Þessi síða notar cookies til þess að sníða efni og innihald betur að hverjum notanda. Með notkun þinni á síðunni samþykkir þú notkun cookies. Vinsamlegast lesið friðhelgisstefnuna til þess að fá frekari upplýsingar um notkun cookies og hvernig mögulegt er að eyða þeim eða blokka.
  • Privacy Policy

Privacy Policy

1. Introduction

BDO in Iceland is a member of BDO International Ltd, a UK company limited by guarantee, and forms part of the worldwide network of independent legal entities, each of which provides professional services under the name “BDO”.

BDO is an international network of independent public accounting, tax and advisory firms (the “BDO network”), which perform professional services under the name of BDO (the “BDO member firms”). BDO International Limited (“BDOI”) is a UK company limited by guarantee. It is the governing entity of the BDO network.

Each of BDOI and the member firms is a separate legal entity and has no liability for another such entity's acts or omissions. Nothing in the arrangements or rules of the BDO network shall constitute or imply an agency relationship or a partnership between BDOI and the member firms.

This privacy policy (“Privacy policy”) applies only to the www.bdo.is web site (or the “web site”) which is provided by BDO in Iceland (also referred to below as “we”, “us”, “our” or “BDO”) and not to the various separate web sites as per each location where BDO is present it redirects you to.

Please note that the other country or specific websites contained within www.bdo.is are provided by the applicable BDO member firms or related entities managing them and are not the responsibility of BDO. Such websites, as well as other websites that may be linked to this web site, are not governed by this Privacy Statement. We encourage visitors to review each of these other web site's privacy statements before disclosing any personal information.

BDO Iceland respects the privacy and confidentiality of clients and visitor personal data collected.  We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the General Data Protection Regulation (“GDPR”) (EU) 2016/679 in processing and holding your personal data.  You share certain personal data with BDO to enable our staff to give you the best possible service as agreed. The personal data that BDO processes will depend on the assignment, but we ask you to provide us with only the data that are strictly necessary so that we can guarantee the agreed form of service. BDO Iceland places great emphasis on ensuring, in a variety of ways, confidentiality, reliability and safe, secure, and responsible handling of information.

By using BDO.is and providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing and disclosure of your personal data as described in this policy. 

 1.1 Compliance with Local Law and General Data Protection Regulation

We will first and foremost comply with the GDPR and any applicable local law.   European personal data will be processed in accordance with the GDPR.  Where local law requires a higher level of protection for personal data than is provided for in the GDPR, the higher level of protection will take precedence and be applied to the processing of the personal data.  We will ensure that complying with the GDPR does not conflict with local data and personal laws.

We have developed this Privacy Policy to assist you in understanding how we collect, use, disclose, process, and retain your personal data.


2.How We Collect Your Personal Data

The GDPR defines personal data as any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (henceforth, collectively referred to as “personal data”).

We generally collect personal data through the following methods and / or channels:

  • When you engage BDO Iceland to render professional services to you,
  • When and if BDO Iceland record CCTV footage while you are within our premises,
  • When you interact with BDO Iceland via face to face meetings, emails, letters, fax, and telephone conversations,
  • When we receive your personal data in the course of our professional work,
  • When we receive references from business partners, associates and / or third parties,
  • When you submit documents to us for the purpose of employment opportunities, seminars and / or any events organised by BDO Iceland,
  • When and if photographs or videos of you are taken by BDO Iceland and / or our representatives during events hosted by us,
  • When you visit our website and leave your personal data, including your IP address assigned to your computer,
  • When you visit our website, which may use cookies to facilitate the management and maintenance of our website as well as improved navigation by visitors,
  • When you submit your personal data to us for any other reasons,
  • When we collect information about you from other sources, including commercially available sources, such as public databases (where permitted by law).


2.1 Social Media

We may host various blogs, forums, and other social media applications such as Facebook and LinkedIn that allow you to share content with other users (collectively “Social Media Applications”).  Any personal information that you contribute to these Social Media Applications can be read, collected and used by other users of the application, including BDO Iceland.  Any personal data that you share over Social Media Applications will not be covered and / or protected by this Data Protection and Privacy Policy.

2.2 Cookies

We may use cookies to identify you from other users on our website to improve your navigation.  A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device. By continuing to use our website, you are agreeing to the use of cookies on our website.

You can block or deactivate cookies in your browser settings.  Please be aware that blocking or deactivating the cookies may, inter alia, affect the quality of your user experience on our website.  

