Privacy notices

On this webpage you'll find our collected privacy notices in English:

  

  

Privacy Notice for marketing-related services 

Last updated: June 2023

Norwegian version

Deloitte.com consists of various individual, global, country-specific, regional, or service-specific websites. These individual sites are indicated in the upper right corner of each Deloitte web page.

This Privacy Notice applies to the specific websites of deloitte.com designated as Norway in the upper right corner referred to below as "this website", and to Deloitte Norway’s surveys, newsletters, invitations to seminars, courses, workshops, network assemblies and the like, and other inquiries (herein referred to as “seminars/collections”), where other platforms/tools also are used. 

Deloitte AS and Deloitte Advokatfirma AS, which are the DTTL member companies of Norway (also referred to below as "we", "us", "our" or "Deloitte") offer this website, our newsletters, surveys (also referred to collectively as our "digital channels"), as well as holding professional seminars and other collections that one can enroll to via our digital channels.

Deloitte AS and Deloitte Advokatfirma AS are together the controllers for the personal data processed about visitors, subscribers, participants in surveys and seminar participants in this regard. 

This Privacy Notice explains in more detail how Deloitte processes personal data on this website in connection with our newsletters, surveys, seminar invitations and other inquiries. We kindly refer to our other privacy notices for more information regarding our processing of personal data for other purposes.

 Click on the links below to jump straight to more detailed explanations of:

  • Definitions of key privacy concepts
  • How we process information about visitors to our websites
  • How we process personal data about enrolled persons in our seminars/collections
  • How we process personal data about subscribers of our newsletter
  • How you can exercise your rights as a registered
  • Disclosures and transfers of personal data we process

If you have any questions relating to the content herein, or our processing of personal data in general, you may submit this via our contact form, or send an email to personvern@deloitte.no.

Please note that the other country, regional and service-specific websites found on deloitte.com are provided by other entities in the "Deloitte Network" and are not offered by us. Such websites, as well as other websites that may be linked to this website, are not subject to this Privacy Notice. We encourage visitors to familiarize themselves with each of these other websites' privacy policies before providing personal information.

This Privacy Notice is regularly reviewed to ensure that it reflects our processing of personal data and may therefore be changed from time to time.

For the information in this Privacy Notice to be more easily understood, we have added some key definitions used in the Privacy Notice and in the Privacy Legislation below: 

"Personal Data": Any information about an identified or identifiable natural person (the "data subject"), cf. GDPR Article 4 (1). 

"Processing": Any operation or number of operations done with personal data, e.g. collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, assembly or coordination, restriction, deletion or annihilation cf. GDPR Article 4 (2).

"Registered": An identified or identifiable natural person whose personal data is processed cf. GDPR Article 4 (1). This can be a subscriber to our newsletter or signed up for our seminars.

"Data controller": a natural or legal person a public authority, institution or other body that alone or together with others determines the purpose of the processing of personal data and what means to use cf. GDPR Article 4 (7).

"Data Processor": A natural or legal person's public authority, institution or any other body that processes personal data on behalf of the Data Controller cf. GDPR Article 4 (8).

"Subprocessor": A natural or legal person that the Data Processor engages in carrying out processing activities on behalf of the Data Processor. 

"Basis for processing": A fundamental prerequisite for the processing of personal data to be legal is that it is based on a valid processing basis. This may, under GDPR Article 6, be, among other things, the data subject's consent or various reasons for necessity, including that the processing is necessary to implement an agreement the data subject is a party to, or that the processing is necessary for purposes related to the legitimate interests pursued by the controller or a third party.

"Your rights": According to the privacy legislation, any registered person has different rights they may exercise. This includes the right to request access to their personal data being processed, that it shall be rectified or deleted, the right to request that the processing be restricted or to object to the processing, the right to data portability, and the right to complain to a supervisory authority.  

"Profiling": A form of automated processing of personal data aimed at assessing certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning the work performance of said natural person, financial situation, health, personal preferences, interests, reliability, behavior, location or movements cf. GDPR Article 4 (4).

2.1 As visitors to our website

This website collects standard internet log information, including IP address, browser type and language, visit times and referring URLs. To ensure that this website is well managed and to facilitate better navigation, we or our service providers may also use cookies ("cookies", small text files stored in the user's browser) or web beacons ("web beacons", electronic images that allow this website to count the number of visitors who have accessed a particular page, and to access certain cookies) to collect aggregated data. 

