Last Updated: December 7, 2018
Baker Tilly Virchow Krause, LLP (“Baker Tilly”, “we”, “us”, “our”) is committed to compliance with the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU personal data. To this end, Baker Tilly complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to the United States from the European Union.
Personal Data Collection
In our role as a data controller, Baker Tilly may obtain personal data from multiple sources, including information provided directly to us by individuals through our website www.bakertilly.com (the “Website”).
Personal data collected via the Website may include:
- Contact data. You may provide your contact details, such as name, job title, employer, address, phone number, email address, or other similar information, which we may use to respond to you or for administrative purposes. For example, we may contact you after you provide us personal data when requesting information about or registering for events.
- Device Information. Baker Tilly may obtain information about devices that access the Website, including the type of device, its operating system, device settings, and unique device identifier.
- Authentication Data. To verify the identity of registered users we may collect a user name, password, password hint(s), and other similar authentication information.
- Client Information. If you are a client of ours (e.g. we provide you accounting or tax services, assurance services, or other consulting), you may provide us personal data related to your client relationship with us via our client portals (e.g., financial information via the Tax Client Portal, or information via the Assurance and Consulting Huddle Client Portal).
- Job Application Information. If you apply for a job through our Careers Portal or Talent Insider Portal, we or our vendor may collect your name, email address, physical address, phone number, and curriculum vitae.
- Employment Information. We may also process personal data that includes employee contact information such as phone number, address, or line of business.
- Payment Information. If you pay your invoices online or in another form, we may collect personal data related to your payment such as address, username, password, and contact information.
- Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute, such as customer support inquiries, answers to surveys or polls, or comments on our Website (e.g. video comments). Please be aware that information you post on public parts of our Website may be visible to anyone. You may also provide us information related to various services we provide you (e.g. your financial information for our tax assessments), in which case we may provide more details about what personal data we may collect from you at the point of providing our various services to you.
Personal Data Processing
We may process personal data to:
- Contact you, transact with you, provide you services (e.g. accounting, auditing, and consulting), send you informational notices, or to respond to your comments, questions or requests.
- Conduct research and analysis, including focus groups and surveys.
- Allow you access to and provide you services through the client portals.
- Evaluate job applications received through our Careers Portal or Talent Insider Portal.
- Plan employee compensation and management.
- Facilitate, manage, personalize, and improve our customer and partner relationships.
- Process payments you submit online.
- Prevent and address fraud, breach of policies or terms, and threats or harm.
- Ensure the security and integrity of the personal data we process.
- Comply with applicable legal requirements.
These processing activities are carried out pursuant to the following legal bases:
- The processing is necessary for us to provide you with services you request, including pursuant to a contract we have with you.
- We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in using your personal data. For example, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of the Website. This includes implementing and enhancing security measures and protecting against fraud, spam, and abuse.
- To maintain and improve the Website.
- To operate the Website and provide you with certain tailored advertising and communications to develop and promote our business.
- To maintain business relationships using company contact information.
- If you have consented to the use of your personal data. When you consent, you can change your mind at any time.
Disclosure of Personal Data
We may share your personal data:
- With our affiliates or business partners when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Website.
- To our agents, vendors, consultants, marketing service providers, and other service providers who perform functions on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other websites, and send marketing and other communications on our behalf.
- To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
- If we are involved in a business transaction, such as a reorganization, merger, acquisition, or sale of some or all of our assets.
Also note that some portions of the Website allow you to interact with others, in which case you or others may disclose your personal data in either a public or semi-public context. For example, registered users may interact with each other via the Assurance and Consulting Huddle Client Portal.
The EU-U.S. Privacy Shield Framework
When processing EU personal data, Baker Tilly has committed to apply the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. Baker Tilly complies with the Privacy Shield Principles with respect to onward transfers of personal data from the EU, including the onward transfer liability provisions.