When you visit this web site, we may collect technical information such as your IP (Internet Protocol) address, details of the pages you visit on BDO.is, other pages you visit on the Web, and which browser you used to view BDO.is.



3. Types of Personal Data Collected

The types of personal data that we collect about you may include, but not limited to, your name, current job title, address, email address, telephone numbers and fax numbers.  We will only collect sensitive personal data (such as passport or other identification numbers such as social security numbers, date of birth, bank account numbers, employment details such as attendance registration, health information, criminal records, employment agreements, family background and details, race and / or ethnicity) where it is voluntarily provided to us by you with your explicit consent, or where such personal data is required or permitted to be collected by law or professional and necessary for completing the service requested.  This personal data will only be collected in accordance with the GDPR.

If you provide us with the personal data of anyone other than yourself (including your family members), you warrant that you have informed the owner of the personal data about the purposes for which his / her personal data will be used and that he / she has consented to your disclosure of his / her personal data to BDO Iceland for those purposes.

We understand the importance of protecting the information of children below the age of 16 years and do not knowingly collect or maintain information about children.


4.How We Use Your Personal Data

Personal data that we collect from you will only be used for the intended purpose(s) stated and / or communicated to you at the time that the personal data is collected.  In addition, we may use the personal data that we have collected about you for the following purposes:


  • Providing professional services to you as requested and contracted to do so,
  • Sending you updates, materials and communications regarding the professional services rendered by BDO Iceland,
  • Sending you information on seminars and conferences conducted by BDO Iceland,
  • Responding to, processing and handling of your queries, feedback, and suggestions,
  • Meeting or complying with any applicable laws, regulations or professional standards issued by any legal or regulatory bodies in Iceland,
  • Verifying your identity, processing payments as well as managing our administrative and business operations,
  • Managing the security of our premises, facilities, and technology infrastructure,
  • All other purposes related to our business.

BDO only stores and processes data necessary for its purpose and allowed to process in accordance with law, contracts and agreements or informed consent by individuals and/or others that are involved in BDO ‘s projects.


If you are seeking employment or any other appointment with BDO Iceland or other members of the BDO network, we may use the personal data that we have collected from you for the following purposes:

  • Processing and assessing your application,
  • Performing background checks,
  • Verifying your credentials and qualifications as well as obtaining employment references,
  • All other purposes related to the process of employment or appointment.

BDO Iceland may process and / or transfer such personal data to other members of the BDO network and / or BDO’s subcontractors (which may be located in other territories) for the purposes of (i) providing professional services; (ii) maintaining BDO’s operations or client relationship management system; (iii) quality and risk management reviews, or (iv) providing you with information about BDO and / or BDO’s range of services.

Where your personal data is to be used for a different purpose and / or shared with a third party in a situation not mentioned above, we will seek your consent before proceeding to use and / or share your personal data.

It is BDO Iceland policy to avoid collecting excessive and / or irrelevant personal data. The data and information that BDO stores in its information systems are only used to enable the company to deliver requested service for the benefit of customers and according to a contract. BDO will never distribute personal information to other parties without permission. BDO Iceland does not collect and / or compile personal data for the purpose of sale to outside parties.


5.Who We Disclose Your Personal Data To

BDO Iceland will take reasonable steps to protect your personal data from unauthorised disclosure. Personal data that we collect from you may only be disclosed to other members of the BDO network and/ or third parties for the intended purpose(s) which was stated and / or communicated to you at the time that the personal data was collected.  Such third parties shall provide BDO Iceland with written confirmation that they will provide adequate protection over the personal data in question.  Personal data may also be disclosed to third parties where BDO Iceland is compelled to do so by the relevant authorities.

For avoidance of doubt, BDO Iceland privacy practices stated herein do not apply when you connect to the websites of BDO’s overseas offices and / or other third-party websites. You are encouraged to review the data protection and privacy policies of websites you choose to visit.



6.1 Obtaining Consent

Before we collect, use or disclose your personal data, we will notify you of the purpose(s) of such collection, usage and disclosure.  We will not collect excessive and / or irrelevant personal data for the stated purpose(s). By providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing and disclosure of your personal data as described in this policy.

BDO Iceland shall obtain written confirmation from you on your express consent, unless processing of your personal data without your consent is permitted by the GDPR.

