BDO USA, LLP Client Data Privacy Policy

Last Updated: December 18, 2019 (effective January 1, 2020)

This Privacy Policy ("Privacy Policy") describes how BDO USA, LLP and its wholly owned subsidiaries (except as described below) (together, "BDO USA" or "we" or "us" or “our”) use and disclose the Personal Information we collect from or about you in the context of your client relationship with BDO USA, including when you:
  • Use the services that are located in our Client Center (www.bdo.com/client-center), including our client portals;
  • Pay for services using our online payment portal;
  • Transmit Personal Information to us through other online systems and platforms, whether hosted by you, us, or our service providers (together, with the online portals and services listed above, the “Sites”); and
  • Otherwise provide Personal Information to us, whether online or offline, in the context of your client relationship.
 
Before engaging with BDO and submitting Personal Information to us or using our Sites, please review this Privacy Policy carefully.  
 
Certain BDO USA services or subsidiaries may use different privacy policies to provide notice to you about how your Personal Information is used and disclosed in the context of your client relationship with each subsidiary. To the extent that BDO USA services or subsidiaries post or reference a different privacy policy, that different privacy policy, not this Privacy Policy, will apply to your Personal Information collected in the context of those services or by that subsidiary.
 

Your Agreements with BDO USA

As a client of BDO USA, you may have entered into a contract, engagement letter or other agreement with BDO that governs the relationship between you and BDO and the services we provide to you (“Agreement”). If any provision in your Agreement with BDO conflicts with any provision in this Privacy Policy, the provision in your Agreement will control to the extent of such conflict.
 
Note about Client Data: We may receive Personal Information contained in the files, documents, data, and other materials we receive in connection with the Agreement (“Client Data”). We use and disclose this Client Data as described in our Agreements with you.
 

How We Collect and Use Your Personal Information

"Personal Information" is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity.
 
We may collect Personal Information directly from you and automatically through our use of cookies and other data collection technologies on our Sites. We may also collect your Personal Information from third-party sources, such as social media platforms (if you interact with us through your social media account), background check providers, and third parties to whom you direct us to collect your Personal information.  We will treat Personal Information collected from third-party sources in accordance with this Privacy Policy but we are not responsible or liable for the accuracy of the information provided by third parties or for the third-party policies or practices.  
 
The categories of Personal Information that we collect from you depend on your interactions and engagement with us. For example, we may collect:
 
  • Direct Identifiers, such as your name, address, email address, phone number, IP address, online identifiers, payment card or financial account numbers and related information required to process payments, and other similar identifiers. We may collect this information to verify your identity and information, communicate with you, process your payments, and provide you with access to your BDO USA client account (“Account”).
  • Commercial Information, such as the products and services purchased from us. We may collect this information to maintain client records, identify trends in our client relationships, and conduct business analytics.
  • Internet Activity Information, such as your browsing history, search history, and information regarding your interactions with pages you visit on the Sites. We may collect this information to understand your use of the Sites and your Account.
  • Professional and Employment-Related Information, such as information about your current employment, professional degrees and certifications, and education background. We may collect this information to verify your identity, perform regulatory compliance checks, and other related processes.
  • Profile Information, such as information about your preferences and characteristics. We may collect this information in order to understand your preferences and tailor our services and communications to you.
 
In addition to the purposes for collection described above, we also may collect each category of information for the purpose of maintaining our client relationship with you and performing services, which include:
  • Onboarding you as a client, maintaining or servicing your Account, processing and fulfilling your requests, and other activities that are part of our service offerings.
  • Conducting verification and background checks as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational, and financial checks.
  • Taking steps to improve our services to you, including to run analytics, improve our artificial intelligence tools, assess the quality of our services, and for other related internal business purposes.
  • Confirming your balances and managing other aspects of your financial transactions.
  • Sending you messages promoting our products and services. You may opt-out of receiving certain promotional e-mail messages from us as described in the "Marketing Opt-Out" section below.
  • Administering and improving our Sites, including to measure the effectiveness of the Sites, help diagnose problems with our server, see where Site traffic is coming from, and to identify our Site users.
  • Complying with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
  • Fulfilling any other purpose described in our Agreements with you.
 

