Skip to main content

Privacy notice

When referred to on this page, terms such as "we" or "our" refer to Deloitte Brazil, while “personal data” refers to data that identifies, refers to, describes, is capable of being associated with, or can be directly linked to or indirectly to an individual.

By reading this Privacy Notice, you will be aware of our commitment to processing personal data in a responsible and ethical manner, in accordance with our principles and values ​​and, especially, in accordance with the rules of Law No. 13,709/2018 – General Law of Personal Data Protection (LGPD) and other applicable legislation.

As used in this Privacy Notice, "Deloitte Network" refers to one or more Deloitte Global companies, its network of member Firms and their related entities. Deloitte Global and each of its member Firms are  legally autonomous and independent entities. See www.deloitte.com/about for a detailed description of the legal structure of Deloitte Global and its Member Firms. “Deloitte Brazil” refers exclusively to the Deloitte member firm that provides services in Brazil.

The deloitte.com website also includes web pages provided by other Deloitte Global Member Firms or their related entities, which are designated  according to the geography identified in the upper right corner of the website pages. These web pages are made available by designated entities and are not the responsibility of Deloitte Brazil. These pages, as well as other websites that may be linked, are not governed by this Privacy Notice. We encourage you to review the privacy notices applicable to these web pages, which will provide further information regarding the processing of your Personal Data.

We may collect and process your data because:

i.  You provide it to us (for example, through the pages of this website or any other Deloitte Brazil website or application, or through other modes of interaction with Deloitte communications, such as online or offline newsletters and magazines);

ii.  Other parties provide it to us (for example, your employer when you engage us to provide services, other entities in the Deloitte Network, or third-party service providers we use to help operate our business); or

iii.  It is publicly available.

The types of personal data we collect or obtain may vary based on the nature of the services we provide to you or our client, how you use our website or how you interact with Deloitte.

The personal data we may collect or obtain may include (but is not limited to):

  • Registration and identification data, such as name, personal qualifications, address, email, country of residence, documents and identifying information such as the Individual Taxpayer Registration Number (CPF);
  • Lifestyle data and social circumstances, such as your marital status, dependents;
  • Information relating to employment and education, such as the organization you work for, your role, your educational details, resume; 
  • Financial and tax information, such as your income, tax residence, account number; 
  • Data relating to online interactions and use of services, such as social media posts, details of how you like to interact with us, information about pages accessed and other similar information relevant to our relationship; 
  • Browsing information such as IP address, browser type and language, access times, geolocation; 
  • Information we collect when you access our facilities; 
  • Other information relevant to providing services to you or our client; 
  • Any other information you voluntarily provide to us.

Although we do not normally have this objective, the personal data we collect may also include sensitive personal data, which is defined by law as data about racial or ethnic origin, religious belief, political opinion, membership of a trade union or religious organization, philosophical or political, data relating to health or sexual life, genetic or biometric data.

In some circumstances, we may process personal data about you as a result of legal requirements imposed on us. If you choose not to provide or, where applicable, object to the processing of this information, we may not be able to process your instructions or provide you with personalized communication, service or assistance (see the “Your Rights” section below).

We understand the importance of protecting the privacy and personal data of children and adolescents. Our website and services are not designed or intentionally directed at children and adolescents. It is not our policy to intentionally collect or store information about this type of audience; however, in eventual situations in which the collection and use of these types of personal data is necessary, such as in the provision of services where the personal data of minor dependents is processed, the processing will occur in the best interests of the child and/or the adolescent, in accordance with current legislation.

When other parties provide us with Personal Data about you, we require them to comply with relevant privacy laws and regulations through contractual agreements - this includes, for example, that you have been informed about the sharing of your information to us.

We may process your personal information when you interact with our websites, applications or communications. For example, we or our service providers may also use cookies (small text files stored in a user's browser) or web beacons (electronic images that allow us to count users who have accessed certain content and access certain cookies) to collect aggregate data. Where applicable, additional information about how we may use cookies, other tracking technologies and how you can control them can be found in the Cookie Notice for the page in question. More information about how we use cookies and other tracking technologies can be found in our Cookie Policies.

We may use your personal information for the purposes of or in connection with:

Providing services to our customers:

As we provide a wide range of services to our customers, the way we use personal data in relation to our services may vary.

Some examples of how we may process personal data in the context of our service provision (non-exhaustive list):

  • We may process data of a client's employees to help those employees manage their tax affairs when working abroad; 
  • We may process data of a client's employees and customers when carrying out an audit for a client;
  • We may process customer data to help you complete a tax return; 
  • We may process data of a customer's employees for payroll processing and other activities related to human resources services.


Execution of other activities that are part of the operation of our business:
 

  • Recruit and select professionals; 
  • Meet applicable legal or regulatory requirements; 
  • Respond to requests and communications from competent authorities;
  • Opening a customer account and other administrative purposes; 
  • Financial accounting, billing and risk analysis; 
  • Carry out due diligence checks and sanctions screening (when relevant) to comply with internal policies, compliance with anti-corruption and money laundering obligations related to the provision of our services and the hiring of professionals and third parties; 
  • Investigate or prevent security incidents, protect our technological systems and promote the security of our data; 
  • Protect our rights and/or those of other entities in the Deloitte Network.
     

Marketing and business development activities:

 

  • Manage and promote collaboration and communication; 
  • Manage our relationship with you, for example by responding to requests you submit, sharing details of products and services provided that may be of interest to you, contacting you to receive feedback about our services, to invite you to events or for research; 
  • Conduct and analyze our marketing activities; 
  • Provide and document training and qualifications.


