• Locations
  • Our people
  • Careers
  • News
Contact
logo
Malta
  • Services
    Services
    Advisory
    Internal Audit
    Audit & Assurance
    Business Services & Outsourcing
    Legal Advisory
    Tax
    Technology
    Featured
    DORA Board Directors
    Ensuring Digital Operational Resilience
    DORA Compliance Checklist for Board Directors
    Boards and cybersecurity
    How boards can enhance their cybersecurity knowledge
    Six strategies to protect your organisation from cyber threats
    The BDO Malta Internal Audit Forum
    The BDO Malta Internal Audit Forum
    Internal Audit: Compliance routine or adding value?
  • Industries
    Industries
    Consumer business
    Aviation
    Financial services
    Fintech
    Manufacturing
    Medical Cannabis
    Real Estate and Construction
    Remote Gaming
    Shipping & Yachting
    Tourism
    Featured
    DORA Compliance checklist
    Ensuring Digital Operational Resilience: DORA's Checklist
    DORA Compliance Checklist for Board Directors
    NIS2 Directive
    NIS2: Strengthening Cyber Security across Europe
    At a time of growing digital dependence and increasing cyber threats, the European Union has revised the Network and Information Security Directive, resulting in the NIS2 Directive.
    The BDO Malta Internal Audit Forum
    The BDO Malta Internal Audit Forum
    Internal Audit: Compliance routine or adding value?
  • Insights
    Insights
    Case Studies
    Malta Budget Highlights
    AML & Compliance Insights
    Aviation Insights
    Cybersecurity Insights
    Internal Audit Insights
    DORA Insights
    IFRS & Corporate Reporting
    Shipping & Yachting Insights
    Transfer Pricing Insights
    Featured
    Internal Audit and IA
    Internal Audit in the AI Era: Embracing Opportunities and Overcoming Challenges
    MiCA
    MiCA: Harmonised EU Regulation for Crypto-Assets
    The Markets in Crypto-Assets Regulation (MiCA) is poised to transform the European crypto landscape by providing a unified regulatory framework for crypto-assets and related service providers.
    The Value of a SOC for Cybersecurity Report
    The value of SOC for cybersecurity report
    The Value of a SOC for Cybersecurity Report in Demonstrating Third-Party Assurance
  • About
    About
    Global Network
    About BDO Malta
    Social Media
    Transparency Reports
    Featured
    Brochures BDO Malta
    Brochures & Publications
    Download our extensive list of brochures and publications
    Internal AUDIT
    Internal Audit Insights
    Internal Audit Insights is a dedicated insight section offering high-quality, well-researched articles and insights on internal auditing.
    • Home
    • Customer Privacy Notice

    Legal & Privacy

    • Privacy Policy
    • Website Terms and Conditions
    • Cookie Policy
    • Customer Privacy Notice

    Customer Privacy Notice


    This privacy notice describes how BDO Malta ('we', 'us') collects and process personal information about you; how we use and protect this information, and your rights in relation to this information. This privacy notice applies to all personal information we collect about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

    BDO Malta, a Maltese civil partnership, is a member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO Consult Limited, BDO Services Limited and BDO Technology Advisory Limited are companies registered in Malta and form part of the BDO Malta Group.


    1. INFORMATION WE COLLECT

    We may collect your personal information from a variety of sources, including information we collect from you directly (e.g. when you contact us and provide services to us), and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).

    Certain personal information is required because of any contractual relationship we have with you or your employer, to enable us to carry out our contractual obligations to you or your employer. Failure to provide this information may prevent or delay the fulfilment of these obligations.

    1.1 Information we collect directly from you:

    The categories of information that we may collect directly from you include the following:

    • personal details (e.g. name, age, date of birth);
    • contact details (e.g. phone number, email address, postal address or mobile number);
    • employment details (e.g. job title; employer name);
    • Identification details (e.g. National ID; Passport);
    • Good standing details (e.g. convictions; barred; politically exposed person);
    • Source of wealth or funds;
    • Other information concerning your background;
    • Technical Data (login data; internet protocol (IP) address).

    1.2 Information we collect from other sources

    The following are examples of the categories of information we may collect from other sources. These sources include your employer, and:

    • Publicly available sources (e.g. google, sanction lists, etc.);
    • Commercial Customer Screening services;
    • Credit Risk Management services;
    • BDO network of independent member firms using BDO’s Global Privacy Policy and BDO’s Binding Corporate Rules.

    The categories of information that we may collect from other sources include the following:

    • personal details (e.g. name, age, date of birth);
    • contact details (e.g. phone number, email address, postal address or mobile number);
    • Employment details;
    • Identification details;
    • Professional relationships (companies or individuals);
    • Other information concerning your background.


    2. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT

    We use your personal information to:

    • to perform the contract we are about to enter into or have entered into with you. For example, when we perform our services to you;
    • maintaining and developing our relationships with you
    • to comply with a legal or regulatory obligation. This will include maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This may include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes
    • undertaking internal conflict of interest checks
    • respond to requests, enquiries or complaints received; and
    • providing access to our online services.

