HR Privacy Notice has been saved
HR Privacy Notice
At Deloitte we are mindful of our responsibilities when we handle the Personal Data of our current, former and potential employees or contractors.
This Notice applies to Deloitte Ireland, and the entities we own or control, with various offices in Dublin, Galway, Cork, Limerick and Belfast.
Deloitte is the data controller of your Personal Data and, if you have any queries in relation to your Personal Data, this policy or any related matters, please contact Rosannagh Murphy, Data Protection Officer at firstname.lastname@example.org
• HR Data: personal details such as employees’ names, dates of births, social security numbers, bank account details, next of kin, contact details terms and conditions of employment, job details, learning and development, performance review process, salary information, bank account details; job application details, medical information such as medical certificates; family details such as names and dates of birth of children (e.g. relevant if an individual is applying for parental leave); marital status; gender; additional details required for pension;
• Personal Data: data that relates to a living individual who is identifiable either from the data itself or from the data in conjunction with other information held by Deloitte.
• Processing Personal Data: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage adaptation or alteration, retrieval, consultation, use disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• Special Categories of Personal Data: means data relating to an individual’s racial or ethnic origin; political opinions; religious and philosophical beliefs; membership of a trade union; physical or mental health; genetic data, biometric data; health data or data relating to sex life and sexual orientation.
How we Collect and Use your Personal Data
The Personal Data we process about you includes your name, contact details and HR Data. This Personal Data is used by us to run our business and manage our workforce.
We collect, use and process your Personal Data where: (i) this is necessary for the purposes of a legitimate interest pursued by us (such as managing the workforce and the protection of our business); (ii) we are permitted or required to do so by applicable law; (iii) this is necessary in connection with your employment contract or (iv) you have consented to us processing your information for a specific reason.
We do not collect, use or otherwise process your Special Categories of Personal Data, except where:
(i) we are required or permitted to do so by law (including employment and social welfare law); or (ii) we have, in accordance with applicable law, obtained your explicit consent to process such Personal Data.
We may obtain Personal Data about you from third parties, (e.g. former employers, educational institutions) for purposes such as gathering references, administering pensions and other purposes permitted by law. Where we obtain Personal Data about you from third parties, we will do so in accordance with applicable law.
Appendix 1 provides an indicative list of the categories of Personal Data that we may process about you, while Appendix 2 sets out a list of the purposes for which we may process your Personal Data. Both lists are non-exhaustive and may change depending on our day-to-day business or contractual needs.
If any information which you provide to us relates to any third party (such as a spouse or next of kin), by providing us with such Personal Data you confirm that you are permitted to give this information.
We take reasonable and proportionate steps to ensure that the Personal Data we process is: (i) accurate, up-to-date and complete; and (ii) limited to the Personal Data required. Employees are responsible for ensuring that they update Workday with any changes to their personal details, e.g. change of address.
Disclosure of your Personal Data
Personnel across Deloitte will have access to your business contact information such as name, position, work email address, telephone number and address. Access to, use of and other processing of Personal Data by Deloitte will be limited to individuals who have a need to know the information for the purposes described in this Notice, which may include your appraiser or others appointed by him or her, as well as personnel in HR, IT, Risk, Legal and Finance.
From time to time, we may make Personal Data available to other entities within the Deloitte group and to other parties, such as legal and regulatory authorities; professional bodies; educational institutions; external professional advisors (such as lawyers, accountants etc.); and service providers (such as providers of payroll, pension scheme, insurance, medical benefits, human resources services, IT systems and support, and other third parties engaged to assist Deloitte Ireland in carrying out business activities) located wherever they operate.
Deloitte Ireland may disclose Personal Data to third parties other than service providers: (i) to our clients or prospective clients, for legitimate business purposes (including proposals and client onboarding) (ii) if we are required to do so by law, regulation or legal process (such as a court order or subpoena); (iii) in response to requests by government agencies; or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We may disclose your Personal Data in the event that we sell or transfer all, or a portion of, our business or assets (including in the event of a reorganization, dissolution or liquidation).
Transfer of personal data outside Ireland
Due to the global nature of Deloitte operations, we may also disclose your Personal Data to countries outside of the European Economic Area. These countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information held here and such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.
When we, or our permitted third parties, transfer your information outside the EEA, we or they will impose contractual obligations on the recipients of that data to protect your information to the standard required in the EEA. We or they may also require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where (i) the transfer is to a country deemed to provide adequate protection of your information by the European Commission; or (ii) where you have specifically consented to the transfer. If we transfer your information outside the EEA in other circumstances (for example because we have to provide such information by law), we will seek to put in place appropriate safeguards to ensure that your information remains adequately protected.
Security and Retention of your Personal Data
We have in place appropriate legal, organisational, physical and technical measures to protect Personal Data consistent with applicable privacy and data security laws. As required by applicable law, when we retain a third-party service provider, that provider will be required to: (i) use measures to protect the confidentiality and security of the Personal Data; and (ii) process the Personal Data only as directed by Deloitte Ireland.
We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject.
Deloitte will only retain your data as long as is necessary for protecting our legitimate business purpose or legal requirements.
