Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data we process about you

We process personal data such as name, contact details (e-mail address, address and telephone number), company, department, position, university, education and study term. This data is collected either when you become a customer of ours, when you contact us and provide us with your personal data, or when we receive the personal data from third parties.

Why we process your personal data

We process your personal data in order to communicate and send you our marketing. This includes newsletters, information about BDO and invitations to events or seminars.

We process personal data on a legitimate interests basis and our legitimate interest is to reach you with information about our services and to establish or maintain a business relationship with you. We always tailor our marketing to your professional role, to offer information and events that may be of interest and relevance to you.

We also process personal data about students in order to be able to communicate information about the recruitment needs of BDO. Such processing of information about students may also be based on consent.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate, and secure manner.

If we conduct joint campaigns with a partner, we may share your personal data with that partner.

How long we process and store your personal data

Where we process your personal data on a legitimate interests basis, we will process it until you choose to unsubscribe from our marketing. When you unsubscribe, or withdraw your consent, we will immediately stop processing your personal data for the relevant purposes. You can easily unsubscribe. or withdraw your consent, at any time by clicking on the "unsubscribe" link in our mailings or contact us at gdprrequest@bdo.se.

If you have not opted out, or withdrawn your consent, we will stop processing your personal data for marketing purposes after two (2) years, provided that we have not established a customer or employment relationship with you.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data we process about you

We process personal data such as name, contact details (e-mail address, address and number), company, department, and position. This data is collected from you in connection with registration for events or seminars.

We may process personal data about allergies and other food preferences at certain events. This information is also collected from you when you register for our events or seminars.

In the event of us taking photographs and/or filming at our events and seminars, we also process data about you in the form of images and recorded material. Being photographed is optional and we organise our seminars so that only those who agrees are photographed.

Why we process your personal data

We process names, contact details, and company information in order to communicate, provide, administer, and evaluate our events and seminars.

We process the data on the basis of the consent you have given when registering for an event or seminar.

We process personal data on allergies and/or food preferences for the purpose of pre-ordering food and beverages, and with your consent.

We process photographs and videos to inform about and promote our activities on our website, in printed materials and on social media. We process the data on the basis of a balancing of interests and BDO's legitimate interest in marketing our business.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate and secure manner.

If an event or seminar is held with a partner, your personal data may be shared with that party.

How long we process and store your personal data

We process your personal data for this purpose until the event or seminar is completed or until you withdraw your consent.

We process personal data about allergies or other food preferences only until the event or seminar has taken place.

We delete photos and videos from our seminars two (2) years after the end of the event unless you ask us earlier to delete photos and videos in which you appear.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data we process about you

The personal data that will be processed is obtained from the client, their group company (if applicable), or other, such as the Tax Agency, the Swedish Companies Registration Office or publicly available sources. The personal data relates to authorised representatives and other persons whose personal data is needed to manage the client relationship as well as data on the beneficial owner.

The categories of personal data that may be processed include contact details such as name, address, social security number/coordination number, telephone number, e-mail address, department, and job title. In connection with the registration of the client, BDO will also process data and documents confirming the identity of the persons representing the client and, where applicable, process personal data related to convictions and offences within the framework of the client due diligence measures that we are obliged by law to take in accordance with money laundering and auditing legislation.

Why we process your personal data

The personal data is processed prior to the acceptance of clients and/or assignments and in connection with the performance of the assignment in order to carry out independence checks, quality checks, checks on conflicts of interest, measures pursuant to the Act (2017:630) on measures against money laundering and terrorist financing ("Money Laundering Act"), the Auditor Act (2001:883), and the Audit Act (1999:1079). We also process personal data to document that the above measures have been taken. Such processing is necessary to meet BDO's legal obligations.

We will process personal data for other risk management measures such as insurance matters and documentation of work performed in order to protect ourselves against possible legal claims. This processing is necessary for BDO's legitimate interest in managing risks and possible claims.

