Personal Information Collection Statement and Privacy Notice


1.  Introduction

2.  What information do we collect and from whom?

3.  How do we use this information and what is the legal basis for this use?

4.  With whom and where will we share your personal data?

5.  How long will you keep my personal data?

6.  Where is my data stored? 

7.  What are my rights in relation to my personal data?

8.  Where can I find more information about how BDO Hong Kong handles my data?


1. Introduction

This Personal Information Collection Statement and Privacy Notice sets out how BDO Hong Kong [1] (herein referred to as "BDO Hong Kong”, "us",  "we" or "our") is data controller and/or data processer (or data user) responsible for processing the personal data you provide to us.

We are committed to managing personal data securely and effectively.  We will only keep the personal data required to undertake our business processes and will only share or transfer the data you provide to us for the purposes outlined below.

Our data protection policy and procedures have been developed in line with the requirements of Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) and with reference to the General Data Protection Regulation (Regulation (EU) 2016/679).  


2. What information do we collect and from whom?

We collect and process personal data about you when you interact with us, use our website, sign up to our newsletters or attend seminars and events, when you enter into an employment contract with us, submit an online job application and when you purchase services from us or agree to provide services to us.  We may also collect personal data about you in the course of managing our relationship with our clients. The personal data we process includes: 

  • your name
  • your Hong Kong Identity Card number, passport number, and/or any other information that may help us ascertain your identity
  • your home or work address, email address and/or phone number
  • your job title
  • your payment details, including billing addresses
  • information about you relevant to our provision of services, which could include information about your conduct, your beliefs, your previous and existing employments, and/or your previous and existing business activities, etc. 
  • your IP address and information related to the browser or device you use to access our website and other analytics data
  • your username and password when accessing restricted website content
  • any other information you may provide, whether directly or indirectly.

We will store data that we receive from you or your related third parties, data that is publicly available and data from third parties such as conflict checking agencies.

The provision of personal data is generally voluntary unless otherwise specified. A failure to provide the requested personal data, or the provision of inaccurate or incomplete information, may result in us not being able to accept your instruction, request or enquiry (as the case may be).


3. How do we use this information and what is the legal basis for this use?

We process personal data listed in paragraph 2 above for the following purposes:

  • as required to establish and fulfill a contract with you, for example, if you enter into an agreement to provide or receive services, or if you seek to be employed or engaged by us. This may include verifying your identity, undertaking credit and due diligence checks, billing and payments, communicating with you and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
  • to comply with applicable law and regulation;
  • in accordance with our legitimate interests in managing and protecting BDO Hong Kong's business interests and legal rights including but not limited to use in connection with legal claims, compliance, regulatory, credit & due diligence checks and investigative purposes (including disclosure of such information in connection with legal process or litigation);
  • to meet our obligations to comply with applicable anti-money laundering/counter-terrorist financing laws or regulatory requirements or guidance of professional bodies (e.g. Hong Kong Institute of Certified Public Accountants);
  • for the provision of services to our clients in accordance with the legitimate interests of our clients and us;
  • to manage our relationship with you, in accordance with our legitimate interests; 
  • to manage our risk;
  • to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our services;
  • we may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
  • to monitor use of our websites and online services and we may use your information to help us check, improve, promote and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests; we may also use third parties to assist us in carrying out customer credit and due diligence checks in accordance with our requirements under relevant anti-money laundering/counter-terrorist financing regulations;
  • in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and
  • we may use your information to invite you to take part in market research or surveys, where you have consented to us doing so.   

We will not use your personal data to carry out or facilitate direct marketing activities without your prior consent.


4. With whom and where will we share your personal data?

We may share your personal data with other member firms of the BDO Network (whether within or outside the Hong Kong Special Administrative Region (HKSAR)) for the purposes of proper and effective management of their businesses.  Such purposes include ensuring compliance with applicable legal and regulatory requirements. Further information about the BDO Network may be found on our website (

We may also share the personal data you provide to us with the third parties below (whether within or outside the HKSAR) where this is necessary for legal or regulatory reasons, or in order to provide our services to you or our clients and undertake our business processes:

  • our professional advisors such as our auditors and external legal and financial advisors
  • our suppliers, business partners and sub-contractors
  • government authorities and/or law enforcement authorities if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws
  • to entities providing feedback and ranking services.

Personal data may also be shared with third party service providers (whether within or outside the HKSAR) who will process it on behalf of the BDO Network for the purposes above. 

In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.


5. How long will you keep my personal data? 

We will not keep your personal data for any purpose(s) for longer than is necessary and we will only retain the relevant personal data that is necessary in relation to the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

In the case of any contact you may have with our complaints team, we will retain those details for as long as is necessary to resolve your query and for up to 6 months after the query is closed.

We may retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any disposal to take place.


6. Where is my data stored?  

The personal data that we collect from you may be stored on a mix of BDO Hong Kong and various cloud provider platforms and may be transferred and stored both within and outside the HKSAR. It may also be processed by staff operating within or outside the HKSAR who work for us, a member of the BDO Network or for one of our suppliers.

Where such transfers occur, we ensure the confidentiality and protection of all data is preserved through compliance with legal requirements and the current local data protection legislation. This is managed by all members of the BDO Network, including those outside of the HKSAR, by various means. Data encryption, integrity and confidentiality are enforced by following best practice. We also ensure that cryptographic controls are implemented following industry best practice, through the use of VPN tunnels, TLS and by conducting regular testing.


7. What are my rights in relation to my personal data? 

You have the right to request access, with some exceptions, to the personal data that we hold about you, update or correct your details, opt out of receiving other information from us or request that your personal details are deleted from our systems at any time by e-mailing We will treat all such requests in accordance with applicable local law and where it is practical and commercially feasible.We may charge a fee for your request to access your information, if permitted by applicable law.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data if:- you withdraw your consent, it is no longer necessary for us to use your personal data, you object to the use of your personal data and we don't have a good reason to continue to use it, or we haven't handled your personal data in accordance with our obligations.

Our BDO Global network has implemented the binding corporate rules (“BCRs”) for data controllers and data processors. The BCRs provide practical guidance to BDO member firms to better manage and protect personal data which is processed in and/or transferred from the European Economic Area (“EEA”) or Switzerland to countries outside the EEA and Switzerland. For more information relating to the BCRs, please visit our BDO Global website at


8. Where can I find more information about how BDO Hong Kong handles my data?

If you have any queries please email us at or write to us at the following address:



BDO Hong Kong

25/F, Wing On Centre,

111 Connaught Road Central,

Hong Kong


This Personal Information Collection Statement and Privacy Notice may be amended from time to time. You may access and obtain a copy of this Notice at at any time so that you are always informed of the way we collect, use, store and handle personal data.

Last modified: 1 June 2021


[1] "BDO Hong Kong" is the collective name used to refer to the following legal entities within the Hong Kong business of BDO: BDO Limited, BDO Business Services Limited, BDO Tax Limited, BDO Financial Services Limited, BDO Risk Advisory Services Limited, BDO Financial Reporting Advisory Limited, McCabe Secretarial Services Limited, McCabe International Trustee Limited and McCabe International Limited.