Client Personal Information

  1. INTRODUCTION

    This Privacy Statement describes how BDO South Africa Incorporated (‘BDO’, 'we', 'us') collects and processes personal information about you; how we use and protect this information, and your rights in relation to this information.

    This Privacy Statement applies to all personal information we collect about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

  2. INFORMATION WE COLLECT

    We may collect your personal information from a variety of sources, including personal information we collect from you directly (e.g. when you contact us and provide services to us), and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).

    Certain personal information is required as a consequence of any contractual relationship we have with you or your employer, to enable us to carry out our contractual obligations to you or your employer. Failure to provide this personal information may prevent or delay the fulfilment of these obligations.

    1. Information we collect directly from you

      The categories of personal information that we may collect directly from you include the following:

      1. personal details (e.g. name, age, date of birth);
      2. contact details (e.g. phone number, email address, postal address or mobile number);
      3. employment details (e.g. job title; employer name);
      4. economic or financial information (e.g. details of income, financial statements or investment information).
    2. Information we collect from other sources

      The following are examples of the categories of personal information we may collect from other sources:

      1. personal details (e.g. name, age, date of birth);
      2. contact details (e.g. phone number, email address, postal address or mobile number);
      3. employment details (e.g. job title; employer name);
      4. economic or financial information (e.g. details of income, financial statements or investment information).
  3. USE OF PERSONAL INFORMATION

    We use your personal information to:

    1. carry out background checks prior to accepting you as a client;
    2. contact you with questions and other information regarding the services we are providing to you;
    3. ensure that our records are kept accurate and up to date where you, your employees or contractors work on or visit our facilities;
    4. ensure we issue accurate invoices for our services;
    5. send you messages about products and services which we think will be of interest to you;
    6. comply with legal obligations to which we are subject
    7. comply with obligations in terms of our mandate from you.

    We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

    1. to fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, and for ensuring you are able to access our premises when required;
    2. to comply with our legal obligations to you, for example health and safety obligations while you are on any of our premises, or to a third party (e.g to comply with a court order);
    3. to meet our legitimate interests so that: we are able to provide the services you request; our services function correctly in relation to your business; any complaints or concerns can be promptly relayed to us; we can respond to any questions or concerns you might have; we may carry out research and analysis to ensure products and services we offer are relevant to you; our records are kept up to date and accurate, and; to send relevant and appropriate electronic correspondence to you in order to keep you informed regarding, but not limited to, industry developments which may impact you, and to invite you to events which are fundamental to the services which we provide.
  4. YOUR RIGHTS

    Please let us know if any of the personal information that we hold about you changes so that we can correct and update the personal information on our systems.

    You can view, delete, where allowed by law, correct or update the personal information you provide to us by clicking here or clicking on the contact us page on www.bdo.co.za or contacting your usual BDO contact person.

    In certain circumstances you may object to specific processing activities, require us to restrict how we process your personal information and ask us to share your personal information in a usable format with another entity. Where you have given your consent to a particular type of processing, you may withdraw that consent at any time.

    To exercise any of the above rights, please contact us using the contact details set out below.

  5. INFORMATION SHARING, SECURITY, TRANSFER

    In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.

    We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment processing, data analytics and research. This may mean that we have to share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.

    Other situations in which we may disclose your personal information to a third party, are:

    1. perform other services we request from service providers, which may include other BDO network firms;
    2. to third parties who provide IT services, data processing or IT functionality services, for example cloud based software providers, web hosting services, data analysis providers and data storage or backup providers;
    3. where permitted by law, to protect and defend our rights and property; and
    4. when required by law, and/or public authorities;

    We may also share aggregated personal information that cannot identify you for general business analysis, e.g. we may disclose the number of visitors to our websites or services.

    We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. We require all staff, (Partners and/or Directors and employees) to keep personal information confidential and only authorised staff have access to this personal information.

    We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law.

    Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided. When we do so, we transfer the information in compliance with applicable data protection laws. When your personal information is transferred to a country whose data protection laws do not provide an adequate level of protection for your personal information, we use the European Commission's approved Standard Contractual Clauses in order to ensure that the appropriate mechanisms and safeguards are in place. If you wish to see a copy of the relevant mechanism that we use to transfer your personal information, please contact us using the contact details set out below.

  6. CONTACT US

    If you have questions or concerns regarding the way in which your personal information has been used, or should you have any questions about this Privacy Statement, please click here to contact us and provide the details relating to your query.

  7. CHANGES TO PRIVACY STATEMENT

    You may request a copy of this Privacy Statement from us using the contact details set out above. We may modify or update this privacy notice from time to time. You will be able to see when we last updated the Privacy Statement because we will include a revision date. Changes and additions to this Privacy Statement are effective from the date on which they are posted. Please review this Privacy Statement from time to time to check whether we have made any changes to the way in which we use your personal information.

    Custodian

    Kezia Talbot

    GDPR, Project Manager

    Version Control

    1.1

     

    Last Updated

    24 May 2018