Last Updated: January 1, 2023
- Use the services that are located in our Client Center (www.bdo.com/client-center), including our client portals;
- Pay for services using our online payment portal;
- Transmit Personal Information to us through other online systems and platforms, whether hosted by you, us, or our service providers (together, with the online portals and services listed above, the “Sites”); and
- Otherwise provide Personal Information to us, whether online or offline, in the context of your client relationship.
Your Agreements with BDO USA
Note about Client Data: We may receive Personal Information contained in the files, documents, data, and other materials we receive in connection with the Agreement (“Client Data”). We use and disclose this Client Data as described in our Agreements with you.
BDO as a Service Provider
How We Collect and Use Your Personal Information
"Personal Information" is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity.
The categories of Personal Information that we collect from you depends on your interactions and engagement with us. For example, we may collect:
- Identifiers, such as your name, address, email address, phone number, IP address, online identifiers, payment card or financial account numbers and related information required to process payments, and other similar identifiers. We may collect this information to verify your identity and information, communicate with you, process your payments, and provide you with access to your BDO USA client account (“Account”).
- Customer Records, such as your social security number, government issued identification information, etc., which we use to provide tax and accounting services as part of our private client services.
- Commercial Information, such as the products and services purchased from us. We may collect this information to maintain client records, identify trends in our client relationships, and conduct business analytics.
- Internet or other Electronic Activity Information, such as your browsing history, search history, and information regarding your interactions with pages you visit on the Sites. We may collect this information to understand your use of the Sites and your Account.
- Professional and Employment-Related Information, such as information about your current employment, professional degrees and certifications, and education background. We may collect this information to verify your identity, perform regulatory compliance checks, and other related processes.
- Profile Information, such as information about your preferences and characteristics (including inferences drawn from other personal information). We may collect this information in order to understand your preferences and tailor our services and communications to you. In addition, if you visit our premises, we may collect information to protect the health and safety of our personnel, clients, guests, and the general public, such as health and travel information.
In addition to the purposes for collection described above, we also may collect each category of information for the purpose of maintaining our client relationship with you and performing services, which include:
- Onboarding you as a client, maintaining or servicing your Account, processing and fulfilling your requests, and other activities that are part of our service offerings.
- Conducting verification and background checks as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational, and financial checks.
- Taking steps to improve our services to you, including to run analytics, improve our artificial intelligence tools, assess the quality of our services, and for other related internal business purposes.
- Confirming your balances and managing other aspects of your financial transactions.
- Sending you messages promoting our products and services. You may opt-out of receiving certain promotional e-mail messages from us as described in the "Marketing Opt-Out" section below.
- Protecting the health and safety of our personnel, clients, guests, and the general public.
- Administering and improving our Sites, including to measure the effectiveness of the Sites, help diagnose problems with our server, see where Site traffic is coming from, and to identify our Site users.
- Complying with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
- Fulfilling any other purpose described in our Agreements with you.
- For other purposes consistent with the context of the collection of your information, or as otherwise disclosed to you prior to the use of your information.
Some of the information we collect may be considered Sensitive Personal Information under privacy laws, such as your health information and account log-in information. We use your Sensitive Personal Information only for legitimate business purposes, including to (i) perform services or provide goods reasonably expected by an average person; (ii) detect security incidents; (iii) resist malicious, deceptive, or illegal actions; (iv) ensure the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) perform or provide internal business services; or (vii) verify or maintain the quality or safety of a service or device.
How We Disclose Your Personal Information
We may share the categories of Personal Information described above in the following circumstances to the following categories of third parties:
- We may share your Personal Information with companies or individuals that we contract with in order to receive services (our “Service Providers”). These services may include, among other things, providing products or services to you on our behalf, creating or maintaining our databases, payment processing, researching and analyzing the people who request information from us, preparing distribution communications or responding to inquiries. We may also disclose to these Service Providers your health and travel-related information in order to protect the health and safety of our personnel, clients, guests, and the general public. Our policy is to inform our Service Providers not to use or disclose your Personal Information for any purpose other than for providing services to us.
- We may share your Personal Information with companies that we own or control, or are owned or controlled by (our “Corporate Family”), including health and travel-related information in order to protect the health and safety of our personnel, clients, guests, and the general public.
- We may share your Personal Information with companies or individuals outside of BDO USA who may use your Personal Information for their own purposes (a “Third Party”). For example:
- If you choose to submit Personal Information through the “Testimonials” link, we may share your Personal Information publicly or with Third Parties.
- From time to time, we may be required to provide Personal Information to a Third Party in response to a court order, subpoena, government investigation, or as otherwise required by law or legal process.
- We may share your Personal Information with Third Parties, such as law enforcement agencies, other government agencies, or health authorities (i) when we, in good faith, believe you or others are acting unlawfully, (ii) when we believe it is necessary or appropriate to satisfy any law, regulation or other governmental request, (iii) to operate our business and Sites properly, (iv) to protect or defend our rights or the rights or well-being of our users, even without a subpoena, warrant or court order, or (v) we believe disclosure is necessary to protect the health and safety of our personnel, clients, guests, and the general public.
