Privacy Notice for clients, suppliers, and third parties


BDO  (hereinafter “BDO”) understands the importance of the protection of Personal Data. The present Privacy Notice (hereinafter the “Notice”) contains important information about the Processing of Personal Data of clients, suppliers and third parties in the context of BDO’s business relationships and activities as well as events.

 

In this Notice:

“BDO” is BDO Ireland, a member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms.

Address:

BDO Ireland
Miesian Plaza
50-58 Baggot Street Lower
Dublin 2 D02 Y754
IRELAND

“Personal Data” (hereinafter, 'Personal Data' or 'Data'): any information relating to a natural person who can be identified or who is identifiable directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data or online identifier;
“Data Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data;
"Processing of Personal Data": means any operation or set of operations which is performed upon Personal Data or sets of data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data Processor” means the natural or legal or natural person, public authority, agency, or other body that processes personal data on behalf of the data controller. The data processor is responsible for handling data according to the instructions provided by the data controller and must ensure compliance with GDPR requirements
 

Scope of this Privacy notice
Purpose of this Notice

BDO may process Personal Data of the persons of contact of suppliers, customers, business contacts and third parties, when doing business and during events. 

In application of the applicable data protection laws, such as the General Data Protection Regulation 2018 and national data protection laws, BDO wishes to specify which Personal Data we collect from you and how your data will be used in the context of BDO’s business activities and events. This Notice also sets out the rights of BDO's clients, suppliers and third parties in relation to their Personal Data.


Addressee of this Notice
This Notice applies to: 

  • Our suppliers and/or business partners
  • Our existing clients, prospects and former clients
  • Members, staff, shareholders, beneficial owners of our corporate clients/suppliers
  • Third parties whose Personal Data are provided to us by our clients/suppliers
  • Third parties whose data is collected or processed via any other business contacts or during events
Insofar as we are likely to collect and process data from third parties communicated to us by you, we ask you to kindly inform the said third parties of the existence of this Notice so that they may be aware of the processing we carry out on their data and of their rights.


Data controller

In the context of its activities, BDO is required to process your Data in its capacity as Data Controller insofar as it determines the means and purposes of the processing(s).
Our Business
Contact details of the Data Controller
Name: BDO Ireland DPO
Email: dpo@bdo.ie
Website: www.bdo.ie 
Address:
BDO Ireland
Miesian Plaza
50-58 Baggot Street Lower
Dublin 2 D02 Y754
IRELAND
 

Data Protection Officer (“DPO”)

We have appointed a Data Protection Officer (DPO) within BDO.
The mission of the DPO is to inform any data subject about the Data processed about him/her. The DPO provide advice and verify compliance with current regulations, in particular the GDPR.
You can contact the DPO for any questions relating to the Processing of your Personal Data and the exercise of your rights.

Contact details

Email: dpo.@bdo.ie 
Telephone: +353 1 4700 000
Postal address: 
The Data Protection Officer
BDO Ireland
Miesian Plaza
50-58 Baggot Street Lower
Dublin 2 D02 Y754
IRELAND


What categories of Personal Data are collected from our customers, suppliers, and third parties?

Generally, the following Personal Data is collected in the context of our business activities and relationships with our clients, suppliers or third parties: 

  • Identification data (name, surname, title, email address, etc.);
  • Contact details (professional e-mail address and phone number)
  • Financial data (bank accounts, etc.);
  • Professional data / Skills and training;
  • Login credentials;
  • Any other additional/optional information you give us when we have contact with you (by telephone, by e-mail or at trade fairs or events);
  • Photos/videos.
In principle, BDO does not collect or process so-called sensitive data, i.e.:
  • Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
  • Genetic or biometric data (e.g. facial images and fingerprints)
  • Data relating to health
  • Data relating to sexual behaviour or sexual orientation
Generally, we process Personal Data which we receive from you or from your employer/the company you represent in the context of our business relationships.
BDO may also collect publicly accessible information in order to verify information we have collected and to manage and expand our business.


Why do we collect Personal Data from our clients, suppliers, and third parties?

BDO collects the abovementioned information for the following purposes:
  • To be able to accept you as a client and correctly execute the contract
We need Personal Data to:
  • register and manage you as a customer or a prospective customer in our customer relationship management (CRM) system;
  • be able to accept you as a client in our client acceptance procedure;
  • be able to contact you as a client and to join you in coordinating matters in connection with providing the services you requested;
  • be able to invoice our services or to make statements of accounts for the services provided;
  • carry out the agreement with our clients and deliver the services asked for.

