Information on personal data collection and processing (hereinafter as: “Privacy Statement”)

Last revised: 19.05.2023

» See it in Polish



Deloitte Central Europe (“Deloitte CE”) is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited (“DCEHL”), the member firm in Central Europe of Deloitte Touche Tohmatsu Limited (“DTTL”) in Central Europe. Services are provided by the subsidiaries and affiliates of, and firms associated with DCEHL, which are separate and independent legal entities The “Deloitte Network” refers to Deloitte Touche Tohmatsu Limited, the member firms of DTTL, and their related entities. Each individual global, country, regional, or practice specific website within (as designated in the upper right-hand corner of the webpage) is provided by an individual entity within the Deloitte Network. is the website for Deloitte CE entities in Poland, provided by respective Deloitte entity operating in Poland, where the information about the legal structure of such entity can be found under the link: (“Website provider” also referred to below as “we”, “us” or “our”), an affiliate firm of DCEHL.

This information on personal data collection and processing (“Privacy Statement”) explains how we protect visitors’ information gathered via this Website. This Privacy Statement applies only to the specific website for Deloitte CE designated as “Central Europe” in the upper right-hand corner, which is referred to below as “this Website”.

For other Deloitte CE entities in Central Europe, individual country specific websites are provided by the identified Deloitte CE entity. These individual websites are designated in the upper right-hand corner. Please note that the other country, regional, and practice specific websites contained within are provided by other entities within the Deloitte Network, or their related entities, and are not the responsibility of the Website provider. Such websites, as well as other websites that may be linked to this Website, are not governed by this Privacy Statement. We encourage visitors to review each of these other websites’ privacy statements. 



If you have any questions regarding this Privacy Statement, collection and processing of your personal data while using this Website, please direct them to a contact form available under the link:


Personal data collection and processing

As a visitor, you do not have to submit any personal data in order to use this Website. However, personal data that are specifically and voluntarily provided by visitors may be collected through this Website. If this is the case (the Website hosts any system or application that is used for processing of personal data for various purposes, e.g. surveys), your consent with the processing of your personal data will be collected by the respective personal data controller in accordance with the applicable personal data protection laws, and specific information on personal data collection and processing will be provided before any personal data is collected and processed.

No special categories of personal data (sensitive personal data) are collected and processed through this Website.  


Log information, cookies and web beacons

This Website collects standard internet log information including your IP address, browser type and language, access times and referring website addresses. Information on how your cookies are processed can be found under the link:

To ensure that this Website is well managed and to facilitate improved navigation, it may also use cookies (small text files stored in a user’s browser) or Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data. Deloitte CE does not collect or store any individual (non-aggregated) cookies. We only have an access to aggregate data on cookies for functional purposes collected in compliance with the Cookie notice. 


Social media

This Website may host social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal data or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any personal data or other information that you contribute to any Social Media Application.

Social media providers (i.e. LinkedIn and Facebook) may also use additional cookies, web beacons, and other storage technologies to collect or receive information from our websites and use that information to provide measurement services and targeted ads, however this is done upon their own discretion and subject to consent of each visitor.

Facebook’s Data Usage Policy

LinkedIn’s Cookie Policy:

Each visitor can opt-in to these services in advance and at all time, by adjusting the settings of the cookie management tool on the websites, or directly through personal account settings at a respective social media platform.


Information security

We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this Website from unauthorized access, disclosure, alteration, or destruction. In April 2017 Deloitte CE obtained the ISO/IEC 27001 certificate for Information Security Management System. ISO/IEC 27001 ensures that all Deloitte CE policies and procedures are compliant with best practices and duly enforced by our practitioners.


Changes to the Information on personal data processing

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information.


Children's privacy protection

We understand the importance of protecting children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16.


Cookie Notice

What a “cookie” is?

A cookie is a small text file placed on your device by the websites that you visit. Cookies are then sent back to the website on each subsequent visit, or to another webpage that recognizes that cookie. Cookies are used in order to make this Website work as well, or to work more efficiently, as well as to provide information to the Website provider. Such information may be used to provide a more personalized and responsive service. Cookies may be either first party cookies set directly by us to your device, or third-party cookies set by a third-party provider on our behalf. Whenever you use this Website, information may be collected through the use of cookies and other similar technologies (e.g., web beacons, tags, scripts, local storage). 

