BDO USA Privacy Policy

Last Reviewed: October 29, 2024

This Privacy Policy ("Privacy Policy") describes how BDO USA1 and its subsidiaries (except as described below) (together, "BDO USA" or "we" or "us" or “our”) collect, use, and disclose the Personal Information we collect from or about you when you:

  • Use the BDO USA website (www.bdo.com) or any other websites, blogs or pages that link to this Privacy Policy (together, the "Sites");
  • Communicate with us electronically, such as via email; and
  • Interact with us offline, including in person, at an event or via phone.

Before submitting Personal Information to us or using the Sites, please review this Privacy Policy carefully.

Certain BDO USA services or subsidiaries may use different privacy policies to provide notice to you about how your Personal Information is used and disclosed. To the extent that BDO USA services or subsidiaries post or reference a different privacy policy, that different privacy policy, not this Privacy Policy, will apply to your Personal Information collected in the context of those services or by that subsidiary.

 

Note to BDO USA Clients

If you are a client of BDO USA, please refer to our BDO USA Client Data Privacy Policy for information about how we use and disclose the Personal Information we collect about you in the context of our client relationship with you. Unless we state otherwise in our communications with you or in client engagement documents, this Privacy Policy does not apply to the Personal Information we collect in the context of our client relationships.

 

BDO USA as a Service Provider

Most of our clients are businesses, and we may receive and process Personal Information when we provide services to those clients. When this happens, we process your Personal Information pursuant to our contract with our client. That client’s privacy policy applies to your Personal Information, not ours.

 

How We Collect and Use Your Personal Information

"Personal Information" 

is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information, and internet activity.

We may collect Personal Information directly from you and automatically through our use of cookies and other data collection technologies on our Sites. We may also collect your Personal Information from third-party sources, such as social media platforms (if you interact with us through your social media account), references you list on applications and forms, and third parties to whom you direct us to collect your Personal information. We will treat Personal Information collected from third-party sources in accordance with this Privacy Policy.

The categories of Personal Information that we collect from you depends on your interactions with us. For example, we may collect:

  • Identifiers, such as your name, postal address, phone number, e-mail address, IP address, online identifiers, account names, associated passwords, social media profiles and other similar identifiers. We may collect this information to verify your identity and information, to communicate with you, to create your BDO USA Account (“Account”) and to facilitate your use of our Sites.  
  • Protected Characteristics, provided with special protection under applicable law, such as your age, race, citizenship, gender, medical information, and disability information.
  • Professional and Employment-Related Information, such as information about your current and former employment, professional degrees and certifications, education background, information about references you list on your application form, certain Identifiers (in order to contact you), and other employment-related information, including your employment goals and objectives. We may collect this information to process and manage your profile when you interact with us regarding networking events or our professional services, or if you submit an employment or other application to us. We may also collect information provided by you in the course of evaluating or engaging you for employment or other positions. This information may include your first and last name, email address, CV, resume, cover letter and any other information provided by or about you, including information from references and background check providers.
  • Commercial Information, such as products and services purchased from us through the use of our Sites. We may collect this information to conduct business analytics and improve our services to you.
  • Internet or other Electronic Activity Information, such as your browsing history, search history, which pages you visit on the Sites, other pages you visit on the Internet, and which browser you used to view the Sites. We may sometimes collect your precise geolocation data, such as when you consent to share your location to find a nearby office using location-enabled services on the Sites. Please review the “Cookies and Other Technologies” section to learn more about our use of cookies and tracking technologies. We may collect this information to understand your use of the Sites and of your Account. 
  • Profile Information, such as information about your preferences and characteristics (including inferences drawn from other personal information). We may collect this information in order to understand your preferences and tailor our services and communications to you. In addition, if you visit our premises, we may collect information to protect the health and safety of our personnel, clients, guests, and the general public, such as health and travel information.

 

In addition to the purposes for collection described above, we also may collect each category of information for the purpose of performing services for you and maintaining our relationship with you, which include:

  • Maintaining and servicing your Account, including managing your preferences.
  • Taking steps to improve our services to you, including to run analytics, improve our artificial intelligence tools, assess the quality of our services, and for other related internal business purposes.
  • Administering and improving our Sites, including to measuring the effectiveness of the Sites, diagnosing problems with our server, analyzing where Site traffic is coming from, and to identifying our Site users.
  • Communicating with you to personalize your experience with the BDO USA and improve our understanding of your needs, and to respond to inquiries you send to us.
  • Sending you messages promoting our products and services. You may opt-out of receiving certain promotional e-mail messages from us as described in the "Marketing Opt-Out" section below.
  • Protecting the health and safety of our personnel, clients, guests, and the general public.
  • Complying with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
  • For other purposes consistent with the context of the collection of your information, or as otherwise disclosed to you prior to the use of your information.

