Deloitte.com consists of various individual, global, country-specific, regional, or service-specific websites. These individual sites are indicated in the upper right corner of each Deloitte web page.
This Privacy Notice applies to the specific websites of deloitte.com designated as Norway in the upper right corner referred to below as "this website", and to Deloitte Norway’s surveys, newsletters, invitations to seminars, courses, workshops, network assemblies and the like, and other inquiries (herein referred to as “seminars/collections”), where other platforms/tools also are used.
Deloitte AS and Deloitte Advokatfirma AS, which are the DTTL member companies of Norway (also referred to below as "we", "us", "our" or "Deloitte") offer this website, our newsletters, surveys (also referred to collectively as our "digital channels"), as well as holding professional seminars and other collections that one can enroll to via our digital channels.
Deloitte AS and Deloitte Advokatfirma AS are together the controllers for the personal data processed about visitors, subscribers, participants in surveys and seminar participants in this regard.
This Privacy Notice explains in more detail how Deloitte processes personal data on this website in connection with our newsletters, surveys, seminar invitations and other inquiries. We kindly refer to our other privacy notices for more information regarding our processing of personal data for other purposes.
Click on the links below to jump straight to more detailed explanations of:
If you have any questions relating to the content herein, or our processing of personal data in general, you may submit this via our contact form, or send an email to personvern@deloitte.no.
Please note that the other country, regional and service-specific websites found on deloitte.com are provided by other entities in the "Deloitte Network" and are not offered by us. Such websites, as well as other websites that may be linked to this website, are not subject to this Privacy Notice. We encourage visitors to familiarize themselves with each of these other websites' privacy policies before providing personal information.
This Privacy Notice is regularly reviewed to ensure that it reflects our processing of personal data and may therefore be changed from time to time.
For the information in this Privacy Notice to be more easily understood, we have added some key definitions used in the Privacy Notice and in the Privacy Legislation below:
"Personal Data": Any information about an identified or identifiable natural person (the "data subject"), cf. GDPR Article 4 (1).
"Processing": Any operation or number of operations done with personal data, e.g. collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, assembly or coordination, restriction, deletion or annihilation cf. GDPR Article 4 (2).
"Registered": An identified or identifiable natural person whose personal data is processed cf. GDPR Article 4 (1). This can be a subscriber to our newsletter or signed up for our seminars.
"Data controller": a natural or legal person a public authority, institution or other body that alone or together with others determines the purpose of the processing of personal data and what means to use cf. GDPR Article 4 (7).
"Data Processor": A natural or legal person's public authority, institution or any other body that processes personal data on behalf of the Data Controller cf. GDPR Article 4 (8).
"Subprocessor": A natural or legal person that the Data Processor engages in carrying out processing activities on behalf of the Data Processor.
"Basis for processing": A fundamental prerequisite for the processing of personal data to be legal is that it is based on a valid processing basis. This may, under GDPR Article 6, be, among other things, the data subject's consent or various reasons for necessity, including that the processing is necessary to implement an agreement the data subject is a party to, or that the processing is necessary for purposes related to the legitimate interests pursued by the controller or a third party.
"Your rights": According to the privacy legislation, any registered person has different rights they may exercise. This includes the right to request access to their personal data being processed, that it shall be rectified or deleted, the right to request that the processing be restricted or to object to the processing, the right to data portability, and the right to complain to a supervisory authority.
"Profiling": A form of automated processing of personal data aimed at assessing certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning the work performance of said natural person, financial situation, health, personal preferences, interests, reliability, behavior, location or movements cf. GDPR Article 4 (4).
2.1 As visitors to our website
This website collects standard internet log information, including IP address, browser type and language, visit times and referring URLs. To ensure that this website is well managed and to facilitate better navigation, we or our service providers may also use cookies ("cookies", small text files stored in the user's browser) or web beacons ("web beacons", electronic images that allow this website to count the number of visitors who have accessed a particular page, and to access certain cookies) to collect aggregated data.
The processing and storage of information using cookies requires that the visitor is informed that the cookies are used and have consented to this (section 2-7b of the Act relating to electronic communications (The Electronic Communications Act). Supplementary information about cookies on our websites can be found in our cookie alert. Here you will also find information on how to control your consent settings for cookies in your browser.
This site has integrations for various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (e.g. Facebook, Twitter and LinkedIn, collectively called "social media"). Personal information or other information that you have provided to some social media may be read, collected, and used by other users of the social media service, over which we have little or no control. Therefore, we are not responsible for the use, misuse or embezzlement of personal data or other information that you contribute to any social media services.
