Privacy Notice for Deloitte Clients
Version: 1 of November 2019
1. Which data do we collect about you and for which purposes
We may collect and process the following types of personal data for the purposes of providing services to you and for the purposes of compliance with applicable legal or regulatory requirements and/or internal policies; collecting your feed-back and optimising our services to you; documentation requirements; handling requests, complaints and claims; handling inspections and queries by supervisory authorities; receiving external audit and legal advice:
- Your name; age; date of birth; national identification number; nationality; gender; phone number, home address; country of residence; residence and work permit; passport; visa; family circumstances (e.g. civil status and contact details on dependents and close relatives); photo; email address; title; employment and education details (e.g. previous employment and education details); salary and pension information; leaves of absence; bank account details; tax-related information; investments; information on any criminal records; ownership of shares; voting rights; management position or similar role; and any status as or relation to a politically exposed person (if required in accordance with anti-money laundering regulation).
- We may also process the following types of special categories of personal data for the purposes of providing tax related services to you. In such case, we will ask for your explicit consent to such processing of data regarding your:
- Trade union membership
- Relation to a church/religious or philosophical beliefs
- Political opinions
We may for specific purposes process data regarding your health, in which case we will ask for your explicit consent to such processing.
2. From whom do we collect your personal data?
We mostly collect your personal data from you directly, however, we may also collect data from public authorities (e.g. tax authorities), pension companies, insurance providers, banks, legal counsels and other third party advisors and other Deloitte entities depending on the nature of the engagement.
3. The legal basis for the collection and processing of your personal data
We collect and process your data based on the following articles in GDPR:
· Art. 6 paragraph 1 (a) your consent
· Art. 6 paragraph 1 (b) performance of a contract with you
· Art. 6 paragraph 1 (c) compliance with legal obligation to which Deloitte is subject
· Art. 6 paragraph 1 (f) Deloitte’s legitimate interests
· Art. 9 paragraph 2 (a) your explicit consent
The legitimate interests pursued by Deloitte include the following purposes: Performance of our contractual obligations to you and compliance with internal policies and documentation requirements. These processes are necessary for the effective operation of our business and require collection and processing of your personal data.
4. Who do we share your personal data with and why?
In connection with one or more purposes outlined above, your personal data may be disclosed to and shared with the following recipients: Public authorities; our professional advisors (e.g. auditor and legal advisors); service and IT vendors; and other Deloitte entities.
5. Who do we transfer your personal data to?
Transfer of personal data to data processors
We may transfer your personal data to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to external service providers, who process and /or store your personal data on our behalf.
Transfer of personal data to recipients in countries outside the EU/EEA
We may transfer your personal data to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer is either EU’s Model Clause Agreement, the US Privacy Shield Certification, or other appropriate mechanism.
6. How long do we store your data?
We store your personal data for as long as necessary to fulfil the purposes above.
7. Your rights
Subject to the conditions set out in the applicable data protection legislation, you have the following rights:
· The right to request access to your personal data
· The right to rectification of your personal data
· The right to erasure of your personal data
· The right to restriction of the processing of your personal data
· The right to data portability
· The right to objection to the processing of your personal data
Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interests.
You also have the right to file a complaint with the competent supervisory authority: Datatilsynet (Danish Data Protection Agency).
Borgergade 28, 5
1300 København K
Telephone: 33 19 32 00
Please contact us at email@example.com if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.
Deloitte Statsautoriseret Revisionspartnerselskab
CVR-nr. 33 96 35 56
2300 Copenhagen S
9. Revision of our privacy notice
We keep our privacy notice under regular review and thus the privacy notice may be subject to changes. The date of the latest revision of the privacy notice can be found at the top of the page.