Privacy Policy


This privacy notice
describes how BDO Malta (“we”, “us”) collects and processes personal information about you in connection with our recruitment activities; how we use and protect this information; and your rights in relation to this information.

Who we are / Controller

For the purposes of the General Data Protection Regulation (“GDPR”), the data controller is BDO Malta (and the relevant BDO Malta group entity advertising the vacancy).

We use Pinpoint, an applicant tracking system provided by The Infuse Group Ltd (t/a Pinpoint Software), to help us manage recruitment. Pinpoint processes personal data as our processor and may only process your personal data in accordance with our instructions.

1. INFORMATION WE COLLECT
We may collect your personal information from a variety of sources, including information we collect from you directly, and information we collect about you from other sources (where permitted by law).

1.1 Information we collect directly from you
The categories of information we may collect include:
  • Identification and contact details (e.g., name, email address, phone number, address).
  • Application and recruitment information (e.g., CV, cover letter, qualifications, work history, skills, references you provide, interview notes/assessments, communications with you).
  • Right‑to‑work / eligibility information where applicable (e.g., nationality/visa status or documentation you provide).
  • Any other information you choose to share with us during the process.
Mandatory vs optional: Some information is necessary to progress your application (e.g., contact details and CV). If you do not provide required information, we may be unable to process your application.

1.2 Information we collect from other sources
Where relevant and permitted by law, we may obtain information about you from:
  • Publicly available sources (e.g., professional networking sites such as LinkedIn),
  • Recruitment referrals, and
  • Referees / former employers (typically only at the appropriate stage, and where applicable).
We use this information to validate your application, to assess suitability for roles, and to keep our recruitment records accurate and up to date.

2. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We use your personal information for recruitment-related purposes, including:
  • assessing your application for the role you applied for;
  • communicating with you about your application and arranging interviews/assessments;
  • considering you for other roles (where relevant and in line with your preferences);
  • verifying information you provide (e.g., qualifications, experience), and where appropriate, conducting pre‑employment checks;
  • maintaining our recruitment records and improving our recruitment processes.
Legal bases
We must have a lawful basis to process your personal information. Depending on the activity, this will typically include:
  • Taking steps at your request prior to entering into an employment contract (e.g., processing your application and progressing recruitment steps);
  • Compliance with legal obligations (where applicable, e.g., certain statutory checks);
  • Legitimate interests (e.g., recruiting staff, managing an efficient and fair recruitment process, maintaining appropriate records, and defending legal claims where necessary), provided those interests are not overridden by your rights and freedoms.
Automated tools / profiling
We may use Pinpoint features to help organise, filter, and rank applications using criteria we define (e.g., skills/experience aligned to the role). The final hiring decision is not made solely by automated means; it is made by our recruitment team. Where you wish to understand or challenge outcomes, you may contact us using the details in Section 8.

3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have rights under GDPR, which may include the right to:
  • access your personal data;
  • request correction of inaccurate data;
  • request erasure in certain situations;
  • restrict processing in certain situations;
  • object to processing where we rely on legitimate interests;
  • request data portability (where applicable).
To exercise your rights, you may use any “manage your data” functionality made available through Pinpoint (where enabled) and/or contact us using the details in Section 8.

4. INFORMATION SHARING
In general, we do not share your personal information with third parties other than service providers acting on our behalf, unless we have a lawful basis to do so. We may share your information with:
  • relevant internal stakeholders (e.g., HR, hiring managers, interviewers);
  • our service providers supporting recruitment (including Pinpoint as our processor);
  • professional advisers where necessary (e.g., legal), or
  • public authorities where required by law.
We require service providers to protect your information and use it only for the services they provide to us.

5. INFORMATION SECURITY & RETENTION
Information security
We implement appropriate technical and organisational measures to protect personal information from loss, misuse, alteration, or unauthorised access, and limit access to those with a genuine business need.

How long we keep your personal information
We retain recruitment information in accordance with our retention policy and only for as long as necessary for recruitment and related purposes (including dealing with queries/complaints and defending legal claims where necessary).

Recruitment retention schedule:
  • recruitment candidate information: 1 year;
  • CVs and interview notes: 1 year;
6. HOW WE USE ARTIFICIAL INTELLIGENCE (AI)
Where used in recruitment, AI-enabled functionality (if any) is intended to assist with administrative efficiency (e.g., sorting or matching) and does not replace human decision-making. We apply oversight and periodically review the use of such tools to ensure appropriate safeguards.

7. INFORMATION TRANSFER
Recruitment data processed in Pinpoint is stored in Pinpoint’s production infrastructure across data centre locations including Amsterdam, Dublin and London.

Where personal information is transferred outside the EEA/your jurisdiction, we put in place appropriate safeguards in accordance with data protection law, such as contractual protections (e.g., Standard Contractual Clauses). 

8. CONTACT US
If you have questions or concerns regarding the way in which your personal information has been used, you may:
  • utilise the Manage Your Data tool made available through our Pinpoint portal page (where enabled). 
  • contact us directly at:
    • HR: hr@bdo.com.mt 
    • Privacy contact: privacy@bdo.com.mt
If you believe we have not been able to address your concern, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner of Malta via their website: https://idpc.org.mt/.

9. CHANGES TO THIS PRIVACY NOTICE
We may modify or update this notice from time to time. The most recent version will be made available via our careers site / recruitment channels and will show the latest revision date.

Latest update: 12/05/2026