Privacy Statement

Privacy Summary

This privacy statement applies to Deloitte LLP with registered office address at 1 New Street Square, and the entities we own or control (“Deloitte”, “we”, “us” or “our”).

Deloitte is committed to protecting your information by handling it responsibly and safeguarding it using appropriate technical, administrative and physical security measures.

The privacy notice below explains what information we gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.

If you are an employee, partner or independent contractor of Deloitte, please refer to the relevant privacy statement available on the Deloitte UK intranet for information on why and how your personal information is processed by Deloitte.

Service specific privacy notices

If you or an entity relevant to you uses Deloitte for any of the services below, you can click on the links for details about how we handle information about you in the relevant service area:

• Tax & Legal
• Audit
• Actuarial Insurance & Banking Solutions
• Financial Advisory
  
• Deloitte Commercial Database Analysis

If these do not apply to you, then please consult the information in the statement below.

Information about you that we process

We may process information about you that: (i) you provide to us, (ii) that we obtain from third parties or (iii) that is publicly available. This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as dietary requirements or mobility information. For a more detailed description of the information about you that we may process, please click here.

How we use information about you

We collect and process information about you and/or your business to enable us, Deloitte LLP, and other members of the Deloitte Network to:

• provide our services to you or our clients; 
• to enable us to provide you with information that we think may be of interest to you; and
•  to meet our legal or regulatory obligations. 

For a more detailed description of how we use information about you, please click here.

When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us as set out here, or by following the unsubscribe instructions in our communications.

Sharing and transferring your information

We may share information about you across the Deloitte Network, and with some third parties. For more information click here.

We may transfer some information about you to countries outside the European Economic Area that have less stringent data protection laws. When we do this, we will make sure your information remains adequately protected. For more information click here.

Your rights

Your rights under data protection laws include the right to: 1) request copies of your data; 2) request correction of your data; 3) request erasure of your data; 4) object to us processing your data; and 5) ask us to restrict the processing. For more information about your privacy rights click here.

Contact points

If you have any questions or comments about privacy issues, or wish to exercise any of the rights set out above, please write to Data Protection Officer, Deloitte LLP, 1 New Street Square, London, EC4A 3HQ, or email DPO@deloitte.co.uk. For more information about who you can contact about privacy, please click here.

1. Who this privacy statement applies to and what it covers
2. About other areas of deloitte.com
3. What personal data we collect
4. Personal data provided by or about third parties
5. How we use your personal data
6. The legal grounds we use for processing personal data
7. Sharing your personal data
8. Transferring your personal data outside the UK
9. Protecting your personal data
10. How long we keep your personal data for
11. Your rights
12. Sending you marketing information
13. Right to complain
14. Changes to this privacy statement
15. EEA Data Protection Representative

In this statement:

“Data Protection Legislation” means the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection (including the UK Data Protection Act 2018).

“Deloitte Network” means one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

“Process” means any operation performed on information about you, including to collect, record, organise, structure, store, alter, use, transfer, destroy or otherwise make available.

1. Who this privacy statement applies to and what it covers

This privacy statement applies to Deloitte LLP with registered office address at 1 New Street Square, and the entities we own or control (“Deloitte”, “we”, “us” or “our”).

We are committed to protecting your privacy and handling your information openly and transparently.

This privacy statement explains how we will collect, handle, store and protect information about you when:

• providing services to you or our clients;
• you use our Website; or
• performing any other activities that form part of the operation of our business.

When we refer to “our Website” or “this Website”, we mean the specific webpages of deloitte.com designated as United Kingdom in the upper-right-hand corner and any other website which links to this privacy statement.

Our Website comprises various global, country, regional and practice-specific websites. Each of these is provided by Deloitte Touche Tohmatsu Limited (“DTTL”), or one of its independent member firms or their related entities (collectively, the “Deloitte Network”). To learn more about DTTL, its member firms, and their related entities, please see About Deloitte.

This privacy statement also contains information about when we share your personal data with other members of the Deloitte Network and other third parties (for example, our service providers).

In this privacy statement, your information is sometimes called “personal data”. We may also refer to “processing” your data, which includes handling, collecting, protecting and storing it.

2. About other areas of deloitte.com

The other country and regional websites contained within deloitte.com belong to other entities within the Deloitte Network and are not provided by us. Those websites, as well as other websites that may be linked to this Website, are not governed by this privacy statement. We encourage visitors to review the privacy statements on each of those other websites before disclosing any personal data.

3. What personal data we collect

We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this statement.

When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this Website.

We may process your data because:

• you give it to us (for example, in a form on our Website such as the My Deloitte portal);
• other people give it to us (for example, your employer or adviser, or third- party service providers that we use to help operate our business); or
• it is publicly available.

We may also collect personal information if you register for the Website using a third party social network account (e.g., LinkedIn, Facebook, and Twitter). For example, the Website may allow you to login using your social network account credentials. We may collect the user name associated with that social media account and any information or content you have permitted the social media network to share with us, such as your profile picture, email address, and birthday. The information we collect may depend on the privacy settings you have with the social network site, so please review the privacy statement or policy of the applicable social network site. When you access the Website through your social network account, you are authorising us to collect and use your information in accordance with this privacy statement.

We may process personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, to improve your experience of this Website and to make sure that it is working effectively. For example, we (or our service providers) may use cookies (small text files stored in a user’s browser) or Web beacons to collect personal data. More information on how we use these and other tracking technologies – and how you can control them – can be found in our cookie notice.

The personal data we process may include your:

• name, gender, age and date of birth;
• contact information, such as address, email, and mobile phone number;
• country of residence;
• lifestyle and social circumstances (for example, your hobbies);
• family circumstances (for example, your marital status and dependents);
• employment and education details (for example, the organisation you work for, your job title and your education details);
• financial and tax-related information (for example your income, investments and tax residency);
• postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties);
• IP address, browser type and language, your access times;
• information in any complaints you make ;
• details of how you use our products and services;
• CCTV footage and other information we collect when you access our premises; and
• details of how you like to interact with us, and other similar information relevant to our relationship.

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

• dietary requirements (for example, when Deloitte would like to provide you with lunch during a meeting);
• health (for example, so that we can make it easy for you to access our buildings, products and services); and
• sexual orientation (for example, if you provide us with details of your spouse or partner).

We may also process personal data relating to ethnic or racial origin (for example, any multicultural networks you belong to), or about your political opinions (inferred from information you give us about political associations you belong to or have donated to).

We will typically seek separate permission from you in writing to process these special categories of personal data.

If you choose not to provide, or object to us processing, the information we collect (see section 11 below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client.

4. Personal data provided by or about third parties

When our client or another third party gives us personal data about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, for example, that the client or other third party has informed you of the processing, and has obtained any necessary permission for us to process that information as described in this privacy statement.

If any information you give us relates to a third party (such as a spouse, financial dependent, or joint account holder), by providing us with such personal data you confirm that, in line with the above provisions, you have obtained any necessary permission to use it or are otherwise permitted to give it to us.