Last updated: April 19, 2022

Baker Tilly US, LLP (“Baker Tilly”, “we”, “us”, “our”) is committed to compliance with the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU personal data.

In our role as a data controller, Baker Tilly may obtain personal data from multiple sources, including information provided directly to us by individuals through our website bakertilly.com  (the “Website”). 

Personal data collected via the Website may include:  

• Contact Data.  
  You may provide your contact details, such as name, job title, employer, address, phone number, email address, or other similar information, which we may use to respond to you or for administrative purposes. For example, we may contact you after you provide us personal data when requesting information about or registering for events.
• Device Information.  
  Baker Tilly may obtain information about devices that access the Website, including the type of device, its operating system, device settings, and unique device identifier.
• Authentication Data. 
  To verify the identity of registered users we may collect a user name, password, password hint(s), and other similar authentication information. 
• Client Information. 
  If you are a client of ours (e.g. we provide you accounting or tax services, assurance services, or other consulting), you may provide us personal data related to your client relationship with us via our  client portals  (e.g., financial information via the  Tax Client Portal, or information via the  Assurance and Consulting Huddle Client Portal).
• Job Application Information.  
  If you apply for a job through our  Careers Portal or  Talent Insider Portal, we or our vendor may collect your name, email address, physical address, phone number, and curriculum vitae.
• Employment Information. 
  We may also process personal data that includes employee contact information such as phone number, address, or line of business.
• Payment Information.  
  If you  pay your invoices online or in another form, we may collect personal data related to your payment such as address, username, password, and contact information.
• Other Information You Provide.  
  This includes emails and other communications that you send us or otherwise contribute, such as customer support inquiries, answers to surveys or polls, or comments on our Website (e.g. video comments).  Please be aware that information you post on public parts of our Website may be visible to anyone. You may also provide us information related to various services we provide you (e.g. your financial information for our tax assessments), in which case we may provide more details about what personal data we may collect from you at the point of providing our various services to you.

We may process personal data to:

• Contact you, transact with you, provide you services (e.g. accounting, auditing, and consulting), send you informational notices, or to respond to your comments, questions or requests.
• Conduct research and analysis, including focus groups and surveys.
• Allow you access to and provide you services through the
  client portals.
• Evaluate job applications received through our
  Careers Portal or Talent Insider Portal.
• Plan employee compensation and management.
• Facilitate, manage, personalize, and improve our customer and partner relationships.
• Process payments you submit online.
• Prevent and address fraud, breach of policies or terms, and threats or harm.
• Ensure the security and integrity of the personal data we process.
• Comply with applicable legal requirements.

These processing activities are carried out pursuant to the following legal bases:

• The processing is necessary for us to provide you with services you request, including pursuant to a contract we have with you. 
• We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
• To protect your vital interests, or those of others.
• We have a legitimate interest in using your personal data. For example, we have a legitimate interest in the following cases: sending marketing materials to client contacts, processing Baker Tilly employee data.
• If you have consented to the use of your personal data.  When you consent, you can change your mind at any time.  

We may share your personal data:

• With our affiliates or business partners when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Website.
• To our agents, vendors, consultants, marketing service providers, and other service providers who perform functions on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other websites, and send marketing and other communications on our behalf.
• To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse. Please note that in certain situations Baker Tilly may be obligated to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements in the United States or another country.
• If we are involved in a business transaction, such as a reorganization, merger, acquisition, or sale of some or all of our assets.

Also note that some portions of the Website allow you to interact with others, in which case you or others may disclose your personal data in either a public or semi-public context. For example, registered users may interact with each other via the Assurance and Consulting Huddle Client Portal.

Personal data may be transferred to Baker Tilly in the United States or in another country outside of the EU for processing. Please be aware that the data protection laws and regulations that apply to your personal data in other countries may differ from the laws in the EU. Baker Tilly will use appropriate legal mechanisms and other safeguards to protect your personal data. For example, Baker Tilly may transfer personal data in accordance with standard contractual clauses approved by the European Commission, which impose data protection obligations on the parties to the transfer.

For further information about how your data is transferred out of the EU, please contact us at [email protected]

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it. 

On the Website, we utilize online identification technologies—such as cookies, web beacons, or pixels—in accordance with applicable law and requirements.  “Cookies” are small text files placed on your hard drive when you visit a website; they store information which is sent back to our servers or those of third parties.  As described in more detail below, we use such technologies to:

• Recognize new or past Website visitors;
• Store your password if you are registered on the Website;
• Improve the Website and to better understand your visits;
• Integrate with third-party social media websites;
• Serve you interest-based or targeted advertising; and to
• Observe your behaviors and browsing activities over time across multiple websites or other platforms.

Some cookies are required for certain uses of the Website.  For example, if you choose to register an account for our Website, we will use cookies to facilitate your registration and remember your preferences.

Different types of cookies may be used for specific purposes, for example:

• Functional cookies may be used for analysis and marketing purposes, to enable certain parts of the Website to work properly, or to retain user preferences.
• Analysis cookies may collect information on how visitors use the Website, the content and products that Website users view most frequently, and the effectiveness of third-party advertising. 
• Advertising cookies assist in delivering ads to relevant audiences.  This may include, for example, placing ads at the top of search results.

Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent,” which remain until you delete the cookie or the party who served the cookie removes it. Further details concerning the cookies we use on the Website are available in the table included at the bottom of this section. 

Browser settings may enable visitors either to receive our cookies or use the Website without cookie functionality. Please note that if you restrict the use of cookies, some functions of the Website may be unavailable and we may not be able to present you with personally-tailored content. 

We may link the information collected by cookies with other information we collect from you pursuant to this Privacy Notice. Similarly, the third parties who serve cookies on the Website may link your name or email address to other information they collect.

EU data subjects have the right to access personal data maintained about them and to impose certain limits on the use and disclosure of such personal data. Subject to certain conditions, you may ask Baker Tilly to take the following actions in relation to your personal data that we hold:

• Provide you with information about our processing of your personal data and give you access to your personal data;
• Update or correct inaccuracies in your personal data;
• Delete your personal data;
• Transfer a machine-readable copy of your personal data to you or a third party of your choice;
• Restrict the processing of your personal data;
• Object to our processing of your personal data for direct marketing purposes; and/or
• Object to reliance on our legitimate interests as the basis for processing of your personal data.

You can submit these requests by email to [email protected] or our postal address provided below.  We may request specific information from you to help us confirm your identity prior to processing your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.

We will provide EU data subjects with appropriate opportunities to opt out of our sharing their personal data as required by law, and will request opt-in consent prior to using EU personal data for a purpose other than the purpose for which it was originally collected. Learn more information about your choices concerning opting out of online behavioral advertising. 

You also have the right to lodge a complaint with a supervisory authority. Learn more information about your data protection regulator.

Baker Tilly reserves the right to modify this Notice at any time. Changes will be effective immediately upon posting of the revised Privacy Notice, as indicated by the “Last Updated” date at the top of this page.  In accordance with applicable law, we will seek your consent to material changes in how we process your personal data. We encourage you to periodically review this page for the latest information on our privacy practices.

You may contact Baker Tilly regarding this Notice and our Data Protection Officer at [email protected] You also may write to the following address:

Baker Tilly US, LLP
Attn: Data Protection Inquiry
205 North Michigan Avenue
Chicago, IL 60601-5927
USA