This Cookie Notice is a part of the Privacy Notice, which is available under the link below:

Cookies we use and why?

This Website uses cookies and web beacons that are classified into the following categories: 

Strictly Necessary” which are necessary for this Website to function and cannot be switched off in our systems. They are set in response to actions made by you which amount to a request for services, such as - where applicable - authenticating into this Website or managing your session with the requested service;

Analytics and performance” which are necessary for our systems to measure audience and usage statistics, as well as content consumption. These enable us to obtain relevant usage information to produce internal analytics so we can monitor and improve the performance of our systems (including this Website);

Preference or functionality cookies” which allow websites to remember the users’ respective site preferences and choices (with the exclusion of essential functional cookies);

Targeting or advertising cookies” which track the users’ respective online activity to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

To view a list of the cookies that are used by this Website, please click the link below:

How long will cookies remain on my device?

The length of time cookies will stay on your device will depend on whether it is a “persistent” or “session” cookie. 
A persistent cookie will be stored by a web browser and will remain valid until its set expiration date, unless deleted by you before the expiration date.  A session cookie, on the other hand, will expire at the end of your web session, when the web browser is closed.

How can I manage cookies?

You can manage cookies in various ways.  Please keep in mind, removing or disabling certain cookies may impact your user experience and parts of this Website may no longer be fully functional. 

You can change your cookie preferences and settings for non-essential cookies at any time by clicking on link below:

You may also be able to change your browser settings to manage cookies.  You can find detailed information on how to do so at:


Processing of business contact data by Deloitte entities in Poland

In line with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR", we would like to inform you that Deloitte entities in Poland (whose details are available at: process personal data of business nature concerning the contact persons and representatives of prospective, current and former Clients, as well as of other contractors of Deloitte Poland, including specifically the first name, surname, identification and contact data of the entity represented, business phone number, business e-mail address, position/ role within the structure of the represented entity as well as information about the existing relations and contacts with Deloitte entities in Poland ("business contact data”). In case the business contact data is not collected directly from the individual concerned (e.g. if a representative of Deloitte entity in Poland has received a business card with such data), they could have been provided by the entity represented or obtained from publicly available sources, such as public records and registers (e.g. National Court Register).

Business contact data are processed primarily for the purposes of maintaining and developing business relationships with the entity represented by the given individual and for other purposes which constitute the legitimate interests of Deloitte entities in Poland, pursuant to Article 6.1(f) of GDPR (such as taking the necessary activities to conclude or to perform the contract with the entity represented by the given individual, internal control and risk management, internal reporting, evaluation and optimisation of service quality within the Deloitte Network as well as assessment and development of sales opportunities), and for the purposes of fulfilling legal and regulatory duties imposed on Deloitte entities in Poland in connection with their business activity (inter alia, the purposes of issuing invoices, documenting service performance, proper identification of the represented entity, as well as prevention

of fraud and corruption). Deloitte entities in Poland can also process business contact data on the basis of the consent granted separately by the given individual (e.g. to receive marketing materials ordered from Deloitte). In such situations,

the business contact data provided when giving consent are processed on the basis of that consent, within the scope and for the purpose indicated therein.

Business contact data will be processed for a period required to fulfil the purposes described above (e.g. conclusion and delivery of the contract between Deloitte entity in Poland and the entity represented by the individual - for a period until the end of the procedure of conclusion or delivery of the contract, and thereafter for a period and to the extent required by the regulations of the law or for the exercise of legitimate interests of a controller by Deloitte entity in Poland).

Deloitte entities in Poland (other than the one that originally obtained the business contact data), other entities of the Deloitte Network, their personnel and suppliers of support services, including IT services,

may become the recipients of the personal data. Additional information about personal data processing within Deloitte CE and their due protection can be found at

In order to exercise your rights as the business contact data subject (in particular, the right to access the data, obtain its copy, the right to rectification or erasure of data, the right to restriction of data processing, and the right to object to data processing), you need to contact the controller at:

If you believe that the processing of business contact data by Deloitte entities in Poland is in breach of the law, you can submit a complaint to the competent supervisory authority (Prezes Urzędu Ochrony Danych Osobowych).