Some of the information we collect may be considered Sensitive Personal Information under privacy laws, such as your health information and account log-in information. We use your Sensitive Personal Information only for legitimate business purposes, including to (i) perform services or provide goods reasonably expected by an average person; (ii) detect security incidents; (iii) resist malicious, deceptive, or illegal actions; (iv) ensure the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) perform or provide internal business services; or (vii) verify or maintain the quality or safety of a service or device. 

 

How We Disclose Your Personal Information

We may share the categories of Personal Information described above in the following circumstances to the following categories of third parties:

  • We may share your Personal Information with companies or individuals that we contract with in order to receive services (our “Service Providers”). These services may include, among other things, providing products or services to you on our behalf, creating or maintaining our databases, payment processing, researching, and analyzing the people who request information from us, preparing distribution communications, responding to inquiries, or processing applications. We may also disclose to these Service Providers your health and travel-related information in order to protect the health and safety of our personnel, clients, guests, and the general public.  Our policy is to inform our Service Providers not to use or disclose your Personal Information for any purpose other than for providing services to us.
  • We may share your Personal Information with companies that we own or control, or are owned or controlled by (our “Corporate Family”), including health and travel-related information in order to protect the health and safety of our personnel, clients, guests, and the general public.
  • We may share your Personal Information with companies or individuals outside of BDO USA who may use your Personal Information for their own purposes (a “Third Party”). For example:
    • Our clients.
    • If you choose to submit Personal Information through the “Testimonials” link, we may share your Personal Information publicly or with Third Parties.
    • From time to time, we may be required to provide Personal Information to a Third Party in response to a court order, subpoena, government investigation, or as otherwise required by law or legal process.
    • We may share your Personal Information with Third Parties, such as law enforcement agencies, other government agencies, or health authorities (i) when we, in good faith, believe you or others are acting unlawfully, (ii) when we believe it is necessary or appropriate to satisfy any law, regulation or other governmental request, (iii) to operate our business and Sites properly, (iv) to protect or defend our rights or the rights or well-being of our users, even without a subpoena, warrant or court order, or (v) we believe disclosure is necessary to protect the health and safety of our personnel, clients, guests, and the general public.
  • We may, as a result of a sale, merger, consolidation, change in control, transfer of assets, reorganization, or liquidation of our company (a "Reorganization Event"), transfer or assign your Personal Information to parties involved in the Reorganization Event. You acknowledge that such transfers may occur and are permitted by and subject to this Privacy Policy.

 

Cookies and Other Technologies

We may use "cookies" to keep, and sometimes track, information about you on our Sites. Cookies are small data files that are sent to your browser or related software from a Web server and stored on your computer's hard drive. Cookies track where you travel on the Sites and what you look at. In doing so, a cookie may enable us to relate your use of the Sites to your Personal Information. Many other websites use cookies for very similar purposes.

Most Web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Additionally, your Flash player can be set to reject or delete Flash cookies. Refusing a cookie will generally not interfere with your use of the Sites. However, refusal of a cookie may, in some cases, preclude you from using or negatively impact the display or function of the Sites or certain areas or features of the Sites.

We may also use web beacons (a.k.a. clear GIFs, web bugs or pixel tags) to personalize your experience on the Sites, to generate information about Site traffic and trends, and to verify your viewing and/or receipt of communications. Web beacons collect information automatically, such as the type of browser that you use and your IP address. Web beacons may be used alone or in conjunction with cookies. When web beacons are used with cookies, they may link this information to other Personal Information that you have provided to us. Web beacons usually are not visible to you.

Third Party Analytics

We use automated devices and applications, such as Google Analytics and Crazy Egg, to evaluate usage of our Sites. We also may use other analytic means to evaluate our Sites and services. We use these tools to help us improve the Sites, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services. We do not share your Personal Information with these third parties.  To learn how Google Analytics collects and processes data, please visit: “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners.  To learn about how Crazy Egg uses the analytics information it collects, please visit Crazy Egg’s Privacy Policy; to opt-out of Crazy Egg’s analytics tracking, please visit https://www.crazyegg.com/opt-out/.

