EU Data Protection Center

Data protection laws in Europe have been changing in big ways lately. Read the information below to see how BKD collects, protects, manages and uses data. 

Please note:  This information only applies to European Union (EU) citizens and residents.


EU Data Protection Statement

Personal & Anonymous Data We Collect

BKD strives to protect any data relating to an identified or identifiable person. BKD collects personally identifiable and anonymous information to provide the best online experience. Personally identifiable information is information that identifies you, such as your name, postal address, telephone number, email address and other information.

Throughout BKD websites and databases, a user’s personably identifiable information may be recorded, processed and stored in a multitude of ways. We will ask you to provide personally identifiable information when you create an account, subscribe to our newsletters, emails and Thoughtware, register for one of our events, purchase products or services, submit information to us through our website, contact us with a question or concern or participate in other digital activities when you visit our website.

Other ways your personally identifiable information may be collected, updated, processed or used include, but are not limited to, the following:

  • From you when inputting, uploading or submitting to our website or third-party data aggregators
  • Your inquiries by mail, telephone, email, social media or face-to-face conversations
  • Interviews with any of the foregoing parties, agreements, applications, forms and other documents received from you
  • Any of the foregoing parties or any information you submit voluntarily to us

We may also collect personally identifiable information from you at professional conferences and seminars that you voluntarily submit to us through business cards, forms or face-to-face conversations.

How We Use, Process & Store Personal Data

For data collection, processing and storage purposes, BKD uses a variety of means, including but not limited to, 990Connect, BKDconnect, Eventbrite, GoToWebinar,, Informatica, LeapFile, Marketo, Salesforce, Social Studio, Tax Caddy, Thomson Reuters GoSystem Tax RS and various other programs capturing personally identifiable and anonymous information. Data may also be enhanced or captured through in-person sharing via phone call, email, third-party data aggregators, digital exchange or social media.

To enhance your BKD experience, your information may also be used in one or more of the following manners:  lead scoring, propensity-to-purchase calculations, behavior analysis, demographic analysis, industry analysis, digital marketing automation efforts, email communications, print and hard copy communications mailed out, calling campaigns, internal database use and analysis, sales tracking, predictive analysis, web tracking, IP tracking, cookies tracking, email/data verification via Informatica, social media listening, reporting, metric analysis, engagement and analytics and person-to-person sharing of personally identifiable information.

Using the data in this manner will help us enhance your online experience while using our website and services. For example, using Google Analytics and other Google products, we may also combine anonymous and personally identifiable usage information collected from your visit to the site with that of other users to determine which features and areas of the website are most popular.

Data Consent & Storage Duration

Personally identifiable information of EU citizens or residents will not be stored or processed without explicit consent. Consent may be granted via our website, Thoughtware Subscription Center, any form fill-out to access or download content or register for a webinar, contact us form or person-to-person and digital conversations. By performing any one of these actions, you give us permission to process and store your personally identifiable information in regard to BKD’s Privacy Policy, Terms of Use and EU Data Protection Center statement.

General Data Storage Duration

In general, BKD’s data retention policy requires the purge of most data within a range of six months to seven years in accordance with U.S. laws and regulations. Items not related to client engagements are purged within three years or less.


Personally identifiable information stored and processed via GoToWebinar will be kept for 365 days after creation date and then automatically deleted from GoToWebinar, per GoToWebinar system requirements.


Personally identifiable information stored and processed via Eventbrite will be kept for up to five years, which aligns with the firm’s data retention policies for CPE and NASBA compliance. After five years, events beyond this threshold will be removed, and the personally identifiable information associated with that event will also be removed. However, personally identifiable information related to events more recent than 5 years will be stored until the retention threshold is breached to remain CPE and NASBA compliant.


Personally identifiable information is not stored in the firm’s Informatica account. However, the firm does use Informatica for email verifications. Verifications are sent via Outlook. Therefore, email addresses sent via Outlook for Informatica verification will be deleted after 180 days of creation. For more information on Informatica’s data retention policy, please contact them directly.

Marketo & Salesforce

Personally identifiable information stored and processed via Marketo and Salesforce will be retained as long as the respective individual is subscribed to BKD Thoughtware and/or actively engaged with BKD content, including but not limited to, the following digital interactions:  webpage visits, form fill-outs, content downloads, webinar registrations/attendances, Thoughtware subscriber, email opens and email clicks. Personally identifiable information will be retained under these circumstances because the respective individual has requested to remain in our data systems and processors by continuing to engage with BKD content. The individual would not be able to fulfill the desired digital actions without data storage and processing of his/her personally identifiable information. Personally identifiable information of individuals who have not engaged with BKD content in more than five years will be automatically purged from Marketo and Salesforce. The continual lack of engagement is interpreted as the individual no longer desiring to be contacted by BKD. Also, data storage of five years aligns with the firm’s data retention policies for CPE and NASBA compliance.

