Deloitte LLP and its United States affiliates (the “Deloitte U.S. Firms”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. The Deloitte U.S. Firms have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. The Deloitte U.S. Firms have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ This Notice only applies to personal information within the scope of the Deloitte U.S. Firms' Data Privacy Framework certifications.
Our Data Privacy Framework certifications cover personal information regarding:
Our certifications do not cover any disclosure of an individual’s personal information to a third party who processes personal information for its own purposes when the disclosure is made at the request of the individual. We disclose personal information to third party service providers in connection with the operation of our business, including providing services to clients and administering our Personnel and business relationships. We ascertain that these third party service providers provide at least the same level of privacy protection as is required by the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. We may be liable if third parties fail to meet these obligations and we are responsible for the event giving rise to the damage.
The Deloitte U.S. Firms are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. The Deloitte U.S. Firms may be required to disclose personal information to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.
EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact the Deloitte U.S. Firms at: USDataPrivacyFramework@deloitte.com. If we have not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority, if it relates to Personnel data, and (2) the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA"), which can be contacted here, if it relates to any other personal information covered by our certification. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the applicable Data Privacy Framework Panel.
The Deloitte U.S. Firms commit to cooperate with EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and to comply with the advice given by such authorities where needed to comply with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF with regard to human resources data transferred from the EU, the UK and Switzerland in the context of the employment relationship.