The processing and storage of information using cookies requires that the visitor is informed that the cookies are used and have consented to this (section 2-7b of the Act relating to electronic communications (The Electronic Communications Act). Supplementary information about cookies on our websites can be found in our cookie alert. Here you will also find information on how to control your consent settings for cookies in your browser.

This site has integrations for various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (e.g. Facebook, Twitter and LinkedIn, collectively called "social media"). Personal information or other information that you have provided to some social media may be read, collected, and used by other users of the social media service, over which we have little or no control. Therefore, we are not responsible for the use, misuse or embezzlement of personal data or other information that you contribute to any social media services.

2.2 As a participant in our seminars/collections

2.2.1 Personal Data

When you enroll in one of our seminars, we will ask for information about you that we deem necessary to carry this out. This include:

  • Name: To keep track of who has signed up for the seminar, and to manage the access control to our premises. Whether the entrants show up to attend the seminar will be registered.
  • Business, as well as standardized departmental- and job categories: To gain insight into which companies will be represented at the seminar, and to evaluate whether our seminar offers meet the target groups they are intended for.
  • Postcode: To make sure you are enrolled in a seminar in your local area, and to send you content specific for certain regions.
  • Contact information (email and phone number): In order to reach registers with information about the seminar.

The purpose of the processing of the aforementioned personal data is to be able to manage your participation in our seminars and gatherings and provide you with the necessary information about the seminar.

The data is collected and processed based on your consent obtained when you enroll in the seminar. You can at any time withdraw your consent. If you withdraw your consent, the information we have stored about you will be deleted.

2.2.2 Special categories of personal data

We will generally not request special categories of personal data (e.g., data related to race or ethnic origin, religious beliefs, criminal record, physical or mental health or sexual orientation) from visitors. However, as food is served at most of our seminars, we ask for information about food allergies so that we can facilitate this and not unnecessarily risk allergic reactions. In order for everyone who is enrolled to participate regardless of their health condition, we also ask for information about other special needs that may require facilitation on our part. All such information is processed on the basis of your consent, it is collected only if you yourself choose to provide this information and only for the purpose of holding the relevant seminar. The information will be deleted shortly thereafter.

2.2.3 The Bookkeeping Regulations

When you attend our gatherings/seminars with catering, Deloitte is obliged to store your name and the organization you represented at the event pursuant to the Bookeeping Regulation Section 5-10, cf. Article 6 (1)(C) GDPR. As a result of your participation, we therefore store your name and the name of the company in the attachments documenting the expenses related to the catering to fulfill this legal obligation. This personal data is stored for 5 years pursuant to the Bookkeeping Act Section 13 nr. 2.

Please note that in special situations, it may be a requirement for you to be anonymous, for example, in connection with our duty of confidentiality. In such cases, the Accounting Regulations allow for anonymity."

2.3 As a participant in one of our surveys

When you participate in one of our surveys, we will ask for information about you that we deem necessary to conduct the survey. What's needed may vary from one survey to the next. The personal data may include:

  • Name: To keep track of who participates in the survey.
  • Business and standardized departmental- and job categories: To gain insight into which companies participate in the survey.
  • Personal data included in the feedback given in the surveys: However, the results will be anonymized, and the answers will not be linked to individuals.

The purpose of the processing of the aforementioned personal data is to manage the survey, market our products and services and map out the topic the survey relates to.

The legal basis for processing personal data in surveys is your consent given in connection with your registration as a participant in the survey. You can at any time withdraw your consent. If you withdraw your consent, the information we have stored about you will be deleted.

2.4 As a subscriber to our newsletters

You can choose to register to receive our newsletters, as well as information about relevant seminars and reports. Sometimes the newsletter may include an invitation to a survey. See section 2.3 above for information on participation in surveys.

Among other things, the newsletter will contain information about services offered by companies within the Deloitte Network that we believe may be of interest to you. In such cases, the information you provide will be stored on your profile. This includes the information you fill in about yourself when registering:

  • Name: In order for us to manage your profile, and address you in a more personal way.
  • Email address: To send you the newsletters.
  • Business and standardized departmental and job categories: In order to provide you with the information that is most relevant to your work.
  • Postcode: So that the seminar invitations we send you relate to events held at Deloitte offices in your area, and to send you content specific for certain regions.