Note:  Social Studio is a listening tool that may sync social media information to Salesforce. However, when an individual is removed from Salesforce, all of their information, including all social media data and metrics for the respective individual, is deleted and no longer available in either Salesforce or Social Studio.

To request data removals or restrict processing, please visit our EU Data Protection Center.

How We Handle Data

We care about your privacy, and we will not sell, license, transmit or disclose your personally identifiable information outside of BKD and its affiliated companies. We restrict access to such personally identifiable information to those personnel, affiliates and subsidiaries. We maintain physical, electronic and procedural safeguards to protect such personally identifiable information. Person-to-person sharing of your personally identifiable information may occur between our personnel and our affiliates and subsidiaries. This sharing may occur by mail, telephone, email, private and direct messaging such as Skype or face-to-face conversations.

If we use agents, contractors or other companies, such as social media, to perform services on our behalf, we will require that they protect your personally identifiable information. On the other hand, you must be comfortable with the privacy policies of any other sites you authorize to gather information from us, as the privacy policies of such other sites will govern the use of your personally identifiable information once it has been transmitted by us.

Although we do not sell personally identifiable information, we may disclose personally identifiable information to the following parties under the following circumstances:

  • You (if you direct us to do so)
  • Unaffiliated financial services providers
  • Transfer agents
  • Custodians and trustees
  • Banks, financial representatives, proxy services, vendors, affiliates, licensees, licensors, affiliates, solicitors or printers
  • Third parties who assist us or who perform services on our behalf in order to provide you with products and services or to affect transactions that you request or authorize
  • Third parties if we are compelled to do so by law
  • Third parties in order to protect any account you may have with us from fraud, misfeasance, malfeasance or other wrongful acts


From time to time, we may be required to disclose your personally identifiable information in response to a court order, subpoena, government investigation or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful. We also may disclose certain personally identifiable information when we believe that such disclosure is reasonably necessary to protect the rights, property and safety of others or ourselves.

How to Access & Control Data

If you are an EU citizen or resident and we are processing your data, you have several data subject access rights, which include the following:

  • Right to be informed
  • Right to request data correction
  • Right to request data access
  • Right to request data portability
  • Right to request data erasure
  • Right to request withdrawal of consent
  • Right to restrict processing
  • Right to objection
  • Right to request not to be subjected to automated decision making

Data subject access rights may be exercised below. The request will be fulfilled in 30 days once requested, processed and received by us. We reserve the right to deny any requests deemed too financially cumbersome for the firm to execute.


Cookies are information files that our website may send to your computer to provide extended functionality and to allow us to collect anonymous or personally identifiable data to track usage patterns, monitor activity and administer the website. Cookies let us "remember" information about your preferences and allow you to move about our site without reintroducing yourself. We may use cookies for a number of purposes, such as tracking usage patterns on the site, easy form data fill-out, email subscriptions and measuring the effectiveness of the website.

If you have an account with us, we may use cookies to access, retrieve or store your personally identifiable information, such as your password and/or user ID, so you do not have to enter it more than once. You may disable cookies, opt-out of being tracked via cookies all together across our website, receive a warning before a cookie is placed on your computer and erase cookies from your hard drive through use of options or preferences menus in your browser. It is possible, however, that some parts of our site will not operate correctly if you disable the cookies feature. You should consult with your browser's provider/manufacturer if you have any questions regarding disabling cookies.

When visiting our website, only strictly necessary cookies will be turned on until you explicitly opt-in to either all cookies or the cookies of your choosing. You may update your cookie settings by clicking "Cookie Settings" on the banner that appears at the top of our website or the button to the left.

Cybersecurity Breach Protocol

In accordance with GDPR requirements, we will inform the supervisory authority within 72 hours of our data controller(s) becoming aware of any significant cybersecurity breach and/or incident. If the breach is of a serious nature and impacts the rights and freedoms of individuals in our databases, we will inform the intended public as reasonably as possible and without delay.

Subject Access Rights

If you are an EU citizen or resident and we are processing your data, you have several data subject access rights, which include the following:

  • Right to be informed
  • Right to request data correction
  • Right to request data access
  • Right to request data portability
  • Right to request data erasure
  • Right to request withdrawal of consent
  • Right to restrict processing
  • Right to objection
  • Right to request not to be subjected to automated decision making

To invoke your data subject access rights, fill out the below form. Once requested and received by us, your request will be fulfilled within 30 days. We reserve the right to deny any requests deemed too financially cumbersome for the firm to execute.

Subject Access Rights Request Form