We will use your Personal Data solely if they are necessary.
  • For (direct) marketing purposes
  • We would like to be able to inform you about our services, events or relevant news items.
You might receive our direct marketing communication (newsletters, whitepaper, advertisement, etc.) if you have given us your explicit consent to do so. We will specifically ask your consent for such processing if you are not a BDO client.
If you already have a client relationship with us, we will send you marketing communication which we suspect might interest you or will benefit you. We consider it our legitimate interest to inform you of the kind of services we can offer to you.
Furthermore, we may publish photographs of you on our websites and social media platforms (LinkedIn, Facebook, YouTube, Twitter and Instagram) in order to promote our activities (social activities, events you attended, etc.). We will do so solely if you have given us your explicit consent. We encourage you to read the privacy statements on the website of the social media listed above in order to understand how your Personal Data (such as your photographs and/or video’s) are protected.
You can use your right to object, at any time without suffering any harm, to these processing.


Management of events

When signing up for an event, we will collect and process the Data you provide to:
  • register and manage you as a participant in our system;
  • administer access to, host and present the event;
  • disseminate the content of the event;
  • be able to communicate with you in connection with  the event;
  • be able to invoice our event, if applicable;
  • in order to facilitate your participation (before, during and after).
Photographs and/or audio-visual footage may be taken during our events and/or live-streamed.

Furthermore, we may publish photographs of you on our websites and social media platforms (LinkedIn, Facebook, YouTube, Twitter and Instagram) in order to promote our activities (social activities, events you attended, etc.). We will do so solely if you have given us your explicit consent. We encourage you to read the privacy statements on the website of the social media listed above in order to understand how your Personal Data (such as your photographs and/or video’s) are protected.

 

Managing our own business arrangements
On what legal basis do we process your Personal Data?

We are only authorized to use and process your Personal Data if one of the following conditions is met:
The use of your Personal Data is necessary to execute a contract that you have concluded with us or, at your request, to be able to take the necessary steps to reach an agreement with us.
We have your explicit and voluntary consent to use your Personal Data for a particular purpose. For example, we will request your consent to write to you for direct marketing purposes, if you do not yet have a client relationship with us.
We may be required by law to process certain data and, as the case may be, to transmit them to the relevant authorities. As a matter of fact, within the framework of certain services (auditing mandates, tax returns, accounting, etc.), BDO is required to duly respect obligations of reporting to the authorities; also, we must be able to react correctly if you exercise your rights in terms of the privacy legislation, and we are also obliged to answer questions from the Data Protection Authority, for example if there are any complaints.

 

How will your Personal Data be used and shared?

Your Personal Data will only be transferred to the relevant workers within BDO, on a need-to-know basis, which means the recipients who have to carry out the various processing activities with regard to the above-mentioned purposes. 

BDO may share your Personal Data with companies in the group and/or our affiliates for example, where another Group company is also providing goods or services to or purchasing goods or services from the company you represent. 

We may also share your Personal Data with third parties who perform functions on our behalf and provide services to us such as IT, legal, financial, accounting and other services. Given that these third parties have access to Personal Data in the context of the performance of the requested services, we have taken technical, organizational and contractual steps in order to ensure that your data are only processed and used for the purposes mentioned in point 4 of this Notice.

We can disclose your Personal Data to comply with our legal obligations or in the interests of security, public interest or law enforcement. We can disclose data in connection with actual or proposed litigation, or to protect our property, security, our workers and other rights or interests. 
Your Personal Data will not be sold or rented to third parties. 


Is your personal data transferred outside the EU/EEA ?

In principle, BDO does not transfer your Personal Data outside the European Union (EU) or the European Economic Area (EEA). If this is the case, you will be informed accordingly. It is nevertheless possible that Personal Data may also be accessed or transferred to our partners or service providers in countries outside the EU or EEA. If such a transfer takes place, BDO will ensure that a level of protection similar to that in force in accordance with the GDPR is guaranteed.
If your Personal Data is transferred to a third party in a country that is not deemed to provide a similar level of protection for individuals’ rights in relation to their Personal Data as in the European Economic Area (EEA) or European Union (EU), the transfer of your Personal Data will be framed by one of the mechanisms provided for in Chapter V of the GDPR.
 

How long do we keep Personal Data?

Your Personal Data will be retained for as long as is necessary to achieve the purposes mentioned in this Notice, or as long as you do not withdraw your previously given consent.

