Deloitte AB (“Deloitte”, or “we”, “our”, “us”) is a member firm in Deloitte Touche Tohmatsu Limited's global network. We are strongly committed to protect your personal data used in our work and to be in compliance with the applicable legislation. This privacy statement covers our processing activities regarding personal data of individuals outside of Deloitte’s organisations and visitors to our homepage. We hope that this privacy statement will help you understand what kind of information we process and how.
We may collect and process the below types of personal data for the purposes of
- providing services to our clients (which could be you, your employer or someone else that you have a relationship with);
- Marketing and relationship management;
- compliance with legal or regulatory requirements;
- internal policies;
- ensuring the integrity of our systems and network;
- protecting our legal interests in case of a dispute; and
- handling inspections and queries by supervisory authorities, external auditors and legal advisors.
Basic data: name, address, telephone number, e-mail address, employment, title, education, age, birthday, gender, family circumstances, country of residence, passport information, social security number (Sw. personnummer)
Financial data: salary or other income, loans/debt, tax-related information, investments and assets
Online data: IP-address, ID/username on social media account, cookie ID and other online ID
Sensitive data: data relating to health and membership of trade union
Sensitive data will only be collected when there is a legal requirement such as statutory audit or payroll services, or when you give us your explicit consent.
Please note that we may collect other types of personal data if it is necessary to provide a specific service to a client.
We usually collect your personal data in the following ways:
We collect and process your personal data based on the following legal basis:
- Consent
- Performance of a contract
- A legal obligation to which we are subject to
- The legitimate interest of Deloitte or our client
The legitimate interest of Deloitte includes the following purposes
- Provide our clients with services;
- Ensure the integrity of our networks and systems;
- Compliance with internal policies;
- Relationship management and marketing purposes such as sending newsletters, facilitate Deloitte events; and
- Manage and improve our website.
In connection with one or more purposes outlined in section 1, your personal data may be disclosed to and shared with the following recipients: Our client; public authorities; our professional advisors (e.g. auditor and legal advisors); service providers; IT-providers including cloud services; insurance and pension companies (if part of our services to our client) and other Deloitte entities.
We may also need to disclose your personal data to authorities and/or to other third parties if required to do so by law, a regulator or during legal proceedings.
Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place through EU’s standard contractual clauses to protect your personal data that comply with our legal obligations.
We will hold your personal data on our systems for the longest of the following periods:
We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.
In case of a data breach, we have special measures set to limit the risk of information dissemination. We will of course follow the guidelines and requirements specified by the regulatory authority for incident reporting.
You have various rights in relation to your personal data. In particular, you have a right to:
In cases where we are a Data Controller, you can claim these rights directly from us. If we are a data processor, you should contact the Data Controller whom we receive your personal data from instead in order to exercise your rights.
Please note that your rights are not absolute, Deloitte is subject to statutory professional secrecy which means that we might be restricted to disclose certain information to you.
If you wish to get into contact with us you can do that through this contact form.
You also have a right to file a complaint with the Swedish data protection authority (Sw. Integritetsskyddsmyndigheten).
Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm
Telephone: 08-657 61 00
E-post: imy@imy.se