Privacy statement
1. INTRODUCTION
This Client Personal Information Privacy and Consent Notice (“Privacy Notice”) sets out how BDO South Africa (“BDO”, “we”, “us”) collects, processes, retains and discloses Personal Information in accordance with the requirements of the Protection of Personal Information Act (“POPIA”), the General Data Protection Regulation (“GDPR”) and any other applicable laws or regulations.
Any use of the words “you” or “your” shall be in reference to the natural or juristic person (as the case may be) from whom we are collecting Personal Information.
The consent provided herein is voluntary and may be withdrawn at any time, with notice to us.
BDO is committed to protecting your privacy and to ensure that your Personal Information is collected and used properly, lawfully and transparently.
BDO, for purposes of this Privacy Notice, includes any member firm and/or affiliated entity within the BDO Network.
2. PERSONAL INFORMATION: PROCESSING AND COLLECTION
We may collect your Personal Information from a variety of sources which includes, but is not limited to, that which we obtain from you directly as well as Personal Information we collect from other commercially available sources, such as public databases (where permitted by law). Primarily, we endeavour to collect information directly from you.
The provision of your Personal Information is voluntary. However, failure to provide this Personal Information may prevent or delay the services being provided and the fulfilment of our obligations in relation thereto.
“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well -being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information;
Personal Information may only be processed if—
a) the data subject or a competent person where the data subject is a child consents to the processing;
b) processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
c) processing complies with an obligation imposed by law on the responsible party;
d) processing protects a legitimate interest of the data subject;
e) processing is necessary for the proper performance of a public law duty by a public body; or
f) processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
3. PURPOSE OF BDO PROCESSING YOUR PERSONAL INFORMATION
As a professional services company your Personal Information may be collected and processed by us for the following purposes:
(a) to perform the services and comply with the obligations set out in the relevant services contract;
(b) to conduct due diligences including, but not limited to, relevant conflict and risk assessments prior to accepting you as a client (which will include credit and criminal checks);
(c) to correspond and communicate with you;
(d) to ensure that our records are current and accurate;
(e) to ensure we issue accurate invoices, statements or fee notes for our services;
(f) to send you information about products and services which we think will be of interest to you;
(g) to comply with legal and regulatory obligations to which we are subject to;
(h) for insurance purposes;
(i) for the detection and prevention of fraud, crime, money laundering or other malpractice;
(j) in connection with legal proceedings;
(k) for reference purposes in tenders, proposals, resume’s, marketing material and other similar submissions that BDO or BDO employees may make to prospective clients for the purpose of demonstrating their relevant experience and expertise;
(m) online events, such as webcast events;
(m) to comply with applicable legislation. A list of the applicable legislation in terms of which records are held by us can be found in our PAIA Manual which is available on our website.
4. YOUR RIGHTS AND THE PROCESSING OF PERSONAL INFORMATION
Please let us know if any of the Personal Information that we hold about you changes so that we can correct and update the Personal Information on our systems.
(a) Right of access to, correction or deletion of information we hold about you
You have the right to request: (i) confirmation as to whether we hold any Personal Information related to you; (ii) a copy of the Personal Information or a description of the Personal Information we hold about you and which you may ask us to provide the information to you in commonly used and machine-readable format; (iii) subject to any applicable law and where appropriate, the correction, updating or deletion of your Personal Information held by us. Submission of a request for access, correction or deletion forms together with the details of the request for access, correction or deletion procedure can be found in our PAIA Manual.
(b) Right to object to the processing of Personal Information
In certain circumstances, such as when we process your information for our or your legitimate interests, you may object to the processing of your Personal Information, unless we are required to process the information on another bases, such as a legal basis. Submission of objection forms together with the details of the objection procedure can be found in our PAIA Manual.
(c) Right to object to automated decision-making and profiling
Where we use automated decision-making or profiling to make decisions, you may object to this profiling. Alternatively, you may ask that a person review a decision made, or that you be provided with the logic around such a decision, so that you can make a representation in respect of the decision.
(d) Right to unsubscribe from direct marketing
Where you do not wish to receive marketing communication from us, you can unsubscribe from marketing emails by clicking on the unsubscribe link provided in each email.
(e) Right to withdraw consent and to lodge a complaint with the Information Regulator
Where you have given your consent to a particular type of Processing, you may withdraw that consent at any time by contacting us using the contact details set out below.
5. INFORMATION SHARING AND SECURITY
We do not disclose or share your Personal Information with third parties (other than service providers acting on our behalf) unless we have a lawful basis or legitimate purpose for doing so.
We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment processing, data analytics, client feedback surveys, and research. This may mean that we have to share your Personal Information with these third parties in order to process your information. When we share your Personal Information in this way, we put in place appropriate measures to ensure that our service providers keep your Personal Information secure and comply with the terms and provisions of POPIA and any other applicable laws.
We have implemented generally accepted standards of technology and operational security to protect Personal Information from loss, misuse, alteration, or destruction. You may request a copy of our Information Security and Privacy Overview Policy from us using the contact details set out below.
We require all of our staff to keep Personal Information confidential, and only authorised staff have access to the relevant Personal Information.
We will retain your Personal Information in accordance with our data retention policy, which sets out data retention periods required or as is required by applicable law.
6. INFORMATION TRANSFER
Where necessary, for the purposes of Processing your Personal Information, it may be transferred outside of South Africa in accordance with the appropriate data protection laws.
We anticipate that Personal Information may need to be transferred outside of South Africa for purposes of cloud storage, and where we do so, we will ensure that the necessary safeguards are in place to protect your Personal Information.
When your Personal Information is transferred to a country whose data protection laws do not provide an adequate level of protection for your Personal Information, we use the European Commission's approved Standard Contractual Clauses in order to ensure that the appropriate mechanisms and safeguards are in place. If you wish to see a copy of the relevant mechanism that we use to transfer your Personal Information, please contact us using the contact details set out below.
7. CONTACT US
If you have questions or concerns regarding the way in which your Personal Information has been used, or should you have any questions about this Privacy Notice, please contact our privacy champion at dataprivacy@bdo.co.za.
8. CHANGES TO THE PRIVACY NOTICE
Should we be required to collect additional Personal Information from you, we will send you an updated Privacy Notice.
Custodian | Data Privacy Champion |
Last Updated | 9 October 2024 |