Skip to main content

Avature – Privacy notice

Information on processing your personal data for Onboarding process

INFORMATION OF PERSONAL DATA PROCESSING

 

This information is provided to you as Employee by one of the following Deloitte1 entities which is your Employer:

  • Deloitte svetovanje d.o.o., Dunajska cesta 165, 1000 Ljubljana;
  • Deloitte revizija d.o.o., Dunajska cesta 165, 1000 Ljubljana

(hereinafter the “Employer”)

 

In accordance with Data Protection Act (Zakon o varstvu osebnih podatkov, Official Gazette of the RS, Nr., št. 86/2004, as amended, hereinafter the “Data Protection Act”), the Employee acknowledges that his/her Personal Data are processed by the Employer as the Data Controller. The processing is carried under the Employment Contract between the Employee and the Employer, in connection with, or in relation to the performance of the Employee’s work for the Employer and also covers the purposes of use of the Employer’s information systems and compliance with the internal policies of DTTL member firms and their respective subsidiaries and affiliates.

 

A.

 

Definitions:

(The below definitions serve for nomenclature purposes solely and in specific cases do not establish any existence of the Employment relationship in accordance with the Employment Relations Act, (Zakon o delovnih razmerjih, ZDR-1, Official Gazette of the RS, Nr. 21/2013, as amended, hereinafter the “Employment Relations Act”)

 

  • Data Controller“ shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of Personal Data. In relation to the Employee Personal Data the Controller is his/her Employer / affiliate of Deloitte CE.
  • Employee” shall mean any person in Employment or in a similar Employment relationship (contract for work) or other contractual relationship with the Employer, including statutory representatives, proxies, professional advisors and consultants of the Employer.
  • Employment” under this information shall also include similar Employment relationships or other contractual relationships of individuals active for the Employer when applicable.
  • Employment Contract” under this information shall mean the contract establishing the Employment as defined above.
  • Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
  • Recipient“ means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed. In relation to Employee Personal Data the Recipients can be e.g. Employee(-s) of Controller, Processor(-s) or Employee(-s) of Processor. Public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with the law shall not be regarded as Recipients.

 

B. Extent of the processing:

 

The Employer processes the Personal Data of the Employee to the following extent:

  • Personal Data to the extent required by the relevant legislation (Employment Relations Act and other legislation related to the Employment, especially Labour and Social Security Registers Act (Zakon o evidencah na področju dela in socialne varnosti, Official Gazette of the RS, Nr. 40/2006) and Health and Safety at Work Act (Zakon o varnosti in zdravju pri delu, Official Gazette of the RS, Nr. 43/2011)
  • Personal Data submitted by the Employee before entering into the Employment relationship;
  • Personal Data relating to the Employee’s professional qualifications and experience;
  • Other Personal Data relating to the Employee’s Employment with the Employer and performance of his/her obligations related to the Employment relationship (for example: performance management data, data on trainings and e-learnings attendance, phone-call lists with partial numbers revealed, usage of Deloitte devices and systems etc.); and
  • Photographs, video and audio recordings of the Employee.

 

C.

Purpose of processing of the Personal Data by the Employer:

The purpose of processing the Personal Data is for the Employer to exercise its rights and obligations pursuant to Employment Relations Act, the Employment Contract and other relevant legislation, in particular, with regard to maintaining HR and payroll agenda, to acts relating to performance of the Employee’s obligations related to the Employment, Employee trainings and education, benefits, and connected to offering and providing the Employer’s services to the clients as specified in more detail in paragraph below.

 

The Employer is also entitled to process the Personal Data for the purpose of monitoring Employee compliance with relevant Employer’s policies relating to security of Employer’s devices and system. Processing in this extent is based on Employer’s legitimate interest in ensuring its business continuity and protection of its economic, commercial and financial interests and in particular compliance with the rules of confidentiality. This includes, among others, prevention and remedy of any technical problems, prevention and suppression of activities that are intentionally illegal, contrary to the public order or that are wilfully damaging to any third party’s rights and dignity, prevention and suppression of any violation of intellectual property rights as well as confidentiality and integrity of Employer’s data, the security and good technical functioning of its systems and the costs relative thereto, as well as the material protection of all Employer’s resources.

 

D.

