Last Updated: January 1, 2023
- Communicate with us electronically, such as via email; and
- Interact with us offline, including in person, at an event or via phone.
Note to BDO USA Clients
BDO as a Service Provider
How We Collect and Use Your Personal Information
is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information, and internet activity.
The categories of Personal Information that we collect from you depends on your interactions with us. For example, we may collect:
- Identifiers, such as your name, postal address, phone number, e-mail address, IP address, online identifiers, account names, associated passwords, social media profiles and other similar identifiers. We may collect this information to verify your identity and information, to communicate with you, to create your BDO USA Account (“Account”) and to facilitate your use of our Sites.
- Protected Characteristics, provided with special protection under applicable law, such as your age, race, citizenship, gender, medical information, and disability information.
- Professional and Employment-Related Information, such as information about your current and former employment, professional degrees and certifications, education background, information about references you list on your application form, certain Identifiers (in order to contact you), and other employment-related information, including your employment goals and objectives. We may collect this information to process and manage your profile when you interact with us regarding networking events or our professional services, or if you submit an employment or other application to us. We may also collect information provided by you in the course of evaluating or engaging you for employment or other positions. This information may include your first and last name, email address, CV, resume, cover letter and any other information provided by or about you, including information from references and background check providers.
- Commercial Information, such as products and services purchased from us through the use of our Sites. We may collect this information to conduct business analytics and improve our services to you.
- Profile Information, such as information about your preferences and characteristics (including inferences drawn from other personal information). We may collect this information in order to understand your preferences and tailor our services and communications to you. In addition, if you visit our premises, we may collect information to protect the health and safety of our personnel, clients, guests, and the general public, such as health and travel information.
In addition to the purposes for collection described above, we also may collect each category of information for the purpose of performing services for you and maintaining our relationship with you, which include:
- Maintaining and servicing your Account, including managing your preferences.
- Taking steps to improve our services to you, including to run analytics, improve our artificial intelligence tools, assess the quality of our services, and for other related internal business purposes.
- Administering and improving our Sites, including to measuring the effectiveness of the Sites, diagnosing problems with our server, analyzing where Site traffic is coming from, and to identifying our Site users.
- Communicating with you to personalize your experience with the BDO USA and improve our understanding of your needs, and to respond to inquiries you send to us.
- Sending you messages promoting our products and services. You may opt-out of receiving certain promotional e-mail messages from us as described in the "Marketing Opt-Out" section below.
- Protecting the health and safety of our personnel, clients, guests, and the general public.
- Complying with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
- For other purposes consistent with the context of the collection of your information, or as otherwise disclosed to you prior to the use of your information.
Some of the information we collect may be considered Sensitive Personal Information under privacy laws, such as your health information and account log-in information. We use your Sensitive Personal Information only for legitimate business purposes, including to (i) perform services or provide goods reasonably expected by an average person; (ii) detect security incidents; (iii) resist malicious, deceptive, or illegal actions; (iv) ensure the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) perform or provide internal business services; or (vii) verify or maintain the quality or safety of a service or device.
How We Disclose Your Personal Information
We may share the categories of Personal Information described above in the following circumstances to the following categories of third parties:
- We may share your Personal Information with companies or individuals that we contract with in order to receive services (our “Service Providers”). These services may include, among other things, providing products or services to you on our behalf, creating or maintaining our databases, payment processing, researching, and analyzing the people who request information from us, preparing distribution communications, responding to inquiries, or processing applications. We may also disclose to these Service Providers your health and travel-related information in order to protect the health and safety of our personnel, clients, guests, and the general public. Our policy is to inform our Service Providers not to use or disclose your Personal Information for any purpose other than for providing services to us.
- We may share your Personal Information with companies that we own or control, or are owned or controlled by (our “Corporate Family”), including health and travel-related information in order to protect the health and safety of our personnel, clients, guests, and the general public.
- We may share your Personal Information with companies or individuals outside of BDO USA who may use your Personal Information for their own purposes (a “Third Party”). For example:
- Our clients.
- If you choose to submit Personal Information through the “Testimonials” link, we may share your Personal Information publicly or with Third Parties.
- From time to time, we may be required to provide Personal Information to a Third Party in response to a court order, subpoena, government investigation, or as otherwise required by law or legal process.
- We may share your Personal Information with Third Parties, such as law enforcement agencies, other government agencies, or health authorities (i) when we, in good faith, believe you or others are acting unlawfully, (ii) when we believe it is necessary or appropriate to satisfy any law, regulation or other governmental request, (iii) to operate our business and Sites properly, (iv) to protect or defend our rights or the rights or well-being of our users, even without a subpoena, warrant or court order, or (v) we believe disclosure is necessary to protect the health and safety of our personnel, clients, guests, and the general public.
