BDO LLP (“BDO”, “we”, “us”) are committed to protecting the privacy and security of your personal information.
This privacy statement describes how the BDO Business Restructuring team collect and use personal information about you, how we protect this information and the choices you can make about how we use this information in accordance with the Data Protection Act 2018 (“DPA”), with respect to insolvencies under the Insolvency Act 1986 (and related legislation) or similar legislation in other jurisdictions.
In this statement, the term “company” refers to the company, corporation or institution which is subject to an insolvency and “debtor” refers to an individual who is subject to an insolvency process or restructuring regime (each referred to in this section as an “Insolvency”).
Certain BDO partners, directors and associate directors are licensed to act as insolvency practitioners by the Insolvency Practitioners Association, the Institute of Chartered Accountants in England and Wales, Chartered Accountants Ireland or the Institute of Chartered Accountants of Scotland (collectively, the “BDO IPs”). When a company undergoes an Insolvency, one or more BDO IPs may be appointed to manage the company’s affairs, business and property. Similarly, when a debtor is subject to an Insolvency, one or more BDO IPs may be appointed to manage the debtor’s affairs, business and property.
Data protection law refers to both “data controllers” and “data processors” as well as “personal data”:
The company or debtor is the data controller of personal data processed by the company or debtor prior to Insolvency.
Upon one or more BDO IPs being appointed:
Where BDO is engaged by the BDO IPs, the debtor or the company to provide services in relation to an Insolvency, BDO may act as a data processor on behalf of the BDO IPs or the debtor or the company, as appropriate. Other third party processors and other BDO entities and member firms may be used for specific purposes in relation to the Insolvency. We require third parties to respect the security of personal data and treat it in accordance with the law. All third party service providers, and BDO entities and member firms, are required to take appropriate security measures to protect personal data in line with this policy.
The BDO IPs collect and process personal data for the purposes of complying with their legal obligations as licensed insolvency practitioners and for the legitimate interests of the Insolvency.
The nature and amount of personal data the company or debtor has about an individual will vary and will depend on the type of company, the nature of the debtor’s business affairs and / or an individual’s relationship with the company or debtor (i.e. employee, customer, etc.).
It is typical for personal data processed by the company or debtor to involve information regarding employees, officers or directors of the company. Such information may include name and contact details, role/position/title, certain identifying information as may be required by laws and regulations (i.e. evidence of right to work), and information about pay and performance.
If you have dealt with the company or the debtor in an individual capacity, for example as a customer or client, the company or the debtor is likely to hold information about your interactions with the company or debtor, which could, for example, include a purchase history.
The company, the debtor and the BDO IPs process personal data for the purposes of complying with, amongst others, the following legal obligations and/or legitimate interests:
Personal data may be transferred to, stored, and processed in a country other than the one in which it was provided, provided it is done in accordance with applicable data protection laws.
The BDO IPs will only retain personal data for as long as necessary for the Insolvency and the relevant statutory retention periods have passed.
As a consequence of their legal and statutory obligations, the relevant BDO IPs will retain data collected for seven (7) years following the discharge of their appointment in the Insolvency.
Individuals have certain rights over their personal data and controllers are responsible for fulfilling these rights. Individual’s rights may include the right to receive confirmation as to whether or not their personal data concerning is being processed and, where that is the case, access to the personal data and the information set out in section 45 of the DPA. The Information Commissioner’s Office has stated that the right of access helps individuals understand how and why the controller is using their data, and check they are doing so lawfully. Case law has clarified that the subject access right is a right to personal data, not a right to receive actual copies of documents containing personal data.
You may exercise your rights by making a written request to the relevant controller, which may be the company, the debtor or the BDO IP depending on how and when the information was obtained. This request should be directed to the contact details provided in communications sent by the relevant BDO IPs with respect to the Insolvency or to BDO’s Data Protection Officer, at 55 Baker Street, London, W1U 7EU or firstname.lastname@example.org. The request must contain sufficient information to verify your identity and provide sufficient information to locate the data that about which you are exercising your right.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, using their website www.ico.org.uk.
We may modify or update this privacy notice from time to time. Changes and additions to this privacy notice are effective from the date they are posted to our website.