Deloitte Commercial Database Analysis Privacy Statement

Last revised: 25 February 2021


This Privacy Statement explains what personal information we may gather from you when processing commercial databases obtained from third parties containing company, director and shareholder information and how this personal information may be used and shared. This Privacy Statement also sets out your rights in relation to your personal information and tells you who you can contact if you have questions.

This Privacy Statement is divided into the sections listed below. 

This Privacy Statement applies to Deloitte LLP, an entity within the Deloitte Network (also referred to as “Deloitte”, “we”, “us”, and “our”). As used in this Privacy Statement, the “Deloitte Network” refers to one or more of Deloitte Touche Tohmatsu Limited a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Deloitte is a Data Controller and this Privacy Statement sets out how we will process your personal information as part of our processing of commercial databases obtained from third parties containing company, director and shareholder information.

Your personal information will be protected and handled with utmost consideration for its confidentiality and your privacy, and Deloitte will only disclose it as outlined in this Privacy Statement.

This Privacy Statement contains additional details about when we may share your personal information with other members of the Deloitte Network and other third parties (for example, our service providers and clients).

In this Privacy Statement, we refer to handling, collecting, protecting and storing your personal information as "processing".

We process data on business professionals that may include the following:

  • Company and business professional contact information, including name, job title, address, phone number, fax number, e-mail address, domain names, and trade associations;
  • Background information regarding company management, such as beneficial ownership/persons of significant control, the educational and career histories of company principals;
  • Business compliance information from public source government and professional records, media and business publications; and
  • Newspaper and media reports of criminal convictions.
The above personal information comes from third party commercial data providers providing data directly to us. 
Deloitte may process information about you to enable us and our clients to manage their risks, protect against fraud, know who they are doing business with and meet statutory, compliance and regulatory obligations.

We are required by law to set out in this Privacy Statement the legal grounds upon which we rely in order to process your personal information.

We may use your personal information for the purposes outlined above because we have a legitimate interest in processing your personal information, which is to streamline the vetting of suppliers and/or customers for our end clients. 

In connection with one or more of the purposes outlined in the “How do we use information about you?” section above, we may disclose your personal information to:

  • service providers handling your information on our behalf; in each case, such service providers will be contractually bound by confidentiality and privacy obligations consistent with the obligations in this Privacy Statement
  • clients and other third parties to whom we disclose information in the course of providing services to our client.

Please note that some of the recipients of your personal information referred to above may be based in countries or regions without data protection rules similar to those in effect in your area of residence. In such cases, adequate safeguards will be in place to protect your personal information. Such adequate safeguards might include a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to those countries.

For further details about the transfers described above and the adequate safeguards used by Deloitte with respect to such transfers, please contact us using the details below.

We have in place reasonable commercial standards of technology and operational security to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration or destruction. Only authorised personnel, who have been made appropriately aware of our privacy obligations, are provided access to personal information.
We retain personal information as long as is necessary to fulfil the purposes identified in the “How do we use information about you?” section above or as otherwise necessary to comply with applicable laws, professional standards, or as long as the period in which litigation or investigations might arise in respect of our services to you or our client. 

You have various rights in relation to your personal information. In particular, you have a right to:

  • obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you;
  •  ask that we update the personal information we hold about you, or correct such information that you think is inaccurate or incomplete;
  • ask that we delete personal information that we hold about you, or restrict the way in which we use your personal information;
  • withdraw consent to our processing of your personal information (to the extent our processing is based on your consent);
  • ask us to stop or start sending you marketing messages at any time; and
  • object to our processing of your personal information.

Any request for access to or a copy of your personal information must be in writing and we will endeavour to respond within a reasonable period and in any event within the period required by applicable data protection legislation.  We will comply with our legal obligations as regards your rights as a data subject.

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Statement, we will amend the revision date at the top of this page and the modified or amended privacy statement shall apply to you and your personal information as of that revision date. We encourage you to review the Privacy Statement on our website periodically to be informed about how we are protecting your personal information.

If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about privacy issues, or you wish to raise a complaint about how we are using your information you can contact us in the following ways:

  • write to the Data Protection Officer, Deloitte LLP at 1 New Street Square, London EC4A 3HQ; or
  • send an email to

If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.