safe harbor policy


DTTS EU-U.S. Privacy Shield Privacy Notice

Last updated: 30 September 2016

Deloitte Touche Tohmatsu Services, Inc. (“DTTS”), a subsidiary of Deloitte Global Services Limited, complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information that is transferred from the European Economic Area (“EEA”) to the United States within the scope of its certification.

DTTS has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the terms in this notice and the Privacy Shield Principles, the Principles shall govern.

To learn more about the Privacy Shield program, and to view DTTS’s certification, please visit

Personal Information

DTTS receives and processes personal information from or relating to Deloitte Touche Tohmatsu Limited member firms and other legally separate entities in the context of the provision of products, services and support to these entities. Personal information received by DTTS will be treated in accordance with their instructions or pursuant to DTTS contractual arrangements with them consistent with the Privacy Shield requirements. DTTS acts as a data processor with respect to this information.

Individual Rights

Individuals have rights under the Privacy Shield to access their personal information and to limit use and disclosure of their personal information. Please contact us if you wish to exercise these rights and we will refer any requests to relevant data controllers and support them as needed in responding to your request.

Disclosures of Personal Information

As a data processor, DTTS will disclose personal information only as authorized by the relevant data controller. We may use a limited number of third-party service providers to assist us in providing our services or in meeting internal business operation needs. These third parties will access information only to perform tasks on our behalf.

DTTS is accountable for the onward transfer of data to third party service providers or agents who assist us in providing services. DTTS maintains contracts with these third parties in compliance with our Privacy Shield obligations and other obligations and accepts liability if those parties fail to meet these obligations and we are responsible for the event giving rise to the damages.

Personal Information may also be disclosed as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition.

Disclosures of personal information may also be required to law enforcement, regulatory, or other government agencies, professional bodies or to other third parties, in each case to comply with legal or regulatory obligations or requests and professional standards. DTTS will notify the applicable data controller of any such request unless prohibited by law.

Safe Harbor

DTTS continues to adhere to the underlying European privacy principles of the U.S.-Swiss Safe Harbor for the processing of Personal Information received from Switzerland. To learn more about the Safe Harbor program, and to view our certification, please visit

Questions and Complaints

Please contact us with any Privacy Shield related questions or complaints:

DTTS Privacy Office
Deloitte Touche Tohmatsu Services Limited
30 Rockefeller Plaza
42nd Floor
New York NY 10112

For complaints that cannot be resolved with DTTS directly, you may contact the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA), by visiting its web site at DTTS has engaged the ICDR/AAA as an independent dispute resolution provider to address unresolved Privacy Shield complaints.

A binding arbitration option is also available to you in order to address residual complaints not resolved by any other means. Further information is available on the Privacy Shield site.

The U.S. Federal Trade Commission has jurisdiction over DTTS’s compliance with the Privacy Shield Framework.