In order to support and prepare immigration process as requested by you or Deloitte client on your behalf, it is necessary to collect and process your personal data that may include:
Name and surname, gender, date of birth, work and personal email addresses, physical addresses, tax ID number/social security/national insurance number, marital status, number of children, financial data (including bank account details, employment income and personal investment income/gains), calendar data, job title, payroll number, office location, education certificate.
In case any of the personal data provided belong to the special categories of personal data as defined by the applicable Data Protection Legislation (sensitive data) such as information on your religion, or data revealing racial or ethnic origin included in the document issued by a foreign state authority for the purpose of applying for visas or working permit, such processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of you in the field of employment and social security and social protection law; or such processing is based on your consent you have provided to the controller.
Personal data controller: Your employer, who is the client of Deloitte.
Personal data processor: Deloitte Advisory and Management Consulting Private Limited Company (“Deloitte”)
The personal data will be made accessible to the employees of the personal data processor. The personal data may be also disclosed to the competent authorities as authorized by the applicable laws.
The period for which the personal data will be stored is 10 years or as required by the data controller, the applicable laws and statutory requirements. After this period expires your personal data will be permanently deleted.
The provision of your personal data is a requirement based on the contract with Deloitte client (e.g. your employer) in accordance with the applicable laws and your employment or similar contract. If you fail to provide your personal data or in case you will request to rectify or erase your data at a later date it will mean that there is no possibility to provide the service as required by you or by Deloitte client (e.g. your employer), and subsequently the ordinary course of immigration process may be hindered, or not possible at all.
Legal basis of your data processing: (i) the performance of the contract to which you are a party, or if you are not a party to the contract, then (ii) the legitimate interest of Deloitte in providing the services based on the contract with its Client (iiI) compliance with legal obligations to which Deloitte is subject to.
You confirm that you will only furnish Deloitte with the personal data of any third person if there exist legitimate grounds based on which you are entitled to disclose such personal data of third person and the respective person is informed about the disclosure and way of processing of his/her personal data as described herein.
You acknowledge that as a personal data subject you have the right to request access to your personal data and rectification or erasure of your personal data, or a restriction on the processing or to object to the processing, as well as the right to data portability. All rights described in this paragraph can be enforced with the data controller – your employer.
You also have the right to lodge a complaint with a supervisory authority of the data controller or the supervisory authority in the country of your residence in case you are of an opinion that the processing of your personal data infringes the GDPR.
“Controller” means a controller or data controller (as defined in the Data Protection Legislation).
“Processor” means a data processor or processor (as defined in the Data Protection Legislation).
“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) national laws implementing the Directive on Privacy and Electronic Communications (2002/58/EC); (b) the GDPR; and (c) any other similar national privacy law.
“GDPR” means the General Data Protection Regulation (EU) (2016/679).
“Personal Data” means any personal data (as defined in the Data Protection Legislation) processed in connection with or as part of the Services.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed (as further defined in the Data Protection Legislation).