BDO in Thailand collects personal information from different sources depending on the services that we are providing or whether we are collecting this personal information for our internal business operations. For example, we may collect personal information directly from you when you retain us or your employer when your employer retains us. We may also collect personal information from other BDO member firms that we are assisting. We may also collect personal information through third parties who perform background checks and credit checks for us. In addition we may collect personal information through third party analytics and advertising firms who assist us in our marketing. These firms may provide us with data about your online activities on other sites where we show our advertising and marketing material.
We collect the following types of personal information:
- Contact information, such as your name, title, role, employer, telephone, email address, and mailing address.
- Visitor information when you attend at our offices or events, such as your name, company, and person you visited at our offices and events
- Mandate information, such as information about the services you have requested or the matters that you are involved in
- Services information, such as information that your provide or that we generate as part of our services. This information may include: financial, spousal and dependent, beneficiary, residency and other information relevant to providing tax, estate planning, and business planning, tax-related information when we are providing tax or financial advisory services; employee information, including salaries and benefits, when we are conducting restructuring services and management advisory services; customer and vendor information when we are conducting an audit or assisting with information technology implementation
- Public profiles, such as information that you have made public such as on LinkedIn or your company’s website
- Communications, such as the content of your emails, voicemails, and other communications with us
- Communication preferences and interests, such as when you subscribe to receive our newsletters, updates, or other materials
- Feedback, such as when you fill out client surveys or feedback forms at our events
- Recruitment information, such as CVs, references, and other information you may provide if you apply for employment or an internship, or that we collect as part of our recruitment activities
- Background check information, such as credit checks, criminal records checks, economic and other sanctions checks, credential checks and other background information
- Portal registration information, such as email address, password and activities using our client portal
- Device and browser information when you use our website www.bdo.th, a BDO in Thailand microsite (such as our client portal) or mobile apps, such as your IP address, browser type and version, time zone setting, operating system, device type, hardware model, MAC address, and network information
- Browsing information when you use our website www.bdo.th, a BDO in Thailand microsite or mobile app, such as URL clickstream data about your visit to, through and from our website, page response times, downloads, length of visits and interaction information
- Marketing interaction information, such as whether you opened one of our electronic newsletters or clicked on an advertisement or otherwise interacted with our marketing materials
We use personal information to provide services to our clients, to fulfil legal requirements and to operate, market and improve our business. Examples of why we use personal information are:
- Client services, such as conducting audits, preparing tax returns, providing management consulting and other advisory services to our clients and members of the BDO network
- Vendor management, such as managing the services that third parties deliver to us or to clients on our behalf
- Legal and regulatory compliance, such as conducting screening for conflicts, complying with anti-money laundering laws, conducting sanctions checks, and to maintain books and records that are required by law or that assist us in meeting our legal and regulatory obligations
- Relationship management, such as establishing, maintaining, and administering our relationship with you or your employer, and which may include client account opening, accounting, invoicing, risk analysis, conflict checking, and customizing the services we offer to you
- Business development, such as client pitches and offering you services that you may be interested in
- Recruitment, such as processing your application for employment or an internship or when we proactively recruit new partners or employees
- Communications, such as responding to your inquiries, sending you newsletters, updates, or other material, and managing your preferences
- Events management, such as reserving your place at our events, noting dietary restrictions or choices, and other event related purposes
- Feedback, such as client surveys, event feedback, and addressing concerns that you might have
- Security, such as monitoring who has had access to our premises, and protecting our client portal our website from misuse
- Website management, such as monitoring what visitors to our website, microsites and mobile apps find interesting and whether there are problems with features and functionality
- Improvement of our business, understanding what our clients and prospective clients find interesting, improving our website, improving how we use vendors to provide services to us or to our clients
We may share personal information in order to perform services for our client, to fulfil legal requirements or to operate, market and improve our business. The following are examples of who we may share personal information with:
- Service providers, who provide outsourced business services to us, who assist us in marketing and advertising or events, or who assist us in providing or managing our information technology and communications systems
- Screening service providers, who perform credit checks, sanctions screening, crime or anti-money laundering checks, and other background checks
- Clients, as part of work product, such as when we are retained to conduct an audit or investigation or prepare a report or advice, and your personal information is relevant to that work product
- Analytics providers and advertising networks, who support our analysis of the performance of our website, microsites and mobile apps and your interests, or who assist us in placing advertising on other sites,
- Emergency responders, emergency contacts, or public health authorities, when necessary to respond to an emergency, or address an urgent occupational health and safety issue or outbreak of communicable diseases
- Law enforcement bodies and regulators, when required under applicable laws, such as anti-money laundering reports, or where we are reporting a contravention of laws
- Other third parties, in the course of a commercial transaction involving the acquisition of or transfer of any part of our business
Consent and other legal bases
There may be several reasons why we might collect, use, share or otherwise handle your personal information. These include
- With your explicit or implicit consent, such as when you provide the personal information as part of a request for services or a product, when you provide the personal information for a specific purpose or we ask you to consent to our use of your personal information for a purpose or for the purposes set out in this Privacy Statement
- With the consent of someone with authority to provide the information to us, such as your employer or a third party who you provided the information and who has the legal right to share it with us
- Where is necessary to fulfil our legal obligations, such as where we need to conduct client screening, anti-money laundering checks, or for other legal and compliance purposes where the law permits us to handle personal information with your consent
- For the purposes of responding to legal claims against us
- To conduct investigations where the law permits us to handle personal information without your consent
We may use your business contact information to contact you in your business, role, function, or occupation without your consent. If we send you commercial electronic messages, we will comply with legislation, subject to any exceptions permitting us to send unsolicited commercial electronic messages. You may unsubscribe from our communications at any time.
