Privacy Policy


Here at BDO Romania we take the appropriate steps to ensure the protection of your personal data, in accordance with the principles set out in applicable data protection legislation in Romania, including Regulation (EU) 2016/679 on the protection of natural persons regarding data processing and the free movement of such data and repealing Directive 95/46/EC ("GDPR").

This policy is intended to summarize our approach on the activities of processing personal data through the website and provides insight on the following:

  • Categories of personal data processed and data subjects involved
  • Legal basis and purposes of the processing activities
  • Duration of processing personal data
  • Security
  • Third party recipients
  • Rights of the data subjects

For particular information regarding the data processing activities, please check the data protection policies put in place at the level of each BDO entity you interact with.

Categories of personal data processed and data subjects involved

We do not require registration for access or other means of personal data processing when accessing our website. However, if you participate in any of the activities or services offered by Hivetech, we will collect the personal information that we need in order to provide you with those services. Failure to provide this information may prevent or delay the provision of any services to you.

The personal data Hivetech may process in connection to the data subjects, by means of the website, relate to:

  • Name, surname, e-mail address, company when the data subject fills out the contact form on the website;
  • Name, surname, e-mail address, company when the data subject fills out the career form (for application for a position within Hivetech) on the website;
  • Name, surname, e-mail address, company when the data subject fills out the form for newsletter subscription, available on the website.

The data subjects in connection to who Hivetech may process personal data are: clients and prospective clients, representatives/employees of the clients/prospective clients, users of Hivetech’s website who also, if the case, subscribe to its newsletters, applicants for various positions within Hivetech.

The processing activities in connection to the personal data involve collection, usage, access, retention, update, transfer and deletion, as applicable.

The information required will be the minimum as to enable Hivetech to deal with your request.

Legal basis and purposes of the processing activities

We process personal data for the following purposes:

  • To take the necessary measures (from a legal and commercial/internal business standpoint) in view of a potential agreement concluded with a prospective client/supplier;
  • To conduct recruiting processes;
  • To contact the data subjects with marketing information in relation to services offered by Hivetech;
  • To ensure the proper answer to the data subject’s request in relation to his/her data processed by Hivetech.

We process personal data with the following legal basis:

  • Conclusion and performance of an agreement, when the data subject is a client of Hivetech;
  • Legitimate interest in regard to the recruiting processes and the contact with potential clients;
  • Consent, when such is expressly requested, when no other legal basis is applicable.

Duration of processing personal data

Hivetech will store personal data if the law requires it so or as long as there is a legitimate interest of Hivetech in retaining the personal data. Due to the fact that the personal data is stored by Hivetech for different purposes and/or legal basis, the specific terms for which the personal data is stored are different.

After the retention term expires, Hivetech will ensure the safe deletion and/or destruction of the personal data.


Generally accepted standards of technology and operational security have been implemented to protect personal data from loss, misuse, alteration or destruction. All partners, employees and principals are required to keep personal data confidential and only authorized personnel have access to such information.

Third party recipients

Hivetech shall transfer personal data only in full accordance with the GDPR principles.

Hivetech may transfer personal data to its affiliates, third-party service providers (such as IT providers, archiving providers) as well as the relevant authorities (such as the anti-money laundering office, fiscal authorities etc.).

Rights of the data subjects

  • The right of access: by which the data subject may obtain a confirmation regarding the existence of any data processing activities conducted or not by Hivetech and, if the case, the right to obtain information on the data processing activities
  • The right of rectification: by which the data subject may obtain the correction of inaccurate personal data
  • The right to erasure: by which it may be obtained the erasure of the personal data in certain cases; Hivetech cannot agree to this request if the law obliges it to keep the personal data or if the data is necessary for a legitimate interest of Hivetech
  • The right to restriction: by which it may be obtained the restriction of personal data use, until the solving another request of the data subject
  • The right to object: by which the data subject may oppose to the personal data processing, as per the law. Hivetech may agree directly to the data subject’s request in this sense, in cases of data processing for direct marketing. Regarding other cases which may arise, Hivetech shall assess its interests by comparison to the factual situation of the data subject, when adopting its decision.
  • The right to portability: by which the data subject may obtain the personal data held by Hivetech with respect to a data subject in a structured, commonly used and machine readable format or the right of the data subject to request the circulation of this personal data to another controller.
  • The right to file a complaint with the Romanian data protection authority, having its headquarters at 28-30 G-ral Gheorghe Magheru Bld. District 1, Bucharest, 010336, Romania.

If you would like to opt out of receiving promotional or marketing communications from Hivetech in the future, you may let us know by using the opt-out link mentioned in each marketing communication sent by e-mail to you. However, your option not to receive promotional and marketing e-mail shall not preclude us from corresponding with you, by e-mail or otherwise, regarding your existing relationship with us, on other legal basis.

The request to exercise the above rights with Hivetech must be addressed in writing to the concerned BDO entity. We will ensure that all appropriate measures are taken to resolve your request without undue delay.

Requests for access, rectification, restriction or erasure of processing personal data must be made subject to the legal restrictions in force.


Hivetech reserves the right to amend this policy from time to time, as it may be necessary. Please make sure to check this regularly. Continuing to use this website is deemed as your acceptance of the changes to this policy.

BDO network in Romania (hereinafter referred to as „BDO Romania”) is comprised of the following entities: BDO Audit SRL, BDO Tax SRL, BDO Business Advisory SRL, BDO Business Restructuring SPRL, BDO Auditors and Accountants SRL, BDO Auditors and Business Advisors SRL, BDO Outsourcing Services SRL, BDO Support Services SRL, Tudor, Andrei și Asociații SPARL