Limited functionality available
This Privacy Statement explains what personal information we may gather about you when we provide our clients with services and how this personal information may be used and shared. This Privacy Statement also sets out your rights in relation to your personal information and tells you who you can contact if you have questions.
This Privacy Statement is divided into the sections listed below.
This Privacy Statement applies to Deloitte LLP, an entity within the Deloitte Network (also referred to as “Deloitte”, “we”, “us”, and “our”). As used in this Privacy Statement, the “Deloitte Network” refers to one or more of Deloitte Touche Tohmatsu Limited a UK private company limited by guarantee, and its network of member firms and associated entities, each of which is a legally separate and independent entity. Please see deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
This Privacy Statement applies to the Audit part of Deloitte’s business. This business carried out external audits and external assurance engagements, in many cases because of a legal requirement, as well as related services such as internal audits and giving of advice. In most circumstances when providing our services in Audit we will be acting as a Data Controller, and this Privacy Statement sets out how we will process your personal information when providing these services.
Your personal information will be protected and handled with utmost consideration for its confidentiality and your privacy.
This Privacy Statement contains additional details about when we may share your personal information with other members of the Deloitte Network and other third parties (for example, our service providers).
In this Privacy Statement, we refer to handling, collecting, protecting and storing your personal information as "processing".
Deloitte may collect personal information relating to you such as:
Deloitte may also need to process personal information about you that may be considered sensitive or a special category (for example about your health or ethnic origin) that we require to be able to provide the services or that may become apparent to us based on the personal information that we receive.
Deloitte may collect personal information about you in different ways, for example:
This personal information can be received in any manner, including in-person discussions, telephone conversations, and electronic or other written communications.
Without access to all the personal information that we need, we may be unable to provide or complete the services for our client.
Where another person (a company or a partnership (eg your employer) or any third parties acting on your or their behalf) provides your personal information to us, they must also comply with their obligations under the relevant privacy laws and regulations.
Deloitte collects personal information about you to:
We may also use your personal information for the purposes of, or in connection with:
We are required by law to set out in this Privacy Statement the legal grounds upon which we rely in order to process your personal information.
We may use your personal information for the purposes outlined above because:
(a) we are subject to legal or regulatory obligations. This is the most common ground for external audits and external assurance. For example, it is a legal obligation for most companies to have an external audit, which involves them passing data to an independent external auditor. There may be other legal obligations, for example, the rules around client money held by financial institutions requires those institutions to have someone independent check it is being handled properly. In addition, we may need to provide information to a public body or law enforcement agency; or
(b) we have a legitimate interest in processing your personal information, which may be to:
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that data; (ii) we are required by law to process that data in order to ensure we meet our 'know your client' and 'anti-money laundering' obligations (or other legal obligations imposed on us); (iii) the processing is necessary to carry out our obligations under employment, social security or social protection law; (iv) the processing is necessary for the establishment, exercise or defence of legal claims; (v) you have made the data manifestly public; or (vi) the processing is necessary for reasons of substantial public interest.
In connection with one or more of the purposes outlined in the “How do we use information about you?” section above, we may disclose your personal information to:
Please note that some of the recipients of your personal information referred to above may be based in countries or regions without data protection rules similar to those in effect in your area of residence. In such cases, adequate safeguards will be in place to protect your personal information. Such adequate safeguards might include a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to those countries.
For further details about the transfers described above and the adequate safeguards used by Deloitte with respect to such transfers, please contact us using the details below.
We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and other electronic methods, about similar products and services (including those of third parties) which may be of interest to you.
You may, at any time, request that we and/or other members of the Deloitte Network do not send such information to you by one, some or all channels, by following the opt-out instructions in communications from us or writing to us.
You have various rights in relation to your personal information. In particular, you have a right to:
Any request for access to or a copy of your personal information must be in writing and we will endeavour to respond within a reasonable period and in any event within the period required by applicable data protection legislation. We will comply with our legal obligations as regards your rights as a data subject.
If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about privacy issues, or you wish to raise a complaint about how we are using your information you can contact us in the following ways:
If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.