INFORMATION ON PERSONAL DATA PROCESSING
Deloitte Central Europe (“DCE”) is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited (“DCEHL”), the member firm of Deloitte Touche Tohmatsu Limited (“DTTL”) in Central Europe. In Romania, the services are provided by the following affiliates of Deloitte Audit S.R.L., Deloitte Consultanta S.R.L., Reff & Asociatii SCA, Deloitte Tax S.R.L. and Deloitte Tehnologie S.R.L. (together referred to as “Deloitte in Romania”).
This information on personal data collection and processing explains how we protect visitors’ information when registering via the Website and participating to paid events facilitated by Deloitte in Romania.
1. Personal data we collect from you
We may collect and process the following data about you:
- Information that you provide by filling in the registration form on the Website: name, surname, position, phone number, e-mail address, city, country, company name, company address, company identification number;
For the purposes specified hereunder we do not collect or process any ‘sensitive’ or ‘special categories’ of personal data as defined in the General Data Protection Regulation 2016/679.
2. Purposes of personal data processing
We process the personal data collected from you for the following purposes:
- organizing the events and invoicing the participation fees;
- compliance with the applicable legal, regulatory or professional requirements (anti money laundering);
- addressing requests and communications from competent authorities;
- internal compliance and risk analysis (including investigating or preventing security incidents);
- protecting our rights and legitimate interests;
- general client, vendor, contractor or sub-contractor relationship purposes (including the feedback and complaints, as well as assessment and development of business opportunities);
3. Legal grounds for personal data processing
We process only your personal data necessary to fulfill your request of participating to an event facilitated by us.
When we process personal data for the purposes described above, we will rely on the following processing conditions:
- performance of the contract we have with you regarding the participation at an event, which is concluded when you express your consent for participating at the event as offered by us, via registration on the Website;
- compliance with a legal obligation when we are required to process your personal data for issuing our invoice and for keeping records for tax purposes.
- for the purposes of our legitimate interest which might be:
o to execute and fulfil contracts with our vendors, contractors or sub-contractors,
o to protect our business interests (including to conduct our risk and quality assessments),
o to ensure that the complaints or requests delivered to us are properly addressed.
4. Recipients of personal data
The personal data will be made accessible to the following categories of recipients: the authorized employees and representatives of the following controllers and processors and to Deloitte CE group of companies:
Controller(s) of personal data: Deloitte in Romania
- Deloitte Audit S.R.L.
- Deloitte Consultanta S.R.L.
- Reff & Asociatii SCA
- Deloitte Tax S.R.L.
- Deloitte Tehnologie S.R.L.
Processors of personal data:
- Our approved administrative and IT service suppliers:
- 4C Hungary Kft., 8 Várfok street, 4th floor, door no 2; Budapest, 1012, Hungary
- Billigence Europe Limited, with registered seat at 12 Gough Square, London, EC4A 3DW, United Kingdom
- con4PAS, s.r.o., Novodvorská 1010/14, 142 01 Prague 4 – Lhotka, Czech Republic
- Deloitte Advisory & Management Consulting Private Limited Company, Dózsa Gy út 84.C., 1068 Budapest, Hungary
- Deloitte CE Business Service Sp. z o.o., Al. Jana Pawla II 22, 00-133 Warsaw, Poland
- Deloitte Central Europe Service Centre s.r.o., Italská 2581/67, 120 00, Prague 2 - Vinohrady, Czech Republic
- Deloitte CZ Services s.r.o., Italská 2581/67, 120 00, Prague 2 - Vinohrady Czech, Republic
- Deloitte Global Services Limited, Hill House, 1 Little New Street, EC4A 3TR London, United Kingdom
- Digital Resources a.s., Poděbradská 520/24, 190 00 Prague 9, Czech Republic
- MobileXpense, Rue des Colonies 11, 1000 Brussels, Belgium
- SI-Consulting Sp. z o.o., Slezna Str. 118, 53-111 Wroclaw, Poland
- Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA
In case where the data processing include the transfer outside of the European Union (EU) the transfer is based on EU approved standard contractual clauses, thus ensuring an adequate level of personal data protection as required by the applicable data protection laws.
5. The period for which personal data will be processed
The data will be processed as long as it is necessary in relation to the purposes described above, but no longer than 5 years. After the indicated period expires, the personal data will be permanently deleted.
6. Security of the processing
We and our data processors established technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of all personal data processed; prevent the unauthorized use of or unauthorized access to the personal data or prevent a personal data breach (security incident) in accordance with Deloitte CE policies and Data Protection Legislation. Deloitte CE is a holder of ISO 27001 certification – widely recognized global information standard.
7. Rights of the data subject
You have your right to:
- request access to your personal data (and request a copy of the personal data that we process),
- request us to update and correct your personal data (right to rectification),
- request us to delete your personal data (where possible), or
- require a restriction on the processing of your data.
You may object to the processing (in certain cases as specified by GDPR), as well as execute your right to data portability (receive a copy of personal data which you provided to us in a structured machine –readable format and request us to transmit such data to another data recipient).
You can enforce all rights described here by sending an e-mail to email@example.com:
You can also use the above contact for any questions related to processing your personal data including the security safeguards when transferring the data outside of the EU region.
It is also your right to lodge a complaint with the local data protection supervisory authority in case you are of the opinion that the processing of your personal data infringes the GDPR.