etc.), designated areas of interest and certain financial data (bank account number, etc.);
  • from prospective clients: identification and contact details (surname, first name, gender, email address, telephone number, etc.), indicated areas of interest, etc.
We need and use this information for the purposes stated in point 3 of this Statement.

We also use “cookies” on our websites. These are small pieces of information that the browser stores on your computer, which enable us to register certain information about our website users (e.g. language preference, duration of your visit on the page, etc.). They help to better coordinate the website with your wishes, preferences and ease of use. You can find more information about this in our cookie statement.

As data controller, we collect and process neither personal data of minors nor so-called sensitive data, namely:
  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
  • genetic or biometric data (e.g. facial images and fingerprints);
  • data relating to health;
  • data relating to sexual behaviour or sexual orientation.
We will not use any such sensitive personal data provided to us and will erase it.

3. Why do we need your data?

3.1. To be able to accept you as a client and correctly execute the contract

We need personal data to:
  • register and manage you as a customer or a prospective customer in our customer relationship management (CRM) system;
  • be able to accept you as a client in our client acceptance procedure;
  • be able to contact you as a client and to join you in coordinating matters in connection with providing the services you requested;
  • be able to invoice our services or to make statements of accounts for the services provided.

3.2. For direct marketing purposes

We would like to be able to inform you about our services, events or relevant news items. This can be done at your explicit request, or if we suspect that you are interested in or will benefit from one of our services.

You can access this information in many ways: through the BDO offices, the internet and by way of applications, email, post, telephone and at events. Moreover, new technologies are created every day, which we wish to use if this helps to clearly transmit information in a way that you will find least disruptive.

You will be sent our direct marketing communication if you have given us your explicit consent to do so. We will specifically ask your consent if you are not a BDO client.

However, even if you do not give your consent, you can still receive offers or advertisements from BDO, namely if you currently already have a client relationship with BDO. We see our legitimate interest as grounds for this.

You can use your right to object to direct marketing as stated in point 9.2 of this Statement if you do not want to receive any advertisements at all.

3.3. Because it is necessary to be able to function as a company

This purpose amounts to what is called a “legitimate interest”. As a matter of fact, we still have a number of legitimate interests on which personal data processing is based. We only do such processing after we have considered the fact that, in any event, the balance between our legitimate interests and their possible impact on your privacy is not disrupted.

However, if you nevertheless have any objections to these processing operations, you can still exercise your right to object referred to in point 9.3 of this Statement.

Personal data are processed in different situations, for example:
  • personal data can serve as evidence (archives);
  • personal data may be used to record your participation in and/or attendance at our events;
  • personal data may be used to be able to provide you with any information you have requested;
  • personal data may be used to establish, exercise, defend and indemnify the rights of BDO or the persons it may represent, for example in disputes;
  • personal data can be used for the administration, (risk) management and monitoring of our organisation, including for matters relating to compliance (e.g. money laundering, fraud prevention and investigations and privacy), risk management, risk functions and inspection, complaint management and internal and external audit;
  • personal data available to Belgian BDO entities can be coordinated and used to centralise or efficiently manage our clients, to create segments or sectors (e.g. Public Sector, Real Estate & Construction, Life Sciences, Retail, etc.), and to create more detailed profiles of clients or prospective clients to be able to communicate with you in a more targeted way;
  • personal data can be used to support and simplify customers’ purchasing, use and termination of services, including preventing you from having to fill in information that you previously provided, or to avoid needing to go through an entire identification process again if you want to become a client with another BDO entity. In this way, identification data can be transmitted to BDO entities to make it easier for such entities to identify the client.

4. What is the legal basis for processing your personal data?

4.1. General

We may only lawfully use and process your personal data if one of the following conditions is met:
  • the use of your personal data is necessary to execute a contract that you have concluded with us or, at your request, to be able to take the necessary steps to reach an agreement with us.