We will process personal data to carry out our internal financial accounting necessary to meet our legal obligations under the Accounting Act (1999:1078) and other financial legislation.

We may process personal data from customers in order to improve the efficiency and development of the services we offer to our customers. The processing is justified by a balancing of interests where we have assessed that our legitimate interest in being able to develop our services outweighs the rights and freedoms of the data subject.

Finally, we may process personal data for internal administrative purposes that are necessary to comply with the contract we have entered into with the customer, which includes, for example, processing to collect payments and provide the customer with access to necessary systems and services. This processing is justified by our legitimate interest in being able to deliver and carry out our obligations under the contract with the customer.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate, and secure manner.

Personal data may be processed by BDO's network agencies or others engaged by BDO for the purpose of carrying out the activities referred to above on behalf of BDO or for the purpose of any quality control; they may be based both within and outside the EU/EEA.

Where appropriate, we also disclose personal data to:

• Authorities where such disclosure is provided by law.
• Our trade association FAR in connection with any quality control.
• Banks and debt collection agencies.
• Insurers.
• Law firms to observe our legal interests, if any.

How long we process and store your personal data

Personal data we process to fulfil our legal obligations under money laundering legislation is deleted five (5) years after the business relationship has ended.

Any data relating to payment and for which processing is required under the Accounting Act is deleted after seven (7) years.

Personal data that we process for the purpose of fulfilling our contract with you, the customer you are employed by or contracted to, is initially processed for as long as is necessary for us to administer the contractual relationship, exercise our rights and obligations, and fulfil our commitments to you.

Completed contracts and documentation from the completed assignment that may contain your personal data are deleted ten (10) years after the contract expires in accordance with the rules on the statute of limitations in the Limitation Act (1981:130).

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data we process about you

In addition to what is stated under the section "Personal data processed about our clients and our clients' employees for internal purposes", BDO will process the personal data required to perform the audit assignment in accordance with applicable laws and good auditing practice in Sweden.

BDO will process personal data obtained from the audit client, the client's group company (if applicable), the client's suppliers (e.g. accounting firm) or others, such as the Swedish Tax Agency, the Swedish Companies Registration Office or publicly available sources, in order to perform and document the audit engagement.

When performing audit assignments in the form of statutory or contractual audits of clients, BDO will process personal data through the audit performed by the client. The audit may involve processing of personal data required in the audit procedures and may include personnel costs, board minutes or other necessary data relating to the audited client's business. Depending on the audit carried out, different personal data will be processed. The personal data that may be processed relates to the client's owners and staff, but also other persons such as the client's own customers and suppliers when this is necessary to conduct a statutory audit.

The following categories of personal data may be processed:

• Contact details such as name, address, telephone number, and e-mail address,
• Details of employment such as employee number, department, post, and length of service,
• Health and absence data, such as medical certificates and data on sick leave, leave of absence or parental leave,
• Trade union affiliation,
• Personal number/coordination number,
• Information on financial circumstances such as bank account details, details of salary and other benefits, insurance details, and details of company car registration number,
• Insurance and pension data, and
• Other categories of personal data necessary to conduct the audit in accordance with applicable law and good auditing practice.

Why we process your personal data

The purpose of the processing is to enable us to carry out the audit assignment in accordance with the applicable laws and good auditing practice in Sweden.

The legal basis for this processing of personal data is that the processing is necessary for us to be able to fulfil our legal obligations to carry out an audit in accordance with applicable laws and good auditing and auditing practice in Sweden.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate and secure manner.

Personal data may be processed by BDO's network agencies and others engaged by BDO for the purpose of carrying out the activities referred to above on behalf of BDO or for the purpose of any quality control; they may be based both within and outside the EU/EEA.

