Privacy Statement

1. Introduction

This Privacy Statement explains how we collect, process and use personal data (any information relating to an identified or identifiable living person) in the course of our business. It applies to personal data provided to us by the individuals concerned and to personal data provided to us by companies and other organisations. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

When collecting and processing personal data, our goal is to stay transparent with respect to why and how we process personal data. Please refer to the relevant sections of the Privacy Statement to find out more about specific processing activity. If you have any questions related to the Privacy Statement, you can submit your question to [email protected].  


In addition to applicable laws and regulations, we are committed to maintain confidentiality of the data we collect. We take both technical and organisational measures to protect personal data against loss, manipulation, unauthorised access, etc.

Provision of personal data to third parties

We do not provide personal data to third parties other than in the events this is necessary for performance of agreement with you for provision of services or/and when we are legally permitted to do so. We do not provide personal data to third parties who will use the data for their own purposes.

We may provide personal data to:

  • Other BDO Member Firms - we may share personal data with other members of the BDO International Network where required for the provision of services to our clients and/or for administrative purposes.
  • Third parties involved in the performance of services – we may also share personal data to third party organisations who assist us in providing services to clients or are otherwise involved in the services we provide to clients.
  • Third parties who provide IT services, data processing or functionality – like many professional service providers, we use third party providers to support our business and the provision of services to our clients, such as cloud-based software providers, web hosting/management providers, data analysis providers, and data back-up and security/storage providers. We may transfer personal data to such third parties.
  • Auditors and advisers – we may transfer personal data to our auditors and advisers as required by law or as reasonably required in the management of our business.
  • Third parties where required by applicable law and regulation – we may be requested or compelled to disclose personal data to third parties such as regulators and law enforcement agencies. We will only provide personal data to such parties where there is a legal requirement or permission to do so.

Your rights

You have rights in relation to any of your personal data held by us as a data controller. Should you wish to exercise your rights right, please contact [email protected].

We will only keep personal data for as long as necessary for the purposes for which it was collected, or as required by applicable law or regulation.

Unless there are any overriding legal, regulatory or contractual requirements, we will retain records of services provided (which may include personal data) in accordance with our document retention policy.


2. Clients

Our aim is to process personal data only to the extend necessary for provision of services to our clients and for other agreed purposes. We generally collect personal data directly from our clients or from third parties acting on their instructions.

Such personal data may be used for the following purposes:

  • Provision of professional services – We provide a wide range of professional services, including Audit, Tax, Advisory and Outsourcing services. We may have to process personal data in order to perform such services and/or provide advice and deliverables to our clients.
  • Managing, administering and developing our business – We process personal data in order to manage our relationship with clients, develop our business and services, maintain and develop our IT systems, manage and host events, and to administer and manage our website, systems and applications.
  • Quality and risk management and security – we use various measures to protect personal data and other client information, which include monitoring the services provided to clients to detect, investigate and resolve security threats. Such monitoring may involve processing personal data, for example the automatic scanning of email correspondence for threats. Our client acceptance procedures involve processing personal data that may be obtained from publicly available sources (such as sanctions lists, criminal convictions databases, and general internet searches) to identify any risks relating to individuals and organisations that may prevent us from working for a particular client or on a particular matter.
  • Anti-Money Laundering - we are legally obliged to obtain and process personal data under the Law of the Republic of Azerbaijan On the Prevention of the Legalization of Criminally Obtained Funds or Other Property and the Financing of Terrorism of 10 February 2009. In compliance with our legal obligations, our processing activities shall allow applying appropriate Client Due Diligence (CDD) measures for new and existing clients.
  • Providing information about our services to our clients – unless the relevant individual has opted-out, we may use client business contact details to provide information about our services and activities and events that may be of interest.
  • Compliance with legal and regulatory obligations – as a regulated firm, we are subject to various legal, regulatory and professional obligations that may require us to process and/or retain personal data held on our client files.


3. Individuals whose personal data we process where we are providing services to our clients.

Our aim is to process personal data only to the extend necessary for provision of services to our clients and for other agreed purposes.

We provide a range of services to clients and in doing so may process personal data that relates to third parties with a business connection to our clients, such as other advisers, suppliers, transaction counterparties etc. The personal data we process may include contact details, details of business activities, information relating to management and employees, and financial information.


4. Suppliers, subcontractors and individuals associated with our suppliers and subcontractors.  

We process personal data about our suppliers (which for the purposes of this notice including that we use to provide services to clients) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.

We use personal data for the following purposes:

  • Receiving services
  • In the course of provision of professional services to clients
  • Security, quality and risk management activities
  • Per requirement of law, regulation or a professional body of which we are a member


We may process personal data in order to operate our business:

  • Managing our relationship with suppliers;
  • Expanding our businesses and services;
  • Maintaining and employing IT systems;
  • Facilitating the hosting of events; and
  • Administering and managing our website and systems and applications.

The Firm retains the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected, including as required by applicable law or regulation.

Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.


5. Business contacts

We process personal data about existing and potential clients and/or individuals associated with them using a customer relationship management system (“CRM”).

The processing of personal data about contacts and the addition of that personal data to the CRM and may include name, employer name, job title, phone, email and other business contact details. We collect such personal data directly from the contact to whom the personal data relates.

We may use such personal data for the following purposes:

  • Administering, managing and developing our businesses and services; and
  • Providing information about us and our range of services.

We do not sell or otherwise release any personal data collected from contacts to third parties unless we have first obtained consent from the relevant contacts to do so.


6. Website visitors

We do not require registration in order for you to access, but if you participate in any of the activities or services offered by the website, we will collect the personal data that we need in order to provide you with those services, such as your name, job title, email address, employer's name, and telephone number.

We do not intent to collect any sensitive personal information from you on  such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data and criminal records. In case you decide to provide sensitive personal data to us for any reason, the act of doing so will constitute your explicit consent to us using that information in connection with the purpose for which it has been provided.

We may capture limited personal data automatically via the use of cookies on our website. Please see our Cookies Policy for more information.