Last updated: August 11th 2020
The www.deloitte.com website is made up of several individual sites (global, regional, country-specific or Deloitte business practice), each provided by Deloitte Touche Tohmatsu Limited ("DTTL") or by member firms of their respective entities (collectively referred to as the "Deloitte Network"). These individual websites are located on the top right corner of each webpage.
This Privacy and Personal Data Protection Statement applies only to specific pages on the www.deloitte.com website designated as Deloitte Brazil on the top right corner, which is referred to hereunder as "this website".
Deloitte Brazil, a member firm of DTTL in Brazil (also referred to hereunder as "we" or "us") is a global organization aware of the importance of privacy and personal data protection. We are the entity within the Deloitte Network that hosts this website. This Privacy and Personal Data Protection Statement explains how we protect the information of visitors to this website.
This Privacy and Personal Data Protection Statement expresses our commitment to the processing of your data responsibly and ethically, in line with our principles and values, pursuant to the rules of Law No. 13.709/2018 (General Personal Data Protection Law - “LGPD”) and other applicable laws.
By using this site, you consent to the use of your information as described in this Privacy and Personal Data Protection Statement.
Please note that there are national, regional and specific business practice websites available within www.deloitte.com provided by other entities of the Deloitte Network and not by us. These and other sites that may be connected to them do not apply to this Privacy and Personal Data Protection Statement. We recommend that visitors review each of the privacy and personal data protection statements of these other sites before disclosing any personal information.
If you have any questions about this Privacy and Personal Data Protection Statement, please contact our Professional in Charge/DPO, Cristina Arantes de Almeida Berry, through Contact us.
Summary of the Privacy and Personal Data Protection Statement
This Privacy and Personal Data Protection Statement informs what personal data we collect about you, what we use it for, how and where we store it, and with whom we share it. It also establishes your rights concerning your personal data and who you can contact for more information or clarification on this issue. The sections of this statement are as follows:
- What types of personal data we collect
- How we collect your personal data
- How we use your personal data
- What legal grounds we use to process your personal data
- To whom we disclose your personal data
- How we protect your personal data
- How long will we keep your personal data?
- What are your rights
- Changes to this Privacy and Personal Data Protection Statement
What types of personal data we collect
The personal data we collect may include: your name; age; date of birth; sex; email address; home address; country of residence; lifestyle and social circumstances (for example, your hobbies); family circumstances (for example, your marital status and dependents); details about employment and education (for example, the organization you work for, your position and your educational details); financial and tax information (for example, your income and tax residence); your blog posts, forums, wiki pages and any other social media applications and services we provide; your IP address; your browser and language; your access times; details of any complaint; details of how you use our products and services; details of how you like to interact with us and other similar information.
The personal data we collect may also include sensitive personal data, which is defined by law as personal data of a racial or ethnic origin, religious belief, political opinion, union membership or membership of any organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data when linked to an individual. Accordingly, we may collect details about your dietary requirements (for example, when Deloitte wants to provide you with lunch during a meeting), health (for example, so that we can provide reasonable accommodation for you in our buildings and in offering products and services) and sexual orientation (for example, if you provide us with details about your spouse or partner).
The types of personal data and special categories of personal data we collect may vary depending on the nature of the services we provide to you or our client, or how you use our website. In rare circumstances, we may also collect other special categories of personal data about you, either because you provide us with such data or because we are required to collect them as a result of legal requirements imposed on us.
How we collect your personal data:
We collect and process personal data about you or your company for the provision of services. For example, we may collect personal data:
Arising from the provision of services: we may collect personal data in the course of providing services to you or our client;
From the data owner: we may collect or obtain such data because you provide it to us or because it is publicly available;
Arising from your interaction with Deloitte: we may also collect or obtain your personal data because we observe or infer such data about you by the way you interact with our website, to provide information that we believe is of interest to you;
From our clients: When your personal data is provided to us by our client, we take steps to ensure that the client has complied with privacy and personal data protection laws and regulations.
We understand the importance of protecting the privacy and personal data of children and adolescents. Our website and services are not designed or intentionally aimed at children or adolescents. It is not our policy to intentionally collect or store information about this age group, however, in situations where the collection and use of these types of personal data are necessary, such as in the provision of services that involve analysis of personal data of underage dependents, processing will take place in the best interests of the child and/or adolescent, under current legislation.