Where appropriate, we also disclose personal data to:

• Authorities where such disclosure is provided by law.
• Our trade association FAR in connection with any quality control.
• Other audit firm in cases where our client is part of a group and another audit firm is the selected auditor of the parent company of the same group.
• The incoming auditor, who replaces us as auditor of the company.
• Law firms to observe our legal interests, if any.

How long we process and store your personal data

The personal data will be processed for the time necessary to carry out the audit. Thereafter, the documented audit will be deleted after ten (10) years from the end of the year in which the audit is completed.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data we process about you

In addition to what is stated under the heading "Personal data processed about our clients and our clients' employees for internal purposes", BDO will have access to personal data in certain engagements in order to perform our assignment with the client.

BDO will process personal data obtained from the client, its group companies (if applicable), or others, such as the Swedish Tax Agency, the Swedish Companies Registration Office or publicly available sources, in order to perform and document the assignment. Personal data will be processed in accordance with applicable law.

When carrying out assignments, BDO will process personal data only in the manner necessary to conduct the assignment. This may involve processing personal data required by the assignment and may include staff costs, board minutes, or other necessary data relating to the client's business. Depending on the assignment carried out, different personal data will be processed. The personal data that may be processed are personal data of the customer's owners and staff, but also other persons such as the customer's own customers and suppliers when this is necessary to carry out our assignment for the customer.

The following categories of personal data may be processed:

• Contact details such as name, address, telephone number, and e-mail address,
• Details of employment such as employee number, departmental, position, and length of service,
• Health and absence data, such as medical certificates and data on sick leave, leave of absence, or parental leave,
• Trade union affiliation,
• Personal number/coordination number,
• Information on financial circumstances such as bank account details, details of salary and other benefits, insurance details, and details of company car registration number,
• Insurance and pension data, and
• Other categories of personal data necessary for the individual assignment.

Why we process your personal data

The purpose of the processing is to enable us to fulfil the assignment we are contracted to carry out for our client.

Our legal basis for this processing is a balancing of interests where our legitimate interest in being able to perform our assignment for the customer outweighs the risks that the processing poses to the data subject.

In cases where we enter into a contract directly with you as a data subject, we base this processing on the contract that we have entered into with you.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate, and secure manner.

Personal data may be processed by BDO's network agencies and others engaged by BDO for the purpose of carrying out the activities referred to above on behalf of BDO or for the purpose of any quality control; they may be based both within and outside the EU/EEA.

Where appropriate, we also disclose personal data to:

• Authorities where such disclosure is provided by law.
• Our trade association FAR in connection with any quality control.
• Others with whom we may need to share information in order to carry out our assignment.
• Law firms to observe our legal interests, if any.

How long we process and store your personal data

The personal data will be processed for the time necessary to carry out the assignment. Thereafter, the necessary working material is kept for ten (10) years after the end of the assignment in accordance with the statute of limitations in the Limitation Act (SFS 1981:130) in order to protect BDO against possible legal claims.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA  which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

See our Jobseeker Privacy Policy (Swedish) for information on how we process your personal data in connection with your application for any of our services. 

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data we process about you

We process the personal data name and e-mail address. This data is collected either from you in connection with registration for our alumni network or when you contact us and request to be a part of our alumni network.

Why we process your personal data

We process your personal data in order to communicate, provide, administer, and evaluate our alumni network. This can include newsletters, information about BDO and invitations to alumni events.

We process the data on the basis of the permission you have given when register to our alumni network.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate, and secure manner.

How long we process and store your personal data

We will process your personal data until you choose to unsubscribe from our alumni network. When you unsubscribe, we will immediately stop processing your personal data. You can easily unsubscribe at any time by contact us at alumni@bdo.se.

If we have not heard from you in three (3) years, we will unsubscribe you and stop the processing of your personal data.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data.

What personal data do we process

We collect your personal data, such as name, telephone number, email address, and job title, from your employer or, where applicable, client, in connection with the business relationship that exists between us and your employer or client, or that you provide to us in the course of the business relationship.

