Deloitte LLP and its United States affiliates (the "Deloitte U.S. Firms") comply with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce with respect to personal information of the types described below that is transferred from the European Economic Area, the United Kingdom and Switzerland to the United States. We have certified our participation in the Privacy Shield Frameworks to the Department of Commerce. The Deloitte U.S. Firms registration can be viewed here. This Notice only applies to personal information within the scope of the Deloitte U.S. Firms' Privacy Shield certifications.
Our Privacy Shield certifications cover personal information regarding:
(1) current, former, and prospective partners, principals, and employees (collectively "Personnel") in connection with the Personnel relationship;
(2) personal information regarding clients and their personnel and customers in connection with the client relationship, such as the delivery of professional services and the administration of the client relationship; and
(3) personal information regarding third parties (such as service providers and contractors) and their personnel in connection with the management and administration of the business relationships with such third parties.
Our certifications do not cover any disclosure of an individual’s personal information to a third party who processes PII for its own purposes when the disclosure is made at the request of the individual.
We disclose personal information to third party service providers in connection with the operation of our business, including our provision of services to clients and our Personnel and business relationships. We ascertain that these third party service providers provide at least the same level of privacy protection as is required by the Privacy Shield Principles. We may be liable if both third parties fail to meet these obligations and we are responsible for the event giving rise to the damage.
The Deloitte U.S. Firms are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. The Deloitte U.S. Firms may be required to disclose personal information to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.
Any questions or complaints concerning our Privacy Shield compliance, or requests to access, correct, amend, delete, or limit the use or disclosure of personal information (opt out) may be directed to USPrivacyShield@Deloitte.com. If we have not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority, if it relates to Personnel data, and (2) the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA"), which can be contacted here, if it relates to any other personal information covered by our certification. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
The Deloitte U.S. Firms commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and to comply with the advice given by such authorities where needed to comply with the Privacy Shield Principles with regard to human resources data transferred from the EU, the United Kingdom and Switzerland in the context of the employment relationship.
Last revised: 3/25/2019