This privacy notice addresses Deloitte’s Clients’ and vendors’ employees, customers and other relations with whom Deloitte has no individual contact.
In connection with Deloitte’s provision of services to our clients, Deloitte may as the data controller collect and process personal data of our client’s employees, customers and other relations. Such collection and processing takes place in accordance with the principles in EU’s General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
Please read this text carefully in order to understand how we process your personal data.
We may collect and process your personal data for the purposes of providing services to our clients and for the purposes of compliance with applicable legal or regulatory requirements and/or internal policies; documentation requirements; handling requests, complaints and claims from third parties; handling inspections and queries by supervisory authorities; external audit and legal advice, such as:
We may also collect the following types of special categories of personal data for the purposes specified above:
We collect and process your data based on one or more of the following articles in GDPR:
The legitimate interests pursued by Deloitte include the following purposes: Effective delivery of services to our clients and from our vendors with the purposes specified in section 1. These processes are necessary for the effective operation of our business and require collection and processing of your personal data.
In connection with one or more purposes outlined above, your personal data may be disclosed to and shared with the following recipients: Our client; public authorities; our professional advisors (e.g. auditor and legal advisors); service providers; IT-providers including cloud services; insurance and pension companies (if part of our services to our client) and other Deloitte entities.
Transfer of personal data to data processors
We may transfer your personal data to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to external service providers, who process and/or store the personal data on our behalf.
Transfer of personal data to recipients in countries outside the EU/EEA
We may transfer your personal data to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer is either EU’s Model Clause Agreement, the US Privacy Shield Certification, or other appropriate mechanism.
Subject to the conditions set out in the applicable data protection legislation, you have the following rights:
Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interests.
You also have the right to file a complaint with the competent supervisory authority: Datatilsynet (Danish Data Protection Agency).
Borgergade 28, 5
1300 København K
Telephone: 33 19 32 00
Please contact us at email@example.com if you have any questions in regards to the protection of your personal data, or if you wish to exercise your legal rights.
Deloitte Statsautoriseret Revisionspartnerselskab
CVR-nr. 33 96 35 56
2300 Copenhagen S