The following is a list of Baker Tilly subsidiaries to which our Privacy Shield Certification applies:
|Baker Tilly Beers & Cutler, LLC||Baker Tilly Capital, LLC|
|Baker Tilly Executive Search, LLC||Baker Tilly Financial, LLC|
|Baker Tilly Municipal Advisors, LLC||Baker Tilly Search & Staffing, LLC|
|Baker Tilly Valuation, LLC||Baker Tilly Vantagen, LLC|
|BT Benefits & Consulting, LLC||Curtis Financial Group, LLC|
|Civic Systems, LLC||Rubicon Benefits, LLC|
|Partner Relocation Services, LLC||The Valued Advisor Fund, LLC|
|The Business Valued Advisor Fund, LLC||Virchow Krause Canada, LLC|
|Virchow Krause & Company, LLP||VK Syndications, LLC|
Please note that in certain situations Baker Tilly may be obligated to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Questions, Complaints, and Recourse
In accordance with the EU-U.S. Privacy Shield Principles, Baker Tilly is committed to resolving privacy complaints regarding our personal data practices. EU data subjects with inquiries or complaints regarding this Privacy Notice should first contact Baker Tilly at email@example.com.
You also have the right to lodge a complaint with a supervisory authority. You can find information about your data protection regulator here. For complaints from EU data subjects that cannot be resolved with Baker Tilly directly, Baker Tilly will cooperate with such EU authorities and will implement advice they provide with respect to such unresolved complaints, including by taking appropriate steps to correct Privacy Shield compliance issues.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Baker Tilly is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
To learn more about the Privacy Shield program, and to view our certification page, you may visit https://www.privacyshield.gov/.
If there is a conflict between this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Other EU Personal Data Transfers
Baker Tilly also may transfer personal data in accordance with standard contractual clauses approved by the European Commission, which impose data protection obligations on the parties to the transfer. For further information on the mechanism(s) used to transfer your personal data, please contact us at firstname.lastname@example.org.
We maintain appropriate administrative, technical, physical, and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of personal data obtained or stored electronically.
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.
Cookies and Other Tracking Technologies
On the Website, we utilize online identification technologies—such as cookies, web beacons, or pixels—in accordance with applicable law and requirements. “Cookies” are small text files placed on your hard drive when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:
- Recognize new or past Website visitors;
- Store your password if you are registered on The Website;
- Improve the Website and to better understand your visits;
- Integrate with third-party social media websites;
- Serve you interest-based or targeted advertising; and to
- Observe your behaviors and browsing activities over time across multiple websites or other platforms.
Different types of cookies may be used for specific purposes, for example:
- Functional cookies may be used for analysis and marketing purposes, to enable certain parts of the Website to work properly, or to retain user preferences.
- Analysis cookies may collect information on how visitors use the Website, the content and products that Website users view most frequently, and the effectiveness of third-party advertising.
- Advertising cookies assist in delivering ads to relevant audiences. This may include, for example, placing ads at the top of search results.
Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent,” which remain until you delete the cookie or the party who served the cookie removes it. Further details concerning the cookies we use on the Website are available in the table included at the bottom of this section.
We may link the information collected by cookies with other information we collect from you pursuant to this Privacy Notice. Similarly, the third parties who serve cookies on the Website may link your name or email address to other information they collect.
Rights and Choices
EU data subjects have the right to access personal data maintained about them and to impose certain limits on the use and disclosure of such personal data. Subject to certain conditions, you may ask Baker Tilly to take the following actions in relation to your personal data that we hold:
- Provide you with information about our processing of your personal data and give you access to your personal data;
- Update or correct inaccuracies in your personal data;
- Delete your personal data;
- Transfer a machine-readable copy of your personal data to you or a third party of your choice;
- Restrict the processing of your personal data;
- Object to our processing of your personal data for direct marketing purposes; and/or
- Object to reliance on our legitimate interests as the basis for processing of your personal data.
You can submit these requests by email to email@example.com or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
We will provide EU data subjects with appropriate opportunities to opt out of our sharing their personal data as required by law, and will request opt-in consent prior to using EU personal data for a purpose other than the purpose for which it was originally collected.
For more information about your choices concerning opting out of online behavioral advertising click here.
Changes to this Notice
Baker Tilly reserves the right to modify this Notice at any time consistent with the requirements of Privacy Shield Principles. Changes will be effective immediately upon posting of the revised Privacy Notice, as indicated by the “Last Updated” date at the top of this page. In accordance with applicable law, we will seek your consent to material changes in how we process your personal data. We encourage you to periodically review this page for the latest information on our privacy practices.
You may contact Baker Tilly regarding this Notice or for Privacy Shield inquiries at firstname.lastname@example.org. Our Data Protection Officer may be contacted via email sent to email@example.com. You also may write to the following address:
Baker Tilly Virchow Krause, LLP
Attn: Data Protection Inquiry
205 North Michigan Avenue
Chicago, IL 60601-5927