Privacy Policy
Last update as at: 15 October 2023
Thank you for visiting our Website. This Policy aims to inform you about the way we process your personal data collected through this site and about your rights in this regard.
1. Personal Data Controller
BDO AFA OOD, having UIC 030278596 and BDO AFA CONSULTANTS OOD, having UIC 121813481 (hereinafter referred to as BDO AFA or the Controller) are members of BDO International Limited, a UK company limited by guarantee and form part of the international BDO network of independent member firms, manage jointly the website located at URL: www.bdoafa.bg (hereinafter referred to as the Website) and are controllers of the personal data, collected and processed through thе Website.
In order to be as useful as possible, in certain cases BDO AFA processes through its Website personal data of the Website’s users and as such is a controller of personal data within the meaning of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or GDPR).
The security of your data is an important part of BDO AFA’s policies. As Controller, BDO AFA considers with the utmost priority the issues of the protection of your personal data collected during your visit on our Website and the processes of their processing and storage in accordance with the legal requirements.
2. Contact Us
You may contact BDO AFA in one of the following ways:
• In writing, at the following address: 38 Oborishte Str., Oborishte Region, 1504, Sofia;
• Telephone number: (+359 2) 943 37 00 or (+359 2) 425 02 00;
• By e-mail address: office@bdoafa.bg;
• Via Website: www.bdoafa.bg.
3. Personal Data We Collect for You through the Website. Purposes and Legal Bases for Their Processing
Using the information on our Website does not imply the provision of any personal data on your part. The page contains the following functionalities, by using which it may be possible for BDO AFA to collect and process your personal data:
3.1. Subscribing to the BDO AFA Newsletter
If you choose, you can register to receive the BDO AFA newsletter containing useful information about changes to tax, banking, accounting and social security legislation by providing us with your e-mail address. In this case, your personal data shall be processed by BDO AFA for the purposes of receiving our newsletter.
The legal basis for processing of these personal data is your explicit, voluntary consent, which you have provided by registering yourself for this service.
BDO AFA shall process your personal data until you have objected to this processing or unsubscribe from receiving our newsletter further at the specified hereinabove e-mail address.
3.2. Sending an Inquiry
The personal data collected and processed by BDO AFA through the option E mail Us for asking questions on the Website are: your names, e-mail address, place of work, telephone number and other data that you have decided to provide us with in your inquiry.
Personal data, which you have decided to provide us, may be also collected if you send an inquiry to the e-mail address of one of our contact persons listed on the Website.
Your personal data are collected and processed:
1) In order to be replied to the inquiry you sent us. The legal basis for processing your personal data in this case is your explicit, voluntary consent, which we assume you have given, by sending us the inquiry.
BDO AFA shall process your personal data only for the time required to prepare and send a reply to your inquiry and within 3 months of our last correspondence with you, unless you become our client, in which case the terms of the agreement/ contract for provision of services signed between us will apply regarding the processing of your personal data.
2) We can also use these data for direct marketing purposes - to inform you about the services provided by BDO AFA or by other companies from the BDO network, to invite you to take part in trainings, conferences and other professional events organized by us. In this case, the legal basis for processing your personal data is the protection of BDO AFA’s legitimate interests in presenting and popularizing its services.
BDO AFA shall process your personal data for this purpose until you object to it or until you opt-out from receiving our direct marketing communications at the following e-mail address: office@bdoafa.bg.
3.3. Participation in Trainings
You can register for a training organized by BDO AFA through the Training section of the Website. In this case, BDO AFA shall process the personal data you have provided (e.g., name, surname, e-mail address or contact telephone number, as well as name of the company you are working for) for the following purposes:
1) To register you for participation in the training chosen by you. The legal basis for processing of your personal data in this case is your explicit, voluntary consent, which we assume that you have provided us with by submitting the registration form for participation in the training. BDO AFA shall process your personal data for this purpose until the training is completed or until you withdraw your consent for this processing by sending an email to the following e-mail address: office@bdoafa.bg. Your personal data will then be erased;
2) For the purposes of maintaining of a database for future use for sending invitations to trainings, conferences and other professional events, organized by us. In this case, the legal basis for processing of your personal data is to protect BDO AFA's legitimate interests in presenting and promoting its services. BDO AFA shall process your personal data for this purpose until you have objected to it or until you opt-out of receiving our invitations for trainings to the specified hereinabove e-mail address.