The purpose of the processing of the aforementioned personal data is to be able to manage and send you our newsletter, and in this regard, Deloitte promotes its products and services.

The legal basis for sending and sharing the newsletters is your consent given in connection with your registration as a subscriber. 

You can at any time withdraw your consent. We will then stop sending you newsletters and other communications by email in response to your registration on this website.

When you are a subscriber to our newsletter, Deloitte will register which newsletters and seminar invitations you receive, which news and other topics you click on to read more, which of our websites you visit and whether you sign up and attend the seminars we hold. 

We may collect information about the business you have provided that you work in, but will not collect personal information about you from sources other than your interaction with us. The information about your activity is stored on your profile and is used to give us insight into how actively you use our pages and seminars, how interested you are in our services and which topics interest you most. This information can be used to customize our inquiries so that they should be as interesting as possible to you. 

Deloitte has a legitimate interest in getting to know the preferences and interests of readers of our newsletters so that we can offer seminars, news and services that better suit their needs and desires. The registration of such information is necessary to safeguard this interest. The logic used for this limited profiling activity is simple and consists mainly of the different activities that subscribers undertake are given a point value, which is summed together. Registration is limited and is therefore not considered too restrictive, so that our legitimate interest can therefore serve as a basis for treatment. For further questions relating to this, please use the our contact form.

Exceptionally, your personal data may also be used to protect the rights or property of our users and, where applicable, to comply with legal processes. This will only be applicable in exceptional cases and will never happen without this being in accordance with applicable data protection laws.

The personal data we have stored about you who have consented to receive our newsletters is stored for as long as you are a subscriber to our newsletters. If you withdraw your consent, the information we have stored about you will be deleted.

As a registered person, you have several rights related to our processing of your personal data. Here you will find information about these rights and how you can exercise these rights in connection with our digital channels, newsletters and seminars.

If you have any questions regarding your rights, or would like to exercise them with Deloitte in connection with our digital channels, newsletters and seminars, you can do so via our contact form or by sending an email to personvern@deloitte.no. 

3.1 The right to request access to your personal data

You can send us a request for access to get information about whether we process personal data about you in connection with our newsletters and events, and to gain insight into what information we process about you if you are registered.

3.2 The right to rectification of your personal data

If you believe the information we have stored about you is not correct (e.g. email address, job or position has changed), you may request that we correct this at any time. In connection with verifying your subscription to newsletters when downloading reports, or when you sign up for one of our seminars, the information stored on your profile will be automatically updated in accordance with what you register.

3.3 Protesting

If you do not want us to record your activity on our digital channels, and your attendance at our seminars and other events as part of the profile building, you can object to this. If you object, we will stop and record such information about you.

3.4 The right to erasure of your personal data

You can easily withdraw the consent you gave us at any time by either unsubscribe from our newsletter via the links found at the bottom of the sent email, or by sending us a message via our contact form. We will then delete your information associated with our newsletter within 30 days. For other requests for deletion, please use our contact form or send an email to personvern@deloitte.no

3.5 Deletion

If you withdraw your consent to receive newsletters, the personal data we process about you will be deleted. If you choose to object to our processing of information about your use of our digital channels, all activity we have previously recorded on your profile will be deleted. Information about your activity on our digital channels, and attendance at seminars, will be deleted after two years.

3.6 The right to data portability

Pursuant to GDPR Article 20, you are entitled to data portability for personal data about yourself that you have provided to Deloitte and which has a basis for processing consent or agreement. Our newsletters are based on consent, so you have the right to be provided with the information you registered about yourself when you signed up as a subscriber. This includes name, contact information, employment and zip code. If you wish to exercise your right to portability, the relevant information from your profile will be exported to a Microsoft Excel document and disclosed to you.  

3.7 Right to restriction of processing

If you do not wish to delete your information but have a reason to want us to stop processing it in any way other than storage, you have the right to request it.

3.8 Right to complain to a supervisory authority

If you believe our processing of your personal data should be contrary to the GDPR, or the data protection legislation in general, you have the right to submit a complaint to the supervisory authorities. For Norway, this is the Norwegian Data Protection Authority, and complaints can be submitted on their websites by following this link.

