Deloitte LLP Tax & Legal Privacy Statement

Deloitte may collect personal information relating to you such as:

• name;
• contact details (such as work or home address, email and phone numbers);
• Location
• date of birth;
• Government identifiers (such as social security number, unique tax reference and passport details);
• Immigration related details (such as passport information)
• financial information; or
• calendar data (where applicable).

In order to provide services to you, Deloitte may receive and also need to process personal information about you that may be considered special category (or “sensitive”) personal information (special category personal information is considered to include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data or sexual orientation). Special category personal information about you includes information that may be reasonably inferred from other information that we receive. This may also include any other types of specific (sensitive) personal information identified by the relevant data privacy legislation such as Criminal Conviction data (depending on the nature of services we are providing).

Where we receive special category personal information or other information from which special category personal information can be reasonably inferred, we will require explicit consent in order to process it.

Deloitte may collect personal information about you in different ways:

• you may provide it directly to us; 
• we may obtain it because of the services that Deloitte provides or has previously provided;
• we may receive it from other members of the Deloitte Network or from third parties, such as your employer/partnership, or a tax authority and/or other relevant authority/administrative bodies; or
• we may observe or infer it from the information you provide to us and/or the way you interact with us, such as cookies.

This personal information can be received in any manner, including in-person discussions, telephone conversations, and electronic or other written communications.

Without access to all the personal information that we need, we may be unable to provide or complete the services.

Where another party (such as a company or a partnership or any third parties acting on your or their behalf) provides your personal information to us, they must also comply with their obligations under the relevant privacy laws and regulations. If you believe that the entity for whom you work or a third party has not provided you with details of the personal information that it holds about you and/or has not obtained your authority to provide us with that personal information for processing as described in this Privacy Statement, then please contact such entity directly.

If any personal information which you provide to us relates to any third party, for example a spouse or civil partner, co-habitee, individuals (including children) who depend on you financially, or a joint account holder or a beneficiary or trustee of a trust, then by providing us with their personal information you will need to ensure that you have obtained any necessary permissions from those persons to the use of their personal information in the way set out in this Privacy Statement, or you are otherwise permitted to give us this personal information. You should share a copy of this Privacy Statement with those other individuals before disclosing any personal information about them to us.

Deloitte processes personal information about you to:

• establish or maintain our relationship with you;
• provide services to you and/or family member(s) or to the entity that has engaged us to provide the services; or
• keep you informed of services we think may be of interest to you.

We may also use your personal information for the purposes of, or in connection with:

• compliance with applicable legal, regulatory or professional requirements; or
• protecting our rights and/or property.
• developing or improving services and products.

This Privacy Statement sets out the grounds upon which we rely in order to process your personal information. We may use your personal information for the purposes outlined above because:

(a) where relevant, we have a contract with you to provide services and processing your personal information is necessary for the performance of such contract;

or (b) we have a legitimate interest in processing your personal information, which may be to:

• provide services to you and/or to the entity that has engaged us to provide the services; 
• support the management of our client engagements; 
• keep you informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so;
• evaluate, develop or improve our services or products; or
• protect our business interests.

or (c) we are subject to legal, regulatory or professional obligations.

In connection with one or more of the purposes outlined in this Privacy Statement, we may disclose your personal information to:

• other members of the Deloitte Network;
• those with whom you have requested us to share information, such as your spouse or civil partner;
• competent authorities, including courts and authorities regulating us or another member of the Deloitte Network, in each case to comply with legal, regulatory or professional obligations or requests;
• vendors and administrative, support, infrastructure and other service providers handling your information on our behalf; in each case, such vendors and service providers will be contractually bound by confidentiality and privacy obligations consistent with the obligations in this Privacy Statement; or
• third parties to whom we disclose information in the course of providing services to you or to the entity that has engaged us to provide the services.

Deloitte does not sell or lease your personal information to others.

Please note that some of the recipients of your personal information referred to above may be based in countries or regions without data protection rules similar to those in effect in your area of residence. In such cases, adequate safeguards will be in place to protect your personal information. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to third countries.

For further details about the transfers described above and the adequate safeguards used by Deloitte with respect to such transfers, please contact us using the details below.

We have in place reasonable commercial standards of technology and operational security to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration or destruction. Only authorised personnel, with appropriate awareness of privacy obligations, are provided access to your personal information.

We retain personal information as long as is necessary to fulfil the purposes identified in this Privacy Statement or (i) as otherwise necessary to comply with applicable laws or professional standards, or (ii) as long as the period in which litigation or investigations might arise in respect of our services.

We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and other electronic methods, about similar products and services (including those of third parties) which may be of interest to you.

You may, at any time, request that we and/or other members of the Deloitte Network do not send such information to you by one, some or all channels, by (i) following the opt-out instructions in communications from us or (ii) writing to us.

You have various rights in relation to your personal information. In particular, you have a right to:

• obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you.
• ask that we update the personal information we hold about you or correct such information that you think is inaccurate or incomplete.

Depending on the jurisdiction in which you are located, you may also have the right to:

• ask that we delete personal information that we hold about you or restrict the way in which we use your personal information.
• withdraw consent to our processing of your personal information (to the extent our processing is based on your consent)
• ask us to stop or start sending you marketing messages at any time
• obtain and/or move your personal information to another service provider.
• object to our processing of your personal information
• request that we provide the following information regarding the personal information we hold about you:
  • The categories and/or specific pieces of personal information we collected.
  • The categories of sources from which personal information is collected.
  • The business or commercial purpose for collecting personal information.
  • The categories of third parties with whom we shared personal information.

Where our processing of special category personal information is reliant on your consent and you withdraw that consent, we will cease processing the relevant information for the purposes of providing our services and the effect may be that we are no longer able to provide the services.

However, we may still retain a copy of the relevant information for as long as necessary to comply with applicable laws or professional standards, or as long as the period in which litigation or investigations might arise in respect of our services.

To exercise any of your rights or raise any questions that you have about our use of your personal information, please contact us using the details below.

We will not discriminate against you for exercising any of your rights with respect to your personal information

For certain personal information requests, we must first verify your identity before processing your request. To do so, we may ask you to provide us with your full name, contact information, and relationship to Deloitte.

Depending on your request, we may ask you to provide additional information. Once we receive this information, we will then review it and determine whether we are able to match it to the information Deloitte maintains about you to verify your identity.

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Privacy Statement, we will amend the revision date at the top of this page and the modified or amended Privacy Statement shall apply to you and your personal information as of that revision date. We encourage you to review this Privacy Statement on our website periodically to be informed about how we are protecting your personal information.

If you have any questions or concerns regarding this Privacy Statement or your personal information, or if you wish to exercise any of your rights under the legislation, please contact us by writing to the Data Protection Officer, Deloitte LLP, 1 New Street Square, London EC4A 3HQ or by email to DPO@deloitte.co.uk.

If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.