HR Privacy Notice
At Deloitte we are mindful of our responsibilities when we handle the Personal Data of our current, former and potential employees or contractors.
This Notice applies to Deloitte Ireland, and the entities we own or control, with offices at:
- Hatch Street, Hardwicke House & Earlsfort Terrace, Dublin 2, Republic of Ireland;
- Whitaker Court, Sir John Rogerson's Quay, Dublin 2, Republic of Ireland;
- Financial Services Centre, Moneenageisha Road, Galway, Republic of Ireland;
- 6 Lapp's Quay, Centre Cork, Republic of Ireland;
- Charlotte Quay, Limerick, Republic of Ireland; and
- 19 Bedford Street, Belfast, BT2 7EJ, Northern Ireland.
Deloitte is the data controller of your Personal Data and, if you have any queries in relation to your Personal Data, this policy or any related matters, please contact Sean Smith, Data Protection Officer at IEPrivacy@deloitte.ie.
- HR Data: personal details such as employees' names, dates of births, social security numbers, bank account details, next of kin, contact details terms and conditions of employment, job details, learning and development, performance review process, salary information, job application details, medical information such as medical certificates; family details such as names and dates of birth of children (e.g. relevant if an individual is applying for parental leave); marital status; gender; additional details required for pension;
- Personal Data: data that relates to a living individual who is identifiable either from the data itself or from the data in conjunction with other information held by Deloitte.
- Processing Personal Data: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage adaptation or alteration, retrieval, consultation, use disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Special Categories of Personal Data: means data relating to an individual's racial or ethnic origin; political opinions; religious and philosophical beliefs; membership of a trade union; physical or mental health; genetic data, biometric data; health data or data relating to sex life and sexual orientation.
How we Collect and Use your Personal Data
The Personal Data we process about you includes your name, contact details and HR Data. This Personal Data is used by us to run our business and manage our workforce.
We collect, use and process your Personal Data where: (i) this is necessary for the performance of our business; (b) we are permitted or required to do so by applicable law; or (ii) this is necessary in connection with your employment contract.
We do not collect, use or otherwise process your Special Categories of Personal Data, except where: (i) we are required or permitted to do so by law (including employment and social welfare law); or (ii) we have, in accordance with applicable law, obtained your explicit consent to process such Personal Data.
We may obtain Personal Data about you from third parties, (e.g. former employers, educational institutions) for purposes such as gathering references, administering pensions and other purposes permitted by law. Where we obtain Personal Data about you from third parties, we will do so in accordance with applicable law.
Appendix 1 provides an indicative list of the categories of Personal Data that we may process about you, while Appendix 2 sets out a list of the purposes for which we may process your Personal Data. Both lists are non-exhaustive and may change depending on our day-to-day business or contractual needs.
If any information which you provide to us relates to any third party (such as a spouse or next of kin), by providing us with such Personal Data you confirm that you are permitted to give this information.
We take reasonable and proportionate steps to ensure that the Personal Data we process is: (i) accurate, up-to-date and complete; and (ii) limited to the Personal Data required. Employees are responsible for ensuring that they update Workday with any changes to their personal details, e.g. change of address.
Disclosure and Transfer of your Personal Data
Personnel across Deloitte will have access to your business contact information such as name, position, work email address, telephone number and address. Access to, use of and other processing of Personal Data by Deloitte will be limited to individuals who have a need to know the information for the purposes described in this Notice, which may include your appraiser or others appointed by him or her, as well as personnel in HR, IT, Risk, Legal and Finance.
From time to time, we may make Personal Data available to other entities within the Deloitte group and to other parties, such as legal and regulatory authorities; professional bodies; educational institutions; external professional advisors (such as lawyers, accountants etc.); and service providers (such as providers of payroll, pension scheme, insurance, medical benefits, human resources services, IT systems and support, and other third parties engaged to assist Deloitte Ireland in carrying out business activities) located wherever they operate.
Deloitte Ireland may disclose Personal Data to third parties other than service providers: (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena); (ii) in response to requests by government agencies; or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We may disclose your Personal Data in the event that we sell or transfer all, or a portion of, our business or assets (including in the event of a reorganisation, dissolution or liquidation).
Due to the global nature of Deloitte operations, we may also disclose your Personal Data to countries outside of the European Economic Area. For more information in respect of the way in which we transfer your Personal Data to outside the European Economic Area, please contact our Data Protection Officer (details above).