2.2 As a participant in our seminars/collections
2.2.1 Personal Data
When you enroll in one of our seminars, we will ask for information about you that we deem necessary to carry this out. This include:
The purpose of the processing of the aforementioned personal data is to be able to manage your participation in our seminars and gatherings and provide you with the necessary information about the seminar.
The data is collected and processed based on your consent obtained when you enroll in the seminar. You can at any time withdraw your consent. If you withdraw your consent, the information we have stored about you will be deleted.
2.2.2 Special categories of personal data
We will generally not request special categories of personal data (e.g., data related to race or ethnic origin, religious beliefs, criminal record, physical or mental health or sexual orientation) from visitors. However, as food is served at most of our seminars, we ask for information about food allergies so that we can facilitate this and not unnecessarily risk allergic reactions. In order for everyone who is enrolled to participate regardless of their health condition, we also ask for information about other special needs that may require facilitation on our part. All such information is processed on the basis of your consent, it is collected only if you yourself choose to provide this information and only for the purpose of holding the relevant seminar. The information will be deleted shortly thereafter.
2.2.3 The Bookkeeping Regulations
When you attend our gatherings/seminars with catering, Deloitte is obliged to store your name and the organization you represented at the event pursuant to the Bookeeping Regulation Section 5-10, cf. Article 6 (1)(C) GDPR. As a result of your participation, we therefore store your name and the name of the company in the attachments documenting the expenses related to the catering to fulfill this legal obligation. This personal data is stored for 5 years pursuant to the Bookkeeping Act Section 13 nr. 2.
Please note that in special situations, it may be a requirement for you to be anonymous, for example, in connection with our duty of confidentiality. In such cases, the Accounting Regulations allow for anonymity."
2.3 As a participant in one of our surveys
When you participate in one of our surveys, we will ask for information about you that we deem necessary to conduct the survey. What's needed may vary from one survey to the next. The personal data may include:
The purpose of the processing of the aforementioned personal data is to manage the survey, market our products and services and map out the topic the survey relates to.
The legal basis for processing personal data in surveys is your consent given in connection with your registration as a participant in the survey. You can at any time withdraw your consent. If you withdraw your consent, the information we have stored about you will be deleted.
2.4 As a subscriber to our newsletters
You can choose to register to receive our newsletters, as well as information about relevant seminars and reports. Sometimes the newsletter may include an invitation to a survey. See section 2.3 above for information on participation in surveys.
Among other things, the newsletter will contain information about services offered by companies within the Deloitte Network that we believe may be of interest to you. In such cases, the information you provide will be stored on your profile. This includes the information you fill in about yourself when registering:
The purpose of the processing of the aforementioned personal data is to be able to manage and send you our newsletter, and in this regard, Deloitte promotes its products and services.
The legal basis for sending and sharing the newsletters is your consent given in connection with your registration as a subscriber.
You can at any time withdraw your consent. We will then stop sending you newsletters and other communications by email in response to your registration on this website.
When you are a subscriber to our newsletter, Deloitte will register which newsletters and seminar invitations you receive, which news and other topics you click on to read more, which of our websites you visit and whether you sign up and attend the seminars we hold.
We may collect information about the business you have provided that you work in, but will not collect personal information about you from sources other than your interaction with us. The information about your activity is stored on your profile and is used to give us insight into how actively you use our pages and seminars, how interested you are in our services and which topics interest you most. This information can be used to customize our inquiries so that they should be as interesting as possible to you.
Deloitte has a legitimate interest in getting to know the preferences and interests of readers of our newsletters so that we can offer seminars, news and services that better suit their needs and desires. The registration of such information is necessary to safeguard this interest. The logic used for this limited profiling activity is simple and consists mainly of the different activities that subscribers undertake are given a point value, which is summed together. Registration is limited and is therefore not considered too restrictive, so that our legitimate interest can therefore serve as a basis for treatment. For further questions relating to this, please use the our contact form.
Exceptionally, your personal data may also be used to protect the rights or property of our users and, where applicable, to comply with legal processes. This will only be applicable in exceptional cases and will never happen without this being in accordance with applicable data protection laws.
The personal data we have stored about you who have consented to receive our newsletters is stored for as long as you are a subscriber to our newsletters. If you withdraw your consent, the information we have stored about you will be deleted.
As a registered person, you have several rights related to our processing of your personal data. Here you will find information about these rights and how you can exercise these rights in connection with our digital channels, newsletters and seminars.
