Legal

Deloitte LLP Tax Privacy Statement

Last revised: 30 May 2018

Introduction

This Privacy Statement explains what personal information we may gather about you when we provide our clients with services and how this personal information may be used and shared. This Privacy Statement also sets out your rights in relation to your personal information and tells you who you can contact if you have questions.

This Privacy Statement is divided into the sections listed below. Click on the links to navigate to the relevant topic:

To whom does this Privacy Statement apply and what does it cover?

This Privacy Statement applies to Deloitte LLP (also referred to as “Deloitte”, “we”, “us”, and “our”), an entity within the Deloitte Network.  As used in this Privacy Statement, the “Deloitte Network” refers to one or more of Deloitte Touche Tohmatsu Limited a UK private company limited by guarantee, and its network of member firms and associated entities, each of which is a legally separate and independent entity. Please see deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

This Privacy Statement sets out how we will process your personal information as part of our provision of tax, social security and (in certain jurisdictions outside of the United States) immigration related services as may be relevant to you. Deloitte is providing these services either under a direct contract with you or via a contract with another person (such as a company or a partnership or a trustee) who has asked us to provide the services.

Your personal information will be protected and handled with consideration for its confidentiality and Deloitte will only disclose it as set out in the “To whom will we disclose your personal information?” section below.

In this Privacy Statement, we refer to handling, collecting, protecting and storing your personal information as "processing".

What personal information do we collect?

Deloitte may collect personal information relating to you such as:

  • name;
  • contact details (such as work or home address, email and phone numbers);
  • date of birth;
  • Government identifiers (such as social security number, unique tax reference and passport details);
  • financial information; or
  • calendar data (where applicable).

In order to provide services to you, Deloitte may receive and also need to process personal information about you that may be considered special category (or “sensitive”) personal information (special category personal information is considered to include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data or sexual orientation). Special category personal information about you includes information that may be reasonably inferred from other information that we receive.

Where we receive special category personal information or other information from which special category personal information can be reasonably inferred, we will require explicit consent in order to process it.

How do we collect personal information?

Deloitte may collect personal information about you in different ways:

  • you may provide it directly to us; 
  • we may obtain it because of the services that Deloitte provides or has previously provided;
  • we may receive it from other members of the Deloitte Network or from third parties, such as your employer/partnership, or a tax authority and/or other relevant authority/administrative bodies; or
  • we may observe or infer it from the information you provide to us and/or the way you interact with us.

This personal information can be received in any manner, including in-person discussions, telephone conversations, and electronic or other written communications.

Without access to all the personal information that we need, we may be unable to provide or complete the services.

Where another party (such as a company or a partnership or any third parties acting on your or their behalf) provides your personal information to us, they must also comply with their obligations under the relevant privacy laws and regulations. If you believe that the entity for whom you work or a third party has not provided you with details of the personal information that it holds about you and/or has not obtained your authority to provide us with that personal information for processing as described in this Privacy Statement, then please contact such entity directly.

Disclosing personal information to us relating to third parties

If any personal information which you provide to us relates to any third party, for example a spouse or civil partner, co-habitee, individuals (including children) who depend on you financially, or a joint account holder or a beneficiary or trustee of a trust, then by providing us with their personal information you will need to ensure that you have obtained any necessary permissions from those persons to the use of their personal information in the way set out in this Privacy Statement, or you are otherwise permitted to give us this personal information. You should share a copy of this Privacy Statement with those other individuals before disclosing any personal information about them to us.

How do we use your personal information?

Deloitte processes personal information about you to:

  • establish or maintain our relationship with you;
  • provide services to you and/or family member(s) or to the entity that has engaged us to provide the services; or
  • keep you informed of services we think may be of interest to you.

We may also use your personal information for the purposes of, or in connection with:

  • compliance with applicable legal, regulatory or professional requirements; or
  • protecting our rights and/or property.

On what basis do we process personal information about you?

This Privacy Statement sets out the grounds upon which we rely in order to process your personal information.
We may use your personal information for the purposes outlined above because:

(a) where relevant, we have a contract with you to provide services and processing your personal information is necessary for the performance of such contract;

or (b) we have a legitimate interest in processing your personal information, which may be to:

  • provide services to you and/or to the entity that has engaged us to provide the services; 
  • support the management of our client engagements; 
  • keep you informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so;
  • evaluate, develop or improve our services or products; or
  • protect our business interests.

or (c) we are subject to legal, regulatory or professional obligations.  

To whom will we disclose your personal information?

In connection with one or more of the purposes outlined in this Privacy Statement, we may disclose your personal information to:

  • other members of the Deloitte Network;
  • those with whom you have requested us to share information, such as your spouse or civil partner;
  • competent authorities, including courts and authorities regulating us or another member of the Deloitte Network, in each case to comply with legal, regulatory or professional obligations or requests;
  • vendors and administrative, support, infrastructure and other service providers handling your information on our behalf; in each case, such vendors and service providers will be contractually bound by confidentiality and privacy obligations consistent with the obligations in this Privacy Statement; or
  • third parties to whom we disclose information in the course of providing services to you or to the entity that has engaged us to provide the services.

Deloitte does not sell or lease your personal information to others.

Please note that some of the recipients of your personal information referred to above may be based in countries or regions without data protection rules similar to those in effect in your area of residence. In such cases, adequate safeguards will be in place to protect your personal information.

For further details about the transfers described above and the adequate safeguards used by Deloitte with respect to such transfers, please contact us using the details below.

How do we keep your personal information secure?

We have in place reasonable commercial standards of technology and operational security to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration or destruction. Only authorised personnel, with appropriate awareness of privacy obligations, are provided access to your personal information.

How long will we keep your information?

We retain personal information as long as is necessary to fulfil the purposes identified in this Privacy Statement or (i) as otherwise necessary to comply with applicable laws or professional standards, or (ii) as long as the period in which litigation or investigations might arise in respect of our services.

Sending you marketing information

We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and other electronic methods, about similar products and services (including those of third parties) which may be of interest to you.

You may, at any time, request that we and/or other members of the Deloitte Network do not send such information to you by one, some or all channels, by (i) following the opt-out instructions in communications from us or (ii) writing to us.

What are your rights in relation to your personal information?

You have various rights in relation to your personal information. In particular, you have a right to:

  • obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you;
  • ask that we update the personal information we hold about you, or correct such information that you think is inaccurate or incomplete;
  • ask that we delete personal information that we hold about you, or restrict the way in which we use your personal information;
  • withdraw consent to our processing of your personal information (to the extent our processing is based on your consent);
  • ask us to stop or start sending you marketing messages at any time;
  • obtain and/or move your personal information to another service provider; and
  • object to our processing of your personal information.

Where our processing of special category personal information is reliant on your consent and you withdraw that consent, we will cease processing the relevant information for the purposes of providing our services and the effect may be that we are no longer able to provide the services.

However, we may still retain a copy of the relevant information for as long as necessary to comply with applicable laws or professional standards, or as long as the period in which litigation or investigations might arise in respect of our services.

To exercise any of your rights or raise any questions that you have about our use of your personal information, please contact us using the details below.

Changes to this Privacy Statement

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Privacy Statement, we will amend the revision date at the top of this page and the modified or amended Privacy Statement shall apply to you and your personal information as of that revision date. We encourage you to review this Privacy Statement on our website periodically to be informed about how we are protecting your personal information.

Contact us

If you have any questions or concerns regarding this Privacy Statement or your personal information, please contact us by writing to the Data Protection Officer, Deloitte LLP, 2 New Street Square, London EC4A 3BZ or by email to DPO@deloitte.co.uk.

If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113. If you are not based in the UK, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.