Personal data protection - GDPR

At BDO Svetovanje d.o.o., BDO Revizija d.o.o., and BDO Poslovne rešitve d.o.o. (hereinafter: Companies), when providing our services and in our relations with you, we strictly comply with the General Data Protection Regulation (EU679/2016, hereinafter: General Regulation) and the Personal Data Protection Act ZVOP-2 (hereinafter: ZVOP-2). Below we provide some basic information in this regard.
The General Regulation and ZVOP-2 regulate the obligations of controllers and processors and the rights of individuals in the field of personal data.
Personal data is any data or information that can be used to uniquely identify an individual (examples include: name and surname, address, residence address, telephone number, e-mail address, personal identification number, tax number, health insurance number, vehicle registration number, education, employment, function, position or status in a particular entity, etc.).
Sensitive personal data is personal data that reveals racial or ethnic origin, political opinions and beliefs, religious or philosophical beliefs, membership in associations, genetic characteristics, biometric characteristics that are processed solely for the purpose of identifying a person, health, or data concerning an individual's sex life or sexual orientation.
The Companies will not ask you for sensitive personal data, as we do not process it!
The processing of personal data means the activities of collecting, storing, processing, and transmitting personal data of individuals.

When is it lawful to process an individual's personal data in the event of cooperation or contact with the Companies?
When at least one of the following conditions is met:

  • the individual to whom the personal data relates has consented to the processing of their personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the individual to whom the personal data relates is party, or for the implementation of measures taken at the request of such individual prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary for the protection of the vital interests of the data subject or of another person;
  • processing is necessary for the performance of a task carried out in the public interest;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

The principles we follow at the Companies when processing your personal data:
  • lawfulness, fairness, and transparency,
  • purpose limitation,
  • minimization,
  • accuracy,
  • storage limitation,
  • integrity, and confidentiality.

The rights guaranteed to the individual by the General Regulation and the GDPR-2, which are strictly respected by the Companies:
  • access to personal data,
  • correction of personal data,
  • forgetting or "right to erasure,"
  • restriction of processing,
  • right to object,
  • right to data portability.


The Companies have adopted, and in our day-to-day work we endeavour to consistently comply with, all technical and organisational measures to ensure compliance with the requirements of the General Regulation, ZVOP-2, the Standards of Professional Conduct, the Information Security Standards and good practice in the field of information security.
This is based primarily on regular awareness-raising and training of our employees, who are also committed to strict compliance with all legal and internal data protection provisions.
We have also appointed a data protection officer in our companies. If you have any questions or require further clarification, please contact him or her at GDPR@bdo.si.
All requests relating to the exercise of individual rights guaranteed by the General Regulation and ZVOP-2 may also be addressed to the representative by email at GDPR@bdo.si.