Privacy Notice to individuals with whom Deloitte has no direct contact

Version: 16 September 2020

Privacy Notice to individuals with whom Deloitte has no direct contact

This privacy notice addresses Deloitte’s Clients’ and vendors’ employees, customers and other relations, with whom Deloitte has no
direct contact.

In connection with Deloitte’s provision of services to our clients, Deloitte may as the data controller collect and process personal data of our client’s employees, customers and other relations. Such collection and processing take place in accordance with the principles in EU’s General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

If you are a Deloitte Client, we kindly refer to our Privacy Notice for Deloitte
Clients
and our Privacy Notice for Marketing Activities  for more information regarding our processing of personal data for marketing purposes / in connection with our marketing activities (available only in Norwegian).

Please note that if Deloitte is considered as a data processor in connection with the processing of  your personal data, we kindly ask you to contact the Data controller, e.g. your employer, directly for more information about the processing of personal data.

Please read this text carefully to understand how we process your personal data.

Topics:

  1. Which data do we collect about you and for which purposes?
  2. From whom do we collect your personal data?
  3. The legal basis for the collection and processing of your personal data
  4. Who do we share your personal data with and why?
  5. Who do we transfer your personal data to?
  6. How long do we store your data?
  7. Your rights
  8. Contact
  9. Revision of our privacy notice

1.   Which data do we collect about you and for which purposes ?
We may collect and process your personal data for the purposes of providing services to our clients and for the purposes of relationship management; compliance with applicable legal or regulatory requirements and/or internal policies; documentation requirements; handling requests, complaints and claims from third parties; handling inspections and queries by supervisory authorities; external audit and legal advice, such as:

  • Your name; age; date of birth; national identification number; gender; phone number, home address; country of residence; visa; family circumstances (e.g. civil status and contact details on dependents and close relatives); photo; email address; title; employment and education details (e.g. previous employment and education details); salary and pension information; leaves of absence; bank account details; tax-related information and investments; information on any criminal records; ownership of shares; voting rights; management position or similar role; and any status as or relation to a politically exposed person (if required in accordance with anti-money laundering regulation).

We may also collect the following types of special categories of personal data for the purposes specified above:

  • racial or ethnic origin,
  • trade union membership,
  • data concerning health 

2.  From whom do we collect your personal
data?

We collect your personal data from our clients and our vendors as well as from public authorities; other Deloitte entities, and other third party business relations, depending on the character of the engagement.

3.  The legal basis for the collection and processing of your personal data

We collect and process your data based on one or more of the following articles in GDPR:

  • Art. 6 paragraph 1 (c) compliance with legal obligation to which our client or Deloitte is subject
  •  Art. 6 paragraph 1 (f) Deloitte’s legitimate interests
  • Art. 9 paragraph 2 (b) employment and social security and social protection law purposes
  • Art. 9 paragraph 2 (f) establishment, exercise or defense of legal claims

The legitimate interests pursued by Deloitte include the following purposes: Effective delivery of services to our clients and from our vendors for the purposes specified in section 1. These processes are necessary for the effective operation of our business and require collection and processing of your personal data.

4.  Who do we share your personal data with and why?

We collect your personal data from our clients and our vendors as well as from public authorities; other Deloitte entities, and other third-party business relations, depending on the character of the engagement.

5.  Who do we transfer your personal data to?

Transfer of personal data to data processor
We may transfer your personal data to other Deloitte entities. We may also transfer your data to IT providers, including cloud service providers, or to external service providers, who process and/or store the personal data on our behalf.

Transfer of personal data to recipients in countries outside the EU/EEA
We may transfer your personal data to recipients located in countries outside the EU/EEA for the purposes listed in section 1. In such case, the legal basis for the international transfer will be EU’s Standard Contractual Clauses (SCC), or other applicable legal basis.

6.  How long do we store your data?

We store your personal data for as long as necessary to fulfil the purposes above.

7.  Your rights

Subject to the conditions set out in the applicable data protection legislation, you have the following rights:

  • The right to request access to your personal data
  • The right to rectification of your personal data
  • The right to erasure of your personal data
  • The right to restriction of processing of your personal data
  • The right to data portability
  • The right to objection to the processing of your personal data

Please note that these rights are not absolute, as they should be balanced against legal requirements and Deloitte’s legitimate interests.

You also have the right to file a complaint with the Norwegian Data Protection Agency (Datatilsynet):

Datatilsynet
Postboks 458 Sentrum
0105 Oslo

8.  Contact

Please contact us by filling out sending us an e-mail to personvern@deloitte.no if you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights.

Address details: 
Deloitte AS / Deloitte Advokatfirma AS
Dronning Eufemias gate 14
P.O Box 221 Sentrum
0191 Oslo
Norway

9.  Revision of our privacy notice

We keep our privacy notice under regular review and thus the notice may be subject to changes. The date of the last revision of the privacy notice can be found on the top of the page.