The Employer is entitled to provide Employee’s Personal Data to the following Recipients that are the Employer's Data Processors, who process the Personal Data on behalf of the Employer, under the conditions and to the extent agreed with the Employer in a written authorisation/contract. In particular, for the purpose of the Employee’s records in the HR systems, processing of his/her HR and payroll records, providing Employee benefits and also to provide IS services, document archiving, e-mail services and other hosted applications services and to the extent necessary for the performance of rights and obligations arising from the Employment relationship between the Employee and the Employer or as agreed between the Employee and the Employer as well as for the purpose of monitoring Employee compliance with relevant Employer’s policies relating to security of Employer’s devices and system based on Employer’s legitimate interest in ensuring its business continuity and protection of its economic, commercial and financial interests and in particular compliance with the rules of confidentiality.

The list of the Employer's Data Processors within Deloitte CE is published and accessible here:

https://resources.deloitte.com/sites/centraleurope/CE%20Policies/1600%20Security/1611%20Data%20Processors%20-%20Regional/1611.01%20List%20of%20Employee%20Personal%20Data%20Processors.pdf

The list of the local Employer’s Data Processors is published and accessible here:

https://resources.deloitte.com/sites/centraleurope/Pages/CE-Policies.aspx?RootFolder=%2Fsites%2Fcentraleurope%2FCE%20Policies%2F1600%20Security%2F1612%20Data%20Processors%20%2D%20Local&FolderCTID=0x01200036B21D48CCFE694A8A956D23555F7F02&View={18EC9E21-8952-4FBB-853E-20D63819E4D9}

 

Paper versions of the above-mentioned lists are available at the local HR department and are provided to the Employee upon his/her request.

The Personal Data of Employee may also be disclosed to the competent authorities as authorized by the applicable laws.

The Employee is hereby informed that the Employer may provide the Employee’s Personal Data for the purposes as specified above to Deloitte CE and DTTL member firms and their respective subsidiaries and affiliates during the term of the Employment, even to countries outside of the EU territory which do always not ensure the same level of protection as required by the EU legislation. Such transfers to countries outside of the EU either to the Processor (as indicated in the list of the Employer's Data Processors within Deloitte CE) or Controller are based on the EU approved Standard Contractual Clauses. In specific situations such as e.g. mobility programme or cross-border cooperation provision, Employee’s Personal Data can be transferred to the Recipient outside the EU and it is responsibility of such Recipient to comply with the local law when processing the Personal Data.

 

E.

The data will be processed until the purposes of processing such Personal Data are fulfilled; or as required by the applicable legislation. The Employer is entitled to process the Personal Data of the Employee for a period of three months after the Employment relationship is terminated or as required by the applicable legislation. After this period expires, Personal Data of Employee will be anonymised or permanently deleted.

The Employee is responsible for the accuracy and update of the Personal Data he/she has provided to the Employer. The Employee undertakes to notify the Employer of any changes in the Personal Data provided without undue delay.

 

F.

During and after the Employment relationship, the Employee is obliged to keep confidential the Personal Data of the Employer’s Employees, clients, external suppliers, and other natural persons met by the Employee in the course of his/her Employment, which are processed in connection with his/her job duties performed for the Employer; he/she may not use the Personal Data for personal purposes, and he/she may not publish them or make them accessible without the Employer’s or the particular natural person´s consent. Other obligations of the Employee related to work with Personal Data are specified in the Employer’s internal policies and regulations, of which the Employee was informed and which he/she undertakes to comply with.

 

G.

Employer shall establish technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of the Personal Data processed; prevent the unauthorized use of or unauthorized access to the Personal data or prevent a Personal Data breach (security incident) in accordance with Deloitte instructions, policies and applicable laws. Deloitte is a holder of ISO 27001 certification – widely recognized global information standard.

 

H.

Data Subjects' Rights

Employee has right to:

  • request access to your personal data (and request a copy of the personal data that we
  • process),
  • request us to update and correct your personal data (right to rectification),
  • request us to delete your personal data (where possible), or
  • require a restriction on the processing of your data.

 

Employee may object to the processing (in certain cases as specified by GDPR), as well as execute his/her right to data portability (receive a copy of personal data which you provided to us in a structured machine – readable format and request us to transmit such data to another data recipient).

You can enforce all rights described here can be enforced by sending e-mail to: cesi@deloittece.com, or a written notice to: Deloitte svetovanje d.o.o./Deloitte revizija d.o.o., Dunajska cesta 165, 1000 Ljubljana.