Why we process your personal data

For you as an employee or contractor of a supplier:

Your personal data as an employee or contractor of a supplier to us is processed in accordance with the contract we have entered into with the supplier for the purposes of invoice processing, payment, and administration of the contractual relationship, management of deliveries, contact, and communication. Your personal data is processed on the basis of a balancing of interests. Our legitimate interest is to be able to administer contracts and fulfil our obligations to our suppliers (your employer or client).

Where applicable, we process personal data about you as an employee or contractor of the supplier for accounting purposes, for example in relation to invoicing or payment for the supplier's services or products. This processing is carried out on the basis of legal obligations under the Swedish Accounting Act (1999:1078).

If you are a sole proprietorship:

If you provide your personal data to us as a sole trader, we process your personal data because it is necessary for the fulfilment of our contract or to take steps you request prior to the conclusion of a contract. We also process the data in order to administer the contract and maintain ongoing contact with you, as well as to order and use your business services.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate, and secure manner.

Personal data may be processed by BDO's network agencies and/or others engaged by BDO for the purpose of carrying out the activities mentioned above on BDO's behalf; they may be based both within and outside the EU/EEA.

Where appropriate, we also disclose personal data to:

• Authorities where such disclosure is provided by law.
• Banks and debt collection agencies.
• Insurers.
• Law firms to observe our legal interests, if any.

How long we process and store your personal data

Personal data that we process for the purpose of fulfilling our contract with you/the supplier you are employed by or contracted by is initially processed for as long as is necessary for us to administer the contractual relationship, exercise our rights, and fulfil our obligations in relation to you/the supplier you are employed by or contracted by.

Any data relating to payment and for which processing is required under the Accounting Act are processed for seven (7) years under the Accounting Act.

Concluded contracts that may contain personal data are deleted ten (10) years after the contract expires due to the statute of limitations in the Limitation Act.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data collected through cookies when you visit www.bdo.se

What personal data we process about you

When you visit our website, we may collect technical information such as your IP (Internet Protocol) address, details of the pages you visit on www.bdo.se or on other pages you visit online, and the browser you used to visit www.bdo.se. 

This site collects usage statistics and technical data to measure and improve the effectiveness of the site, to help diagnose problems with our server, to administer the site, to see where traffic is coming from, and to identify our users. We may also collect other information through www.bdo.se, such as usage activities and preferences for the website, also known as demographic or profile data. In these contexts, we may use "cookies" to collect the information. For more information, see our cookie policy.

We collect personal data from you in the following situations:

• When you register to participate in an event, (for Information on how we process your personal data in connection with an event see "Personal data processed in connection with registration and participation in events and seminars".
• When you subscribe to our newsletter (for information on how we process your personal data for marketing purposes see "Personal data processed for our marketing purposes (information mailings about seminars, events, newsletters and other mailings".
• When you contact us to request further information.

We collect as little information as possible to handle your request. We will indicate whether the information you provide is optional or mandatory. We will normally only request additional information in order to provide the most appropriate response to an enquiry.

Why we process your personal data

We only use personal data to process your request, to manage www.bdo.se and the services we offer you through www.bdo.se, as described in this Privacy Policy.

Your personal data is processed in order to collect statistics from our website to improve the user experience of our website and to understand how our website is used by visitors. We also use cookies for marketing purposes.

The personal data is processed with your consent as you always have the option to choose which types of cookies you want to accept.

If you do not want to allow cookies to be stored on your computer, you can always set this in your browser or refuse the cookies you do not want to be used when you visit our website.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate and secure manner.

Your personal data may also be disclosed to third parties who are themselves data controllers for their processing of your personal data. Third parties may use technology that tracks your online activities across multiple websites, please see our cookie policy for more information on who we share data with through the use of cookies.

How long we process and store your personal data

We will only retain your personal data retrieved from our website for the period necessary to fulfil your request or to carry out the processing for which your personal data is collected.

