safe harbor policy


DTTS Privacy Shield Notice

Last updated: 2 November 2021

Deloitte Touche Tohmatsu Services, LLC (“DTTS”, “we”, “us”, or “our”), a subsidiary of Deloitte Global Services Limited, complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information that is transferred from the European Economic Area (“EEA”), the United Kingdom, and Switzerland to the United States within the scope of its certification.

DTTS has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability. If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view DTTS’s certification, please visit the Privacy Shield website.

Personal Information

DTTS receives and processes personal information from or relating to Deloitte Touche Tohmatsu Limited (“DTTL”) member firms and other legally separate entities in the context of the provision of products, services, and support to these entities. Personal information received by DTTS from the EEA, the United Kingdom, and Switzerland within the scope of its Privacy Shield certification will be treated in accordance with the relevant entity’s instructions or pursuant to DTTS’s contractual arrangements with the relevant entity consistent with the Privacy Shield Principles. DTTS acts as a data processor with respect to this information.

Individuals’ Rights

Individuals have rights under the Privacy Shield to access their personal information and to limit the use and disclosure of their personal information. Please contact us if you wish to exercise these rights, and we will refer any request to the relevant data controller(s) and support them as needed in responding to your request.

Disclosures of Personal Information and Accountability for Onward Transfers

As a data processor, DTTS will disclose personal information only as authorized by the relevant data controller. We may use a limited number of third-party service providers to assist us in providing our services or in meeting internal business operation needs. These third parties will access information only to perform tasks on our behalf.

DTTS is accountable for the onward transfer of personal information to third-party service providers or agents who assist us in providing services. We maintain contracts with these third parties in compliance with our Privacy Shield obligations and other obligations. We accept liability under the Privacy Shield Principles if any of these parties fail to process the personal information transferred in a manner consistent with our Privacy Shield obligations, unless we demonstrate that we are not responsible for the event giving rise to the damage.

Personal information may also be disclosed as part of a corporate transaction, such as a sale, divestiture, reorganization, merger, or acquisition.

Additionally, disclosures of personal information to law enforcement, regulatory, or other government agencies and professional bodies or to other third parties may be required, in each case to comply with legal or regulatory obligations or requests and professional standards or to meet national security or law enforcement requirements. DTTS will notify the relevant data controller(s) of any such request, unless prohibited by law.

Information Security

In compliance with the Privacy Shield Principles, DTTS maintains reasonable physical, administrative, and technical safeguards to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Questions and Complaints

In compliance with the Privacy Shield Principles, DTTS commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Privacy Shield Notice should first contact DTTS at:

DTTS Privacy Office
Deloitte Touche Tohmatsu Services, LLC
1221 Avenue of the Americas
New York NY 10020-1001

DTTS has engaged a U.S. based, independent dispute resolution provider to address unresolved Privacy Shield-related complaints. If you have a complaint that has not been resolved with DTTS directly, you may contact the International Centre for Dispute Resolution, the international division of the American Arbitration Association (“ICDR-AAA”) free of charge. For more information or to file a complaint with the ICDR-AAA, please visit

Under certain conditions, a binding arbitration option may be available to you in order to address complaints not resolved by any other means. For further information, please visit the Privacy Shield website.

DTTS is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.