How we use your personal data
Use of personal data to provide services to our clients
We will use your personal data to provide services to you or our client. As such, we may use your personal data in the course of correspondence related to the services. Such correspondence may be with you, our client, other members of the Deloitte Network, our service providers or competent authorities. We may also use your personal data to perform due diligence related to services.
As we provide a wide range of services to our clients, the way we use personal data in relation to our services also varies. For example, we may use personal data:
- About a client's employees to help those employees manage their tax affairs when working abroad;
- About a client's employees and customers while conducting an audit (or similar activity) for a client;
- About a client to help him/ her file an income tax return.
Use of personal data for other activities that are part of our business operations
We may also use your personal data for, or in connection with:
- Applicable legal or regulatory requirements;
- Requests and communications from competent authorities;
- Opening a client account or for other administrative purposes;
- Financial accounting, billing and risk analysis;
- For client relations purposes, which may involve: (i) sending eminence content or details about our products and services that we believe may be of interest to you; (ii) contacting you to receive feedback about the services; or (iii) contacting you for other market or research purposes;
- Recruitment and business development purposes (for example, testimonials from a client's employees may be used as part of our recruitment and business development materials, with proper permission from those employees);
- Services we receive from our professional consultants, such as lawyers, accountants and consultants;
- Protection of our rights and those of our clients.
Use of personal data collected through our website
In addition to the purposes related to the aforementioned operation of our business, we may also use your personal data through our website to:
- manage and improve our website;
- adapt the content of our website, based on monitoring access to the available content, to provide you with a more personalized experience and draw your attention to information about our products and services that may be of interest to you;
- manage and respond to any requests you send through our website;
What legal grounds we use to process your personal data
We are required by law to establish in this document the legal grounds for the processing of your data, mainly related to the legal hypotheses defined by the LGPD.
As a result, your personal data will be processed in the following circumstances:
(a) by providing your consent for the processing of your data, for example, to grant you access to any platform maintained by the Deloitte Network or make marketing material available. If you do not want to continue receiving marketing material from us, just click on the cancel subscription button in the communication or email you receive.
(b) when there are legitimate interests of the Deloitte Network in offering and delivering our services to you or our client, as well as for the effective and lawful operation of our business, provided that such interests are not superseded by your interests, rights and fundamental freedoms.
(c) observing applicable legal and regulatory obligations that may require the collection, storage and sharing of your personal data to comply with legal and regulatory provisions, such as (i) maintaining records for tax purposes or providing information to a public or law enforcement agency; (ii) compliance with labor and social security obligations; (iii) compliance with obligations to combat corruption, money laundering, fraud or irregular conduct.
(d) to execute any agreement, as well as to provide our services to you or our client.
(e) to regularly exercise our rights, for example, to exercise our right to defense in any judicial or administrative proceeding.
(f) protection of your life or physical safety or those of a third party;
(g) protecting your health.
Likewise, your sensitive personal data will be processed in the following cases:
(a) by providing your specific and detailed consent for the processing of your data;
(b) When necessary to comply with applicable legal and regulatory obligations that may require the collection, storage and sharing of your personal data to comply with legal and regulatory provisions, such as (i) maintaining records for tax purposes or providing information to a public or law enforcement agency; (ii) compliance with labor and social security obligations; (iii) compliance with obligations to combat corruption, money laundering, fraud or irregular conduct.
(c) protection of your life or physical safety or those of a third party.
(d) protection of health.
(e) to regularly exercise our rights, for example, to exercise our right to defense in any judicial or administrative proceeding.
(f) guaranteeing the prevention of fraud and your security, in the processes of identification and authentication of registration on digital systems.
To whom we disclose your personal data
In connection with one or more of the purposes described in the “How we use your personal data” section herein, we may disclose details about you to other members of the Deloitte Network; third parties that provide services to us and/or the Deloitte Network; competent authorities (including courts and authorities that regulate us or any other member of the Deloitte Network); technology companies responsible for storing and ensuring security in the processing of your data; your employer and/or your advisors; your counselors; credit rating agencies; or other organizations that help us make credit decisions and reduce the incidence of fraud or other third parties that reasonably require access to personal data related to you for one or more of the purposes described in the “How we use your personal data” section herein.
Our website hosts various blogs, forums, wiki pages and other social media applications or services that allow you to share content with other users (collectively, “Social media applications”). It is important to note that any personal information you contribute to these Social Media Applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information you provide via a social media application will be treated in accordance with this Privacy and Personal Data Protection Statement.