We use physical, technical, and organizational security measures that are consistent with standards in the accountancy and professional services industry. These security measures are designed to protect the confidentiality and integrity of personal information in our custody. We use contractual or other means to require our service providers to protect the confidentiality and integrity of personal information we entrust to them. Unfortunately, no system of security measures can guarantee the security and privacy of personal information. If you are sharing highly sensitive information electronically with BDO in Thailand, please speak with us about methods of secure file transfers.
Location and retention
Personal information is stored primarily in Thailand. However, we may also use service providers around the world, except where we are restricted by legal or contractual requirements. The laws of other jurisdictions may not be as protective as those in Thailand and personal information held outside of Thailand may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of these other countries in accordance with their laws.
We retain information for the purposes for as long as it is necessary to fulfill the purposes for which we collected it. We also retain personal information to meet obligations under applicable laws and regulatory requirements and to maintain records for possible litigation or investigations. Our retention period will vary depending on the nature of the information that is held. For example, we may retain information about you for as long as you are a client. We may retain matter specific information for as long as the applicable limitation period for claims, which may be 15 years or in some jurisdictions longer. In addition, copies of personal data stored in our electronic backups may be retained until they are destroyed in accordance with the ordinary lifecycle of our backups.
Children and minors
We do not knowingly collect personal information from children or other persons who are under 14 years of age except as part of a client engagement (e.g. the preparation of tax returns, estate planning, and other legitimate reasons). Our website and marketing materials are only for use by individuals who have reached the age of majority in their province or country of residence.
Canadian privacy laws provide you with certain rights. Please see “How to contact us” for the contact information of our Privacy Office in order to exercise these rights.
- Access rights – you have the right to ask us if we have collected information about you and to obtain access to that information. If you wish to exercise this right, please send a written request to our Privacy Office. We will ask you for information to confirm your identity and may ask you to assist us in describing your relationship with us so that we can locate the relevant personal information. Please note that we may withhold disclosure of personal information in certain cases under applicable laws.
- Correction – you have the right to ask us to correct any incomplete or inaccurate personal information we hold about you. If we disagree with your correction request, we will insert a note in our files explaining the basis of our refusal to correct the information. We recommend that you raise any issue with incorrect, incomplete, or inaccurate personal information with the BDO in Thailand personnel who are assisting you. However, you may also make a request to the Privacy Officer.
- Withdraw of consent – you have the right to ask us to cease collecting, using, or sharing our personal information in some cases. We will do so if we have no further purpose for handling your personal information. You can unsubscribe from any of our electronic marketing communications using the unsubscribe links provided. You may communicate other requests to withdraw consent from the BDO in Thailand personnel who are assisting you or you may make a request to the Privacy Officer.
- Complaints – you have the right to make a complaint to our Privacy Office about our compliance with this Privacy Statement or applicable privacy laws. We encourage you to raise your concern with the BDO in Thailand personnel who are assisting you. However, if you make your complaint to the Privacy Office, we will investigate the matter and report to you about the investigation findings.
We may change this Privacy Statement from time to time. Please refer to the date at the bottom of this Privacy Statement for the last date. If there is an important change to our privacy practices, we will highlight the changes in this section.
How to contact us
To exercise your rights or to make a complaint, please contact the Privacy Office at any of the following:
Email: [email protected]
Telephone: +66 2 180 6000
Suite 128, Floor 20, Metropolis Building
725 Sukhumvit Road
Issue date: 1 July 2020