How We Respond to Do Not Track Signals

Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a "Do Not Track" ("DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including BDO USA, do not recognize or respond to DNT signals.

 

Marketing Opt-Out

If you would like to opt out of receiving promotional or marketing e-mail from us, you may use the “unsubscribe” mechanism included in each marketing message. You may let us know by sending us an email to [email protected] with REMOVE in the subject line, and stating the e-mail address you wish to be removed from our mailing list. If you have an Account, you may be able to manage your subscriptions through your Account. However, your option not to receive promotional and marketing e-mail shall not preclude us from corresponding with you, by e-mail or otherwise, regarding your existing relationship with us. Your opt-out request will also not apply to correspondence that has already been initiated.

 

California Privacy Disclosures

California residents are entitled to the following additional disclosures about our data processing:  

  • In the preceding 12 months, BDO USA has collected the categories of Personal Information detailed in “How We Collect and Use Your Personal Information” above. The purposes for which BDO USA has collected Personal Information and the sources of that information are also described above.
  • In the preceding 12 months, BDO USA has disclosed Personal Information for a business purpose as detailed in the How we Disclose Your Personal Information section above.
  • We may sell information in the context of our Global Corporate Intelligence (“GCI”) services. In the preceding 12 months, BDO USA has sold the following categories of Personal Information to GCI clients:  Identifiers, Protected Characteristics, Professional and Employment-Related Information, Commercial Information, Internet or Other Electronic Activity Information, and Profile Information. 
  • We may also sell information to the extent our use of cookies and tracking technologies for targeted advertising constitutes a “sale” under the CCPA. This use of cookies and tracking technologies also constitutes “sharing” under the CCPA. Your opt-out rights are described in the Your Rights section below. In the preceding 12 months, BDO USA has sold or shared the following categories of Personal Information to with our targeted advertising service providers and partners: Identifiers, Internet or Other Electronic Activity Information, and Profile Information.
  • We do not knowingly sell the Personal Information of minors under 16.

 

Please note that we do not sell any personal information received on behalf of our clients, and we do not sell any personal information obtained in the course of providing our other services, including Tax, Audit & Assurance and Advisory (other than GCI) services.

Shine the Light: This Privacy Policy describes how we may share your information, including for marketing purposes. California residents are entitled to request and obtain from BDO USA once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at [email protected].

For an explanation of the rights you may have as a California resident, please see the Your Rights section below.

Privacy Rights Metrics

For the period beginning on January 1, 2023 and ending on December 31, 2023, BDO USA has compiled the following statistics regarding individual requests to know, access, delete, and opt out of sale, sharing and/or targeted advertising.

2023 Total Requests

13172

Complied with in whole or in part 

13122

Denied 

50

Median # of Days to Respond

0

Mean # of Days to Respond

0.2

 

Of these requests, deletion request involved data that we did not delete pursuant to exceptions under Sections 1798.145 or 1798.146 of the California Consumer Privacy Act of 2018. For this request, we relied on the exceptions covering our ability to “comply with federal, state, or local laws,” “comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities,” and “exercise or defend legal claims.”

Please note that the number of “Denied” requests includes abandoned requests by the consumer and failed identity verification attempts.

Additionally, please note that these metrics include requests we received at the end of 2023 and responded to in 2024.

 

Your Rights

Depending on where you live, you may have the following rights, subject to any applicable exemptions or limitations:

  • The right to know and access your Personal Information, such as the categories of Personal Information we have collected, the sources of Personal Information, the purposes of collection, and how we used, disclosed, sold, or shared Personal Information; 
  • The right to correct inaccurate Personal Information that we maintain about you;
  • The right to delete your Personal Information under specific circumstances;
  • The right to opt out of the sale or sharing of your Personal Information, as such terms are defined by applicable laws;
  • The right to object or opt out of certain types of processing, such as targeted advertising, direct marketing, and certain types of profiling and automated decision-making;
  • The right to request the restriction of processing of your Personal Information; 
  • The right to data portability, which means requesting a copy of your Personal Information in an accessible format; 
  • The right to withdraw your consent under certain circumstances; and
  • The right to lodge a complaint with the relevant data protection supervisory authority. Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board’s website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources. 

