BDO USA, LLP Safe Harbor Data Privacy Statement


Introduction

BDO USA, LLP ("BDO") is a national professional services firm providing assurance, tax, financial advisory, and consulting services to private and publicly traded businesses. Protecting your privacy is important to BDO. BDO and its affiliated U.S. subsidiaries ("the firm," "we," "us," or "our") complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.  BDO has certified that it adheres to the Swiss Safe Harbor Privacy Principles (“the Principles”) of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view BDO’s certification, please visit http://www.export.gov/safeharbor/. If there is any conflict between the policies in this statement and the Principles, the Principles will govern. This Safe Harbor Data Privacy Statement (“Statement”) outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the choices affected individuals have regarding our use of, and their ability to correct, that information.

For purposes of this statement, "personal information" means information we handle (except as noted below), including on-line, off-line, and manually processed data that:

  • is transferred from Switzerland to the United States;
  • is recorded in any form;
  • is about, or pertains to, a specific individual; and
  • can be linked to that individual.
It does not include information that pertains to a specific individual, but from which that individual could not reasonably be identified.
 

Principles Protecting Individuals' Privacy

Notice and Choice
To the extent permitted by the U.S.-Swiss Safe Harbor Agreement (“Safe Harbor Agreement”), we reserve the right to process personal information in the course of providing professional services to our clients without the knowledge of individuals involved. Where we collect personal information directly from individuals in Switzerland, we inform them about the types of personal information we collect from them, the purposes for which we collect and use it, and the types of non-agent third parties to which we disclose that information. We also inform those individuals about the choices and means, if any, we offer individuals for limiting the use or disclosure of their information (please see the “Access and Correction” section below). Generally, BDO uses personal information in the following ways:
  • To provide services to clients, including technical or client support and to respond to client inquiries;
  • To assess and improve the quality of our products, services, and business operations;
  • To satisfy governmental reporting and tax requirements;
  • As required by law; and
  • For other purposes consented to by individuals at the time of collection.
Disclosures and Transfers
BDO will not disclose an individual's personal information to third parties, except when one or more of the following conditions is true:
  • We have the individual's permission to make the disclosure;
  • The disclosure is required by law or professional standards;
  • The disclosure is reasonably related to the sale or disposition of all or part of our business;
  • The information in question is publicly available;
  • The disclosure is reasonably necessary for the establishment or defense of legal claims; or
  • The disclosure is to another BDO entity or to persons or entities providing services on our or the individual's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
    • is subject to law providing an adequate level of privacy protection;
    • has agreed in writing to provide a level of privacy protection that has been deemed adequate by the Swiss Federal Data Protection and Information Commissioner; or
    • has agreed in writing to provide at least the same level of protection as the Principles.
Permitted transfers of information, either to third parties or within BDO, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

Data Security
BDO takes your security seriously and takes reasonable steps to protect your information. To help protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction; to maintain data accuracy; and to ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of our clients, BDO has put in place reasonable precautions to protect personal information, including physical, electronic, and managerial procedures to safeguard and secure the information we process. However, we cannot guarantee the security of information on or transmitted via the Internet.

Data Integrity
We process personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Access and Correction
If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual may need to provide sufficient identifying information, such as name, address, birth date, and social security number. We may request additional identifying information as a security precaution. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Agreement. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.

Enforcement and Dispute Resolution
BDO utilizes the self-assessment approach to assure its compliance with our privacy statement. BDO periodically verifies that this Statement is accurate, comprehensive for the information intended to be covered, prominently displayed, and in conformity with the Principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.

With respect to any complaints relating to this Statement that cannot be resolved through our internal processes, we have agreed to participate in the dispute resolution procedures of the panel established by the competent Swiss data protection authority to resolve disputes pursuant to the Safe Harbor Principles. In the event that we or such authorities determine that we did not comply with this Statement, we will take appropriate steps to address any adverse effects and to promote future compliance.
Any person who we determine is in violation of our privacy policies will be subject to disciplinary process.
 
Changes to this Statement
This Statement may be changed from time to time, consistent with the requirements of the Safe Harbor Agreement. We will post any revised policy on this Web site, or a similar Web site that replaces this Web site.

Information Subject to Other Policies
We are committed to following the Principles for all personal information within the scope of the Safe Harbor Agreement. However, certain information is subject to policies of the firm that may differ in some respects from the general policies set forth in this statement.
  • Information relating to present or former BDO personnel is subject to our policies concerning personnel data privacy, which are available to present BDO personnel on BDO's intranet and former BDO personnel upon request.
  • Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any engagement letter or letters with the client, and applicable laws and professional standards.
How to Contact Us
Questions, comments or complaints about BDO's Safe Harbor Data Privacy Statement or data collection and processing practices can be e-mailed to privacy@bdo.com, or mailed to Privacy Office, BDO USA, LLP, 330 North Wabash, Suite 3200, Chicago, IL 60611. In the event that a complaint is not satisfactorily addressed by BDO within a reasonable time frame, you may contact the Federal Trade Commission at www.ftc.gov/ftc/complaint.htm, or via phone at 202-382-4357.


EFFECTIVE DATE: January 14, 2005, last amended January 19, 2017.