Security and Retention of your Personal Data
We have in place appropriate legal, organisational, physical and technical measures to protect Personal Data consistent with applicable privacy and data security laws. As required by applicable law, when we retain a third-party service provider, that provider will be required to: (i) use measures to protect the confidentiality and security of the Personal Data; and (ii) process the Personal Data only as directed by Deloitte Ireland.
We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject.
Deloitte will only retain your data as long as is necessary for protecting our legitimate business purpose or legal requirements.
You may have certain rights with respect to our Processing of your Personal Data, which may include the right to: (i) access, modify, correct, update, delete, block, port, cancel, or object to the use of, your Personal Data held by us; (ii) request information about the basis on which your Personal Data is Processed by us; and (iii) withdraw any consent that you have given to us in connection with the Processing of your Personal Data. If you would like to exercise any of these rights that apply to you, ask a question, or raise a complaint regarding the Processing of your Personal Data please contact a member of the privacy team via IEPrivacy@deloitte.ie. Please note that under applicable data protection laws certain Personal Data or certain uses of your Personal Data may be exempt from the above rights.
Employees are responsible for ensuring that they update Workday with any changes to their personal details, e.g. change of address.
Employees may have access to a certain amount of Personal Data in the course of their work, relating to colleagues, clients and other third parties. Employees must adhere to the data protection policies and procedures, contained within the Deloitte Policy Manual. Employees must not access or use Personal Data for any purpose other than in connection with, and to the extent necessary for, your work with us. Your obligation to keep the Personal Data of others confidential continues after termination of your relationship with us.
If you have any queries in respect of this Privacy Notice, please do not hesitate to contact our Data Protection Officer (details above). If you wish, you may also contact your local Data Protection Supervisory Authority (Office of the Data Protection Commissioner for employees working in the Republic of Ireland and The Information Commissioner's Office for employees working in the United Kingdom) in respect of any complaints you may have.
This Notice may be updated from time to time to reflect changes in our Personal Data processing practices.
This Notice was last updated in May 2018.
Processed Personal Data
The Personal Data relating to you which we may collect, use, transfer, disclose or otherwise process, includes:
- Personal details: Name, employee identification number, work and home contact details (email, phone numbers, physical address), gender, date of birth, national identification number, social security number, next of kin, disability status, emergency contact information and photograph.
- Documentation required under immigration laws: Citizenship, passport data, details of residency, licences or work permit.
- Compensation, Benefits and Payroll: salary, bonus, benefits, pay grade, other awards, timesheets, pay data, PPS number, national insurance or other number, marital/civil partnership status, domestic partners and dependents.
- Position: Description of current position, job title, management category, entity name, department, location, employment status and type, terms of employment, employment contract, work history, length of service, retirement eligibility, promotions, date of transfers, and reporting manager(s) information.
- Talent Management Information: Details contained in job applications, learning and development, performance and development reviews and processes.
- Risk and Independence Records: Details of any shares of common stock, investments or directorships.
- System Access Data: Information required to access company systems and applications.
- Special Categories of Personal Data: We may also collect certain types of Special Categories of Personal Data where required or permitted by local law, such as health/medical information.
This list is non exhaustive.
Purposes for Processing Personal Data
The purposes for which we may collect, use, transfer, disclose or otherwise process your Personal Data, subject to applicable law, include:
- Managing Workforce: Recruitment, performance management, promotions and succession planning, salary and payment administration and reviews, wages and other benefits and bonuses, healthcare, pensions, learning and development, leave, transfers, secondments, providing employment references, managing employee relations processes.
- Communications, Facilities and Emergencies: Facilitating communication with you, ensuring business continuity, providing references, protecting the health and safety of employees and others, safeguarding and maintaining IT infrastructure, office equipment, facilities and other property, facilitating communication with you and your nominated contacts in an emergency.
- Business Operations: Operating and managing IT, improve internal systems, communications systems and facilities, managing product and service development, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails (including records of changes you may make to customer accounts) and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, reorganisations or disposals and integration with purchaser.
- Compliance: Complying with legal and other requirements, such as income tax and national insurance deductions, record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, such as accident and insurance claims, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures.
- Employee Monitoring: In accordance with applicable laws and with your consent where required by law, we may monitor the use of our information technology and communications systems and the information they contain, including traffic and usage data, for purposes that may include systems maintenance, security, compliance with legal requirements and implementation of internal policies and procedures, as described in further detail in the Information Security Policy.
This list is non exhaustive.