3.4. Applying for a Job/ Summer Internship
You can apply for a job/ summer internship with BDO AFA or with a client of BDO AFA through the Careers section of the Website by sending your short resume (CV) to the following e-mail address: office@bdoafa.bg. In these cases, BDO AFA shall process the personal data you have provided (e.g., image from a photograph, three names, date of birth, education, labour activity, address, e-mail address, telephone number and any other information you have decided to include in your resume) for the following purposes:
1) To offer you an appropriate job position with BDO AFA and/or with a client of BDO AFA, if such one is presently available;
2) For the purposes of maintaining of a database for the future use and selection of candidates in view of employment.
In this case, the legal basis for processing of your personal data shall be to take steps at your request in view of the possible conclusion of a contract. BDO AFA shall process your personal data provided by your CV for a term of 6 months as of the completion of the selection procedure unless you explicitly consent to the remaining of the personal data available for processing in the database for a longer term or the case concerns personal data processing in relation to the Controller’s obligations under the Protection Against Discrimination Act, where the processing may be done for a term of 3 (three) years as of the completion of the selection procedure.
You can find more information about the processing of your personal data in the documents published on our Website Information on the personal data processing of the job applicants at BDO AFA and Information on the personal data processing of the job applicants at clients of BDO AFA.
3.5. Other Collected Data
In addition to the personal data specified hereinabove as collected by BDO AFA, the following data may additionally be processed upon usage of certain features of the Website:
• Log files, in connection with security, technical maintenance & development issues - logs are files that record events in and interactions between systems and/or between users and a specific system;
• Cookies and other tracking technologies that collect information from you when interacting with our Website in order for us to improve its performance and functionality.
Cookies are small text files that can be saved on your computer or mobile device when you visit a particular website. The cookie will help the website or other websites to recognize your device the next time you visit it/ them. Web beacons or other similar files can do the same. In this policy, we use the term cookies to name all the files that collect information in this way.
More about the cookies as well as about the ways to opt out of using cookies on your device can be found in our Cookies Policy.
4. Personal Data Processing in the Course of Provision of Audit & Consulting Services
In the course of the performed independent financial audit and the provision of other consulting services, BDO AFA as personal data controller receives from its clients and processes the personal data of a wide range of data subjects:
1) Legal representatives and/or proxies of the clients – assignors under the contracts concluded by BDO AFA;
2) Stockholders, shareholders and members of the management/ supervisory bodies of the clients or of companies affiliated thereto and persons, related to the ones indicated herein, including beneficial owners pursuant to the Measures Against Money Laundering Act;
3) Contact persons of the clients, other clients’ employees and persons, providing services to the clients under civil contracts;
4) Natural persons – contractors of the clients;
5) Natural persons, legal representatives, proxies, members of the management bodies of legal entities – contractors of BDO AFA’s clients.
On the basis of an assessment made by the Controller, it is concluded that:
• Due to the confidential nature of these engagements and/ or the statutory obligation for maintaining of professional secrecy, the provision of the information under Art. 14 of GDPR to each separate data subject shall to a large extend break the performance of the obligation of confidentiality and shall seriously disturb the achieving of the engagements’ aims;
• The provision in person of information about the processing of personal data to the subjects specified hereunder, will involve a disproportionate amount of effort and, in some cases, will be impossible.
In this regard, BDO AFA publishes on its Website Information for subjects whose personal data are processed in the course of the provision of audit and consulting services.
5. Consequences upon Non-Provision of Personal Data
The provision of data by you is entirely voluntary. In case you do not want to provide your personal data, you shall not be able to receive the services you wish - you shall not receive our newsletter, respectively we shall not be able to respond to your inquiry, to register you for participation in training or to offer you a job position.
