Skip to main content

Privacy Statement

Last updated: 14 December 2023
View the cookie notice

Deloitte Belgium (hereinafter referred to as “Data Controller” or “we” or “us”) is committed to protect your privacy and processing your data in a clear and transparent manner.

This Privacy Notice is intended for the website https://www.deloitte.com/be (“Deloitte Site” or “this Site”), whilst it does not apply to other websites that could potentially be accessed by clicking from external URLs. We encourage visitors to review the Privacy Notice on each of these other websites before disclosing any personal data.

Specifically, this Privacy Notice applies to each of the Belgian legal entities belonging to the Deloitte network (the Deloitte network being Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), together with its member firms and their respective subsidiaries, affiliates, and other firms with which it constitutes a network called the “DTTL network”), with registered office address at Luchthaven nationaal 1 J, B-1930 Zaventem.

Each Belgian Deloitte entity is a separate and independent legal entity, and this Privacy Notice applies to each separately. None of the Belgian Deloitte entities have any liability for the other entities’ acts or omissions.

Deloitte.com is comprised of various global, country, regional and practice specific websites, each of which is provided by DTTL or one of its independent member firms or their related entities (collectively, the “Deloitte Network”). To learn more about DTTL, the member firms of DTTL and their related entities, please see About Deloitte.

This Privacy Notice describes how we process personal data about while browsing Deloitte Site, in accordance with the Regulation (EU) 2016/679 (GDPR) and all the applicable data protection laws and regulations. It provides evidence of the nature of the personal data collected by the Data Controller, the purposes of the processing and indicates your rights in relation to the data processed and who to contact for further information or to send any requests.

In particular, this Privacy Notice sets out how we will collect, handle, store and protect information about you when:

  • Providing services to you or our clients;
  • You use our website;
  • Performing any other activities that form part of the operation of our business, as described in further detail below.

We may prepare a specific Privacy Notice that we invite you to consult, in relation to certain services or in the context of personal data collection forms (e.g., when sending applications for job positions).

Protecting the privacy of minors is extremely important for us. Please be aware, however, that this Site and our services are not directed to minors. It is not our policy to collect or retain such data.

The Data Controller is the respective Deloitte Belgium legal entity based in Luchthaven nationaal 1 J, B-1930 Zaventem.

  • Deloitte Bedrijfsrevisoren/Réviseurs d'Entreprises BV/SRL
  • Deloitte Belastingconsulenten/Conseils Fiscaux BV/SRL
  • Deloitte Global Tax Center (Europe) BV/SRL
  • Deloitte Accountancy BV/SRL
  • Deloitte Consulting & Advisory BV/SRL
  • Deloitte Services & Investments NV
  • Deloitte Finance CV
  • Deloitte Legal BV/SRL
  • Deloitte Pension Fund (OFP)

The Data Protection Officer can be contacted at the following e-mail address: belgiumprivacy@deloitte.com.

We may collect personal data from users while browsing this Site or when requesting the activation of certain services through the appropriate forms / data collection forms.

We may collect or obtain such data because:

  • You give it to us (e.g. in a form on this Site);
  • Other people give that data to us (e.g. your employer/adviser; third party service providers we use to help operate our business);
  • It is publicly available; or We observe or infer that data about you from the way you interact with us or others. For example, to improve your experience when you use this Site and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal data. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie Notice.

The personal data collected by the Data Controller could include:

  • Name, surname, age, date of birth, gender, telephone number, e-mail address, residential address;
  • Lifestyle and social circumstances (e.g. your pastimes);
  • Family circumstances (e.g. your marital status and dependents);
  • Employment and educational details (e.g. degree, expected graduation date, CV, former or current school, the organization your work for and your job title);
  • Financial and tax-related information (e.g. payment details, your income and tax residency);
  • Posting on any blogs, forums, wikis and any other social media applications and services that we provide;
  • Job position, company / organization for which you work, professional title;
  • IP address browser type and language, access time, complaint details;• Details of how you use our products and services;
  • Details of how you like to interact with us, and other similar information relevant to our relationship;
  • Any other personal information which you may provide to us for the purpose of receiving our services and/or using our products.

We may also acquire information about users by obtaining it from the interaction patterns carried out on the Site. For example, to improve the experience of using this Site and ensure its proper functioning, we (or our service providers) may use cookies (small text files installed in the user's browser) and a web beacon that collects personal data. Further information on how to use cookies, and how to manage them can be found in the Cookie Notice.

In exceptional cases, we could also process special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs). However, if this should occur, we will request the user's consent to collect and use such information.

