Privacy

Privacy Notice - Other

Latest updated: May 2018

Privacy information to indivuals with whom Deloitte has no individual contact

This privacy information addresses Deloitte’s Clients’ and vendors’ employees, customers and other relations.

In connection with Deloitte Statsautoriseret Revisionsanpartsselskab, Weidekampsgade 6, DK-2300 Copenhagen S, cvr. no. 33 96 35 56 provision of services to our clients, Deloitte may, as the data controller, collect and process personal data of our client’s employees, customers and other relations. Such collection and processing takes place in accordance with the principles in EU’s General Data Protection Regulation (GDPR). We kindly refer to our Privacy policy.

In contractual relations, Deloitte will seldom collect information directly from the individuals, nor have any direct communication or access to individuals that are subjects to the engagement with the Client. Thus we cannot provide you with direct communication and therefore kindly refer you to the following privacy notice.

Therefore, please read this text carefully in order to understand how we process personal data.

Please find an overview of this statement below:

Topics:

  1. Which data do we collect about you and for which purposes
  2. From whom do we collect your personal data?
  3. The legal basis for the collection and processing of your personal data
  4. Who do we share your personal data with and why?
  5. Who do we transfer your personal data to?
  6. How long do we store your data?
  7. Your rights
  8. Contact
  9. Revision of our privacy notice

1. Which data do we collect about you and for which purposes

We may collect and process your personal data for the purposes of providing services to our clients and for the purposes of compliance with applicable legal or regulatory requirements and/or internal policies; documentation requirements; handling requests, complaints and claims from third parties; handling inspections and queries by supervisory authorities, provision to or receiving services from external auditors and legal advisors:

  • General personal data as well as the following special categories of personal data; Data concerning health and trade union membership

 

2. From whom do we collect your personal data?

We collect your personal data from our clients; our vendors including IT-providers; as well as from public authorities; other Deloitte entities and others depending on the character of the assignment.

 

3. The legal basis for the collection and processing of your personal data

We collect and process your data based on the following articles of GDPR:

  • Art. 6 paragraph 1 (c) legal obligation to which our client or Deloitte is subject
  • Art. 6 paragraph 1 (f) the legitimate interests of Deloitte
  • Art. 9 paragraph 2 (f) establishment, exercise or defence of legal claims

The legitimate interests pursued by Deloitte include the following purposes: Effective delivery of services to our clients and from our vendors with the purposes specified in section 1. These processes are necessary for the effective operation of our business and require collection and processing of your personal data.

4. Who do we share your personal data with and why?

In connection with one or more purposes outlined above, your personal data may be disclosed to and shared with the following recipients: Public authorities, our professional advisors (e.g. auditor and legal advisors), service providers; IT-providers including cloud services and other Deloitte entities.

5. Who do we transfer your personal data to?

Transfer of personal data to data processors

We may transfer your personal data disclosed by or collected from you to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to vendors of external services, who process and/or store the personal data on our behalf.

Transfer of personal data to recipients in countries outside the EU/EEA

We may transfer your personal data disclosed by or collected from you to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer is either EU’s Model Clause Agreement, the US Privacy Shield Certification, or Deloitte’s Binding Corporate Rules when applicable.

6. How long do we store your data?

We store the personal data for as long as necessary to fulfil the purposes above, however, for no longer than necessary for the purposes and to meet legal requirements.

7. Your rights

Subject to the conditions set out in the applicable data protection legislation, the data subject enjoy the following rights:

  • The right to request access to your personal data
  • The right to rectification of your personal data
  • The right to erasure of your personal data
  • The right to restriction of processing
  • The right to data portability
  • The right to objection to the processing of your personal data

Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interest.

You also have the right to file a complaint with the competent supervisory authority:

Datatilsynet
Borgergade 28, 5.
1300 København K
Denmark

8. Contact

Please contact us at dkdatabeskyttelse@deloitte.dk if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.

Address details:

Deloitte statsautoriseret revisionspartnerskab
Weidekampsgade 6
2300 København S
Danmark

9. Revision of our privacy notice

We keep our privacy notice under regular review and thus the notice may be subject to changes. The date of the last revision of the privacy notice can be found on the top of the page.