If you have any questions regarding your rights, or would like to exercise them with Deloitte in connection with our digital channels, newsletters and seminars, you can do so via our contact form or by sending an email to personvern@deloitte.no.
3.1 The right to request access to your personal data
You can send us a request for access to get information about whether we process personal data about you in connection with our newsletters and events, and to gain insight into what information we process about you if you are registered.
3.2 The right to rectification of your personal data
If you believe the information we have stored about you is not correct (e.g. email address, job or position has changed), you may request that we correct this at any time. In connection with verifying your subscription to newsletters when downloading reports, or when you sign up for one of our seminars, the information stored on your profile will be automatically updated in accordance with what you register.
3.3 Protesting
If you do not want us to record your activity on our digital channels, and your attendance at our seminars and other events as part of the profile building, you can object to this. If you object, we will stop and record such information about you.
3.4 The right to erasure of your personal data
You can easily withdraw the consent you gave us at any time by either unsubscribe from our newsletter via the links found at the bottom of the sent email, or by sending us a message via our contact form. We will then delete your information associated with our newsletter within 30 days. For other requests for deletion, please use our contact form or send an email to personvern@deloitte.no.
3.5 Deletion
If you withdraw your consent to receive newsletters, the personal data we process about you will be deleted. If you choose to object to our processing of information about your use of our digital channels, all activity we have previously recorded on your profile will be deleted. Information about your activity on our digital channels, and attendance at seminars, will be deleted after two years.
3.6 The right to data portability
Pursuant to GDPR Article 20, you are entitled to data portability for personal data about yourself that you have provided to Deloitte and which has a basis for processing consent or agreement. Our newsletters are based on consent, so you have the right to be provided with the information you registered about yourself when you signed up as a subscriber. This includes name, contact information, employment and zip code. If you wish to exercise your right to portability, the relevant information from your profile will be exported to a Microsoft Excel document and disclosed to you.
3.7 Right to restriction of processing
If you do not wish to delete your information but have a reason to want us to stop processing it in any way other than storage, you have the right to request it.
3.8 Right to complain to a supervisory authority
If you believe our processing of your personal data should be contrary to the GDPR, or the data protection legislation in general, you have the right to submit a complaint to the supervisory authorities. For Norway, this is the Norwegian Data Protection Authority, and complaints can be submitted on their websites by following this link.
Deloitte will be able to share personal data with, for example, our affiliated Deloitte entities abroad, service providers, police, government agencies, advisers, etc. Such third parties may be located in other countries. For example, in connection with seminars we hold, participant lists may be shared with co-hosts if we cooperate with such in the individual cases. Furthermore, we may also share personal data in connection with other business purposes, such as advertising and marketing, monitoring of security, maintenance, billing and auditing. Any transfers will have undergone necessary assessments and measures to ensure that all personal data is processed with sufficient security and the necessary legal basis for treatment. All transfers occurred is based on valid transfer mechanisms; EU standard contractual clauses, an adequacy decision or by using our interfirm transfer agreements that are based on EU standard contractual clauses.
Deloitte uses data processors to process personal data on their behalf. These will under no circumstances process personal data for purposes other than those we determine, as set forth in this Privacy Notice.
The processing related to our digital channels, seminars and newsletters is mainly carried out using the system Marketo . The system is cloud-based and operated by Marketo Inc. as a data processor, processing data on behalf of Deloitte. Marketo Inc. registered in the United States, but the system delivered to us is operated from the company's server parks in Europe.
The processing of personal data as described above may also be done using our customer relationship management system Sales Force with servers located in France.
In connection with your contractual relationship with Deloitte, Deloitte will, as a data controller, collect and process personal data of data subjects for the purposes specified below. Deloitte processes personal data in accordance with the principles in EU’s General Data Protection Regulation (GDPR). We kindly refer to our other privacy notices for more information regarding our processing of personal data for other purposes.
This privacy notice explains what personal data we may gather from our clients in relation to the services provided, what we use that personal data for and who we give that personal data to. It also sets out your rights in relation to your personal data, and who you can contact for more information or queries. Click on the links below to take you to the more detailed sections of this statement:
Topics
We may collect and process the following types of personal data:
The personal data listed above is collected and processed for the following purposes:
We may also collect the following types of special categories of personal data (GDPR art. 9) for the purpose specified above:
We collect and process your data based on the following basis:
We do not collect and process special categories of data unless there is a legal basis in the GDPR article 9 paragraph 2; establishment, exercise or defense of legal claims, or consent.