Please note that some of the recipients of your personal data mentioned above may be located in countries outside Brazil or outside the European Union, whose laws may not offer the same level of data protection. In such circumstances, we will ensure that we take all possible steps to protect your personal data in accordance with our legal obligations. When the recipient is not a member of the Deloitte Network, the appropriate guarantee may be a data transfer agreement with the recipient, based on standard contractual clauses approved by Brazil’s National Data Protection Authority (ANPD) or other competent authority for transfers of personal data from other countries.
We also provide more details on the transfers described above and the appropriate guarantees used by Deloitte concerning such transfers (including copies of relevant agreements) through Contact us.
We may also need to disclose your personal data if required by law, regulator or during legal proceedings.
We may share non-personal, unidentified and aggregated information with third parties for a variety of purposes, including data analysis, surveys, contributions, eminence content and promotional purposes.
How we protect your personal data
We use a series of physical, digital and managerial measures to ensure that your personal data remains secure, accurate and up to date. These measures include:
- Education and training of the team responsible so that they are aware of our privacy and data protection obligations when dealing with personal data
- Administrative and technical controls to restrict access to personal data, subject to a need to know basis;
- Technological security measures, including firewalls, encryption and antivirus software;
- Physical security measures, such as security passes for employees to access our facilities.
Although we use appropriate security measures, once we receive your personal data, the transmission of data over the internet (including by email) is never completely secure. We strive to protect your personal data, but we cannot guarantee the security of the data transmitted to us or by us.
To provide proper protection and processing of your personal data under LGPD, in addition to the other applicable laws, we are committed to:
- Adopting security, technical and administrative measures to protect personal data from unauthorized access, accidental or illicit circumstances of destruction, loss, alteration, communication or any form of improper or illicit processing;
- Keeping a record of the personal data processing operations carried out, especially when based on legitimate interest;
- Communicating, within a reasonable timeframe, to the National Data Protection Authority and the holder, any occurrence of a security incident that may cause significant risk or damage to the holders;
- Using, to process personal data, systems that are structured to meet security requirements, standards of good practice, governance and the general principles set out in the LGPD;
- Deleting personal data when processing has terminated, within the scope and technical limits of the activities, with safeguard authorized for the purposes provided by law; and
- Observe the guidelines, rules and regulations issued by the National Data Protection Authority (ANPD).
How long will we keep your personal data?
We will keep your personal data in our systems for the longest of the following periods: (i) as long as necessary for the relevant activity or services; (ii) any retention period required by law; (iii) the end of the period in which disputes or investigations regarding services may arise; (iv) as long as your consent is valid, in applicable circumstances; (v) under the terms of the current legislation.
You have rights concerning your data, which can be exercised at any time, free of charge through a request registered by you to our DPO/Professional in Charge, through Contact us. Specifically, you have the right to:
- Obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
- Ask us to update the personal data we hold about you or correct data that you think is incorrect or incomplete;
- Remove consent granted for the processing of your personal data, as well as request its elimination (insofar as such processing is based on consent);
- Request the portability of the personal data we have about you to another supplier of products or services, provided that commercial and industrial secrets are respected, as well as applicable confidentiality;
- Obtain information about who we use shared data with;
- Request that your personal data, that you deem unnecessary, excessive or not processed in compliance with the LGPD, be anonymized, blocked or deleted;
- Request a review of decisions made solely based on the automated processing of personal data.
To exercise any of your rights, or if you have other questions about the use of your personal data, please contact our DPO/Professional in Charge via Contact us.
If you are not satisfied with the manner in which we process your personal data or with any question or request related to your privacy, you can forward your complaint or request to our DPO/Professional in Charge through Contact us.
Changes to this Privacy and Personal Data Protection Statement
We may modify or amend this Privacy and Personal Data Protection Statement from time to time.
To inform you when we make changes to this Privacy and Personal Data Protection Statement, we will amend the revision date at the top of this page. Any modified or amended Privacy and Personal Data Protection Statement will apply from that date of the revision. Therefore, we encourage you to regularly review this Statement to remain informed as to how we are protecting your information.
By providing information through this website, you agree to the disclosures described above.
Questions from visitors
If you have any questions or concerns regarding your privacy or the processing of your personal data when using this site, please forward them to our DPO/Professional in Charge through Contact us.