How We Disclose Your Personal Information

We may share your Personal Information in the following circumstances:
  • We may share your Personal Information with companies or individuals that we contract with in order to receive services (our “Service Providers”). These services may include, among other things, providing products or services to you on our behalf, creating or maintaining our databases, payment processing, researching and analyzing the people who request information from us, preparing distribution communications or responding to inquiries. Our policy is to inform our Service Providers not to use or disclose your Personal Information for any purpose other than for providing services to us.
  • We may share your Personal Information with companies that we own or control.  
  • We may share your Personal Information with companies or individuals outside of BDO USA who may use your Personal Information for their own purposes (a “Third Party”). For example:
    • If you choose to submit Personal Information through the “Testimonials” link, we may share your Personal Information publicly or with Third Parties.
    • From time to time, we may be required to provide Personal Information to a Third Party in response to a court order, subpoena, government investigation, or as otherwise required by law or legal process.
    • We may share your Personal Information with Third Parties, such as law enforcement agencies, when we, in good faith, believe: (i) you or others are acting unlawfully, (ii) when we believe it is necessary or appropriate to satisfy any law, regulation or other governmental request, (iii) to operate our business and Sites properly, or (iv) to protect or defend our rights or the rights or well-being of our users, even without a subpoena, warrant or court order.
  • We may, as a result of a sale, merger, consolidation, change in control, transfer of assets, reorganization or liquidation of our company (a “Reorganization Event”), transfer or assign your Personal Information to parties involved in the Reorganization Event. You acknowledge that such transfers may occur and are permitted by and subject to this Privacy Policy.
 

Cookies and Other Technologies

We may use "cookies" to keep, and sometimes track, information about you on our Sites. Cookies are small data files that are sent to your browser or related software from a Web server and stored on your computer's hard drive. Cookies track where you travel on the Sites and what you look at. In doing so, a cookie may enable us to relate your use of the Sites to your Personal Information. Many other websites use cookies for very similar purposes.
 
Most Web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Additionally, your Flash player can be set to reject or delete Flash cookies. Refusing a cookie will generally not interfere with your use of the Sites. However, refusal of a cookie may, in some cases, preclude you from using or negatively impact the display or function of the Sites or certain areas or features of the Sites.
 
We may also use web beacons (a.k.a. clear GIFs, web bugs or pixel tags) to personalize your experience on the Sites, to generate information about Site traffic and trends, and to verify your viewing and/or receipt of communications. Web beacons collect information automatically, such as the type of browser that you use and your IP address. Web beacons may be used alone or in conjunction with cookies. When web beacons are used with cookies, they may link this information to other Personal Information that you have provided to us. Web beacons usually are not visible to you.
 
Third-Party Analytics
We use automated devices and applications, such as Google Analytics and Crazy Egg, to evaluate usage of our Sites. We also may use other analytic means to evaluate our Sites and services. We use these tools to help us improve the Sites and user experiences. These entities may use cookies and other tracking technologies to perform their services. We do not share your Personal Information with these third parties.  To learn how Google Analytics collects and processes data, please visit: “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners.  To learn about how Crazy Egg uses the analytics information it collects, please visit Crazy Egg’s Privacy Policy; to opt-out of Crazy Egg’s analytics tracking, please visit https://www.crazyegg.com/opt-out/.
 
How We Respond to Do Not Track Signals
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a "Do Not Track" ("DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including BDO USA, do not recognize or respond to DNT signals.
 

Marketing Opt-Out

If you would like to opt out of receiving promotional or marketing e-mails from us, you may use the “unsubscribe” mechanism included in each marketing message. You may let us know by sending us an email to bdousa@bdo.com with REMOVE in the subject line, and stating the email address you wish to be removed from our mailing list. If you have an Account, you may be able to manage your subscriptions through your Account. However, your option not to receive promotional and marketing email shall not preclude us from corresponding with you, by email or otherwise, regarding your existing relationship with us. Your opt-out request will also not apply to correspondence that has already been initiated.
 

Your California Privacy Rights

California residents are entitled to the following privacy rights listed below.  
 