To the extent any of the above rights are applicable, you may exercise your rights by contacting us at [email protected], by phone at 1 (877) 236-0001 or by completing our Consumer Request Form. If you wish to opt out of the sale of your Personal Information in the context of our Global Corporate Intelligence services, you can submit your request by completing our Do not sell my Personal Information request form. You may opt out of our use of cookies and other technologies for targeted advertising purposes by navigating to the “Opt Out of Targeted Advertising - Do Not Sell or Share My Personal Information” link in the footer of the BDO USA website you are visiting or clicking through the option in the banner that appears when you first visit our website. If you choose to exercise any of these rights, BDO USA will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of BDO USA’s Sites or services.

We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.

You may be able to use an authorized agent to submit a rights request on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at [email protected].

 

Legal Basis for Processing

Where applicable under the European Union’s General Data Protection Regulation (“GDPR”) or similar laws, the legal basis for our collection and use of your Personal Information may include any of the following:

  • Performance of a contract. We process your Personal Information as necessary to perform our obligations under any contract with you, such as to provide our Sites or services to you or complete transactions.
  • Consent. We may ask for your consent to use your Personal Information, including if we need your consent to process certain sensitive information about you or engage in certain marketing activities. If we obtain your consent as a legal basis for processing, you may withdraw your consent at any time.
  • Legitimate interests. We have a legitimate interest in using your Personal Information for our business purposes, including operating, improving, and marketing our business, Sites, and services.  
  • Compliance with a legal obligation. We may need to use your Personal Information to comply with applicable legal requirements.

 

Information for Visitors from Outside of the United States

If you visit the Sites or provide us your Personal Information from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where BDO USA or its vendors operate in accordance with this Privacy Policy and applicable laws. Please note that data protection and consumer protection laws of the United States and such other countries may differ from the data protection or consumer protection laws in your country. By using the Sites or providing us with your Personal Information, you understand that your Personal Information will be collected from and processed in the United States and other countries where BDO USA or its vendors operate, and acknowledge that your information may be subject to access by law enforcement and other government entities, including courts and tribunals, in accordance with laws applicable in those jurisdictions. Where applicable, we have implemented appropriate cross border data transfer mechanisms when transferring your Personal Information to a country outside of your home jurisdiction, including the BDO Binding Corporate Rules. BDO also adheres to and has self-certified under the EU-U.S. Data Privacy Framework, as further detailed in our Data Privacy Framework Statement.

 

Data Security and Retention

We maintain one or more databases to store your Personal Information and may retain it as reasonably required to serve you, run our business, and comply with our legal obligations. In determining when your Personal Information is retained or disposed, we may consider the nature and sensitivity of your Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and applicable legal requirements.

We have implemented reasonable safeguards designed to protect your information from loss, misuse, alteration, or destruction. We also take reasonable steps designed to ensure that third parties who work with us agree to protect the Personal Information.

Without limiting any other terms that apply to our Sites and this Privacy Policy, you understand that we cannot guarantee that your Personal Information will be private or secure. Except to the extent provided by law, we are not responsible or liable to you for any lack of privacy or security you may experience. You are fully responsible for taking precautions and providing security measures best suited for your situation and intended use of the Sites and our services. Please be careful whenever sending Personal Information to us via e-mail. E-mail is not a secure means of transferring information.

 

Third Parties

Our Sites, services and materials may contain references or links to third-party websites and services. Except as described above regarding Service Providers, we do not control what information third parties track or collect. Any access to and use of such third-party websites and services is not governed by this Privacy Policy but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties.

 

Children’s Privacy

We do not knowingly collect any Personal Information from children under 13 without prior verifiable parental consent. If BDO USA learns that a child under the age of 13 has submitted Personal Information without parental consent, we will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required or allowed by law. If you believe a child under 13 has provided us with Personal Information, please contact us at [email protected] or the mailing address below.

 

Questions about Our Privacy Policy

If you have questions about this Privacy Policy, please contact us at [email protected]. You can also send us physical mail to: BDO USA, 600 North Pearl Street, Suite 1700, Dallas, TX 75201, Attention: Chief Compliance & Ethics Officer.

 

Changes to Our Privacy Policy

We may occasionally review and update this Privacy Policy to reflect changes in our practices. When we review or post modifications to this Privacy Policy, we will revise the "Last Reviewed” date at the top of this web page. If the changes are material, we will endeavor to notify you in advance of such changes taking place. If you object to any modification, your sole recourse is to notify us that you do not agree and to stop using the Sites and providing us with your Personal Information.

We encourage you to periodically review this page for the latest information on our privacy practices.




BDO USA refers to BDO USA, P.C., a Virginia professional corporation, also doing business in certain jurisdictions with an alternative identifying abbreviation, such as Corp. or P.S.C.