Deloitte will be able to share personal data with, for example, our affiliated Deloitte entities abroad, service providers, police, government agencies, advisers, etc. Such third parties may be located in other countries. For example, in connection with seminars we hold, participant lists may be shared with co-hosts if we cooperate with such in the individual cases. Furthermore, we may also share personal data in connection with other business purposes, such as advertising and marketing, monitoring of security, maintenance, billing and auditing. Any transfers will have undergone necessary assessments and measures to ensure that all personal data is processed with sufficient security and the necessary legal basis for treatment. All transfers occurred is based on valid transfer mechanisms; EU standard contractual clauses, an adequacy decision or by using our interfirm transfer agreements that are based on EU standard contractual clauses.

Deloitte uses data processors to process personal data on their behalf. These will under no circumstances process personal data for purposes other than those we determine, as set forth in this Privacy Notice. 

The processing related to our digital channels, seminars and newsletters is mainly carried out using the system Marketo . The system is cloud-based and operated by Marketo Inc. as a data processor, processing data on behalf of Deloitte. Marketo Inc. registered in the United States, but the system delivered to us is operated from the company's server parks in Europe.

The processing of personal data as described above may also be done using our customer relationship management system Sales Force with servers located in France. 

We have introduced good commercial standards for technology and operational security, to protect all information provided by visitors via this website, as well as for other tools we use, from unauthorized access, disclosure, alteration or destruction.
We understand the importance of protecting children's privacy in the interactive online world. This website is not designed for or deliberately aimed at children 13 years of age or younger. It is not our intention to knowingly collect or maintain information about anyone under the age of 13.
We may change the Privacy Notice from time to time at our sole discretion. When we make changes to this Privacy Notice we will change the date of revision at the top of this page, and a modified privacy notice will have effect from that revision date. We encourage you to review this Privacy Notice to be informed about how we protect your information.
If you have any questions or concerns about your privacy while using this website, please contact us using the contact form. Questions can also be directed to marked@deloitte.no or noprivacy@deloitte.no

  

  

Privacy Notice for Deloitte Clients

November 2020

In connection with your contractual relationship with Deloitte, Deloitte will, as a data controller, collect and process personal data of data subjects for the purposes specified below. Deloitte processes personal data in accordance with the principles in EU’s General Data Protection Regulation (GDPR). We kindly refer to our other privacy notices for more information regarding our processing of personal data for other purposes. 

This privacy notice explains what personal data we may gather from our clients in relation to the services provided, what we use that personal data for and who we give that personal data to. It also sets out your rights in relation to your personal data, and who you can contact for more information or queries. Click on the links below to take you to the more detailed sections of this statement:

Topics

  • Which data do we collect and for which purposes
  • The legal basis for the collection and processing of your personal data
  • From whom do we collect your personal data?
  • Who do we share your personal data with and why?
  • Who do we transfer your personal data to?
  • For how long do we store your data?
  • Your rights
  • Contact
  • Revision of our privacy notice

We may collect and process the following types of personal data:

  • name;
  • age;
  • date of birth;
  • national identification number;
  • gender;
  • phone number;
  • home address;
  • country of residence;
  • passport;
  • family circumstances (e.g. civil status and contact details on dependents) and close relatives;
  • photo;
  • e-mail address;
  • IP address;
  • title;
  • office location;
  • department;
  • employee identification number;
  • time registration;
  • employment and education details (e.g. previous employment and education details);
  • salary, severance pay, bonus and pension information;
  • assets, including debt, loan, income, wealth;
  • travel and expenses;
  • leaves of absence;
  • bank account details and transactions;
  • tax-related information;
  • documentation requirements.

The personal data listed above is collected and processed for the following purposes:

  • delivering services to our clients;
  • staffing and resource allocation;
  • provision of access to relevant systems;
  • compliance with applicable legal or regulatory requirements and/or internal policies;
  • documentation requirements;
  • handling requests, complaints and claims from third parties;
  • handling inspections and queries by supervisory authorities; external auditors and legal advisors; and
  • customer relationship management.

We may also collect the following types of special categories of personal data (GDPR art. 9) for the purpose specified above:

  • Trade union membership;
  • Data concerning health;
  • Revealing racial or ethnic origin; 
  • Political opinions; and
  • Criminal records (GDPR art. 10).

We collect and process your data based on the following basis:

  • Consent, see GDPR article 6 paragraph 1 (a);
  • Performance of a contract, see GDPR article 6 paragraph 1 (b);
  • A legal obligation to which Deloitte is subject, see GDPR article 6 paragraph 1 (c); 
  • The legitimate interests of Deloitte, see GDPR article 6 paragraph 1 (f).