  • The right to know. You have the right to request to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in the last 12 months; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your Personal Information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your Personal Information. Generally:
    • Within the preceding 12 months, BDO USA has collected the categories of Personal Information detailed in “How We Collect and Use Your Personal Information” above.
    • BDO USA has not sold your Personal Information in the preceding 12 months. We do not and will not sell your Personal Information.
    • BDO USA has disclosed the following categories of Personal Information for a business purpose in the preceding 12 months: Direct Identifiers; Commercial Information; Internet Activity Information; Professional and Employment-Related Information; Profile Information; and any other information disclosed in response to a court order, subpoena, government investigation, or as otherwise required by law or legal process. 
 
  • The right to deletion. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
  • The right to equal service. If you choose to exercise any of these rights, BDO USA will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of BDO USA’s Sites or services.
 
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us at 1 (877) 236-0001 or complete our “California Consumer Request” form.
 
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.

You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
 
Shine the Light: This Privacy Policy describes how we may share your information, including for marketing purposes. California residents are entitled to request and obtain from BDO USA once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at privacy@bdo.com.
 

Information for Clients Outside of the United States

If you are a client located outside of the United States or access and use the Sites from outside of the United States, your information will be transferred to, stored and processed in the United States and other countries where BDO USA or its vendors operate in accordance with this Privacy Policy and all applicable laws. Please note that data protection and consumer protection laws of the United States and such other countries may differ from the data protection or consumer protection laws in your country. By using the Sites or providing us with your Personal Information, you understand that your Personal Information will be collected from and processed in the United States and other countries where BDO USA or its vendors operate, and acknowledge that your information may be subject to access by law enforcement and other government entities, including courts and tribunals, in accordance with laws applicable in those jurisdictions.
 

Security

We maintain one or more databases to store your Personal Information and may retain it as reasonably required to serve you, run our business, and comply with our legal obligations. We have implemented reasonable safeguards designed to protect your information from loss, misuse, alteration or destruction. We also take reasonable steps designed to ensure that third parties who work with us agree to protect the Personal Information.
 
Please be careful whenever sending Personal Information to us via email. Email is not a secure means of transferring information. Whenever possible, please use the file-sharing services available on the Client Center to share with us files containing Personal Information about you, your employees, customers and other individuals from whom you collect Personal Information.
 
Without limiting any other terms that apply to our Sites and this Privacy Policy, you understand that we cannot guarantee that your Personal Information will be private or secure. Except to the extent provided by law, we are not responsible or liable to you for any lack of privacy or security you may experience. You are fully responsible for taking precautions and providing security measures best suited for your situation and intended use of the Sites and our services.
 

Third Parties

Our Sites, client services and materials may contain references and/or links to third-party websites and services, including references and links to third parties that accept and process your payments to BDO USA. Except as described above regarding Service Providers, we have no control over what information third parties track or collect. Any access to and use of such third-party websites and services is not governed by this Privacy Policy but instead is governed by the privacy policies of those third-parties. We are not responsible for the information practices of such third parties.
 

Children’s Privacy

We do not knowingly collect any Personal Information from clients or children under 13 years of age without prior verifiable parental consent. If BDO USA learns that a child under the age of 13 has submitted Personal Information without parental consent, we will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required or allowed by law. If you believe a child under 13 years of age has provided us with Personal Information, please contact us at privacy@bdo.com or the mailing address below.
 

Questions about Our Privacy Policy

If you have questions about this Privacy Policy, please contact us at privacy@bdo.com. You can also send us physical mail to: BDO USA, LLP, 600 North Pearl Street, Suite 1700, Dallas, TX 75201, Attention: Chief Compliance & Ethics Officer.
 

Changes to Our Privacy Policy

We may occasionally update this Privacy Policy to reflect changes in our practices. When we post modifications to this Privacy Policy, we will revise the "Last Updated" date at the top of this web page. If the changes are material, we will endeavor to notify you in advance of such changes taking place. If you object to any modification, your sole recourse is to notify us that you do not agree and to stop using the Sites and providing us with your Personal Information.
 
We encourage you to periodically review this page for the latest information on our privacy practices.