Deloitte Central Europe Privacy Statement for the Candidate Selection Purposes
(information on personal data processing of potential candidates referred to us)
“Deloitte” refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients.
“Deloitte Central Europe” (“Deloitte CE”) is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited, the member firm in Central Europe of Deloitte Touche Tohmatsu Limited. Services are provided by the subsidiaries and affiliates of Deloitte Central Europe Holdings Limited, which are separate and independent legal entities.
“Controller” (“we”, “us” or “our”) means a controller or data controller determining the purposes of personal data processing (as further defined in the Data Protection Legislation).
“Processor” means a data processor or processor processing the personal data on behalf of the controller (as further defined in the Data Protection Legislation).
“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) national laws implementing the Directive on Privacy and Electronic Communications (2002/58/EC); (b) the GDPR; and (c) any other similar national privacy law.
“GDPR” means the General Data Protection Regulation (EU) (2016/679).
“Personal Data” means any personal data (information relating to an identified or identifiable natural person / data subject) processed in connection with or as part of the services provided to our clients or in relation of the contractual relationships with our vendors, contractors or sub-contractors or as necessary for activities that are part of our standard business operations.
“Processing” means any operation or set of operations on personal data (manual or automated) such as collection, recording, structuring, storage, use, disclosure, restriction, erasure or description (as further defined in the Data Protection Legislation).
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed (as further defined in the Data Protection Legislation).
This Privacy Statement is applicable to processing of your personal data (“data”) by us and explains:
- what personal data we process about you;
- why (for what purposes) we process your personal data (including the legal grounds for your data processing);
- how and in what locations we process your personal data (where we transfer your personal data and with whom we share your data);
- and what are your rights.
This Privacy Statement applies from the date specified at the top of the page. We may modify or amend this Privacy Statement from time to time therefore we encourage you to review this statement periodically.
What personal data we process: We process the personal data that that we obtain from the individual who referred you and recommended you as suitable to be a candidate or from our cooperating
recruitment agency or your personal data that you explicitly made publicly available (on social sites or otherwise).
These personal data include:
- your name, surname and gender;
- your education, experience, skills;
- your current occupation (job position) and general contact details (work or home address, personal or work e-mail address and telephone number;
- history and details of your existing or previous employment with Deloitte;
- your personal data provided in connection with the execution of your rights in accordance with this Privacy Statement.
For the purposes specified here-below we do not collect or process any ‘sensitive’ or ‘special categories’ of personal data as defined in the Data Protection Legislation.
Purposes of your data processing (the “Purposes”):
Evaluation of your experience, skills and education to decide on your suitability to be involved in recruitment process for our existing job opportunities.
Legal basis for your data processing:
We process your personal data only when the processing is necessary:
- on grounds of our legitimate interest to assess your suitability to be involved in the recruitment process for the respective open position(s) in Deloitte CE you are interested in;
- for compliance with a legal obligation we may be subject to.
Retention of your personal data: Your personal data shall be retained by us only for the fulfilment of data processing purposes. The maximum data retention period is 28 days – before this period expires, we will either contact you with our invitation to the hiring process or permanently delete your personal data (unless you give us your explicit and unambiguous consent with further processing of your personal data).
Personal data controller: In the context of this Privacy Statement the data controller is the Deloitte CE entity that is leading the decision making process.
Sharing and transferring your personal data: your personal data may be disclosed/transferred to and processed by the following recipients for the Purposes:
Deloitte CE group of entities listed at: https://www2.deloitte.com/ce/en/legal/about-deloitte.html#countries
If applicable your personal data will be processed only to the extent allowed for the Purposes and in accordance with the Data Protection Legislation. Each of the recipient(s) shall be responsible for ensuring the appropriate protection of your data, providing information on your data processing and obtaining additional consents if required. In case your data is transferred across country borders (including the territories outside of the European Union) then such transfer will take place only in the case that the obligations as stipulated by the Data Protection Legislation for such transfers are fulfilled. Your personal data will be disclosed only to the selected members of Deloitte CE Talent leadership and local talent teams and to the individuals that have the decision making power in the selection making process.
Processors: our approved administrative and IT service suppliers:
- Deloitte Advisory & Management Consulting Private Limited Company, Dózsa Gy út 84.C., 1068 Budapest, Hungary;
- Deloitte CE Business Service Sp. z o.o., Al. Jana Pawla II 22, 00-133 Warsaw, Poland;
- Deloitte Central Europe Service Centre s.r.o., Italská 2581/67, 120 00, Prague 2 - Vinohrady, Czech Republic;
- Deloitte CZ Services s.r.o, Italská 2581/67, 120 00, Prague 2 - Vinohrady, Czech Republic;
- Deloitte Global Services Limited, Hill House, 1 Little New Street, EC4A 3TR London, United Kingdom;
- Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA
Their access rights are strictly limited to the extent that it is only for necessary technical, administrative and help desk support services.
Your personal data may also be processed by Recruitment Agencies cooperating with Deloitte CE.
Security of processing: We and our data processors established technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of all personal data processed; prevent the unauthorized use of or unauthorized access to the personal data or prevent a personal data breach (security incident) in accordance with Deloitte CE policies and Data Protection Legislation. Deloitte CE is a holder of ISO 27001 certification – widely recognized global information standard.
You have your right to:
- request access to your personal data (and request a copy of the personal data that we process)
- request us to update and correct your personal data (right to rectification)
- request us to delete your personal data (where possible), or
- require a restriction on the processing of your data.
You may object to the processing (in certain cases as specified by GDPR), as well as execute your right to data portability (receive a copy of personal data which you provided to us in a structured machine –readable format and request us to transmit such data to another data recipient).
You can enforce all rights described here by sending e-mail to firstname.lastname@example.org
For any questions related to processing of your personal data including the security safeguards when transferring the data outside of the EU region send e-mail to: CEprivacy@deloittece.com
or a written notice to:
Deloitte CE Data Protection Leader, Deloitte Central Europe Service Centre, Italská 2581/67, 120 00, Prague 2 - Vinohrady, Czech Republic .
It is also your right to lodge a complaint with a local data protection supervisory authority in the country of your residence in case you are of an opinion that the processing of your personal data infringes the GDPR.