We do not collect and process special categories of data unless there is a legal basis in the GDPR article 9 paragraph 2; establishment, exercise or defense of legal claims, or consent.

We collect your personal data from you, as well as from public authorities, insurance providers, banks, your employer, your/client’s business partners, third party advisors, our websites, registered information, and other Deloitte entities depending on the nature of the engagement.
In connection with one or more purposes outlined above, the personal data disclosed by or collected from client/you may be disclosed to and shared with the following recipients: Public authorities, our professional advisors (e.g. auditor and legal advisors) vendors; and other Deloitte entities.

Transfer of personal data to data processors 

We may transfer your personal data to other Deloitte entities. We may also transfer the personal data to IT providers, including cloud service providers, or to vendors of external services, who process, access and /or store the personal data on our behalf. 

Transfer of personal data to data controllers

We may transfer your personal data to other data controllers, e.g. if Deloitte has a legal obligation to transfer the data to public authorities.

Transfer of personal data to recipients in countries outside the EU/EEA 

We may transfer personal data disclosed by or collected from you to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis (transfer mechanism) for the international transfer is either our internal data transfer agreements, an adequacy decision or EU’s Model Clause Agreement.

In addition to ensuring an equivalent transfer mechanism, Deloitte will assess the impact of such potential transfers. 

We store the personal data for as long as necessary to fulfil the purposes listed above, however, (i) for no longer than necessary for the administration of the client relationship, (ii) for no longer than we would have a legitimate interest or (iii) for no longer than for the fulfilment of legal requirements or internal guidelines. We have specific retention periods for client data, which is based on either legal obligations or Deloitte’s legitimate interest in keeping the personal data for a given period. As an example, we may have a legitimate interest in keeping personal data to defend a potential legal claim. These periods are dependent on the service provided and is based on a risk assessment of Deloitte’s need to retain data for a longer period of time held up against the data subject’s interest in having it deleted. Deloitte will store data securely and in accordance with the GDPR.

Subject to the conditions set out in the applicable data protection legislation, the data subject has certain rights. In the following, you can read about your rights and how to perform them:

The right to request access to your personal data

You can send us a request for access to get information about whether we process personal information about you in connection with your client relationship with Deloitte, and thus gain insight into what information we process about you if you are registered.

The right to rectification of your personal data

If you believe the information we have stored about you is incorrect (e.g. wrong contact details) you can request that we correct this at any time.

The right to erasure of your personal data

You can withdraw your consent to process personal data at any time. If you withdraw your consent, we will delete your personal information that is processed on this basis.

If you request erasure of your personal data, the data will be deleted. However, the right to erasure is not absolute, as it should be balanced against legal requirements and Deloitte’s legitimate interest. 

The right to restriction of processing

If you do not wish us to delete your information but have reasons to wish that we will stop processing them in ways other than storage, you may, under certain circumstances, have the right to request this.

The right to data portability

According to Article 20 of the GDPR you have the right to data portability for personal information about yourself that you have given to Deloitte and which has a basis for processing in consent or agreement. The main basis for processing your personal information, is the contract between you as a client and Deloitte. If you wish to exercise your right to portability, the relevant information from your profile will be exported to a Microsoft Excel document and handed over to you.

The right to objection to the processing of your personal data

You have the right to object to processing of personal data concerning you, where the processing is based on public interest or legitimate interest of Deloitte, e.g. profiling. If so, Deloitte will no longer process your personal data unless there is a legitimate ground for doing so which, according to a balancing test, is overriding.

The right to objection to profiling 

You have the right to object to your personal data being processed for direct marketing purposes. This includes profiling to the extent that it is related to such direct marketing.

File a complaint

You also have the right to file a complaint with the competent supervisory authority. In Norway, this is Datatilsynet. Complaints can be delivered on their website by following this link.

Please contact us by filling out this contact form  or send us an e-mail to noprivacy@deloitte.no if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.

Address details: 

Deloitte AS / Deloitte Advokatfirma AS
Dronning Eufemias gate 14
0191 Oslo
Norway

We keep our privacy notice under regular review and thus the notice may be subject to changes. The date of the last revision of the privacy notice can be found on the top of the page.

  

  

Privacy Notice to individuals with whom Deloitte has no direct contact/contractual relationship

Last updated: November 2020

This privacy notice addresses Deloitte’s Clients’ and vendors’ employees, customers and other relations, with whom Deloitte has no direct contact and/or direct contractual relationship.

