BDO in Iceland is a member of BDO International Ltd, a UK company limited by guarantee, and forms part of the worldwide network of independent legal entities, each of which provides professional services under the name “BDO”.
BDO is an international network of independent public accounting, tax and advisory firms (the “BDO network”), which perform professional services under the name of BDO (the “BDO member firms”). BDO International Limited (“BDOI”) is a UK company limited by guarantee. It is the governing entity of the BDO network.
Each of BDOI and the member firms is a separate legal entity and has no liability for another such entity's acts or omissions. Nothing in the arrangements or rules of the BDO network shall constitute or imply an agency relationship or a partnership between BDOI and the member firms.
Please note that the other country or specific websites contained within www.bdo.is are provided by the applicable BDO member firms or related entities managing them and are not the responsibility of BDO. Such websites, as well as other websites that may be linked to this web site, are not governed by this Privacy Statement. We encourage visitors to review each of these other web site's privacy statements before disclosing any personal information.
BDO Iceland respects the privacy and confidentiality of clients and visitor personal data collected. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the General Data Protection Regulation (“GDPR”) (EU) 2016/679 in processing and holding your personal data. You share certain personal data with BDO to enable our staff to give you the best possible service as agreed. The personal data that BDO processes will depend on the assignment, but we ask you to provide us with only the data that are strictly necessary so that we can guarantee the agreed form of service. BDO Iceland places great emphasis on ensuring, in a variety of ways, confidentiality, reliability and safe, secure, and responsible handling of information.
By using BDO.is and providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing and disclosure of your personal data as described in this policy.
1.1 Compliance with Local Law and General Data Protection Regulation
We will first and foremost comply with the GDPR and any applicable local law. European personal data will be processed in accordance with the GDPR. Where local law requires a higher level of protection for personal data than is provided for in the GDPR, the higher level of protection will take precedence and be applied to the processing of the personal data. We will ensure that complying with the GDPR does not conflict with local data and personal laws.
2.How We Collect Your Personal Data
The GDPR defines personal data as any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (henceforth, collectively referred to as “personal data”).
We generally collect personal data through the following methods and / or channels:
- When you engage BDO Iceland to render professional services to you,
- When and if BDO Iceland record CCTV footage while you are within our premises,
- When you interact with BDO Iceland via face to face meetings, emails, letters, fax, and telephone conversations,
- When we receive your personal data in the course of our professional work,
- When we receive references from business partners, associates and / or third parties,
- When you submit documents to us for the purpose of employment opportunities, seminars and / or any events organised by BDO Iceland,
- When and if photographs or videos of you are taken by BDO Iceland and / or our representatives during events hosted by us,
- When you visit our website and leave your personal data, including your IP address assigned to your computer,
- When you submit your personal data to us for any other reasons,
- When we collect information about you from other sources, including commercially available sources, such as public databases (where permitted by law).
2.1 Social Media
You can block or deactivate cookies in your browser settings. Please be aware that blocking or deactivating the cookies may, inter alia, affect the quality of your user experience on our website.
When you visit this web site, we may collect technical information such as your IP (Internet Protocol) address, details of the pages you visit on BDO.is, other pages you visit on the Web, and which browser you used to view BDO.is.
3. Types of Personal Data Collected
The types of personal data that we collect about you may include, but not limited to, your name, current job title, address, email address, telephone numbers and fax numbers. We will only collect sensitive personal data (such as passport or other identification numbers such as social security numbers, date of birth, bank account numbers, employment details such as attendance registration, health information, criminal records, employment agreements, family background and details, race and / or ethnicity) where it is voluntarily provided to us by you with your explicit consent, or where such personal data is required or permitted to be collected by law or professional and necessary for completing the service requested. This personal data will only be collected in accordance with the GDPR.
If you provide us with the personal data of anyone other than yourself (including your family members), you warrant that you have informed the owner of the personal data about the purposes for which his / her personal data will be used and that he / she has consented to your disclosure of his / her personal data to BDO Iceland for those purposes.
We understand the importance of protecting the information of children below the age of 16 years and do not knowingly collect or maintain information about children.
4.How We Use Your Personal Data
Personal data that we collect from you will only be used for the intended purpose(s) stated and / or communicated to you at the time that the personal data is collected. In addition, we may use the personal data that we have collected about you for the following purposes:
- Providing professional services to you as requested and contracted to do so,
- Sending you updates, materials and communications regarding the professional services rendered by BDO Iceland,
- Sending you information on seminars and conferences conducted by BDO Iceland,
- Responding to, processing and handling of your queries, feedback, and suggestions,
- Meeting or complying with any applicable laws, regulations or professional standards issued by any legal or regulatory bodies in Iceland,
- Verifying your identity, processing payments as well as managing our administrative and business operations,
- Managing the security of our premises, facilities, and technology infrastructure,
- All other purposes related to our business.
BDO only stores and processes data necessary for its purpose and allowed to process in accordance with law, contracts and agreements or informed consent by individuals and/or others that are involved in BDO ‘s projects.
If you are seeking employment or any other appointment with BDO Iceland or other members of the BDO network, we may use the personal data that we have collected from you for the following purposes:
- Processing and assessing your application,
- Performing background checks,
- Verifying your credentials and qualifications as well as obtaining employment references,
- All other purposes related to the process of employment or appointment.
