Legal & Privacy

Introduction

BDO in Georgia is strongly committed to protecting the privacy and security of your personal information.

This Privacy Statement describes how we collect and use personal information about you, how we protect this information and the choices you can make about how we use this information in accordance with the General Data Protection Regulation (GDPR) and the Law of Georgia on Personal Data Protection

Personal data is any information relating to an identified or identifiable living person. BDO in Georgia processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.  
When collecting and using personal data, our policy is to be transparent about why and how we process personal data.  

Security

We take the security of all the data we hold very seriously.  

We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

We have security measures in place to protect our and our customers’ information (including personal data), which involve detecting, investigating and resolving security threats.

We monitor the services provided to customers for quality purposes, which may involve processing personal data stored on the relevant customer file. 

Legal basis

Legal bases for each processing activity are specified in the relevant sections above. When we process personal information for our legitimate interests, we make sure to consider and balance any potential impact on a data subject and the data subject’s rights under GDPR and the law of Georgia on Personal Data Protection.

Data processing activities

To find out more please go to the sections of this statement that are relevant to you.

  1. Recruitment applicants
  2. Business Contacts
  3. Employees of our corporate customers
  4. Individuals whose personal data we obtain in connection with providing services to our customers
  5. Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)
  6. Visitors to our offices
  7. Visitors to our website
  8. Others who get in touch with us

Data Sharing

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

We only share your information with third parties outside the country only based on the agreement with you and only to the third parties which are in compliance with the requirements of Personal Data Protection law.

Personal data held by us may be transferred to:

  • Other BDO member firms. For details of our member firm locations, please click here. We may share personal data with other BDO member firms where necessary for administrative purposes and to provide professional services to our customers.
  • We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud-based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers powering and facilitating that cloud infrastructure are in secure data centers around the world, and personal data may be stored in any one of them.
  • Third party organizations that otherwise assist us in providing goods, services or information
  • Auditors and other professional advisers
  • Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
  • Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

DATA RETENTION

We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements.

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services does not exceed 10 years.

Data Subject Rights

In certain circumstances, by law, you have the right to:

  • Request access to your personal information. This enables you to receive a copy of the personal information we hold about you.
  • Request correction of the personal information we hold about you.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to the processing of your personal information where we are relying on a legitimate interest as the legal ground for processing and there is something about your situation which makes you want to object to the processing on this ground.

If you would like to exercise any of the above rights, please contact our Data Protection Officer at Cert@bdo.ge

Changes to this privacy statement

We recognize that transparency is an ongoing responsibility, so we will keep this privacy statement under regular review.

This privacy statement was last updated on 25.05.2018.

CONTACT US

If you have questions about this privacy notice or how we handle your personal information please contact the firm’s Data Protection Officer, at 2 Tarkhnishvili Street, Tbilisi or Cert@bdo.ge

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Office of the Personal Data Protection Inspector, supervisory authority for data protection issues, using their website www.personaldata.ge