In connection with Deloitte’s provision of services to our clients, Deloitte may as the data controller collect and process personal data of our client’s employees, customers and other relations. Such collection and processing take place in accordance with the principles in EU’s General Data Protection Regulation (GDPR) and the Norwegian Data Protection Act.

We kindly refer to our other privacy notices for more information regarding our processing of personal data for other purposes.

Please note that if Deloitte is considered as a data processor in connection with the processing of your personal data, we kindly ask you to contact the Data controller, e.g. your employer, directly for more information about the processing of personal data.

Please read this text carefully to understand how we process your personal data.

Topics:

  • Which data do we collect about you and for which purposes?
  • From whom do we collect your personal data?
  • The legal basis for the collection and processing of your personal data
  • Who do we share your personal data with and why?
  • Who do we transfer your personal data to?
  • How long do we store your data?
  • Your rights
  • Contact
  • Revision of our privacy notice

We may collect and process your personal data for the following purposes:

  • providing services to our clients;
  • relationship management;
  • compliance with applicable legal or regulatory requirements and/or internal policies;
  • documentation requirements;
  • handling requests, complaints and claims from third parties;
  • handling inspections and queries by supervisory authorities;
  • external audit and legal advice.

We may collect the following types of general categories of personal data for the purposes specified above:

  • Name;
  • age;
  • date of birth;
  • national identification number;
  • gender;
  • phone number;
  • home address;
  • country of residence;
  • visa;
  • family circumstances (e.g. civil status and contact details on dependents and close relatives);
  • photo;
  • email address;
  • title;
  • opinions;
  • actions;
  • employment and education details (e.g. previous employment and education details);
  • salary and pension information;
  • leaves of absence;
  • bank account details;
  • tax-related information and investments;
  • information on any criminal records;
  • ownership of shares;
  • voting rights;
  • management position or similar role; and
  • any status as or relation to a politically exposed person (if required in accordance with anti-money laundering regulation).

We may also collect the following types of special categories of personal data for the purposes specified above:

  • racial or ethnic origin,
  • trade union membership,
  • data concerning health 
We collect your personal data from you, our clients and our vendors as well as from public authorities; other Deloitte entities, and other third-party business relations, depending on the character of the engagement.

We collect and process your data based on one or more of the following articles in GDPR:

  • Art. 6 paragraph 1 (a) the data subject’s consent to the processing of his or her personal data for one or more specific purposes;
  • Art. 6 paragraph 1 (c) compliance with legal obligations to which our client or Deloitte is subject;
  • Art. 6 paragraph 1 (f) Deloitte’s legitimate interests;
  • Art. 9 paragraph 2 (b) employment and social security and social protection law purposes; and
  • Art. 9 paragraph 2 (f) establishment, exercise or defense of legal claims
In connection with one or more purposes outlined above, the personal data disclosed by or collected  may be disclosed to and shared with the following recipients: Public authorities, our professional advisors (e.g. auditor and legal advisors) vendors; and other Deloitte entities.

Transfer of personal data to data processors

We may transfer your personal data to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to external service providers, who process and/or store the personal data on our behalf.

Transfer of personal data to recipients in countries outside the EU/EEA

We may transfer your personal data to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer will be EU’s Standard Contractual Clauses (SCC), or other applicable legal basis.

We store your personal data for as long as necessary to fulfil the purposes above.

Subject to the conditions set out in the applicable data protection legislation, you have the following rights:

  • The right to request access to your personal data;
  • The right to rectification of your personal data;
  • The right to erasure of your personal data;
  • The right to restriction of processing of your personal data;
  • The right to data portability; and
  • The right to objection to the processing of your personal data

Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interests.

You also have the right to file a complaint with the Norwegian Data Protection Agency (Datatilsynet):

Datatilsynet
Postboks 458 Sentrum
0105 Oslo

Complaints can be delivered on their website by following this link.

Please contact us by filling out this contact form  or send us an e-mail to noprivacy@deloitte.no if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.

Address details:

Deloitte AS / Deloitte Advokatfirma AS
Dronning Eufemias gate 14
P.O Box 221 Sentrum
0191 Oslo
Norway

We keep our privacy notice under regular review and thus the notice may be subject to changes. The date of the last revision of the privacy notice can be found on the top of the page.