Deloitte Australia Privacy Statement

Privacy

Privacy Statement

Introduction

Deloitte.com is comprised of various individual global, country, regional, or practice specific websites, each of which is provided by Deloitte Touche Tohmatsu Limited ("DTTL") or one of its member firms or their related entities (collectively, the "Deloitte Network").  These individual websites are designated in the upper right hand corner of each webpage.

This Privacy Statement applies only to the specific webpages of deloitte.com designated as Timor-Leste in the upper right hand corner,  which are referred to below as "this Website". 

Deloitte in Timor-Leste is represented by Deloitte Unipessoal LDA and is controlled by the Australian partnership of Deloitte Touche Tohmatsu, the Deloitte Touche Tohmatsu Ltd member firm in Australia. It (also referred to below as “we”, “us” or “our”) is a privacy conscious organisation.  We are the entity within the Deloitte Network that is providing this Website and this Privacy Statement explains how we protect visitors’ information gathered via this Website.

By using this Website you are agreeing to the use of your information as described in this Privacy Statement.  

Please note that the other country, regional and practice specific websites contained within deloitte.com are provided by other entities within the Deloitte Network and are not provided by us.  Such websites, as well as other websites that may be linked to this Website, are not governed by this Privacy Statement.  We encourage visitors to review each of these other website's privacy statements before disclosing any personal information.

This Privacy Statement may be supplemented or amended from time to time by privacy statements that are specific to certain areas of this Website (e.g., recruitment).  For more detail about the online recruitment process, please review the specific statement governing that area.

If you have any questions regarding this Privacy Statement, please contact webmaster services using the contact us link.  

Information collection

As a visitor, you do not have to submit any personal information in order to use the Website. This Website only collects personal information that is specifically and voluntarily provided by visitors. Such information may consist of, but is not limited to, your name, current job title, company address, email address and telephone and fax numbers.

We may also store and maintain any content that you provide, including but not limited to postings on any blogs, forums, wikis and other social media applications and services that we may provide. 

We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from visitors.  We will, where necessary, obtain your explicit consent to collect and use such information.

Log information, cookies and web beacons

This site collects standard internet log information including your IP address, browser type and language, access times and referring website addresses.  To ensure that this Website is well managed and to facilitate improved navigation, we or our service providers may also use cookies (small text files stored in a user’s browser) or Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data.  Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice

Information use

At times, you may provide personal information via this site, for example, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest.  In such cases, the information you submit will be used to manage your request and to customize and improve this Website and related services offered to you.  We may also use your personal information for marketing purposes, or to send you promotional materials or communications regarding services provided by entities within the Deloitte Network that we feel may be of interest to you.  We may also contact you to seek feedback on services provided by entities within the Deloitte Network or for market or other research purposes. 

Your personal information may also be used to protect our rights or property and that of our users and, where appropriate, to comply with legal process.

You may at any time request that we discontinue sending you emails or other communications generated in response to your provision of personal information via this Website. 

Disclosure of information to third parties

We may provide your personal information to other entities within the Deloitte Network in order to provide you with information that could be of interest to you and conduct market or other research.  Personal information may also be disclosed to other entities within the Deloitte Network and other third parties in order to respond to your requests or inquiries, as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition, or where those parties handle information on our behalf. 

All of these disclosures may involve the transfer of personal information to countries or regions without data protection rules similar to those in effect in your area of residence. 

Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests.  

By providing information through this Website, you are consenting to the disclosures described above. 

Blogs, forums, wikis and other social media

This Website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”).  Any personal information or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control.  Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any personal information or other information that you contribute to any Social Media Application.

Access to information

Visitors who would like to request access to their information, to update their details, or unsubscribe from communications should contact webmaster services using the contact us link. In all cases we will treat requests to access information or change information in accordance with applicable legal requirements.

Information security

We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this Website from unauthorized access, disclosure, alteration, or destruction.

Changes to our Privacy Statement

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date.  We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information. 

Children's privacy protection

We understand the importance of protecting children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 13 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 13.

Visitors' questions

If you have any questions or concerns regarding your privacy while using this Website, please direct them to webmaster services using the contact us link.  

 

What does this Privacy Statement cover?

This Statement explains how we collect, handle, store and protect personal information when:

  • We provide professional services to our clients
  • You use “this Website” or
  • We perform any other activities that form part of the operation of our business.

When we refer to “this Website” we are talking about websites associated with Deloitte Australia, Deloitte in Papua New Guinea or Deloitte in Timor-Leste. This includes:

  • Pages accessed using the www.deloitte.com URL that are labelled “Location: Australia” “Location: Papua New Guinea” or “Location: Timor-Leste” in the upper right hand corner
  • And, pages that link directly to this privacy statement, such as the Deloitte Private Connect and Deloitte Access Economics websites.

