Privacy Statement - Website

 
Introduction

BDO Portugal respects your privacy and is committed to protecting your personal data. This privacy notice explains, in a clear and transparently manner, how we collect, use and safeguard your information when you visit our website www.bdo.pt.

We encourage you to read this notice carefully to understand the measures we adopt to ensure compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), Law No. 58/2019 of 8 August, and other applicable national and European data protection legislation.

By continuing to browse our website, you are deemed to have read and accepted the terms of this privacy notice, particularly with respect to the processing of personal data that you voluntarily provide and/or that is automatically collected during your navigation.

Please note that content relating to other jurisdictions or websites accessible from www.bdo.pt may be managed by other BDO network entities or third parties and is not under the direct responsibility of BDO Portugal. Likewise, any external websites referenced are not covered by this Privacy Notice, and we recommend that you consult their respective privacy notices before providing any personal data.

Data Controller

BDO Portugal comprises the entities identified under the Legal Entities section and is a member of BDO International Limited (BDOI), a UK company limited by guarantee, which forms part of the international BDO network. The BDO network consists of independent firms providing professional services under the common brand "BDO".

If you have any questions regarding this privacy notice, you may contact BDO Portugal’s Data Protection Officer (DPO) using the following contact details:

  • Email: dpo@bdo.pt
  • Address: Avenida da República no. 50, 10th floor, 1069-211 Lisbon, Portugal
What personal data do we process?

Access to the website www.bdo.pt does not require prior registration. However, depending on the nature of your interaction with us, you may be requested to provide certain categories of personal data, such as:

  • Identification, contact and professional information
  • Technical data, including IP address, pages visited, browser type and version, and other browsing-related data
  • Other information, such as details provided in your CV and cover letter (in the context of recruitment processes), or data submitted via contact forms, information requests, or communications through the Ethics Line.

BDO Portugal only processes personal data that is strictly necessary for the purposes for which it is collected. Mandatory fields are clearly marked.

In the context of spontaneous applications or responses to job opportunities, BDO Portugal may supplement the data provided with publicly accessible information, such as professional profiles on social networks (e.g., LinkedIn), where such processing is relevant and proportionate to the intended purpose.

The use of cookies and similar technologies is governed by our Cookie Policy, which we recommend you review.

Special category data and data relating to minors

BDO Portugal does not knowingly collect special categories of personal data (as defined in Article 9 of the GDPR), such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, sex life or sexual orientation, or data relating to criminal convictions and offences.

Similarly, BDO Portugal does not knowingly collect personal data from children. If any such data is voluntarily submitted, it will be treated as having been provided with the data subject’s explicit consent and will only be processed insofar as strictly necessary for the purpose associated with the respective request.

Purposes of Processing and Legal Bases

Your personal data is processed as a result of your interaction with the website www.bdo.pt, or the purposes outlined below, in accordance with the legal bases established under the GDPR:

Purpose Legal Basis
Subscription to newsletters and distribution of publications. Article 6(1)(a)(f) – Based on the data subject’s consent and/or BDO Portugal’s legitimate interest in communicating with its business partners about services, initiatives, or events.
Submission of spontaneous applications or responses to job vacancies. Article 6(1)(b)(f) – Necessary for the performance of pre-contractual steps at the request of the data subject and/or based on BDO Portugal’s legitimate interest in recruiting suitable candidates.
Handling of contact or information requests. Article 6(1)(f) – Legitimate interest in responding to enquiries and managing communication with data subjects.
Registration for and participation in events, training sessions, or seminars. Article 6(1)(a)(f) – Based on consent and/or BDO Portugal’s legitimate interest in managing its professional relationships and promoting its services.
Website management and functionality. Article 6(1)(f) – Legitimate interest in ensuring the proper functioning, security, and optimisation of the website.
Ethics Line – investigation and management of whistleblowing reports. Article 6(1)(c) – Compliance with a legal obligation (Law No. 93/2021 of 20 December – General Whistleblower Protection Regime).
 
Retention of Personal Data

Personal data is retained only for the period strictly necessary to fulfil the purposes for which it was collected or for the duration of the applicable legal retention period.

In the context of recruitment processes, personal data may be retained until the relevant position is filled, until the data subject exercises their right to object, or until the Human Resources department determines that the data is no longer up to date — in any case, for no longer than two years.

During the retention period, BDO Portugal implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or destruction. These measures aim to ensure the confidentiality, integrity, and availability of the information processed.

Sharing of Personal Data

As a general rule, BDO Portugal does not share personal data with third parties unless it is necessary for the purposes stated or legally required. Data may be disclosed in the following cases:

  • Processors acting on behalf of BDO Portugal, under a written data processing agreement that includes confidentiality and security obligations;
  • Entities within the BDO network, solely for the same purposes and under an appropriate legal basis (see BCR section for more information);
  • Public authorities, in compliance with legal obligations or pursuant to judicial or administrative orders.

In the context of corporate transactions (such as mergers, acquisitions, restructurings, or asset transfers), personal data may be disclosed as permitted by law, with appropriate safeguards to protect data subjects’ rights.

BDO Portugal does not sell personal data or conduct marketing on behalf of third parties.

International Data Transfers

In some cases, it may be necessary to transfer personal data to countries outside the European Economic Area (EEA). Where such transfers occur, BDO Portugal ensures that they are carried out in accordance with the GDPR, using appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission;
  • Binding Corporate Rules (BCRs);
  • Other mechanisms recognised under EU data protection law.

Transfers within the BDO network are carried out in accordance with BCRs, depending on the role of each entity as either controller or processor (see BCR section for more details).

What Are Your Rights?

Under the GDPR, you have the following rights as a data subject:

  • To access your personal data;
  • To request the rectification of inaccurate or incomplete data;
  • To request the erasure of your data, where applicable;
  • To object to or request the restriction of processing in certain circumstances;
  • To request the portability of your data, where applicable.

Where the processing is based on your consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

To exercise your rights, you may contact BDO Portugal’s Data Protection Officer at: dpo@bdo.pt.

If you believe your data protection rights are not being respected, you have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD) via www.cnpd.pt.

Changes to This Privacy Notice

This privacy notice may be amended whenever necessary, in response to legal developments or changes in how BDO Portugal processes personal data. The most recent version will always be available on this page, with the date of the last update clearly indicated.

Last updated: May 2025