    As part of our commitment to prevent money laundering and terrorist financing, we also analyse your personal data and compare it to third party data sources, build an AML profile on you and risk score your account based on the information you have provided to us and the information we have collected about you. We shall also keep a register of all high-risk customers from an Anti-Money Laundering perspective.

    Please note that for these purposes we use profiling, however logic behind the profiling and information about it cannot be revealed since it would enable customers to bypass these control mechanisms aimed at the protection of our business and compliance with legal obligations.

    We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

    • to fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, and for ensuring you are able to access our premises when required;
    • to comply with our legal obligations, for example identity verification, or to a third party ( e.g to comply with a requests for public authorities);
    • to meet our legitimate interests so that: we can provide the services you request; our services function correctly in relation to your business; any complaints or concerns can be promptly relayed to you; we can respond to any questions or concerns you might have; we may carry out research and analysis to ensure products and services we offer are relevant to you, and our records are kept up to date and accurate. When we process your personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. For more information about the balancing test that we carry out to process your personal information to meet our legitimate interests or if you want to object to these uses of your personal information, please contact us at the details below; and
    • send you direct electronic marketing messages to the extent you have consented to receiving such messages in accordance with applicable law.


    3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION

    Please let us know if any of the personal information that we hold about you changes so that we can correct and update the information on our systems.

    In certain circumstances you may object to specific processing activities (including where we rely on our legitimate interests as set out above, require us to restrict how we process your personal information and ask us to share your personal information in a usable format with another company.  Where you have given your consent to a particular type of processing, you may withdraw that consent at any time.

    To exercise any of the above rights, please contact us using the contact details set out below.


    4. INFORMATION SHARING

    In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.

    We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, customer screening, credit risk management, data analytics and research. This may mean that we must share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.

    Other situations in which we may disclose your personal information to a third party, are:

    • perform other services we request from service providers;
    • in the course of a sale or an acquisition of any companies forming part of the BDO Malta Group, any shares in BDO Malta Group or any of BDO Malta Group assets;
    • where permitted by law, to protect and defend our rights and property; and
    • when required by law, and/or public authorities;

    We may also share aggregated information that cannot identify you for general business analysis, e.g. we may disclose the number of visitors to its websites or services.


    5. INFORMATION SECURITY

    We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration, or destruction. We require all employees and principals to keep personal information confidential and only authorised personnel have access to this information.

    We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law.

    We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to: maintain our business records for analysis and/or audit purposes; comply with record retention requirements under the law; defend or bring any legal claims; and deal with any complaints.

    We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.


    6. HOW WE USE ARTIFICIAL INTELLIGENCE (AI)

    Artificial intelligence technologies may also be used when we perform our services. We may use these technologies to fulfil our obligations and improve our services, especially for the analysis of data or for programming. Artificial intelligence can also help with communication and content creation. It also helps us to handle our work in a simpler and better way by preparing, summarising or translating documents. We can make decisions more easily with the support of artificial intelligence technologies, for example by employing it to pre-select applicant profiles. Artificial intelligence technologies may also be used to ensure security.
     
    We always use these technologies as an aid. Services are provided by BDO employees, and it is BDO employees who make decisions. We will also provide as much information as possible about when and how we use artificial intelligence technologies in rendering our services to you. We review, supervise and regularly assess artificial intelligence technologies.
     
    In order to fulfil their purpose, artificial intelligence technologies must process information. This information may include data from our own databases. We will not process any of your personal data using artificial intelligence technologies. In cases where this is necessary, these instances will be limited to engagement output purposes. 
     


    7. INFORMATION TRANSFER

    Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided. When we do so, we transfer the information in compliance with applicable data protection laws.

    Where the transfer is to a country which provides a lower level of protection, we take steps to ensure the security and confidentiality of your personal information in accordance with applicable data protection law, including using the European Commission's approved Standard Contractual Clauses, and for transfers to other BDO Member Firms, we use the BDO Global Privacy Policy, BDO’s Binding Corporate Rules for Controllers and Processors. If you wish to see a copy of the relevant mechanism that we use to transfer your personal information, please contact us using the contact details set out below.


    8. CONTACT US

    If you have questions or concerns regarding the way in which your personal information has been used, please contact privacy@bdo.com.mt 

    We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Office of the Information and Data Protection Commissioner of Malta using their website https://idpc.org.mt


    9. CHANGES TO THE PRIVACY NOTICE

    You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. You will be able to see when we last updated the privacy notice because we will include a revision date. Changes and additions to this privacy notice are effective from the date on which they are posted.

    Latest update: 25/11/2024
     

    • Contact
    • Locations
    • Privacy Policy
    • Sitemap
    • Services
    • Industries
    • Website Terms & Conditions
    Global expertise. Local excellence.
    At BDO, we believe exceptional client service begins with building exceptional relationships.
    Subscribe now
    BDO Copyright © 2025. See Terms & Conditions for more information.