This Statement also contains information about when we share information with Deloitte Touche Tohmatsu Limited (“DTTL”), its member firms, or their related entities (collectively, the “Deloitte Network”). Please see About Deloitte for a more detailed description of DTTL and its member firms.

Are all areas of this Website covered by this statement?

Certain areas of this Website have separate privacy statements that apply to personal information collected via those pages. A separate statement may be necessary because of the nature of the personal information being collected (for example, information collected during the recruitment process) and to provide additional detail about how we handle information collected via those pages. 

What about the privacy statements of other Deloitte member firms?

The Deloitte member firms are located all over the world and are subject to the privacy laws of the particular country or countries in which they operate. As a result, each member firm has its own privacy statement governing the handling of any personal information they collect. Importantly, the websites of other Deloitte member firms, as well as other websites that may be linked to this Website, are not covered by this Statement. 

We encourage visitors to review each website's privacy statement before disclosing any personal information.

What laws apply to us?

When handling personal information we will comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable legislation (such as Australian State and Territory health privacy legislation, as well as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth)). The APPs are legally binding principles that are designed to ensure that individuals’ personal information is protected throughout the information lifecycle – that is, from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information and have it corrected if it is incorrect.

We take our obligations under the APPs and Australian State and Territory privacy legislation seriously. Therefore, in addition to this statement, we also:

  • Maintain an internal privacy policy
  • Where appropriate, include terms in our agreements with our clients that describe how we handle personal information during the delivery of our professional services.

What personal information do we collect?

Information we collect when we provide professional services to our clients 

We may be provided with personal information directly by our clients to enable us to deliver professional services or to perform due diligence checks before we agree to provide services. This information may relate to clients’ employees, members or customers or it may relate to third parties (for example, the spouses and dependants of a client’s employees, members or customers). 

As part of providing professional services to our clients, we may also collect personal information from other sources (such as directly from individuals themselves or information that is publicly available).

The types of personal information we may collect or be provided with include, but are not limited to:

  • Contact details
  • Dates of birth
  • Gender
  • Employment records
  • Financial records
  • Complaint details.

We may also collect sensitive and special categories of personal information. For example, where we are provided with such information directly by our clients to provide professional services, or where we collect information directly from individuals with their consent. This may include:

  • Government identifiers such as drivers’ licence, passport and Medicare numbers and visa/work permit status
  • Tax file numbers
  • Health records
  • Information about racial or ethnic origins
  • Information about criminal convictions
  • Membership of a political association or membership of a trade union.

Where we are provided with personal information by a client, we take steps to ensure that the client has complied with the relevant obligations under the Privacy Act in relation to that information; this may include, for example, that the client has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to collect, use and disclose that information.

We also collect personal information (such as contact details and account details) from suppliers, contractors and third party service providers that we engage to help us operate our business. 

Information we collect when we perform any other activities that form part of the operation of our business

We may collect personal information when performing other activities that form part of the operation of our business, but which do not directly form part of providing professional services to our clients. For example, we might collect personal information from members of the public as part of undertaking surveys, research on current issues or as part of projects or initiatives we are conducting with other organisations. 

The types of information that we collect may vary depending on the nature of the activity. However, we will take reasonable steps to provide clear information about the nature of those activities and the purpose for which we are collecting your information. 

Information we collect via this Website (Log information, cookies, and web beacons)

We may collect personal contact details from you when you use this Website. For example, if you sign up to receive promotional materials, thought leadership or communications about services provided by us or other Deloitte member firms.

To improve your experience when you use this Website and ensure that it is functioning effectively, we also use cookies (small text files stored in a user’s browser) and Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page). Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice.

Protecting children's privacy 

We understand the importance of protecting children's privacy. This Website is not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or store information about anyone under the age of 13.

How do we use your personal information?

How do we use personal information collected to provide services to our clients?

We use the personal information that we collect to provide clients with agreed services. We have an agreement with each client that governs the provision of our services and sets out the purposes for which we may use any information that the client provides to us (including any personal information). We use that information as permitted by the client agreement and we do not use that information for any other purposes, unless it is necessary to comply with a legal or professional right or duty.

Because we provide a wide range of different types of services to our clients, the way we use personal information also varies. For example, we might use personal information:

  • About a client’s employees to help those employees manage their tax affairs when working overseas
  • About a client’s customers to help the client improve the quality of the services they offer
  • Collected by a client as part of their ordinary business activities in the course of helping that client restructure their business
  • Collected by a client as part of their ordinary business activities to help that client manage their cyber-security and other business risks

How we use information collected when we perform other activities that form part of the operation of our business 

When we collect personal information as part of performing other activities that form part of our business, we will take reasonable steps to provide clear information about the nature of those activities and how we will use any personal information collected.

We may also use non-personal, de-identified and aggregated information for several purposes including for data analytics, research, submissions, thought leadership and promotional purposes.

How do we use information collected via this Website or through other sources? Do we use it to market goods and services to you?

