Supplier Privacy Notice

Third Party Privacy Notice - Service Provider Personal Information

Data privacy and information security are fundamental components of doing business and we are committed to protecting information assets, personal data and information relating to clients, employees and services providers.

This privacy notice describes how BDO Limited (‘BDO’ or ‘we) collects and processes personal information about service providers (‘you’); how we use and protect this information and your rights in relation to this information. We respect and protect your privacy and aim to be transparent in everything we do.

This privacy notice applies to all personal information we collect about you. Personal information is information or a combination of pieces of information that could reasonably allow you to be identified.

We may change and update this notice from time to time so please check this page to keep up to date.


We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g., when you contact us and provide services to us) and information we collect about you from other commercially available sources such as public databases (where permitted by law).

Certain personal information is required as a consequence of any contractual relationship we have with you or your employer, to enable us to carry out our contractual obligations to you or your employer. Failure to provide this information may prevent or delay the fulfilment of these obligations.

1.1 Information we collect directly from you

The categories of information that we may collect directly from you include the following:

a)   personal details (e.g., name, age, date of birth);

b)   contact details (e.g., phone number, email address, postal address or mobile number);


c)   financial details for the purposes of processing invoices.


We use your personal information to:

a)    carry out background checks prior to engaging you as a service provider;

b)    contact you with questions and other information regarding the services you provide;

c)    ensure that our records are kept accurate and up to date where you, your employees or contractors work on our facilities;

d)    pay invoices; and

e)    comply with legal obligations to which we are subject to.

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

a)   to fulfil our contractual obligations to you, for example to ensure that invoices are paid correctly, and for ensuring you are able to access our premises when required;

b)   to comply with our legal obligations to you, for example health and safety obligations while you are on our premises, or to a third party (e.g. the taxation authorities); and

c)   to meet our legitimate interests - to ensure that the services you provide are appropriate for our needs, that your services function correctly with our systems, that any complaints or concerns can be promptly relayed to you and our records are kept up to date and accurate. When we process your personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

For more information about the balancing test that we carry out to process your personal information to meet our legitimate interests or if you want to object to these uses of your personal information, please contact us at the details below.


Please let us know if any of the personal information that we hold about you changes so that we can correct and update the information on our systems.

In certain circumstances you may object to specific processing activities, require us to restrict how we process your personal information and ask us to share your personal information in a usable format with another company. Where you have given your consent to a particular type of processing, you may withdraw that consent at any time.

To exercise any of the above rights, please contact us using the contact details set out below.


In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.

We rely on third-party service providers to perform a variety of services on our behalf, which include accounting software and background checks. This may mean that we have to share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.

We include below a non-exhaustive list of additional situations in which we may disclose your personal information to a third party:

a)   where permitted by law, to protect and defend our rights and property; and

b)   when required by law and/or public authorities.


We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. We require all employees and principals to keep personal information confidential and only authorised personnel have access to this information.

We will retain your personal information in accordance with our data retention policy, which sets out data retention periods required or permitted by applicable law. We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to: maintain our business records for analysis and/or audit purposes; comply with record retention requirements under the law; defend or bring any legal claims; and deal with any complaints

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.


If you have questions or concerns regarding this Supplier Privacy Notice, please contact us on We have a designated Data Protection Team that will attend to any and all matters raised.