    The purposes of the processing stated in point 3.1 of this Statement is based on these grounds.

  • we have your explicit and voluntary consent to use your personal data for a particular purpose.

    For example, we will request your consent to write to you for direct marketing purposes, as stated in point 3.2 of this Statement, if you do not yet have a client relationship with us.

  • the use of your personal data is necessary for the purposes of our legitimate interests, to the extent that this is balanced against your interests and rights;

    We base the processing necessary to operate as a company on our legitimate interest, as mentioned under point 3.3 of this Statement, and to be able to contact our existing customers for direct marketing purposes, as mentioned under point 3.2 of this Statement.

  • we may be required by law to process certain data and, in particular, to transmit them to the relevant authorities.

    As a matter of fact, within the framework of certain services (auditing mandates, tax returns, accounting, etc.), BDO is required to duly respect obligations of reporting to the authorities, or moreover, we must be able to react correctly if you exercise your rights in terms of the privacy legislation, and we are also obliged to answer questions from the Data Protection Authority, for example if there are any complaints.

5. With which other persons do we share your personal data?

  • Only our employees and self-employed persons whom we engage who effectively need access to perform their duties, will be granted access to your data. These people act under our supervision and responsibility.
  • We also call on external suppliers that carry out certain processing operations for us so that we can offer you our products and activities, such as IT services (including legal, financial, accounting and similar other services). Since these third parties have access to personal data within the scope of the services we request, we have taken technical, organisational and contractual measures to guarantee that your personal data are processed and used solely for the purposes stated in point 3 of this Statement.
  • Only if we are legally obliged to do so can your personal data be provided to supervisory institutions, tax authorities and investigation services.

6. Where are the data stored and processed?

Your data will not be transported outside the EU and, in any event, we will ensure that the minimum legal requirements and security standards are respected at all times. If we suspect that your data will be stored and processed outside the EU, we will explicitly inform you of this and ensure that the same level of protection is used as is applicable within the EU.

Apart from these cases, your personal data will never be transferred or made available to third parties and will be used exclusively for our purposes. Other companies can therefore not use your data, e.g. to send you advertising.

7. How long do we retain your personal data?

We only store your data for as long as this is necessary for the purposes for which the data are to be used as stated in point 3 of this Statement (e.g. to execute an agreement, send information you requested, etc.). Any deviations from or clarifications of this principle are expressly stated under the various purposes referred to in point 3 of this Statement.

Since the need to retain data may vary by the type of data and by the purpose of the processing, the actual retention periods may vary considerably.

We can hereby inform you that we take the following criteria, among others, into account when determining the retention periods:
  • how long are the personal data needed to be able to provide the requested service?
  • have we established and announced a specific retention period?
  • have we been given permission for a longer retention period?
  • do we have a legal, contractual or similar obligation to retain the data?
Once your data are no longer required and we have no legal obligation, legitimate interest or contractual obligation to store them, we will permanently remove them or, if this is not possible, anonymise them in our systems.

Your personal data will be retained and used as long as it is necessary to comply with our legal obligations, to settle disputes or to enforce our agreements.

8. How do we secure your personal data?

Your personal data are considered to be strictly confidential. We take the appropriate technical and organisational measures to protect the provided and collected personal data from destruction, loss, unintended alteration, damage, accidental or unlawful access or any other unauthorised processing.

9. What are your rights?

9.1. Right of access, rectification, erasure, transferability of data and objection

9.1.1. Right to access your personal data

You have the right at all times to access and inspect your personal data processed by us. In this context, we will provide you with a free copy of your personal data.

9.1.2. Right to rectify your personal data

You have the right at any time to have incorrect, incomplete, inappropriate or outdated personal data erased or rectified.

9.1.3. Right to withdraw your consent

If the processing is based on your express consent, then you have the right to withdraw such consent at any time.

We wish to inform you that withdrawing your consent to certain processing operations of your personal data may result in you no longer being informed of, or being able to use, activities or services that we offer.