We will not use your personal information collected via this Website or through other sources to market the goods and services of third parties to you without first notifying you and seeking your consent (usually through a separate privacy notice). 

We may use your personal information collected via this Website:

  • To provide you with promotional materials, thought leadership or communications about services provided by us or other Deloitte member firms that we feel may be of interest to you
  • To manage and improve this Website
  • To tailor the content of this Website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you
  • To seek feedback on our services
  • For market or other research purposes (however, we will only ever report aggregated results of any research we undertake, and will never include your personal information in those results unless you explicity give us your consent).

If you do not want to receive marketing materials from us, you can:

  • Click on the unsubscribe function in the communication or
  • Email unsubscribe@deloitte.com.au for any hard copy communications that you no longer wish to receive.

At times, you may choose to register or create a user profile on this Website – for instance, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest. In such cases, the information you submit will be used to manage your request and to customise and improve this Website and related services offered to you. You may request at any time that we discontinue sending you emails or other communications generated in response to your registration on this Website.

Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice.

Are there any other ways we use your personal information?

We may also use personal information to protect our rights and those of our users or to comply with a legal or professional right or duty. 

When will we disclose your personal information?

We will only disclose your personal information as set out below. Importantly, we will never disclose or sell your personal information to third parties for advertising purposes, or for any other secondary purpose without your authorisation. 

We may disclose personal information to:

  • Other entities in the Deloitte Network 
  • Third parties that we engage to assist us in providing professional services to our clients or in the operation of our business (i.e. our subcontractors, advisors and suppliers). 

These entities and third parties may sometimes be located in other countries, in particular the United States, Singapore, UK and India. A current list of Deloitte Offices around the world is available in the Deloitte Global Office Directory.

Where we disclose your personal information to other entities in the Deloitte Network, or to third party service providers, we will at all times remain responsible for their handling of that information. This includes taking steps to ensure that those recipients protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss. 

We may also be required to disclose personal information to law enforcement, regulatory or government agencies, or to other third parties:

  • To comply with legal or regulatory obligations or requests or
  • Where there is a legal or professional right or duty to disclose. 

We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

Blogs, forums, wikis, and other social media

This Website hosts various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively ‘social media applications’). Importantly, any personal information that you contribute to these social media applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any social media applications will be handled in accordance with this Statement. 

How do we protect your information?

We hold personal information in hard copy and electronic formats. We use a range of physical, operational and technological security measures to protect this information. These measures include:

  • Staff education and training to ensure our staff are aware their privacy obligations when handling your personal information
  • Administrative and technical controls to restrict access to personal information to only those people who need access
  • Technological security measures, including fire walls, encryption and anti-virus software
  • Physical security measures, such as staff security passes to access Deloitte Australia premises, laptop cable locks and the use of privacy screens where appropriate. 

How can you access your personal information, or seek to have it corrected?

You may access your personal information, or seek to have that information corrected if you believe that it is incorrect, at any time. 

To request access, or to correct your personal information, please contact the Deloitte Australia Privacy Officer at privacy@deloitte.com.au. The privacy team will then get in contact with you (either by phone or via email) and will work with you to provide you with access to your information or to determine whether it requires correction.  

Alternatively, visitors who have chosen to register with this Website (for example, to receive the latest media releases or blog posts) may access their user profile, correct and update their details, or unsubscribe at any time. Visitors who have any problem accessing their profiles, or would like to request a copy of their personal information should contact the Deloitte Australia Privacy Officer at privacy@deloitte.com.au

Who can you contact if you have further questions or if you wish to make a complaint?

Who should you contact?

If you have any questions or concerns regarding your privacy, or if you would like to make a complaint, please contact the Deloitte Australia Privacy Officer at:

Privacy Officer
Deloitte Touche Tohmatsu
Level 1, 225 George Street
Sydney NSW 2000
privacy@deloitte.com.au

If you believe that the Privacy Officer has not adequately handled your query or issue, you may complain to the Complaints Officer whose contact details are as follows:

Complaints Officer
Deloitte Touche Tohmatsu
Level 1, 225 George Street
Sydney NSW 2000
complaints@deloitte.com.au

How do we handle complaints that we receive?

We take all the privacy complaints we receive seriously. 

We will acknowledge the receipt of a complaint immediately and will work with you to resolve it. If you would like more information about our process for handling complaints, please see our complaints handling policy

What if you are not satisfied with how we have handled your complaint? 

If you believe that Deloitte Australia has not adequately handled your privacy complaint, you may complain to the Office of the Australian Information Commissioner (OAIC) whose contact details are as follows:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
+61 1300 363 992
enquiries@oaic.gov.au

Where can I find out more about my privacy rights?

For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.

What is our process for making changes to this Privacy Statement?

We may modify or amend this Privacy Statement from time to time. 

To let you know when we make changes to this Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Therefore, we encourage you to periodically review this Statement to be informed about how we are protecting your information. 

The next annual review is scheduled for: May 2019.