Last revised: 2 June 2022
(Last update: 2 June 2022)
In this privacy statement we explain to you what personal data we process, for what purposes and with whom we share it, as well as your rights in relation to your data and who you can contact for more information.
See below the more detailed sections of this statement:
- Who does it apply to and what does it cover?
- Other areas of deloitte.com
- What data do we collect?
- How do we process your personal data?
- What are the legal grounds for processing personal data
- To whom do we disclose your personal data?
- How we protect your personal data
- How long do we keep your data?
- Your Rights
- Right to complain
- Changes to the privacy statement
1. Who does it apply to and what does it cover?
This privacy statement applies to all legal entities operating under the Deloitte brand in Portugal, Angola, Cape Verde and São Tomé and Príncipe, represented by Deloitte Central Services, S.A., based at Av. Eng. Duarte Pacheco, 7, 1070-100 Lisbon, Portugal. Each entity is a separate and independent legal entity and this privacy statement applies to each separately. None of these entities has any responsibility for the acts or omissions of the other entities.
We are committed to protecting your privacy and handling your information in an open and transparent manner.
This privacy statement identifies how we collect, handle, store and protect your personal data when:
- we are providing you with services or our clients;
- uses "our website"; or
- performs any other actions within the course of our activity, as described below.
When we refer to "our site" or "this site" in this policy, we are talking about the specific pages of deloitte.com designated as Portugal or Angola in the upper right corner and for specific pages with a URL initiated by http://www2.deloitte.pt, http://www.deloitte.pt or http://www.deloitte.com/pt and http://www.deloitte.co.ao and https://www2.deloitte.com/ao/pt.html.
Deloitte.com has several global, regional and specific practice websites, each of which is the responsibility of Deloitte Touche Tohmatsu Limited ("DTTL") or one of its member firms or its related entities (collectively, the "Deloitte Network"). To learn more about DTTL, DTTL member firms and their related entities, see About Deloitte | Our global network of member firms.
Through this privacy statement we also inform you about when we share your personal data with other Deloitte Network member firms and other third parties (e.g. our suppliers).
Under this privacy statement, your information may be referred to as "personal information" or "personal data". We may sometimes refer to the handling, collection, protection and retention of your personal data as the "processing" of this personal information.
2. About other areas of deloitte.com
You must observe the conditions of the other regional and national sites contained on the website deloitte.com the responsibility of the respective entities of the Deloitte Network. These sites, as well as other sites that may be linked to this, are not bound by this privacy statement. Visitors should review their privacy statements on each of these sites before disclosing any personal information.
3. What data do we collect?
We may collect and obtain your personal data, in the course of our provision of services to you or our clients, for validation within the scope of our services (or discussion of possible services we may provide), as well as as as a user of this website.
We process your personal data because it is provided directly by you (e.g. on a form on our website) or by other people (e.g. your employer or consultant or suppliers) or because it is publicly available.
The personal data we process may include: name; age; date of birth; gender; e-mail address; address; country of residence; lifestyle and social circumstances (e.g. their hobbies); family circumstances (e.g. their marital status and dependents); details of employment and education (e.g. the organisation for which you work, position and its education details); financial and tax information (e.g. your bank account, income and tax residence); social media applications and services that we may provide; IP address; browser type and language; access times; details of the complaint; details of how you use our products and services; details of how you like to interact with us and other similar information.
The personal data we process may also include so-called "sensitive data" or "special data", such as details about: nutritional needs (e.g. when invited for lunch), health (e.g. so that we can provide appropriate means for your presence on our premises) and sexual orientation (e.g. if you send us data from your spouse or partner) and minors (e.g. if you provide us with your children's data).
The types of personal and/or special data we process may vary depending on the nature of the services we provide to you or our clients, your interaction with us or how you use our website. In some circumstances, we may also process other personal data because it is provided by you or because we are obliged to do so by law.
In cases where we receive personal data about you through a client of ours, we will be careful to include clauses in the contract with you to ensure that it complies with the relevant privacy laws and regulations; this may include, for example, that the client has obtained his consent to the processing under this privacy statement.
We understand the importance of protecting children's privacy. Our website and services are not intended or intentionally targeted at children. It is our policy not to intentionally process children's personal data.
4. How do we process your personal data?
Use of personal information to provide services to our clients
We use your personal data to provide services to you or our clients. For this reason, we may use your personal data in the course of correspondence exchanged within the services. Such correspondence may be with you, with our clients, with other Deloitte Network member firms, with suppliers, with regulators or with competent authorities. We may also use your personal data to confirm, verify and evaluate our services.
Since we provide different types of services, it varies how we use personal data in relation to our services. For example, we may use personal data:
- legal representatives or employees of a client working abroad when we support in the fulfillment of their tax obligations;
- of a client's legal representatives, employees and clients in the course of an audit (or similar activity) for a client;
- From a client when we support him in drafting a tax declaration.
Use of personal information for other tasks within the scope of our activity
In the course of our activity, we may use your personal data for the following purposes:
- Compliance with applicable legal or regulatory requirements (e.g. for the purpose of complying with the anti-money laundry regulations);
- Response to requests and communications from competent authorities;
- Creation of client form and other administrative purposes;
- Financial accounting, invoicing and risk analysis;
- Client relationship, including: (i) sending communications or details of our services that we believe may be of interest to you; (ii) contact to receive feedback about our services; and (iii) contact for market or research purposes. In these cases you have the opportunity to decline our invitations, communications or requests at any time. In specific cases, if necessary, for example, if you have never been our client, we may ask for your consent before sending you communication materials or other marketing requests.
