Last revised: 3 January 2018
Information on personal data collection and processing (Privacy Statement)
Deloitte Central Europe (“DCE”) is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited (“DCEHL”), the member firm of Deloitte Touche Tohmatsu Limited (“DTTL”) in Central Europe. In Poland, the services are provided by local affiliates of DCEHL (together referred to as “Deloitte in Poland”).
The “Deloitte Network” refers to Deloitte Touche Tohmatsu Limited, the member firms of DTTL, and their related entities. Each individual global, country, regional, or practice specific website within deloitte.com (as designated in the upper right hand corner of the webpage) is provided by an individual entity within the Deloitte Network.
Deloitte.com/pl is the website provided by Deloitte in Poland (“Website provider”) also referred to below as “we”, “us” or “our”).
This information on personal data collection and processing (“Privacy Statement”) explains how we protect visitors’ information gathered via this Website (as defined below). This Privacy Statement applies only to the specific website designated as “Poland” in the upper right hand corner, which is referred to below as “this Website”.
Please note that the other country, regional, and practice specific websites contained within deloitte.com are provided by other entities within the Deloitte Network, or their related entities, and are not the responsibility of the Website provider. Such websites, as well as other websites that may be linked to this Website, are not governed by this Privacy Statement. We encourage visitors to review each of these other websites’ privacy statements.
If you have any questions regarding this Privacy Statement, collection and processing of your personal data while using this Website, please send them using this contact form.
Personal data collection and processing
As a visitor, you do not have to submit any personal data in order to use this Website. However, personal data that are specifically and voluntarily provided by visitors may be collected through this Website. If this is the case (the Website hosts any system or application that is used for processing of personal data for various purposes, e.g. recruitment), your consent with the processing of your personal data will be collected by the respective personal data controller in accordance with the applicable personal data protection laws, and specific information on personal data collection and processing will be provided before any personal data is collected and processed.
No special categories of personal data (sensitive personal data) are collected and processed through this Website.
Log information, cookies and web beacons
This Website may host social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal data or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any personal data or other information that you contribute to any Social Media Application.
We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this Website from unauthorized access, disclosure, alteration, or destruction. In April 2017 DCE obtained the ISO/IEC 27001 certificate for Information Security Management System. ISO/IEC 27001 ensures that all DCE policies and procedures are compliant with best practices and duly enforced by our practitioners.
Changes to the Information on personal data processing
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information.
Children's privacy protection
We understand the importance of protecting children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16.
Processing of business contact data
In line with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR", we would like to inform you that Deloitte entities in Poland (whose details are available here) process personal data of business nature concerning the contact persons and representatives of prospective, current and former Clients, as well as of other contractors of Deloitte Poland, including specifically the first name, surname, identification and contact data of the entity represented, business phone number, business e-mail address, position/ role within the structure of the represented entity as well as information about the existing relations and contacts with Deloitte Poland ("business contact data”).
In case the business contact data is not collected directly from the individual concerned (e.g. if a representative of Deloitte Poland has received a business card with such data), they could have been provided by the entity represented or obtained from publicly available sources, such as public records and registers (e.g. National Court Register).
Business contact data are processed primarily for the purposes of maintaining and developing business relationships with the entity represented by the given individual and for other purposes which constitute the legitimate interests of Deloitte Poland, pursuant to Article 6.1(f) of GDPR (such as taking the necessary activities to conclude or to perform the contract with the entity represented by the given individual, internal control and risk management, internal reporting, evaluation and optimisation of service quality within the Deloitte Network as well as assessment and development of sales opportunities), and for the purposes of fulfilling legal and regulatory duties imposed on Deloitte entities in Poland in connection with their business activity (inter alia, the purposes of issuing invoices, documenting service performance, proper identification of the represented entity, as well as prevention of fraud and corruption).
Deloitte Poland can also process business contact data on the basis of the consent granted separately by the given individual (e.g. to receive marketing materials ordered from Deloitte). In such situations, the business contact data provided when giving consent are processed on the basis of that consent, within the scope and for the purpose indicated therein.
Business contact data will be processed for a period required to fulfil the purposes described above (e.g. conclusion and delivery of the contract between Deloitte Poland and the entity represented by the individual – for a period until the end of the procedure of conclusion or delivery of the contract, and thereafter for a period and to the extent required by the regulations of the law or for the exercise of legitimate interests of a controller by Deloitte Poland).
Deloitte entities in Poland (other than the one that originally obtained the business contact data), other entities of the Deloitte Network, their personnel and suppliers of support services, including IT services, may become the recipients of the personal data. Additional information about personal data processing within DCE and their due protection can be found here.
In order to exercise your rights as the business contact data subject (in particular, the right to access the data, obtain its copy, the right to rectification or erasure of data, the right to restriction of data processing, and the right to object to data processing), you need to contact the controller using this contact form.
If you believe that the processing of business contact data by Deloitte Poland is in breach of the law, you can submit a complaint to the competent supervisory authority (Prezes Urzędu Ochrony Danych Osobowych).