Personal data provided to us could be used for the following purposes:

  • To enable the navigation of this Site;
  • For the performance of services requested and the management of activities instrumentally related to such services;
  • To send insights, opinions, updates, reports on topical issues or details of our products and services that we think might be of interest to you, to contact you to invite you to events, seminars, briefings, and business development purposes;
  • To send targeted advertising from third parties through profiling cookies;
  • To fulfil legal obligations, to comply with requests from Authorities, public entities, and organizations to exercise rights, including those of third parties, in court and, where applicable, in administrative proceedings or arbitration or conciliation procedures.

The types of personal data and special categories of personal data that we collect may vary depending on the nature of the services that we provide to you or our client, or how you use this Site. In some rare circumstances, we might also gather other special categories of personal data about you because you volunteer that data to us or we are required to gather that data as a result of legal requirements imposed on us. In relation to the above-mentioned purposes, please refer to paragraph 10 to find out which rights you can exercise.

Personal data provided to us could be used for the following purposes, according to the services requested from Deloitte.

a. Use of personal data to provide services to our clients

Since we provide a wide range of services to our clients, we will use your personal data to provide you or our client with the requested services. As part of this, we may also use your personal data in the course of correspondence relating to the respective services provided.

For example, we might use personal data about:

  • A client’s employees to help those employees manage their tax affairs when working overseas
  • A client’s employees and customers in the course of conducting an audit (or similar activity) for a client
  • A client to help him/her complete a tax return
  • A client’s employees to contact him during the performance of our services and keep them informed of the project’s progress or in order to communicate them our projects’ deliverables

Based on the following legal basis:

  • Contractual and precontractual relationship (Art. 6(1)(b) of the GDPR)
  • Compliance with a legal obligation (Art. 6(1)(c) of the GDPR)

b. Use of personal data for other activities part of the operation of our business

We may also use your personal data for the purposes of, or in connection with: 

  • To fulfil legal obligations, to comply with requests from authorities, public entities, and organizations to exercise rights, including those of third parties, in court and, where applicable, in administrative proceedings or arbitration or conciliation procedures. Based on the following legal basis: 
    • Compliance with a legal obligation
  • Audit purposes. Based on the following legal basis: 
    • Contractual and precontractual
    • Compliance with a legal obligation
  • Administrative purposes. Based on the following legal basis:
    • Legitimate interest (Art. 6 (1)(f) of GDPR)
  • Maintenance and support purposed. Based on the following legal basis:
    • Legitimate interest (Art. 6 (1)(f) of GDPR)
  • Investigations or preventing (security) incidents. Based on the following legal basis: 
    • Compliance with a legal obligation
  • Financial accounting, invoicing and risk analysis purposes. Based on the following legal basis: 
    • Contractual and precontractual relationship
    • Compliance with a legal obligation
  • To send insights, opinions, updates, reports on topical issues or details of our products and services that we think might be of interest to you, to contact you to invite you to events, seminars, briefings, and business development purposes. Based on the following legal basis: 
    • Consent given by the data subject (Art. 6 (1)(a) of GDPR)
  • Relationship management, which may involve:
    • sending you thought leadership or details of our products and services that we think might be of interest to you; 
    • contacting you to receive feedback on services; and 
    • contacting you for other marketing or research purposes, such as events, campaigns, competitions, surveys or newsletters;
    • To send targeted advertising from third parties through profiling cookies.

Based on the following legal basis: 

Consent given by the data subject. Where we are legally required to obtain your explicit consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. 

You can always to unsubscribe or request to stop receiving these materials.

c. Use of personal data collected via this Site

In addition, we may also use your personal data collected via this Site:

  • To enable the navigation of this Site
  • To tailor the content of this Site to provide you with a more personalized experience and draw your attention to information about our products and services that may be of interest to you
  • To manage and respond to any request you submit through this Site

Based on the legal basis of legitimate interest. 

Your personal data will not be published, exposed, or made available and / or consulted by indeterminate subjects. 

In connection with one or more of the purposes set out in the paragraph 4, we may disclose information about you to:

  • Companies belonging to the Deloitte Network for the performance of internal administration activities;
  • Third parties delegated and/or appointed by us for the performance of activities or part of the activities related to the provision of the services requested or to the navigation of this Site (e.g., companies that provide IT services, management, and maintenance of this Site);
  • Competent authorities (including courts), for the performance of their institutional functions within the limits established by laws or regulations;
  • Third parties for the installation of cookies as required by the Cookie Notice of this Site.