Use related to the website:
 

  • Verify your identity when logging into a website; 
  • Manage and/or improve our website; 
  • Adapt the content of our website to provide you with a personalized experience; 
  • Draw your attention to information about products and services that may be of interest to you; 
  • Monitor and enforce applicable terms of use and ensure that only authorized parties access the website; 
  • Carry out data analysis, for example, relating to the use of the website and demographic analyzes of website users; 
  • Manage and respond to requests you submit to us via the website.

 

We are required by law to establish the legal basis for processing your personal data, mainly related to the legal hypotheses defined by the LGPD.
Your personal data will be processed in the following cases:

  • By providing your consent to the processing of your data;
  • When there are legitimate interests of the Deloitte Network, in offering and delivering our services to you or our client, as well as for the effective and lawful operation of our business, provided that such interests are not outweighed by your interests, rights and fundamental freedoms; 
  • To comply with legal and regulatory obligations such as maintaining records for tax purposes or providing information to a public body or law enforcement agency and complying with labor and social security obligations;
  • To execute any contract, as well as to provide our services to you or our client;
  • To regularly exercise our rights, such as our right to defense in any judicial or administrative proceeding;
  • Protection of the life or physical safety of you or a third party;
  • Protection of your health.

To the extent that we process any sensitive Personal Data relating to you for any of the purposes described above, we will do so because: (i) you have given us your explicit consent to process that data; (ii) we are required by law to process this data; (iii) processing is necessary for the establishment, exercise or defense of legal claims; (iv) we need to guarantee fraud prevention and security of the data subject; (v) we are protecting the life or physical safety of the data subject or third party; or (vi) we are exercising health protection, exclusively, in a procedure carried out by health professionals, health services or health authorities.

Please note that in certain circumstances it may still be legally acceptable for us to continue processing your information for separate purposes, even if you have withdrawn your consent, if one of the other legal bases described above applies.

We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and/or other methods about products and services (including those of third parties) that may be of interest to you. You can at any time request that we not send you marketing information by following the unsubscribe instructions in our communications or by contacting us.

In connection with one or more of the purposes described in the “Purposes of processing your information” section above, we may share information about you to other members of the Deloitte Network for legitimate business purposes, to third parties who provide services to us, as part of a corporate transaction , competent authorities and other third parties who reasonably require access to Personal Data relating to you for one or more of the purposes described in the sections above.

We may also need to disclose your personal data if required by law, to a regulator or during legal proceedings.

Our website hosts various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively, “Social Media Applications”). It is important to note that any personal information you share with these Social Media Applications can be read, collected and used by other users of the application. We have little or no control over these other users and therefore cannot guarantee that any information you provide with any social media application will be treated in accordance with this Privacy Notice.

Please note that some of the recipients of your personal data may be located in countries outside Brazil, whose laws may not offer the same level of data protection. In these cases, we will ensure that we take all possible measures to protect your personal data in accordance with our legal obligations and in accordance with LGPD and ANPD guidelines. Such arrangements may be a data transfer agreement with the recipient based on standard contractual clauses or other mechanisms provided for in applicable Law and Resolutions.

We do not sell your personal information.

We use a series of physical, electronic and administrative measures to ensure that your personal data remains secure, accurate and up to date. These measures include:

  • Education and training of our professionals so that they are aware of our privacy and data protection obligations when dealing with personal data;
  • Administrative and technical controls to restrict access to personal data, conditioned on the need to know; 
  • Technological security measures, including firewalls, encryption and antivirus software; 
  • Physical security measures, such as security cards to access our facilities. 

Although we use appropriate security measures, once we receive your personal data, the transmission of data over the internet (including by email) is never completely secure. We strive to protect your personal data, but we cannot guarantee the security of data transmitted to us or by us over the internet.

We will keep your personal data on our systems for the longest of the following periods:

(i) as long as it is necessary for the relevant activity or services, under the terms of the execution of contracts, preliminary procedures or legitimate interests;

(ii) any retention period required by law;

(iii) for the period permitted by law for the regular exercise of rights in judicial, administrative or arbitration proceedings;

(iv) while your consent is valid, in applicable cases;

(v) in accordance with current legislation.

You have rights in relation to your personal data:

  • Obtain confirmation that we are processing your personal data;
  • Request that we update the personal data we hold about you or correct data that you believe is incorrect or incomplete;
  • Withdraw the consent granted for the processing of your personal data, as well as request its deletion (to the extent that such processing is based on consent);
  • Obtain information about with whom we share the use of your data;
  • Request that your personal data that you consider unnecessary, excessive or treated in non-compliance with the LGPD be anonymized, blocked or deleted; 
  • Request the review of decisions made solely based on automated processing of personal data. 

To help us maintain the accuracy of your personal information, please contact us as described in the “Contact Information” section below if any of your personal data has changed. If you are not satisfied with the way we treat your personal data or with any question or request related to your privacy, you can register your complaint or request to our DPO through the “Privacy Form”.

For certain requests for Personal Information, we must first verify your identity before processing your request. To do this, we may ask you to provide us with your full name, contact information and relationship with Deloitte. Depending on your request, we may ask you to provide additional information. Once we receive this information, we will analyze it and determine whether we can combine it with information that Deloitte maintains about you to verify your identity.

To exercise any of your rights, or if you have other questions about the use of your personal data, contact our DPO, Cristina Arantes de Almeida Berry (dpobr@deloitte.com), or through the “Privacy Form”.

We may modify or amend this Privacy Notice from time to time.

To let you know when we make changes to this Privacy Notice, we will change the revision date at the top of this page. The new modified or amended Privacy Notice will apply from that revision date. Therefore, we encourage you to periodically review this Notice to be informed of how we are protecting your information.

By providing information through this website, you agree to the information described above.