- Recruitment and business development (e.g., interviews of a client's professional can be used as part of our recruitment and business development materials with the authorization of that professional);
- Protection of our rights and the rights of our clients.
Use of personal information collected through our website
In addition to the above purposes we may also use the data we collect through our website to:
- manage and improve our website;
- personalize the content of our site to allow for a more targeted experience and draw your attention to information about our services that may be of interest to you;
- to manage and respond to any request you submit through our website.
5. What are the legal grounds for handling personal information
We use your personal data on the basis of the following legal grounds: (a) for performance of the contract for the provision of our services to you or our clients or suppliers, as the case may be; (b) to comply with legal and regulatory obligations to which we are subject; (c) for the defense of legitimate interests in the effective and lawful exercise of our activity, provided that such interests are not exceeded by their interests.
The processing of your sensitive data for any purpose described above will be carried out on the basis of: (i) your explicit consent to process such data; (ii) the legal obligation to collect personal data for compliance with anti-money laundering law (or other legal obligations imposed on us); (iii) in fulfilling our obligations in matters of labour law, social security or social protection; (iv) in the exercise or defense of lawsuits; or (v) in the data published by it.
The personal data we process when we make certain marketing content available will only be shared after your explicit, free, informed and unambiguous consent is collected, where it is required by law. For each marketing content, you can click the communication unsubscribe option (opt out) or unsubscribe in response to the email or address, as appropriate.
6. To whom do we disclose your personal data?
For the purposes set out in the "How do we process your personal data?" section, we may disclose details about you to: other members of the Deloitte Network; third parties who provide services to us and/or entities of the Deloitte Network; competent authorities (including courts and regulators); employer and/or advisors; councillors; or other entities that require access to personal data relating to you.
Our site houses various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively, "Social Networking Applications"). It is important to note that the contribution of any personal information to these Social Networking Applications may be read, collected and used by other users of the application. As we do not control these other users we cannot guarantee that your contribution to these applications of any personal information will be treated in accordance with this privacy statement.
Some of the recipients of your personal data mentioned above may be located in third countries, whose laws may not offer the same level of data protection. In such cases, we will ensure that there are adequate safeguards to protect your personal data in accordance with our legal obligations. Where the recipient of the data is not a member firm of the Deloitte Network, a data transfer agreement with the recipient shall be concluded on the basis of standard contractual clauses approved by the European Commission for transfers of personal data to third countries.
More details on the transfers described above and their appropriate warranties used by Deloitte (including copies of relevant agreements) can be requested at the address email@example.com.
In certain cases, we are obliged to disclose your personal data by legal, regulatory or legal requirements.
In contrast, we may share non-personal information, including anonymized, masked, and aggregated data for a variety of purposes, including data analysis, surveys, studies, and promotional purposes.
7. How we protect your personal data
We use physical, electronic and management security means to ensure the confidentiality and security of your personal data. These measures include:
- ISMS certification combined with ISO27001 certification;
- Relevant training to Deloitte professionals to ensure compliance with privacy obligations when dealing with personal data;
- Administrative and technical controls to limit access to personal data;
Technological security measures, including firewall, encryption and antivirus software;
- Physical security measures, including access cards to our facilities.
Although we use appropriate security measures, once we receive your personal data, we remind you that the transmission of data over the Internet (including by email) is never completely secure. We strive to protect personal data, but we cannot guarantee the security of the data you transmit to us or transmitted by us by that means.
8. How long do we keep your data?
We store your personal data for the longest of the following periods: (i) as long as necessary for the provision of the relevant services and for the agreed minimum period; (ii) in the course of the exercise of our activity by the retention periods required by law or by the retention and file policy in force, as the case may be; or (iii) at the end of the dispute or investigation process relating to the underlying relationship.
Of the wide range of rights that entitle you to, in the context of the processing of personal data, we recall, in particular, the right to:
- Access your personal data and request a copy of it;
- Request the update, correction or alteration of your data that you believe is incorrect or incomplete;
- Request the deletion of your personal data or limit how we treat it;
withdraw consent for treatment (to the extent that such treatment has been consented to);
- Receive a copy of your data in structured format, where applicable, as well as the right to portability (when the processing is consented to or contracted);
- To owe the processing of your personal data.
To exercise any of your rights or if you have other questions about the processing of your personal data, please contact us at the email firstname.lastname@example.org or by mail to privacy leader's attention on Av. Eng. Duarte Pacheco, 7 1070-100 Lisbon.
If you wish to make a complaint about how we treat your data you can use the same means.
10. Right to complain
Whenever you want to complain about the processing of personal data or have any questions about the privacy of your data, you should exercise your rights with the EU Data Protection Authority in your jurisdiction in the case of processing personal data in Angola with the Data Protection Agency through the email@example.com and in the case of processing of personal data in Cape Verde with the National Data Protection Commission.
11. Changes to the privacy statement
This privacy statement may be modified over time.
In order to be informed of the changes you have made, we will change the revision date at the top of this page. The new privacy statement applies from the date of review. We encourage the periodic review of this statement in order to remain informed about it.