Since the need to retain data depends on the category of Personal Data and the purpose of the processing, the retention periods may vary.
You will find below the criteria we use to determine the retention periods for your Personal Data:
  • How long do we need the data to be able to provide the requested service? 
  • Have we defined and announced a specific retention period? 
  • Have we been granted permission to extend the retention period? 
  • Are we subject to a legal or contractual obligation, or a comparable obligation? 
  • As soon as we no longer need your data and are no longer legally obliged to retain them, we will permanently delete them or, if this is not possible, anonymise them in our systems.
Your Personal Data will, however, be retained and used for the period necessary for the fulfilment of our legal obligations, the settlement of disputes or the conclusion of contracts. 
Personal data processed in connection with newsletter subscriptions and events will be retained until you choose to withdraw your consent (see below).
Please note that such a withdrawal will only have effect for the future and does not affect the processing of your Personal Data that had already taken place before the withdrawal, in particular with regard to photos or videos that were published in printed publications or posted on our website or social media.


How is your Personal Data protected and secured?

Your data is considered to be strictly personal. To this end, BDO has taken all appropriate technical and organizational measures to protect them from any destruction, loss, accidental alteration and any damage, accidental or illegal access or other unjustified processing of data.
We require all employees, principals and independent collaborators to keep Personal Data confidential and only authorized personnel have access to this data.


What are your rights as a data subject?

You have certain rights in relation to Personal Data we hold about you:
  • Right to be informed: You have the right to be informed, at the latest at the time of collection of your data, about the processing we carry out, your rights relating to it and the exercise of these rights. To this end, we have drawn up this Notice.
  • Right of access: You have the right to request access to your Personal Data that we process, and you also have the right to consult them. At your request, we must provide you with a copy of your Personal Data. You may also obtain an answer to any questions you may have concerning the Processing of your Personal Data (purposes of processing, data recipients, retention period, etc.).
  • Right to rectification or completion: If your Personal Data have changed or are incorrect, you are entitled to ask BDO to rectify, complete or erase the outdated, incorrect or incomplete Personal Data BDO holds about you. 
  • Right of erasure/right to be forgotten: In certain circumstances, you have the right to request that your Personal Data is erased e.g. if the Personal Data is no longer necessary for the purposes for which it was processed or when you have withdrawn your consent and there is no other legal basis for the processing.
  • Right to restrict processing: You have the right to obtain the restriction of the Processing of your Personal Data. BDO may thus temporarily and/or partially stop the processing being carried out. You may permanently stop a specific processing operation or all processing operations carried out by BDO on your Personal Data by exercising your right to object.
  • Right to data portability: You have also the right to receive your Personal Data which you have provided to BDO and transmit these data to another Data Controller.
  • Right to object to certain types of processing: In addition, and in certain circumstances, you have the right to object to the Processing of your Personal Data. This right cannot be exercised where processing is necessary for the performance of legal obligations.


Exercising the rights of data subjects with regard to their Personal Data 
If you wish to obtain more information regarding the Processing of your Personal Data or if you wish to exercise your rights, please contact us via one of the following channels:

  • By e-mail: dpo.@bdo.ie

  • By post:

The Data Protection Officer
BDO Ireland
Miesian Plaza
50-58 Baggot Street Lower
Dublin 2 D02 Y754
IRELAND

We ask you to clearly indicate which right you wish to invoke and to which data processing you wish to oppose or limit, or which consent you wish to withdraw.
In the event of reasonable doubt as to the identity of the person making the request, BDO may request additional information necessary to confirm the identity of the person concerned.
When you exercise your rights, no fee will be charged unless we consider the request to be manifestly unfounded or excessive (this will be the case, for example, when it is a repeated request).
For any request relating to your rights, we will respond to your request within one month. However, this period may be extended to two months if the request proves to be complex and/or because of the number of requests we have to deal with. In the event of an extension of this period, we will inform you of this by giving you the reason for this decision.

BDO will notify third parties to whom the Personal Data has been communicated of any rectification, erasure or restriction carried out, unless this proves impossible and/or involves a disproportionate effort.
Please note that in certain circumstances provided for by law, we may refuse access to your information or not accept your request where we are authorized to do so by applicable data protection legislation.
If you do not agree with the way we process your data or the way we have handled your request to exercise your rights as a data subject, you have the right to file a complaint with the Irish Data Protection Commission:
Email: You can contact the DPC by email at  info@dataprotection.ie
Post: You can contact the DPC by post at
Data Protection Commission,
21 Fitzwilliam Square South,
Dublin 2 D02 RD28.
 

Modification of this Privacy notice

We reserve the right to modify or complete this notice if necessary.
In the event of significant changes, the date of modification will be updated and a copy of the new Notice will be posted on our website.
We encourage you to review this Notice periodically to be aware of how we process and protect your Personal Data.

Last update: February 2025.

© February 2025 BDO. All rights reserved.