6. Sharing of Your Personal Data
BDO AFA may provide access to your personal data to the following categories of recipients:
1) Competent state bodies – in fulfillment of the Controller’s obligations under the Bulgarian legislation;;
2) Various service providers of the Controller – of legal, tax, IT and other services, including providers from the international BDO network;
3) Companies – members of the international BDO network, for the purposes of observance of the statutory requirements for ensuring of independence and lack of conflict of interests upon the performance of the assigned engagements;
4) Subcontractors of the Controller.
7. Your Rights
In relation to the processing of your personal data by BDO AFA, you have various rights for the protection of your interests. All rights listed hereinbelow (except for the right of complaint to a supervisory authority) can be exercised by submitting a request to BDO AFA using the contact details provided in Section 2 Contact Us hereinabove. BDO AFA shall make the necessary efforts to satisfy your request without any undue delay.
7.1. Right to Access
It is your basic right at any time to obtain confirmation from BDO AFA whether your personal data are being processed, as well as access to the data processed and information on the purposes of the processing, the categories of personal data being processed, the recipients of your personal data, the term of processing, the presence of automated decision making and your rights in connection with the processing.
7.2. Right to Rectification
When you believe that the personal data processed for you are inaccurate, you are entitled to request from BDO AFA their correction and also to request that your incomplete personal data be completed.
7.3. Right to Erasure
As a data subject, whose personal data are being processed by BDO AFA, you are entitled to request their erasure in the following cases:
• The personal data are no longer necessary for the purposes for which they have been collected and processed;
• Withdrawal of your consent on the basis of which your personal data have been processed;
• Your personal data have been processed unlawfully;
• You have objected to the processing of your data and there are no legal grounds for the processing that have a priority;
• The personal data must be erased in order to comply with the legislation of the European Union or the Republic of Bulgaria.
7.4. Right to Restriction of Processing
Another right of yours, in relation to the processing of your personal data by BDO AFA is to require, as long as the legal requirements are met, BDO AFA to restrict the processing of your data in the following cases:
• You dispute the accuracy of the personal data - for a term that allows BDO AFA to verify the accuracy of your data;
• The processing of your personal data is illegal, but you do not want to erase your personal data but instead to restrict their use;
• BDO AFA no longer needs your personal data for the purposes specified herein, but you require that they be retained by BDO AFA for the purposes of establishing, exercise or defense of legal claims.
7.5. Right to Objection against the Personal Data Processing
As far as your personal data are subject to processing by BDO AFA, you have the right to object at any time to such processing. In this case, BDO AFA will discontinue the processing of your personal data unless there is any other legal basis for their further processing, such as compliance with legal requirements or other legitimate interests that require continuation of the processing.
7.6. Right to Withdrawal of Your Consent
The processing of your personal data by BDO AFA, which is based on your explicit consent, may be terminated by withdrawal of your consent. This right of yours has immediate effect but does not affect the lawfulness of the personal data processing of your data, carried out until the withdrawal of your consent.
7.7. Right to Data Portability
You are entitled to receive a copy of the personal data you have provided to BDO AFA, including, where possible, in electronic form. When the processing of your data is based on consent or a contractual obligation and is carried out in an automated manner, you can address a request to BDO AFA to receive your personal data in a structured, widely used, machine-readable format. In this context, you can also ask BDO AFA to transfer these personal data directly to another personal data controller at your instruction.
7.8. Right to Complaint with Supervisory Authority
If you believe that your personal data are being processed unlawfully or your rights in relation to them have been violated, you have the right to lodge a complaint with the competent Bulgarian supervisory authority - the Commission for Personal Data Protection (CPDP). You can contact the CPDP by using the following contact details, specified hereinbelow:
Address: 2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia
Telephone number: 02/ 91-53-518
E-mail address: kzld@cpdp.bg
Website: www.cpdp.bg
8. Amendment of This Privacy Policy
BDO AFA may periodically change this Privacy Policy to comply with legislative changes or specific practices and policies applied by BDO AFA. When we make such changes, we also change the date of the last update listed at the beginning of this Policy, so that you can familiarize yourselves with the current conditions for the processing of your personal data.