9.1.4. Right to object to certain processing

You have the right to object to processing activities based on legitimate interest as referred to in point 3.3.

9.1.5. Right to have your personal data erased

You are entitled to have your personal data deleted. On these grounds, if you no longer wish to have a relationship with BDO, you can request us to stop using your personal data.

However, we may keep personal data required for purposes of proof. Under this right of erasure, you also have the right to ask us at any time to stop using your personal data that are processed on the grounds of your consent or our legitimate interest. Due to legitimate interests, we may still continue to process your personal data after weighing your interests against ours, unless you decide to terminate your relationship with us.

9.1.6. Right to transfer personal data

You have the right to request that personal data that you personally provided to us - in a structured, commonly used and digital form - be forwarded to you so that you can store them for personal (re)use, or to forward such personal data directly to another data controller, to the extent that it is technically possible for us to do so.

However, the privacy legislation provides for a number of restrictions to this right, which means that it does not apply to all data.

9.1.7. Right to limit certain processing operations

You may request that we limit the processing of your personal data in any of the following cases:
  • if you dispute the accuracy of your personal data, you may request a limitation of its processing for a period that enables us to verify the accuracy of your personal data;
  • if the processing is unlawful and you object to the erasure of the personal data and you request us instead to limit their use;
  • if we no longer need your personal data for the processing purposes referred to in point 3, but you still need your data for the establishment, exercise or substantiation of a legal claim;
  • if you objected to a processing operation, we will continue processing pending an answer to the question as to whether the legitimate grounds of BDO more heavily outweigh yours.
If you have obtained the right to have the processing of your data limited, we will no longer perform any operations with the personal data concerned, other than the storage of these data.

9.2. Right of objection to direct marketing

As has been stated in point 3.2 of this Statement, we use your personal information to address commercial information, advertisement or personal proposals to you (by way of direct marketing campaigns or electronic newsletters). If you do not wish to receive such communications from us (any longer), you have the right to object to the processing of your data for direct marketing purposes by using the options provided to this end in each email you receive from us. We will then no longer process your data for direct marketing purposes. Your request will be executed as soon as possible.

If you have exercised your right to object, you may, if you so wish, again allow direct marketing activities through the same channels.

We draw your attention to the fact that your exercise of the right to object will not prevent us from contacting you, where appropriate, for any other purpose, including the execution of the contract, in accordance with this Statement.

9.3. How to exercise rights

To exercise the rights mentioned above you may send us a written request:
  • by email: dpo@bdo.be
  • in writing at the following postal address: BDO, attn. the Data Protection Officer, Da Vincilaan 9, box E.6, 1930 Zaventem
When exercising your right, we request that you clearly state the right to which you wish to appeal and any processing operation(s) you oppose or which consent you wish to withdraw. Always be as specific as possible if you wish to exercise your rights.

10. How to submit questions or complaints

If you have a question or complaint about our personal data processing, about the exercise of your rights or about this Statement, you can contact us in the following ways:
  • by email: dpo@bdo.be
  • in writing at the following postal address: BDO, attn. the Data Protection Officer, Da Vincilaan 9, box E.6, 1930 Zaventem
  • by telephone: +32 2 778 01 00
If you are not satisfied with our answer, if you have comments regarding the exercise of your rights or you are of the opinion that our processing of your personal data is not in accordance with the law, you can file a complaint with the Belgian Data Protection Authority, previously known as the Privacy Commission. All information on this matter can be found at https://www.privacycommission.be.

11. Amendments to this Statement

We may amend or supplement this Statement as we deem necessary.

If significant changes are made to this Statement, the date on which it is amended will be adjusted and we will also notify you accordingly and provide you with a copy of the amended Statement.

We also encourage you to periodically review this Statement to find out how we process and protect your personal data.

© copyright 2018 BDO. All rights reserved.