Cookies and Other Technologies
Most Web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Additionally, your Flash player can be set to reject or delete Flash cookies. Refusing a cookie will generally not interfere with your use of the Sites. However, refusal of a cookie may, in some cases, preclude you from using or negatively impact the display or function of the Sites or certain areas or features of the Sites.
We may also use web beacons (a.k.a. clear GIFs, web bugs or pixel tags) to personalize your experience on the Sites, to generate information about Site traffic and trends, and to verify your viewing and/or receipt of communications. Web beacons collect information automatically, such as the type of browser that you use and your IP address. Web beacons may be used alone or in conjunction with cookies. When web beacons are used with cookies, they may link this information to other Personal Information that you have provided to us. Web beacons usually are not visible to you.
Third Party Analytics
How We Respond to Do Not Track Signals
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a "Do Not Track" ("DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including BDO USA, do not recognize or respond to DNT signals.
If you would like to opt out of receiving promotional or marketing e-mail from us, you may use the “unsubscribe” mechanism included in each marketing message. You may let us know by sending us an email to [email protected] with REMOVE in the subject line, and stating the e-mail address you wish to be removed from our mailing list. If you have an Account, you may be able to manage your subscriptions through your Account. However, your option not to receive promotional and marketing e-mail shall not preclude us from corresponding with you, by e-mail or otherwise, regarding your existing relationship with us. Your opt-out request will also not apply to correspondence that has already been initiated.
California Privacy Disclosures
California residents are entitled to the following additional disclosures about our data processing:
- In the preceding 12 months, BDO USA has collected the categories of Personal Information detailed in “How We Collect and Use Your Personal Information” above. The purposes for which BDO USA has collected Personal Information and the sources of that information are also described above.
- In the preceding 12 months, BDO USA has disclosed Personal Information for a business purpose as detailed in the How we Disclose Your Personal Information section above.
- We may sell information in the context of our Investigative Due Diligence (“IDD”) services. In the preceding 12 months, BDO USA has sold the following categories of Personal Information to IDD clients: Identifiers, Protected Characteristics, Professional and Employment-Related Information, Commercial Information, Internet or Other Electronic Activity Information, and Profile Information.
- We do not knowingly sell the Personal Information of minors under 16.
Please note that we do not sell any personal information received on behalf of our clients, and we do not sell any personal information obtained in the course of providing our other services, including Tax, Audit & Assurance and Advisory (other than IDD) services.
For an explanation of the rights you may have as a California resident, please see the Your Rights section below.
Depending on where you live, you may have the following rights, subject to any applicable exemptions or limitations:
- The right to know and access your Personal Information, such as the categories of Personal Information we have collected, the sources of Personal Information, the purposes of collection, and how we used, disclosed, sold, or shared Personal Information;
- The right to correct inaccurate Personal Information that we maintain about you;
- The right to delete your Personal Information under specific circumstances;
- The right to opt out of the sale or sharing of your Personal Information, as such terms are defined by applicable laws;
- The right to object or opt out of certain types of processing, such as targeted advertising, direct marketing, and certain types of profiling and automated decision-making;
- The right to request the restriction of processing of your Personal Information;
- The right to data portability, which means requesting a copy of your Personal Information in an accessible format;
- The right to withdraw your consent under certain circumstances; and
- The right to lodge a complaint with the relevant data protection supervisory authority. Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board’s website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources.
We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at [email protected]
Legal Basis for Processing
Where applicable under the European Union’s General Data Protection Regulation (“GDPR”) or similar laws, the legal basis for our collection and use of your Personal Information may include any of the following:
- Performance of a contract. We process your Personal Information as necessary to perform our obligations under any contract with you, such as to provide our Sites or services to you or complete transactions.
- Consent. We may ask for your consent to use your Personal Information, including if we need your consent to process certain sensitive information about you or engage in certain marketing activities. If we obtain your consent as a legal basis for processing, you may withdraw your consent at any time.
- Legitimate interests. We have a legitimate interest in using your Personal Information for our business purposes, including operating, improving, and marketing our business, Sites, and services.
- Compliance with a legal obligation. We may need to use your Personal Information to comply with applicable legal requirements.
Information for Visitors from Outside of the United States
Data Security and Retention
We maintain one or more databases to store your Personal Information and may retain it as reasonably required to serve you, run our business, and comply with our legal obligations. In determining when your Personal Information is retained or disposed, we may consider the nature and sensitivity of your Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and applicable legal requirements.
We have implemented reasonable safeguards designed to protect your information from loss, misuse, alteration, or destruction. We also take reasonable steps designed to ensure that third parties who work with us agree to protect the Personal Information.
We do not knowingly collect any Personal Information from children under 13 without prior verifiable parental consent. If BDO USA learns that a child under the age of 13 has submitted Personal Information without parental consent, we will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required or allowed by law. If you believe a child under 13 has provided us with Personal Information, please contact us at [email protected] or the mailing address below.
We encourage you to periodically review this page for the latest information on our privacy practices.