In connection with your contractual relationship with Deloitte, Deloitte will as a data controller collect and process personal your personal data for the purposes specified below. Deloitte processes personal data in accordance with the principles in EU’s General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018).
Please read carefully below, how we process your personal data in connection with our provision of services.
1. Which data do we collect about you and for which purposes?
2. From whom do we collect your personal data?
3. The legal basis for the collection and processing of your personal data
4. Who do we share your personal data with and why?
5. Who do we transfer your personal data to?
6. How long do we store your data?
7. Your rights
9. Revision of our privacy notice
We may collect and process the following types of personal data for the purposes of delivering services to you; relationship management; collecting your feedback and optimising our services to you; compliance with applicable legal or regulatory requirements and/or internal policies; documentation requirements; handling requests, complaints and claims; handling inspections and queries by supervisory authorities; external audit and legal advice:
We may also process the following types of special categories of personal data for the purposes of providing tax related services to you. In such case, we will ask for your explicit consent to such processing of data regarding your:
We may for specific purposes process data regarding your health, in which case we will ask for your explicit consent to such processing.
We collect and process your data based on the following articles in GDPR:
The legitimate interests pursued by Deloitte include the following purposes: Performance of our contractual obligations to you and compliance with internal policies and documentation requirements.
These processes are necessary for the effective operation of our business and require collection and processing of your personal data.
Transfer of personal data to data processors
We may transfer your personal data to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to external service providers, who process and/or store your personal data on our behalf.
Transfer of personal data to recipients in countries outside the EU/EEA
We may transfer your personal data to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer is either EU’s Standard Contractual Clauses (SCC), or other applicable legal basis.
Subject to the conditions set out in the applicable data protection legislation, you have the following rights:
Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interests.
You also have the right to file a complaint with the competent supervisory authority: Tietosuojavaltuutetun toimisto (Office of the Data Protection Ombudsman).
Telephone: 029 566 6700
Please contact us at firstname.lastname@example.org if you have any questions in regards to the protection of your personal data, or if you wish to exercise your legal rights.
00180 Helsinki, Finland
We keep our privacy notice under regular review and thus the privacy notice may be subject to changes. The date of the latest revision of the privacy notice can be found at the top of the page.