Cookies and Other Technologies
Most Web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Additionally, your Flash player can be set to reject or delete Flash cookies. Refusing a cookie will generally not interfere with your use of the Sites. However, refusal of a cookie may, in some cases, preclude you from using or negatively impact the display or function of the Sites or certain areas or features of the Sites.
We may also use web beacons (a.k.a. clear GIFs, web bugs or pixel tags) to personalize your experience on the Sites, to generate information about Site traffic and trends, and to verify your viewing and/or receipt of communications. Web beacons collect information automatically, such as the type of browser that you use and your IP address. Web beacons may be used alone or in conjunction with cookies. When web beacons are used with cookies, they may link this information to other Personal Information that you have provided to us. Web beacons usually are not visible to you.
How We Respond to Do Not Track Signals
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a "Do Not Track" ("DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including BDO USA, do not recognize or respond to DNT signals.
If you would like to opt out of receiving promotional or marketing e-mails from us, you may use the “unsubscribe” mechanism included in each marketing message. You may let us know by sending us an email to [email protected] with REMOVE in the subject line and stating the email address you wish to be removed from our mailing list. If you have an Account, you may be able to manage your subscriptions through your Account. However, your option not to receive promotional and marketing email shall not preclude us from corresponding with you, by email or otherwise, regarding your existing relationship with us. Your opt-out request will also not apply to correspondence that has already been initiated.
California Privacy Disclosures
California residents are entitled to the following disclosures about our data processing:
In the preceding 12 months, BDO USA has collected the categories of Personal Information detailed in How We Collect and Use Your Personal Information above. The purposes for which BDO USA has collected Personal Information and the sources of that information are also described above.
In the preceding 12 months, BDO USA has disclosed Personal Information for a business purpose as detailed in the How we Disclose Your Personal Information section above.
For an explanation of the rights you might have as a California resident, please see the Your Rights section below.
Depending on where you live, you may have the following rights, subject to any applicable exemptions or limitations:
- The right to know and access your Personal Information, such as the categories of Personal Information we have collected, the sources of Personal Information, the purposes of collection, and how we used, disclosed, sold, or shared Personal Information;
- The right to correct inaccurate Personal Information that we maintain about you;
- The right to delete your Personal Information under specific circumstances;
- The right to object or opt out of certain types of processing, such as direct marketing and certain types of profiling and automated decision-making;
- The right to request the restriction of processing of your Personal Information;
- The right to data portability, which means requesting a copy of your Personal Information in an accessible format;
- The right to withdraw your consent under certain circumstances; and
- The right to lodge a complaint with the relevant data protection supervisory authority. Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board’s website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources.
To the extent any of the above rights are applicable, you may exercise your rights by contacting us at [email protected], by phone at 1 (877) 236-0001 or by completing our Consumer Request Form. If you choose to exercise any of these rights, BDO USA will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of BDO USA’s Sites or services.
We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose or we are otherwise required by law.
You may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at [email protected]
Legal Basis for Processing
Where applicable under the European Union’s General Data Protection Regulation (“GDPR”) or similar laws, the legal basis for our collection and use of your Personal Information may include any of the following:
- Performance of a contract. We process your Personal Information as necessary to perform our obligations under any contract with you, such as to provide our Sites or services to you or complete transactions.
- Consent. We may ask for your consent to use your Personal Information, including if we need your consent to process certain sensitive information about you or engage in certain marketing activities. If we obtain your consent as a legal basis for processing, you may withdraw your consent at any time.
- Legitimate interests. We have a legitimate interest in using your Personal Information for our business purposes, including operating, improving, and marketing our business, Sites and services.
- Compliance with a legal obligation. We may need to use your Personal Information to comply with applicable legal requirements.
Information for Clients Outside of the United States
Data Security and Retention
We maintain one or more databases to store your Personal Information and may retain it as reasonably required to serve you, run our business, and comply with our legal obligations. In determining when your Personal Information is retained or disposed, we may consider the nature and sensitivity of your Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and applicable legal requirements.
We have implemented reasonable safeguards designed to protect your information from loss, misuse, alteration or destruction. We also take reasonable steps designed to ensure that third parties who work with us agree to protect the Personal Information.
Please be careful whenever sending Personal Information to us via email. Email is not a secure means of transferring information. Whenever possible, please use the file-sharing services available on the Client Center to share with us files containing Personal Information about you, your employees, customers and other individuals from whom you collect Personal Information.
We do not knowingly collect any Personal Information from clients or children under 13 years of age without prior verifiable parental consent. If BDO USA learns that a child under the age of 13 has submitted Personal Information without parental consent, we will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required or allowed by law. If you believe a child under 13 years of age has provided us with Personal Information, please contact us at [email protected] or the mailing address below.
We encourage you to periodically review this page for the latest information on our privacy practices.