BDO USA Data Privacy Framework Statement

BDO USA^[1] has certified to the U.S. Department of Commerce that we and our covered affiliates and subsidiaries listed in our certification (together, "BDO USA" or "we" or "us" or “our”) adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  We have also certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).  If there is any conflict between the terms in this BDO USA Data Privacy Framework Statement (“Statement”) and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively referred to as the “DPF Principles”), the DPF Principles shall govern. To learn more about the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (collectively referred to as the “DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Data Categories, Purposes, and Sharing 

This Statement applies to personal data that we receive in reliance on the DPF.  This may include data we receive on behalf of our clients in connection with their use of our products and services, as well as other categories of information disclosed in our Privacy Policy, available at https://www.bdo.com/privacy-policy (“Privacy Policy”). Depending on the circumstances, we may process this personal data to perform our services for our clients or for the other purposes described in our Privacy Policy. To provide our services, we may share this personal data with the client who originally provided the data and with other third parties consistent with the instructions of our clients. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share personal data with the other categories of third parties described in our Privacy Policy, for the purposes described therein. 

BDO USA may be liable if these third parties process data inconsistent with our obligations under the DPF and we are responsible for the event giving rise to the damage.

Your Rights

You have the right to access, correct, delete, and/or limit or opt out of certain uses or disclosures of your personal data in accordance with the DPF, our Privacy Policy, and applicable law. Please note that if your personal data was made available to us by a BDO USA client, we may have to coordinate with and/or redirect your request to our client in accordance with applicable law. You may submit a request to exercise your rights using the contact information provided below.

Where applicable, if we share your personal data received under the DPF with third party controllers other than our agents, or if we use it for a purpose materially different than the purposes for which it was originally collected, we will first provide you with an individual opt-out choice, or opt-in for sensitive data where required by applicable law.

Inquiries or Complaints

In compliance with the DPF, EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact BDO USA at: 

BDO USA

600 North Pearl Street, Suite 1700

Dallas, TX 75201

Attention: Chief Compliance & Ethics Officer

You may also contact our data privacy team at: [email protected]  

In compliance with the DPF, BDO USA commits to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF to an independent dispute resolution mechanism, the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA").  If you do not receive timely acknowledgment of your DPF related complaint from us, or if we have not addressed your DPF related complaint to your satisfaction, please contact or visit ICDR/AAA for more information or to file a complaint at no cost to you: https://go.adr.org/dpf_irm.html.    

If your DPF complaint cannot be resolved through the above channels, in certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means. Please see this DPF webpage for more information: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

Additionally, the Federal Trade Commission has jurisdiction over BDO USA’s compliance with the DPF. 

[1] BDO USA refers to BDO USA, P.C., a Virginia professional corporation, also doing business in certain jurisdictions with an alternative identifying abbreviation, such as Corp. or P.S.C.