Mentions légales

Subprocessors List

The below information applies to Deloitte AG or Deloitte Consulting AG, companies registered in Switzerland with registered numbers CHE-101.377.666 and CHE-106.114.341 respectively. Both entities have registered office as General Guisan-Quai 38, 8002 Zurich, Switzerland. Deloitte AG and Deloitte Consulting AG are affiliates of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NWE LLP do not provide services to clients. Please see www.deloitte.com/ch/about for a detailed description of the legal structure of DTTL and its member firms. 

The below information contains the list of third-party subprocessors used across Deloitte to assist it in providing the Deloitte services. Other Member Firms of the Deloitte Network may also be considered subprocessors where Deloitte is acting as a data processor. This statement is required by Article 28.4 of the General Data Protection Regulation (GDPR) and intends to disclose the subprocessors where Deloitte itself is acting as a data processor.

Deloitte engages different types of subprocessors to perform various functions. Deloitte undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process data.

The risk profile of subprocessors shall be determined through a combination of the completed self-assessment questionnaire and a review of the Third Party’s security and privacy controls. This includes but is not limited to the requirements to:

  • process Personal Data in accordance with data controller’s documented instructions;
  • in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
  • implement and maintain appropriate technical and organizational measures;
  • promptly inform Deloitte about any actual or potential security breach; and
  • cooperate with Deloitte in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

The following is a list of the names and locations of Deloitte subprocessors, subcontractors and content delivery networks (including Member Firms of the Deloitte Network and third parties):

EU based service suppliers:

Entity Name

Service Type

Entity Address & Country

Deloitte LLP

Processing of time reporting,

Deloitte LLP
2 New Street Square
London
United Kingdom, EC4A 3BZ

Deloitte LLP

Processing of security logs

Deloitte LLP
+
Deloitte
Complejo Miniparc III - Ed.D - Soto la Moraleja, 28109 Madrid, España

Deloitte LLP

Managed services: ticketing system, access rights management, time recording, invoice processing, performance review, service desk

Deloitte LLP

 

Deloitte LLP

Procurement system

Deloitte LLP

 

Non-EU based service suppliers:

Entity Name

Service Type

Entity Address and Country

USI

Managed services: ticketing system, access rights management, time recording, invoice processing, performance review, service desk

Subcontractor for Deloitte LLP:
USI (Deloitte US India)

SAP Ariba

Procurement system

Subcontractor for Deloitte LLP:
SAP Ariba (USA)

For any general privacy or GDPR questions, you can contact us in the following ways:

  • writing to Head of Deloitte Business Security, Deloitte AG, General-Guisan-Quai 38, 8022 Zurich, Switzerland, or
  • sending an email to ConsultingQRM@deloitte.ch