Your data will be communicated to these third parties after being appointed as Data Processors or recognized as autonomous Data Controllers and will be processed by collaborators and/or employees of Deloitte in the context of their respective functions and in accordance with the instructions given by Deloitte itself. 

If necessary for the purposes stated above, the data collected may be transmitted or made accessible to other companies in the Deloitte       Network, to entities that provide services to us and/or the Deloitte Network (e.g., vendors, suppliers), to competent authorities (e.g., courts, tax authorities, regulatory authorities) including those based in other countries, which may include countries outside Switzerland or outside the European Economic Area (EEA). Third parties to whom your personal data are transferred, are bound by specific agreement and are required to keep your data securely. 

We will also share certain personal data with clients or prospective clients, as may be needed or useful for managing or developing our business or performing our contractual obligations.

In such cases, we guarantee that the transfer will take place in accordance with the provisions of Chapter V of the GDPR through the adoption of appropriate safeguards that ensure a level of data protection in accordance with the obligations to which it is legally bound, such as, Standard Contractual Clauses, Binding Corporate Rules, other applicable legal basis or based on a statutory exemption (e.g. if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority).

If you have any questions about this, please contact us at belgiumprivacy@deloitte.com

The information systems and computer programs used by us are configured in such a way as to minimize the use of personal data. as well as for the fulfillment of the related obligations, and in any case according to the terms applicable by law, according to the Central Retention Policy.

We will retain personal data on the basis of the following criteria:

  • With reference to the purposes  section 5 for the period necessary to allow navigation of this Site and the performance of the requested service;
  • With reference to purpose based on consent of section 5  until the consent is withdrawn or according to the timing provided in the Cookie Notice

We will process your data with the utmost care and respect.

Your personal data are processed with the aid of electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality, in accordance with the principles applicable to the processing of personal data pursuant to Article 5 of the GDPR, such as lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. These measures can include:

  • The training and updating activities of its staff ensuring that they are informed about privacy obligations if they have access to and process personal data;
  • Administrative and technical controls in order to limit access only to personal data that need to be known in relation to the purposes of the processing;
  • Technical security measures (e.g., firewalls, cryptography, antivirus software);
  • Physical security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any possible data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Third parties will only process your personal data where they have agreed to treat the data confidentially and to keep it secure in compliance with the applicable law.

In relation to the processing of your personal data, you have specific rights under Art. 15 to 21 of the GDPR:

  • Access: you can ask for confirmation as to whether or not a certain processing of data concerning you is in place, as well as further clarifications about the information referred to in this Privacy Notice; 
  • Rectification: you can ask to rectify or supplement the data you have provided to us, if inaccurate;
  • Erasure: you can request that your data be deleted, if they are no longer necessary for our purposes, in case of withdrawal of consent or your opposition to the processing, in case of unlawful processing, or there is a legal obligation to erase them;
  • Restriction: you can request that your data be processed only for the purpose of storage, with the exclusion of other processing activities, for the period necessary for the correction of your data, in case of unlawful processing for which you oppose the cancellation, if you have to exercise your rights in court and the data stored by us may be useful to you and,  finally, in the event of opposition to the processing and a review is in progress on the prevalence of our legitimate reasons over yours;
  • Object: you can object at any time to the processing of your data, unless there are our legitimate reasons to proceed with the processing that prevail over yours, for example for the exercise or our defence in court;
  • Withdrawal: you may revoke your consent at any time, in all cases where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal;
  • Portability: you can ask to receive your data, or to have them transmitted to another Data Controller indicated by you, in a structured format, commonly used and readable by automatic device.

Processing activities are carefully evaluated to ensure a fair balance between your rights, which are assessed on a case-by-case basis (e.g., by considering the respective legal basis in each case and the purposes of the processing) and our interests.

To exercise these rights, you can send an email to belgiumprivacy@deloitte.com or write to us at the address below:

Privacy Office

Gateway building, Luchthaven nationaal 1 J,

B-1930 Zaventem, Belgium

The time limit for the Deloitte Belgium to address your request is 1 month, which may be extended up to 2 further months in cases of particular complexity.

We also inform you that you have the right to lodge a complaint with the Supervisory Authority for the protection of personal data.

Belgian Data Protection Authority

Drukpersstraat 35, 1000 Brussels, Belgium

contact@apd-gba.be

We may modify or amend this Privacy Notice from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended Privacy Notice will be effective from that revision date. We therefore invite you to regularly consult our Privacy Policy in order to stay up to date with any changes made since your last consultation.