You may have certain rights with respect to our Processing of your Personal Data, which may include the right to: (i) access, modify, correct, update, delete, block, port, cancel, or object to the use of, your Personal Data held by us; (ii) request information about the basis on which your Personal Data is Processed by us; and (iii) withdraw any consent that you have given to us in connection with the Processing of your Personal Data. If you would like to exercise any of these rights that apply to you, ask a question, or raise a complaint regarding the Processing of your Personal Data please contact a member of the privacy team via email@example.com. Please note that under applicable data protection laws certain Personal Data or certain uses of your Personal Data may be exempt from the above rights.
Further information about data subject rights can be found in our Data Subject Rights Policy.
Automated Decision Making
We may in some cases use automated decision-making when scoring an application you make as part of our e-recruiting process where it is necessary to enter into a contract with you. When you apply for a role with us, an automated system of checking minimum educational and right to work criteria and psychometric testing may be used to decide if your application proceeds to the next round of evaluation in our recruitment process. If you do not meet the minimum required score or progress threshold, you will not then proceed to the next stage of our recruitment process. This element of our e-recruitment is a form of automated decision making that may have a legal or similarly significant effect on you as it will indicate whether or not your application proceeds to the next round of evaluation in our recruitment process.
The minimum required score or progress thresholds used are regularly tested to ensure they remain fair, effective and unbiased.
If you submit an application and it is declined through this automated process, you can contact us within [x] days to have the decision reconsidered. You also have the right to ask that the decision is not made based solely using this automated process.
Employees are responsible for ensuring that they update Workday with any changes to their personal details, e.g. change of address.
Employees may have access to a certain amount of Personal Data in the course of their work, relating to colleagues, clients and other third parties. Employees must adhere to the data protection policies and procedures, contained within the Deloitte Policy Manual. Employees must not access or use Personal Data for any purpose other than in connection with, and to the extent necessary for, your work with us. Your obligation to keep the Personal Data of others confidential continues after termination of your relationship with us.
If you have any queries in respect of this Privacy Notice, please do not hesitate to contact our Data Protection Officer (details above). If you wish, you may also contact your local Data Protection
Supervisory Authority (Office of the Data Protection Commissioner for employees working in the Republic of Ireland and The Information Commissioner’s Office for employees working in the United Kingdom) in respect of any complaints you may have.
This Notice may be updated from time to time to reflect changes in our Personal Data processing practices.
This Notice was last updated in September 2021.
Processed Personal Data
The Personal Data relating to you which we may collect, use, transfer, disclose or otherwise process, includes:
• Personal details: Name, employee identification number, work and home contact details (email, phone numbers, physical address), gender, date of birth, national identification number, social security number, next of kin, disability status, emergency contact information and photograph.
• Documentation required under immigration laws: Citizenship, passport data, details of residency, licences or work permit.
• Compensation, Benefits and Payroll: salary, bonus, benefits, pay grade, other awards, timesheets, pay data, PPS number, national insurance or other number, marital/civil partnership status, domestic partners and dependents.
• Position: Description of current position, job title, management category, entity name, department, location, employment status and type, terms of employment, employment contract, work history, length of service, retirement eligibility, promotions, date of transfers, and reporting manager(s) information.
• Talent Management Information: Details contained in job applications, learning and development, performance and development reviews and processes.
• Risk and Independence Records: Details of any shares of common stock, investments or directorships.
• System Access Data: Information required to access company systems and applications.
• Physical Security Data: CCTV footage and other information we collect when you access our premises, such as swipe card activation at entrances and doors in our offices.
• Special Categories of Personal Data: We may also collect certain types of Special Categories of Personal Data where required or permitted by local law, such as health/medical information or where we have your explicit consent to do so, which can be withdrawn at any time.
This list is non exhaustive.
Purposes for Processing Personal Data
The purposes for which we may collect, use, transfer, disclose or otherwise process your Personal Data, subject to applicable law, include:
• Managing Workforce: Recruitment, performance management, promotions and succession planning, salary and payment administration and reviews, wages and other benefits and bonuses, healthcare, pensions, learning and development, leave including in connection with occupational health, maternity leave, family emergency leave, paternity leave, adoption leave or parental leave, transfers, secondments, work permit or visa applications in order to comply with immigration laws, providing employment references, managing employee relations processes.
• Communications, Facilities and Emergencies: Facilitating communication with you, ensuring business continuity, providing references, protecting the health and safety of employees and others, safeguarding and maintaining IT infrastructure, office equipment, facilities and other property, facilitating communication with you and your nominated contacts in an emergency.
• Business Operations: Operating and managing IT, improve internal systems, communications systems and facilities, managing product and service development, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails (including records of changes you may make to customer accounts) and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, reorganisations or disposals and integration with purchaser.
• Compliance: Complying with legal and other requirements, such as income tax and national insurance deductions, record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, such as accident and insurance claims, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures.
• Employee Monitoring: In accordance with applicable laws and with your consent where required by law, we may monitor the use of our information technology and communications systems and the information they contain, including traffic and usage data, for purposes that may include systems maintenance, security, compliance with legal requirements and implementation of internal policies and procedures, as described in further detail in the Information Security Policy.
• Equal Opportunity Monitoring: In accordance with applicable laws and with your consent, where required by law, we may use your personal data, including special category personal data, to monitor equality in our organisation.
This list is non exhaustive.