BDO Iceland may process and / or transfer such personal data to other members of the BDO network and / or BDO’s subcontractors (which may be located in other territories) for the purposes of (i) providing professional services; (ii) maintaining BDO’s operations or client relationship management system; (iii) quality and risk management reviews, or (iv) providing you with information about BDO and / or BDO’s range of services.
Where your personal data is to be used for a different purpose and / or shared with a third party in a situation not mentioned above, we will seek your consent before proceeding to use and / or share your personal data.
It is BDO Iceland policy to avoid collecting excessive and / or irrelevant personal data. The data and information that BDO stores in its information systems are only used to enable the company to deliver requested service for the benefit of customers and according to a contract. BDO will never distribute personal information to other parties without permission. BDO Iceland does not collect and / or compile personal data for the purpose of sale to outside parties.
5.Who We Disclose Your Personal Data To
BDO Iceland will take reasonable steps to protect your personal data from unauthorised disclosure. Personal data that we collect from you may only be disclosed to other members of the BDO network and/ or third parties for the intended purpose(s) which was stated and / or communicated to you at the time that the personal data was collected. Such third parties shall provide BDO Iceland with written confirmation that they will provide adequate protection over the personal data in question. Personal data may also be disclosed to third parties where BDO Iceland is compelled to do so by the relevant authorities.
For avoidance of doubt, BDO Iceland privacy practices stated herein do not apply when you connect to the websites of BDO’s overseas offices and / or other third-party websites. You are encouraged to review the data protection and privacy policies of websites you choose to visit.
6.1 Obtaining Consent
Before we collect, use or disclose your personal data, we will notify you of the purpose(s) of such collection, usage and disclosure. We will not collect excessive and / or irrelevant personal data for the stated purpose(s). By providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing and disclosure of your personal data as described in this policy.
BDO Iceland shall obtain written confirmation from you on your express consent, unless processing of your personal data without your consent is permitted by the GDPR.
6.2 Third-Party Consent
If you are carrying out a transaction with us, having a face-to-face meeting with us, and / or providing us with any personal data on behalf of another individual, you must first notify and obtain consent from that other individual before we can collect, use and / or disclose his or her personal data. Such consent must be provided to us in writing.
6.3 Withdrawing Consent
If you wish to withdraw consent, you should give us reasonable advance notice in writing. The withdrawal of consent to BDO Iceland collection, use and / or disclosure of Personal Data may, amongst other things, affect the quality of services rendered to you. Upon your withdrawal of consent, we will cease (and cause our intermediaries and agents to cease) collecting, using, or disclosing the personal data unless it is authorised or required under applicable laws.
7 Accessing and Making Correction to Your Personal Data
You hold certain rights regarding your personal information, subject to local law. These include the following rights to: request access to the personal information that we may process on www.bdo.is, update or correct your details, restrict our use of your personal information, object to our use of your personal information, to receive your personal information in a usable electronic format and transfer it to a third party (if technically possible), or request that your personal details are deleted from our systems.
You may write in to BDO Iceland addressed to the Data Protection Officer (DPO) based on reasonable grounds, to find out how we have been using or disclosing your personal data and / or to request a copy of your personal data or contact at [email protected]
Before we attend your request, we will need to verify your identity. Thereafter, we will let you have an estimate of the time required to retrieve all the relevant personal data and the fee that we will charge for processing your request (our costs in administering your request). Upon confirmation of your acceptance of the fee, we shall respond to your written request within 30 days. You will also be informed in the event that BDO Iceland is unable to attend to your request.
8 Accuracy of Your Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data that we have collected from you is reasonably accurate, complete and up-to-date. If you are a client or if you would like to continue to receive updates, materials and communications regarding our professional services, seminars and / or conferences, it is important that you update us if there are any changes to your personal data such as email address etc. We will not be responsible for relying on inaccurate or incomplete personal data arising from your failure in updating us of any changes to your personal data that was initially provided to us.
9 Protection of Personal Data
BDO Iceland will take reasonable steps to ensure that personal data and confidential information are protected within our organisation. We will take the necessary security measures to protect your personal data that is under our care and control to prevent loss, modification, collection, unauthorised access, misuse, copying, alteration, disclosure and / or destruction.
External data intermediaries who process and maintain your personal data on our behalf will be bound by contractual data protection arrangements we have with them.
Although we use appropriate measures to protect your personal data, the transmission of data over the internet is never completely secure. We endeavour to protect your personal data, but cannot fully guarantee the security of data transmitted to us or by us.
10 Retention of Personal Data
We will not retain any of your personal data under our care and / or control where it is no longer necessary for providing the agreed services or for legal purposes.
We will ensure that your personal data that no longer has any business or legal use be destroyed or disposed in a secure manner. This applies to both physical documents and electronic data stored in databases.
11 Transfer of Personal Data Outside of Iceland
In the event that there is a need for us to transfer your personal data to another country, we will ensure that the standard of data protection in the recipient country is comparable to that of the European personal data, the GDPR.
13 Contact Information
You may contact our Data Protection Officer via email at [email protected] or write in to us at BDO ehf. Skútuvogi 1e, 104 Reykjavík if you would like to:
- Withdraw your consent to any use of your personal data,
- Obtain access to your personal data,
- Make corrections to your personal data,
- Clarify any questions relating to our collection, use and / or disclosure of your personal data,
- Make any complaint relating to how we manage your personal data.
Any query or complaint should include, at least, your full name, contact information and a brief description of the query or complaint. We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.
Last modified 3 March 2021.