We describe below the key ways we use personal information, and the legal bases of processing on which we rely for such processing. We have also identified what our legitimate interests are where appropriate.
In general terms, we use the personal information we collect to help Baker Tilly deliver our services as tabulated below:
a. Statutory Audit – To deliver an audit opinion with regards to the truth and fairness of a set of financial statements
Data Subject Categories:
- UBOs
- Directors & Officers
- Employees
- Clients
- Suppliers
b .Internal Audit – To perform work under an Internal Audit outsourcing contract, with the purpose of evaluating internal controls (business and / or technology) as those may be agreed between us and the customer’s Board of Directors and / or management
Data Subject Categories:
- UBOs
- Directors & Officers
- Employees
- Clients
- Suppliers
c. Accounting Services – To perform work under an Accounting Services outsourcing contract, under which we receive from the customer and process accounting-related information which invariably includes personal data
Data Subject Categories:
- UBOs
- Directors & Officers
- Employees
- Clients
- Suppliers
d. Tax Advisory – To evaluate the tax position of one or more individuals and advise on legal methods for optimizing their financial affairs with the purpose of tax minimization in the relevant jurisdictions
Data Subject Categories:
- UBOs
- Directors & Officers
- Employees
e. Payroll Processing – To perform clerical and mathematical calculations for executing a periodic payroll process, within the criteria and requirements stipulated by legislation. Depending on the specific engagement objectives, the related processing may also include bank account information for the purposes of executing the resulting payments
- UBOs
- Directors & Officers
- Employees
f. Advisory & Consulting – To perform various tasks and procedures in support of financial, operational and other objectives as those are explicitly defined for us, by our customers as part of purpose-specific contracts of engagement
Data Subject Categories:
- UBOs
- Directors & Officers
- Employees
- Clients
- Suppliers
As part of our operational business processes and routines which are not service-related, and depending on the specific relationship and or commercial or other engagement in place, we may process personal data for one or more data subject categories, as those are tabulated below (not a definitive or exhaustive list).
a. Customers – The information listed below relates to business-to-business relationships between Baker Tilly and its customers, which includes, results or requires personal data processing of Directors, Officers, employees, suppliers and other individuals of Baker Tilly’s customers involved in the relationship, as well as other physical persons who have responsibility for managing or executing dealings between the two parties:
- Identify and position / role information
- Location information (physical address and electronic location data)
- Business eMail address and phone numbers
- Mobile phone numbers (corporate or personal)
- Authority to place orders, make financial inquiries, execute financial transactions, etc.
- Vetting data (in specific cases only)
- Salesperson performance targets and actual sales (for specific cases only)
- Financial data including invoices, payments, due dates, etc.
- Payroll and related records
Legal Basis
- Contract
- Legislation
- Legitimate Interest
b. Applicants:
- CV information
- Contact details
- Previous employment records
- Referee
- Clear Police / Criminal Record
- Work permit information
- Skills & Professional and Academic Achievements (e.g. languages, academic degrees
- Medical information (for specific vacancies / jobs only)
Legal Basis
- Consent
- Legitimate Interest (for application information voluntarily submitted by the applicant to us, unsolicited by Baker Tilly
c. Employees, Contractors & Workers:
- “Master Data” [full name, ID, Social Security number, address, marital status, children, age, gender, personal emails]
- “Recruitment Data” [academic records, experience, previous employers, references]
- Evaluation & Performance Information [salary, appraisals, promotions, disciplinary data, complaints and resulting investigations, appeals against HR decisions]
- Occupational data [languages, special skills, driver license]
- Operational data [sales, locations of travel, training records, leave of absence, timesheets / arrival and departure times, passports and IDs in support of business travel arrangements]
- Financial data [payroll, payroll-related, life insurance details, family status, bank account details]
Legal Basis
d. Former Employees, Contractors and Workers – For former employees, contractors or workers, the personal data types listed in (b) above are processed with the following differences:
- Financial data are kept for a period of 12 years after termination or resignation, for tax and regulatory purposes
- All other data are kept for a period of 3 years after resignation or termination for the purposes of archiving and / or providing references
Legal Basis
- Employment and Social Insurance Legislation
- Employment / Work Contracts
e. Next of Kin and Dependents:
- Full name, mobile phone details, relationship with employee, contractor or worker (next of kin)
- Full name, gender, age and birthdate
Legal Basis
- Employment / Work Contracts
f. Suppliers and subcontractors – The information listed below relates to business to business relationships between Baker Tilly and its suppliers, which includes, results or requires personal data processing of Directors, Officers and personnel of the Baker Tilly’s suppliers’ personnel involved in the relationship, as well as other physical persons who have responsibility for managing or executing dealings between the two parties:
- Identify and position / role information
- Location information (physical address and electronic location data)
- Business eMail address and phone numbers
- Mobile phone numbers (corporate or personal)
- Authority to place orders, make financial inquiries, execute financial transactions, etc.
- Vetting data (in specific cases only)
- Financial data including invoices, payments, due dates, etc.
Legal Basis
- Contract
- Legitimate Interest
g. Onsite Visitors & Guests:
- Full name
- Employer
- Person(s) to visit
- Entry and exit time
- Pass number used and access logs
- Camera / CCTV recordings
Legal Basis
h. Event Attendees:
- Full name
- Employer
- Work position and title
- Work / office location
- Work and Mobile Phone numbers
- eMail address (work and / or personal)
- Photos and images
Legal Basis
i. General Public:
- Full name, eMail, phone numbers, employer, title (for cases where you initiate an electronic communication and / or correspondence with us)
- Photos and images of you from CCTV cameras we operate at our office locations
Legal Basis
j. Website Users:
- Full name
- Gender
- eMail address (business or personal)
- Mobile, and work phone numbers
- Location information (physical address and electronic location data)
- Electronic identifiers such as IP addresses, usernames, emojis
Legal Basis
- Consent
- Contract (where this information is collected for the purpose of entering into a contract with you)
Kindly be aware that your personal data may be processed based on more than one lawful purposes. If you need more information as to the specific legal basis on which we are relying to process your personal data, please send us your specific request to dpo@bakertilly.com.cy