Privacy and GDPR
Your privacy is important to us. This privacy statement explains what personal data Baker Tilly International ("International") collects from you, through our interactions with you and through our solutions, and how we use that data.
International offers a wide range of services, from branding guidance to technical support. References to International services in this statement include International services, websites, apps, software, servers and devices.
This statement applies to International’s interactions with you and the International services listed below, as well as other International services that display this statement.
Our policy is to collect only the personal data necessary for agreed purposes and we ask our members only to share personal data where it is strictly needed for those purposes.
Where we need to process personal data to provide our services, we ask our members to provide the necessary information to other data subjects concerned, such as family members, regarding its use.
For certain services or activities, and when required by law or with an individual's consent, we may also collect special categories of personal data. Examples of special categories include race or ethnic origin; religious or philosophical beliefs; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records.
Generally, we collect personal data from our members or from a third party acting on the instructions of the relevant member.
Personal data that we collect
International collects data to operate effectively and provide you the best experiences within the network. You provide some of this data directly, such as when you create a Billy or Legal Anywhere account, administer your organisation’s account, submit an email query, register for an International event, upload a document to Huddle or contact us for support. We get some of it by recording how you interact with our products by, for example, using technologies like cookies, and receiving error reports or usage data from software running on your device.
We also obtain data from third parties such as Dynamic Events and our conference application, Cvent. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included:
- Cvent for conferences
- social networks when you grant permission to an International product to access your data on one or more networks
- Huddle.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide a product or feature, you may not be able to use that product or feature.
The data we collect depends on the context of your interactions with International, the choices you make, including your privacy settings, and the products and features you use. The data we collect can include the following:
- Name and contact data: We collect your first and last name, email address, postal address, phone number and other similar contact data
- Credentials: We collect passwords, password hints and similar security information used for authentication and account access
- Demographic data: We collect data about you such as your age, gender, country and preferred language
- Payment data: We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument
- Contacts and relationships: We collect data about your contacts and relationships if you use an International product to manage contacts, for example Billy, Huddle or the worldwide directory, or to communicate or interact with other people or organisations, for example, Billy
- Content: We collect content of your communications when necessary to provide you with the solutions you use, such as referral data
- Video and photo: If you attend a conference or other similar training event, your image may be captured by our cameras or those of other delegates.
How we use personal data
International uses the data we collect for two basic purposes, described in more detail below: (1) to operate our business and provide (including improving and personalising) the solutions we offer, (2) to send communications, including promotional communications.
In carrying out these purposes, we combine data that we collect to give you a more seamless, consistent and personalised experience. However, to enhance privacy, we have utilised technological and procedural safeguards designed to prevent certain data combinations. For example, we utilise the highly secure, GDPR compliant solutions offered by vendors such as Microsoft and Huddle.
Providing and improving our solutions. We use data to provide and improve the solutions we offer and perform essential business operations. This includes operating the solutions, maintaining and improving the performance of the solutions, developing new features, conducting research and providing member support. Examples of such uses include the following:
- Providing the solutions: We use data to carry out your interactions with us and to provide our solutions to you. Often, those solutions include personalised features and recommendations that enhance your productivity and enjoyment, and automatically tailor your solutions experiences based on the data we have about your activities, interests and location
- Member support: We use data to diagnose solutions problems and provide other member care and support services
- Solution improvement: We use data to continually improve our solutions, including adding new services or capabilities. For example, we use feedback emails to improve solution features and search queries to improve the relevancy of the search results, usage data to determine what new features/solutions to prioritise
- Security, safety and dispute resolution: We use data to protect the security and safety of our solutions and our members, to detect and prevent fraud, to resolve disputes and enforce our agreements. Our security features, provided by Microsoft, can disrupt the operation of malicious software and notify members if malicious software is found. For example, some of our communications solutions, such as Outlook, systematically scan content in an automated manner to identify suspected spam, viruses, abusive actions or URLs that have been flagged as fraud, phishing or malware links; and we may block delivery of a communication or remove content if it violates our terms
- Business operations: We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions and report on the performance of our business
- Communications: We use data we collect to communicate with you and personalise our communications with you. For example, we may contact you by phone or email or other means to inform you when a service/solution is ending, discuss your membership, let you know when new services are available, invite you to participate in a survey/conference/meeting, or tell you that you need to take action to keep your account up to date.
Additionally, you can sign up for email subscriptions and choose whether you wish to receive other relevant communications from International by email, social enterprise network, post and telephone.
For information about managing your contact data, email subscriptions and other communications, please contact info@bakertilly.global.
Reasons we share personal data
We share your personal data with your consent or as necessary to complete any transaction or provide any product you have requested or authorised. For example, we share your content with third parties when you tell us to do so, such as when you agree to attend a conference/training event.
When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
In addition, we share personal data among International-controlled affiliates and subsidiaries (for example, with CCBP Pillars Limited for branding and trademark purposes).
We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide member service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.
Finally, we will access, transfer, disclose and preserve personal data, including your content (such as the content of your discussions/files in Billy, Legal Anywhere and Huddle (note: these are examples and not a limited list), when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
- protect our members, for example to prevent spam or attempts to defraud users of our services, or to help prevent the loss of life or serious injury of anyone
- operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks
- protect the rights or property of International, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property belonging to International, we will not inspect a member's private content ourselves, but we may refer the matter to law enforcement.
How to access and control your personal data
You can view, edit or delete your personal data online for many International solutions (for example, Legal Anywhere, Billy and Huddle). You can also make choices about International's collection and use of your data. How you can access or control your personal data will depend on which products you use. For example:
If you cannot access certain personal data collected by International via the links above or directly via the International (third party) solutions that you use, you can always contact International at info@bakertilly.global. We will respond to requests to access or delete your personal data within 14 days.
Your communication preferences
You can choose whether you wish to receive communications from International by email, Billy, postal mail and telephone. If you receive email from us and would like to opt out, you can do so by following the directions in those messages. These choices do not apply to mandatory service communications that are part of certain International services, or to surveys or other informational communications that have their own unsubscribe method.
Browser-based controls
- Cookie controls: Relevant browser-based cookie controls are described here.
- Tracking protection: Internet Explorer (versions 9 and up) has a feature called Tracking Protection that will block third-party content, including cookies, from any site that is listed in a Tracking Protection List you add. By limiting calls to these sites, the browser will limit the information that these third-party sites can collect about you.
- Browser controls for "Do Not Track": Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites that you visit indicating that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, International services do not currently respond to all browser DNT signals. We continue to monitor the online industry (via Microsoft) to define a common understanding of how to treat DNT signals. In the meantime, you can use the range of other tools that we provide to control data collection and use, including the ability to opt out of receiving interest-based communications from International as described above.
Accuracy of information
International assumes responsibility for keeping an accurate record of personal data once you have submitted the information, but not for confirming the on-going accuracy of your personal information. If you advise International that your personal data is no longer accurate, it will be amended (where practical).
Provision of information to third parties
Information may be provided to one or more independent members of International to allow us to deal with your enquiry. There may be other circumstances where International is required to provide information as a result of legal process.
International does not undertake marketing activities for third parties, nor does it provide information to third parties for their own marketing purposes.
Data retention
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is eight years.
Security of information
The data controller collecting the information described in this statement is International.
Generally accepted standards of technology and operational security have been implemented to protect personal information from loss, misuse, alteration, or destruction. All International personnel are required to keep personal information confidential and only authorised persons have access to such information.