6.2 Third-Party Consent

If you are carrying out a transaction with us, having a face-to-face meeting with us, and / or providing us with any personal data on behalf of another individual, you must first notify and obtain consent from that other individual before we can collect, use and / or disclose his or her personal data.  Such consent must be provided to us in writing.

6.3 Withdrawing Consent

If you wish to withdraw consent, you should give us reasonable advance notice in writing.  The withdrawal of consent to BDO Iceland collection, use and / or disclosure of Personal Data may, amongst other things, affect the quality of services rendered to you. Upon your withdrawal of consent, we will cease (and cause our intermediaries and agents to cease) collecting, using, or disclosing the personal data unless it is authorised or required under applicable laws.

7 Accessing and Making Correction to Your Personal Data

You hold certain rights regarding your personal information, subject to local law. These include the following rights to: request access to the personal information that we may process on www.bdo.is, update or correct your details, restrict our use of your personal information, object  to our use of your personal information, to receive your personal information in a usable electronic format and transfer it to a third party (if technically possible), or request that your personal details are deleted from our systems.

You may write in to BDO Iceland addressed to the Data Protection Officer (DPO) based on reasonable grounds, to find out how we have been using or disclosing your personal data and / or to request a copy of your personal data or contact at [email protected]

Before we attend your request, we will need to verify your identity.  Thereafter, we will let you have an estimate of the time required to retrieve all the relevant personal data and the fee that we will charge for processing your request (our costs in administering your request).  Upon confirmation of your acceptance of the fee, we shall respond to your written request within 30 days. You will also be informed in the event that BDO Iceland is unable to attend to your request.

You may request access and / or a copy of your personal data subject to the requirements of the GDPR (subject to applicable exemptions), to update and / or correct the personal data that is in the possession or under the control of BDO Iceland.  You may do so by writing to us (please refer to Section 13 of this Privacy Policy).

8 Accuracy of Your Personal Data

We will take reasonable precautions and verification checks to ensure that the personal data that we have collected from you is reasonably accurate, complete and up-to-date.  If you are a client or if you would like to continue to receive updates, materials and communications regarding our professional services, seminars and / or conferences, it is important that you update us if there are any changes to your personal data such as email address etc. We will not be responsible for relying on inaccurate or incomplete personal data arising from your failure in updating us of any changes to your personal data that was initially provided to us.


9 Protection of Personal Data

BDO Iceland will take reasonable steps to ensure that personal data and confidential information are protected within our organisation. We will take the necessary security measures to protect your personal data that is under our care and control to prevent loss, modification, collection, unauthorised access, misuse, copying, alteration, disclosure and / or destruction.

External data intermediaries who process and maintain your personal data on our behalf will be bound by contractual data protection arrangements we have with them.

Although we use appropriate measures to protect your personal data, the transmission of data over the internet is never completely secure. We endeavour to protect your personal data, but cannot fully guarantee the security of data transmitted to us or by us.


10 Retention of Personal Data

We will not retain any of your personal data under our care and / or control where it is no longer necessary for providing the agreed services or for legal purposes.

We will ensure that your personal data that no longer has any business or legal use be destroyed or disposed in a secure manner. This applies to both physical documents and electronic data stored in databases.

Should you require your personal data to be deleted from our records, please contact us in writing (please refer to Section 13 of this Privacy Policy).  Precisely how long will depend on the specific data and the form of service for which your data are processed for and is laid down in various laws. A record and retention policy ensures that the correct retention period is adhered to.


11 Transfer of Personal Data Outside of Iceland

In the event that there is a need for us to transfer your personal data to another country, we will ensure that the standard of data protection in the recipient country is comparable to that of the European personal data, the GDPR.


12 Updates on Data Protection & Privacy Policy

As part of our efforts in implementing the latest policies, practices and processes, we will be reviewing these policies, practices and processes from time to time.  We reserve the right to amend the terms of this Privacy Policy at our absolute discretion.  Any amended Privacy Policy will be posted on our website.  You are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.

13 Contact Information

You may contact our Data Protection Officer via email at [email protected]  or write in to us at BDO ehf. Skútuvogi 1e, 104 Reykjavík if you would like to:

  • Withdraw your consent to any use of your personal data,
  • Obtain access to your personal data,
  • Make corrections to your personal data,
  • Clarify any questions relating to our collection, use and / or disclosure of your personal data,
  • Make any complaint relating to how we manage your personal data.

Any query or complaint should include, at least, your full name, contact information and a brief description of the query or complaint. We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.


Last modified 3 March 2021.