This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • Client Privacy Notice

Client Privacy Notice




This privacy notice describes how BDO Barbados ('we', 'us') collects and processes personal information about you; how we use and protect this information, and your rights in relation to this information. This privacy notice applies to all personal information we collect about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.  


Information we collect

We may collect your personal information from a variety of sources, including information we collect from you directly (e.g. when you contact us and provide to us), and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).

Certain personal information is required as a consequence of any contractual relationship we have with you or your employer, to enable us to carry out our contractual obligations to you or your employer. Failure to provide this information may prevent or delay the fulfilment of these obligations.

The categories of information that we may collect directly from you include the following:

  • personal details (e.g. name, age and/or date of birth);
  • contact details (e.g. phone number, email address, postal address or mobile number); and
  • employment details (e.g. job title and employer name).


How we use your personal information and the basis on which we use it

We use your personal information to:

  • carry out background checks prior to accepting you as a client;
  • contact you with questions and other information regarding the services we are providing to you;
  • ensure that our records are kept accurate and up to date where you, your employees or contractors work on or visit our facilities;
  • ensure we issue accurate invoices for our services;
  • send you messages about services which we think will be of interest to you; and
  • comply with legal obligations to which we are subject.



We must have a legal basis to process your personal information. In most cases the legal basis will be connected with one of the following:

  • to fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, and for ensuring you can access our premises when required;
  • to comply with our legal obligations to you, for example health and safety obligations while you are on our premises, or to a third party (e.g. to comply with a court order);
  • to meet our legitimate interests so that: we are able to provide the services you request; our services function correctly in relation to your business; any complaints or concerns can be promptly relayed to you; we can respond to any questions or concerns you might have; we may carry out research and analysis to ensure products and services we offer are relevant to you, and; our records are kept up to date and accurate. When we process your personal information to meet our legitimate interests we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms; and
  • send you direct electronic marketing messages to the extent you have consented to receiving such messages in accordance with applicable law.

Your rights over your personal information

Please let us know if any of the personal information that we hold about you changes so that we can correct and update the information on our systems. You can view, delete, correct or update the personal information you provide to us by contacting our Privacy Officer Nicholas Hughes.

In certain circumstances you may object to specific processing activities (including where we rely on our legitimate interests as set out above, require us to restrict how we process your personal information and ask us to share your personal information in a usable format with another company.  Where you have given your consent to a particular type of processing, you may withdraw that consent at any time.

To exercise any of the above rights, please contact us using the contact details set out below.

Information Sharing

In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so. We may rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment processing, data analytics and research. This may mean that we must share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.

Other situations in which we may disclose your personal information to a third party, are:

  • perform other services we request from service providers;
  • periodic practice monitoring reviews carried out by the Institute of Chartered Accountants of Barbados and quality assurance reviews by BDO Global;
  • where permitted by law, to protect and defend our rights and property; and
  • when required by law, and/or public authorities.

We may also share aggregated information that cannot identify you for general business analysis (e.g. we may disclose the number of visitors to its websites or services).

Information Security

We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. We require all employees and principals to keep personal information confidential and only authorized personnel have access to this information.

We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law.

We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to: maintain our business records for analysis and/or audit purposes; comply with record retention requirements under the law; defend or bring any legal claims; and deal with any complaints.

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

Information Transfer

Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided (including, among others The United States of America, Canada and the United Kingdom). When we do so, we transfer the information in compliance with applicable data protection laws.

Where the transfer is to a country which provides a lower level of protection we take steps to ensure the security and confidentiality of your personal information in accordance with applicable data protection law, including using approved Standard Contractual Clauses, and for transfers to other BDO Member Firms, we use the BDO Global Privacy Policy, BDO’s Binding Corporate Rules for Controllers and Processors. If you wish to see a copy of the relevant mechanism that we use to transfer your personal information, please contact us using the contact details set out below.

Contact Us

If you have questions or concerns regarding the way in which your personal information has been used, please contact our data privacy champion Nicholas Hughes at (246) 435-2001 or [email protected]

Changes to the Privacy Notice

You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. You will be able to see when we last updated the privacy notice because we will include a revision date. Changes and additions to this privacy notice are effective from the date on which they are posted.


5 September 2018