1. Purpose of the policy
BDO Tunisia is committed to protecting the privacy of personal data obtained through its operations as a professional services firm. BDO Tunisia is bound by the Tunisian Organic Act n°2004-63 of July 27th 2004 on the protection of personal data, and undertakes likewise to comply with the standards introduced by the European General Data Protection Regulation (GDPR).
2. Personal data processing general principles
The data controller described in this statement is BDO Tunisia .According to Article 5 of the GDPR, the collection and processing of the website users’ data must respect the following principles:
- Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Whenever personal data are collected, the user will be informed that his / her data are collected, and for what reasons his / her data is collected ;
- Limited Purposes: The collection and processing of data is performed to meet one or more of the objectives identified in this policy ;
- Minimizing the collection and processing of data: only the data necessary for the proper execution of the objectives pursued by the website are collected; reduced data retention over time: Data is kept for a limited time, of which the user is informed ;
- Integrity and confidentiality of the data collected and processed: the controller is committed to ensuring the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of GDPR, the collection and processing of personal data may only take place if they comply with at least one of the conditions listed above:
- The data subject has given consent to the processing of his/her personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.The treatment is due to a need to safeguard the vital interests of the data subject or of another natural person;
- Processing is necessary in order to protect the vital interests of the data subject.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
Personal Information collected by BDO Tunisia will not be transferred to other member firms of BDO International.
3. The kinds of personal information we collect and hold
BDO Tunisia collects personal information that is reasonably necessary for, or directly related to, its functions or activities, e.g. audit services, taxation advice and services, corporate finance, insolvency, financial planning and similar business activities.
As set out below, BDO also collects certain information that is not directly and specifically provided by third parties, such as an IP address, browsing pattern on the site, click stream, and the status of cookies placed on a computer. BDO does not collect any personal information other than information reasonably necessary for, or directly relating to, the primary purpose for which BDO has been engaged or may be engaged, or its other functions and activities.
4. How we collect personal information
BDO, when acting as controller, limits the collection of personal data to adequate, relevant and strictly necessary data for treatment.
BDO, acting as a subcontractor in order to carry out the tasks entrusted to it by its customers, undertakes contractually as part of its mission contracts to bring the greatest respect to safety and security. confidentiality of the personal data which it is required to deal with in this context.
We also log IP addresses, or the location of computers on the internet to help diagnose problems with our server and to administer the site. If the user prefers not to accept a cookie, they can set their web browser to warn them before accepting any cookies. Alternatively they can refuse all cookies by turning them off in their web browser.
5. How we use your personal information
BDO may at times use and disclose personal information about an individual for the “primary purpose” of collection (i.e. the dominant or fundamental purpose for which that information is collected). As well as providing services to clients, that “primary purpose” includes facilitating our internal business processes, communicating with clients, prospective clients and other external parties, providing ongoing marketing information about our products and services, complying with our legal obligations and dealing with enquiries and complaints.
In certain circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where a client would reasonably expect us to and the purpose is related to the purpose of collection).
For tax clients, tax file numbers:
- can be collected by tax agents and accountants;
- can be used only to conduct client’s affairs; and
Our policy is that we do not collect sensitive information about our clients or prospective clients. If any of our clients or prospective clients elects to provide us with any sensitive personal information, we will take all reasonable steps to ensure that the sensitive information is securely protected.
6. Disclosure of Personal Information
Personal information is not disclosed to a third party unless the disclosure is necessary to support the delivery of the client services for which BDO has been, or is expected to be, engaged, or is required by law.
In certain circumstances, BDO may also disclose personal information to third party service providers (such as IT service providers) who assist us to administer our business.
We may also provide a client’s or prospective client’s personal information to credit reporting bodies and other credit providers. Our separate credit reporting policy sets out how we deal with credit-related information.
Should it be necessary for BDO to forward personal information to third parties outside the firm, we will make every effort to ensure that the confidentiality of the information is protected.
7. How we store your personal information
BDO will take all reasonable steps to protect against the loss, misuse and/or alteration of the information under its control, including through appropriate physical and electronic security strategies. Only authorised BDO personnel are provided access to personal information, and these employees are required to treat this information as confidential. We may need to maintain records for a significant period of time. However, when we consider information is no longer needed, we will destroy or de-identify these records.
Our policy is that all electronic records are only stored within Tunisia whenever this is commercially feasible. However, on occasion, a limited number of specialist software applications may involve the storage of personal data at an overseas location where a suitable alternative is not available.
8. Accuracy of personal information
BDO will take all reasonable steps to make sure that any personal information collected, used or disclosed is accurate, complete and up to date.
If a person believes that the information we hold is inaccurate or out of date, they may contact our Privacy Officer and we will update the relevant information accordingly.
9. Access to personal information
Under the GDPR, a person has the right to request access to any personal information that we may hold about them and to advise us if the information should be corrected. The GDPR sets out the circumstances when we can refuse those requests. If we do refuse a request, we will provide the person with a written notice that sets out the reasons (unless it would be unreasonable to provide them).
Subject to our right to refuse access, BDO will provide the person with a report that lists any personal information that we may hold.
Our policy is to provide written acknowledgement of our receipt of any request for access to personal information or a request for correction of personal information within 7 days of the request being received. We will then provide a written response within 30 days of our receipt of the request.
In the event that an individual would prefer to submit a privacy request using a pseudonym or otherwise keep their identity secret, BDO will do its best to support that request if it is feasible to do so under the circumstances.
This Website was not intentionally designed for 13 years old children or younger. It is our policy never to knowingly collect or maintain information about anyone under the age of 13.
Therefore, we also encourage you to review this statement regularly to find out how we treat and protect your personal information.
12. Data Protection Officer
Our Data Protection Officer (DPO) is our Consultant Oussema Dahmen (ODH).
13. Privacy Enquiries
If you wish to make an enquiry about your personal information at BDO Tunisia, or make a complaint because you believe that we may have breached the General Data Protection Regulation or a privacy code that applies to us, please email our nominated Data Protection Officer at [email protected] or phone +216 71 753 754.
We will respond to each request within a reasonable time.