How long we process your personal data processed through the use of cookies varies depending on the cookie placed on your device. Permanent cookies remain on your computer until you delete them, while temporary cookies are deleted once the expiry date has passed.

Session cookies have no expiry date and are stored temporarily on your computer while you are on our website. When you close your browser, any session cookies will disappear. Read more about our cookie duration times in our cookie policy.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA  which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, BDO's Binding Corporate Rules for data controllers and processors will be used.

Who is responsible for processing your personal data

BDO is the data controller for the processing of your personal data collected when you communicate with us by e-mail or telephone.

What personal data we process about you

We only process the personal data that you provide to us in connection with your communication with us. This includes names, contact details, but may also be other personal data that you provide to us in your communications.

Why we process your personal data

We only use personal data to process your request and to communicate with you.

The personal data is processed based on the balancing of interests of our legitimate interest in handling requests and communicating with you when you contact us. In some cases, we also have a legal obligation to process your personal data, for example to comply with your rights under the GDPR.

Who has access to your personal data

Your personal data is processed by BDO. Data is shared with providers of mainly IT services who act as data processors and who process personal data on our behalf. We have entered into data processor agreements with all data processors to ensure that your personal data is processed in a lawful, accurate, and secure manner.

How long we process and store your personal data

We will only keep your personal data for as long as is necessary to process your request. Where necessary, we may also keep your personal data for longer in order to process and document your request. We will process your personal data for a maximum of 10 years.

Transferring your personal data outside the EU/EEA

Your personal data may be transferred to and processed in a country outside the EU/EEA which does not have the status of an adequate protection country according to the European Commission. If and when this may be the case, the transfer of personal data will be in accordance with applicable data protection legislation and based on the European Commission's approved standard contractual clauses. In case of transfer to other BDO network firms within the BDO network, the BDO Binding Corporate Rules for data controllers and processors will be used.

You can exercise your rights in relation to our processing of your personal data at any time. See the different rights you have and what they mean below.

Access to your personal data

You have the right to request and receive confirmation from us that we are processing your personal data. This right also includes access to your personal data that we process, together with information about the processing and your rights (a so-called 'register extract').

Request for rectification of your personal data

You have the right to obtain, without undue delay and upon request, the rectification or completion of your personal data if any personal data relating to you is inaccurate or incomplete. If and when your personal data changes, we ask you to notify us of these changes as soon as possible so that we can correct and update your personal data.

Withdraw your consent

To the extent that we process your personal data on the basis of your consent, you have the right to withdraw your consent to further processing at any time.

Erasure and restriction

You have the right to request that your personal data or parts of your personal data be erased, for example if the personal data is no longer necessary for the purposes for which it is collected or otherwise processed, or if the personal data has been processed unlawfully. However, this does not apply to the extent that processing is necessary, for example, to comply with a legal obligation or to establish, exercise, or defend legal claims.

You also have the right to request a restriction of the processing of your personal data. Restriction means that we mark your personal data so that in the future we may only process it for limited purposes. As with your right to erasure, this is not an absolute right and we may need to refuse your request if the processing is necessary for us to comply with a legal obligation or other necessary processing.

Right to object to the processing of your personal data

You have the right to object to the processing of your personal data based on a balance of interests and the processing of your personal data for direct marketing purposes. You can easily send an email to gdprrequest@bdo.se.

Right to data portability

You have the right to request that we share your personal data in a readable format with another company/organisation.

To exercise your rights

To exercise any of these rights outlined above, you can send an email to gdprrequest@bdo.se at any time. We will process all such requests in accordance with applicable law.

If you do not wish to receive future marketing communications from us, you can always unsubscribe from the newsletter directly in the newsletter or by sending an email to gdprrequest@bdo.se stating the email address you would like us to remove from our mailing list. However, your choice not to receive advertising and marketing shall not prevent us from responding to you, by email or otherwise, regarding other business relationships you have with us.