Policy för personuppgifter
1.1 Purpose and scope
1.2 Compliance with this policy
Adherence to this policy is mandatory for all Deloitte employees and consultants.
All Staff and Partners have an individual responsibility to ensure their personal compliance with this policy and should seek guidance from their national security team or further clarification if required.
2. Description of services
2.1 The audit and assurance engagement comprises:
- Examination, in accordance with the Swedish Companies Act (2005:551), of the Company's accountancy and annual report and the administration by the board of directors and when applicable the managing director (“the Management") of the company, which is intended to provide us with evidence supporting our audit report to the annual general meeting,
- Other examination and reporting which it is incumbent upon the elected auditor to perform under the Swedish Companies Act (“Statutory supplementary engagements"), and
- Assistance and advice which is occasioned by observations made in the course of such examination and other comparable advice (“Audit advise").
The audit is conducted in accordance with generally accepted auditing standards in Sweden.
Deloitte is a Data Controller when performing the services within the Audit and assurance engagement.
3. Personal Data collected and processes
3.1 The purpose of collecting and processing personal data
Personal data is collected and processed for the following purposes:
- Compliance with applicable legal or regulatory obligations and requirements, and/or internal policies for Audit and Assurance engagements
- Providing our clients with services as they request, as for all services
- Client account opening and other administrative purpose, as for Independence Checks
- Services we receive from our professional advisors, such as lawyers, accountants and consultants
The legal ground for collection and processing of personal data is the legal obligation to which Deloitte is subject to for Audit and Assurance engagements (according to Art. 6 paragraph 1 c).
3.2 Examples of data collected and processed during an audit engagement
Personal data collected and processed during an audit engagement are typically but not limited to:
- Business contact information
- Date of birth
- Personal ID Number
- Email adress
- Home address
- Country of residence, passport number
- Family circumstances (for example marital status and dependents)
- Employment and education details (for example precious employment and education details)
- Financial and tax-related information
- Investments and assets
- IP- address
4. Retention of Personal Data
4.1 Personal Data is retained for 10 years due to legal obligation. For processes in place to retain and erase client data please see our Retention policy.
However, certain data shall be stored/processed further then 10 years if:
a. Personal data is necessary for a potential dispute with the client. Relevant personal data shall be kept as long as the dispute is ongoing and the information is relevant
b. The relevant personal data about the client is kept in connection with unsettled invoices (debt collection)
5. Personal Data Subjects Rights
5.1 The data subject in audit services are defined as the employees, board members, owners and other stakeholders of the Company whom we have the audit and assurance engagement for.
5.2 The rights of the data subject is restricted according to legal requirements of professional secrecy that the auditor are obliged to adhere to in the case of Audit and Assurance Services (Revisionslag (1999:1079) § 35). Exercise of the registered’s rights must for that reason be decided in each case. The data subject would most likely not have the right to request access, right of rectification, the right to erasure nor the right to restriction of processing the personal data. If you want to lodge a complaint to the Supervisory authority about our processing, you should contact Datainspektionen, www.datainspektionen.se.
If you have any questions, or if you wish to exercise any of your right’s as a registered data subject, we look forward to a notification to firstname.lastname@example.org.