Transfer of personal data to data processors
We may transfer your personal data to other Deloitte entities. We may also transfer the personal data to IT providers, including cloud service providers, or to vendors of external services, who process, access and /or store the personal data on our behalf.
Transfer of personal data to data controllers
We may transfer your personal data to other data controllers, e.g. if Deloitte has a legal obligation to transfer the data to public authorities.
Transfer of personal data to recipients in countries outside the EU/EEA
We may transfer personal data disclosed by or collected from you to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis (transfer mechanism) for the international transfer is either our internal data transfer agreements, an adequacy decision or EU’s Model Clause Agreement.
In addition to ensuring an equivalent transfer mechanism, Deloitte will assess the impact of such potential transfers.
Subject to the conditions set out in the applicable data protection legislation, the data subject has certain rights. In the following, you can read about your rights and how to perform them:
The right to request access to your personal data
You can send us a request for access to get information about whether we process personal information about you in connection with your client relationship with Deloitte, and thus gain insight into what information we process about you if you are registered.
The right to rectification of your personal data
If you believe the information we have stored about you is incorrect (e.g. wrong contact details) you can request that we correct this at any time.
The right to erasure of your personal data
You can withdraw your consent to process personal data at any time. If you withdraw your consent, we will delete your personal information that is processed on this basis.
If you request erasure of your personal data, the data will be deleted. However, the right to erasure is not absolute, as it should be balanced against legal requirements and Deloitte’s legitimate interest.
The right to restriction of processing
If you do not wish us to delete your information but have reasons to wish that we will stop processing them in ways other than storage, you may, under certain circumstances, have the right to request this.
The right to data portability
According to Article 20 of the GDPR you have the right to data portability for personal information about yourself that you have given to Deloitte and which has a basis for processing in consent or agreement. The main basis for processing your personal information, is the contract between you as a client and Deloitte. If you wish to exercise your right to portability, the relevant information from your profile will be exported to a Microsoft Excel document and handed over to you.
The right to objection to the processing of your personal data
You have the right to object to processing of personal data concerning you, where the processing is based on public interest or legitimate interest of Deloitte, e.g. profiling. If so, Deloitte will no longer process your personal data unless there is a legitimate ground for doing so which, according to a balancing test, is overriding.
The right to objection to profiling
You have the right to object to your personal data being processed for direct marketing purposes. This includes profiling to the extent that it is related to such direct marketing.
File a complaint
You also have the right to file a complaint with the competent supervisory authority. In Norway, this is Datatilsynet. Complaints can be delivered on their website by following this link.
Please contact us by filling out this contact form or send us an e-mail to noprivacy@deloitte.no if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.
Address details:
Deloitte AS / Deloitte Advokatfirma AS
Dronning Eufemias gate 14
0191 Oslo
Norway
This privacy notice addresses Deloitte’s Clients’ and vendors’ employees, customers and other relations, with whom Deloitte has no direct contact and/or direct contractual relationship.
In connection with Deloitte’s provision of services to our clients, Deloitte may as the data controller collect and process personal data of our client’s employees, customers and other relations. Such collection and processing take place in accordance with the principles in EU’s General Data Protection Regulation (GDPR) and the Norwegian Data Protection Act.
We kindly refer to our other privacy notices for more information regarding our processing of personal data for other purposes.
Please note that if Deloitte is considered as a data processor in connection with the processing of your personal data, we kindly ask you to contact the Data controller, e.g. your employer, directly for more information about the processing of personal data.
Please read this text carefully to understand how we process your personal data.
Topics:
We may collect and process your personal data for the following purposes:
We may collect the following types of general categories of personal data for the purposes specified above:
We may also collect the following types of special categories of personal data for the purposes specified above:
We collect and process your data based on one or more of the following articles in GDPR:
Transfer of personal data to data processors
We may transfer your personal data to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to external service providers, who process and/or store the personal data on our behalf.
Transfer of personal data to recipients in countries outside the EU/EEA
We may transfer your personal data to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer will be EU’s Standard Contractual Clauses (SCC), or other applicable legal basis.
Subject to the conditions set out in the applicable data protection legislation, you have the following rights:
Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interests.
You also have the right to file a complaint with the Norwegian Data Protection Agency (Datatilsynet):
Datatilsynet
Postboks 458 Sentrum
0105 Oslo
Complaints can be delivered on their website by following this link.
Please contact us by filling out this contact form or send us an e-mail to noprivacy@deloitte.no if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.
Address details:
Deloitte AS / Deloitte Advokatfirma AS
Dronning Eufemias gate 14
P.O Box 221 Sentrum
0191 Oslo
Norway