BDO undertakes to ensure that personal data collection and processing complies with the General Data Protection Regulation UE 2016/079 of 27 April 2016 (GDPR) and the French Data Protection law n°78-17 of the 6 January 1978 in its modified version (the “Applicable Regulations”).
In what follows, the term “You” or “Your” applies to any person affected by personal data (“Data”) collecting and processing subject of this data protection policy.
Processing of your Data
BDO processes your Data for the following purposes, depending on the case:
- Managing sales, financial and marketing relations between BDO and its clients, partners and suppliers. The legal basis for such processing is the legitimate interest or performance of a contract to enable BDO to ensure its administrative and financial functioning and develop its business. Commercial solicitation communications are based on your consent, and you may request at any time that you no longer receive commercial solicitations.
- Managing your application for a position with BDO. The legal basis for this processing is legitimate interest.
- Carry out the duties of an auditor’s office. The legal basis for this processing is the compliance with a legal obligation.
- Conduct training. The legal basis for this processing is the performance of a contract.
In these four situations, BDO acts as “data controller” pursuant to the Applicable Regulations.
- Carrying out assignments that are entrusted to BDO by its customers, which may involve the processing of your Data. These assignments involve the following areas: Social expertise (including the establishment of BDO clients' pay and possibly the payment of salaries on behalf of the client, declarations to social agencies, management of contractual breaks, assistance with URSSAF controls and advice); audit of the client’s accounts; accounting expertise; “advisory” missions (internal audit, data analysis, accounting, e-forensic, consulting). The legal basis for such processing is the performance of a contract, and/or the legal obligations that apply to BDO in the exercise of its regulated activities.
When BDO carries out the assignments entrusted to it by its clients, BDO acts as “data processor” pursuant to the Applicable Regulations.
Data is collected in two ways:
- Directly, when the client freely communicates or contacts BDO.
- Indirectly and automatically via browsing traces on the site. This second collection is not systematic, but the acceptance of cookies by the user may allow BDO to collect the IP address.
When it acts as data controller, BDO limits the collection of Data to data that is appropriate, relevant and whose processing is strictly necessary.
BDO, when it acts as data processor for the purposes of carrying out the assignments that are entrusted to it by its clients, contractually agrees in the context of its assignment contracts to pay the utmost respect to the security and confidentiality of personal data that it is required to process in this context.
Thus, BDO may collect the following information:
- Contact and marital status data: Name, surname, first name, email address, telephone number (Landline or mobile).
- Data relating to your working life: Function, sector of activity.
- Data related to your applications: CV, cover letter.
- Data relating to our interactions: Content/summary of exchanges in case of contact.
- Login data: BDO collects certain information through log files and cookies. These are mainly the following data: IP address, operating system, pages visited and queries, time and day of connection.
When a user navigates the site, BDO may place cookies. The exclusive purpose of certain cookies is to enable or facilitate the technical operation of the website or online services and is strictly necessary for their provision.
These are mainly session cookies that are temporary and deleted when the browser is closed. The manual choice to delete or block the installation of these cookies may limit the access or use of the site.
With the consent of the Internet user, BDO files cookies measuring audience in order to establish statistics and volumes of attendance and use of the site in a search for improvement of the interest and ergonomics of the services offered.
Users can set these choices via their browser settings.
Data processed by BDO in the context of the assignments that are entrusted to it by its clients are transmitted to the agencies, advisers, partners or other interlocutors having to know about them, on the client’s instruction or if the assignment entrusted by the client requires it.
However, BDO may be required to disclose your Data upon request from a competent authority.
In the event of Data transfer outside the European Union within the BDO group, the transfer is governed by binding corporate rules (BCRs) approved by the supervisory authorities.
Your Data processed by BDO are stored in France, for a term suited to the purpose of each processing operation, and, when BDO acts as data processor to carry out an assignment, throughout the term determined contractually with the client.
In particular: Data of prospects of BDO are stored for a maximum term of three years after the last contact with BDO; Data of applicants for a position with BDO are stored for a maximum term of two years after receipt of the application. Data relating to the assignment entrusted by a client shall be stored for a period of five years after the end of the assignment.
As an exception, these Data may be stored for longer periods to manage claims or litigation, or to meet legal and/or regulatory obligations.
Data relating to a dispute shall be stored until ordinary and extraordinary remedies have been exhausted.
You have the right to request access to your personal data and rectification of inaccurate data. You may request erasure of data and limitation of its processing, and you may also object to processing, in the cases and within the limits stipulated by applicable legislation. You have the right to portability of personal data that you have provided to BDO, under the conditions stipulated by applicable legislation. You also have the right to set out instructions relating to storage, erasure and communication of your personal data processed by BDO after your death, in accordance with applicable laws and regulations.
When processing relies on your consent, you may withdraw this at any time.
You may exercise your rights either by sending an email to [email protected] or by sending a letter for the attention of the Data Protection Officer, to the following address: BDO, 43-47 avenue de la Grande-Armée, 75116 PARIS.
Data Protection Officer
The BDO Data Protection Officer is:
- Mr. Eric ZABE, BDO France and its subsidiaries responsible for Audit, Accounting, Social Expertise and Consulting.
- Other subsidiaries of diversification activities, Mr. Bruno SAUCOURT.
Complaints to CNIL
You may make a complaint relating to personal data processing to the French national data protection agency (Commission Nationale Informatique et Libertés - CNIL) – www.cnil.fr – 3 place de Fontenoy 75007 Paris.