Employee can also contact CEprivacy@deloittece.com for any questions related to processing your personal data including the security safeguards when transferring the data outside of the EU region.

It is also the right of each Employee to lodge a complaint with a local data protection supervisory authority in the country of your residence in case you are of an opinion that the processing of your personal data infringes the GDPR.

 

To learn more about your data subject’s right, please read 1604.03 Data Subjects’ Rights Execution policy available here.

The Employee confirms that he/she has been informed of:

  • his/her rights arising from the Personal Data Regulation and other relevant legislation; and
  • the fact that the provision of Personal Data to be processed under this information is compulsory. Failure to provide Personal Data by the Employee pursuant to this information may result in particular in the impossibility to conclude the Employment Contract, the impossibility of the Employer to fulfil its legal obligations or obligations arising from the Employment Contract, etc.

 

 

 

EMPLOYEE’S CONSENT2 TO THE PROCESSING OF HIS/HER PHOTOGRAPHS OR AUDIO AND VIDEO RECORDNGS (“personal data”) ON DDELOITTE WEBSITES, INTRANETS, OFFICE PLASMA tv’S OR ACCOUNTS ON SOCIAL NETWORKING SITES

 

This consent is granted by you as Employee to one of the following Deloitte3 entities which is your Employer:

  • Deloitte svetovanje d.o.o., Dunajska cesta 165, 1000 Ljubljana;
  • Deloitte revizija d.o.o., Dunajska cesta 165, 1000 Ljubljana.

(hereinafter the “Employer”)

 

A.

Definitions:

(The below definitions serve for nomenclature purposes solely and in specific cases do not establish any existence of the Employment relationship in accordance with the Employment Relations Act, (Zakon o delovnih razmerjih, ZDR-1, Official Gazette of the RS, Nr. 21/2013, as amended, hereinafter the “Employment Relations Act”)

 

  • "Data Controller“ shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of Personal Data. In relation to the Employee personal data the Controller is his/her Employer / affiliate of Deloitte CE.
  • "Employee” shall mean any person in Employment or in a similar Employment relationship (contract for work) or other contractual relationship with the Employer, including statutory representatives, proxies, professional advisors and consultants of the Employer.
  • Employment” under this consent shall also include similar Employment relationships or other contractual relationships of individuals active for the Employer when applicable.
  • Employment Contract” under this consent shall mean the contract establishing the Employment as defined above.
  • Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
  • Recipient“ means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed. In relation to Employee Personal Data the Recipients can be e.g. Employee(-s) of Controller, Processor(-s) or Employee(-s) of Processor. Public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with the law shall not be regarded as Recipients.

 

B.

In accordance with Data Protection Act (Zakon o varstvu osebnih podatkov, Official Gazette of the RS, Nr., št. 86/2004, as amended, hereinafter the “Data Protection Act”), the Employee hereby grants his/her consent to processing of his/her Personal Data by the Employer as the Data Controller. This consent is voluntarily granted with respect to the data provided by the Employee to the Employer in the course of Employment with the Employer for the following purpose: to inform the public on various activities executed, organized or supported by the Employer and Deloitte (other than those necessary for the performance of the Employee’s duties within his/her job description), in particularly to take, publish and process Employee’s photographs or audio and video recording.

 

D.

The Employee provides his/her consent to the Employer for the duration of the period until the purposes of processing such Personal Data are fulfilled but not longer than for the duration of the Employment relationship or until revoked as per instruction here-below. After this period expires Employee’s Personal Data will be anonymised or permanently deleted.

 

E.

Employer shall establish technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of the Personal Data processed; prevent the unauthorized use of or unauthorized access to the Personal Data or prevent a Personal Data breach (security incident) in accordance with Deloitte CE instructions, policies and applicable laws. Deloitte is a holder of ISO 27001 certification – widely recognized global information standard.

 

F.

Data Subjects' Rights

 

Employee has right to:

  • request access to your personal data (and request a copy of the personal data that we process),
  • request us to update and correct your personal data (right to rectification),
  • request us to delete your personal data (where possible), or
  • require a restriction on the processing of your data.

 

Employee may object to the processing (in certain cases as specified by GDPR), as well as execute his/her right to data portability (receive a copy of personal data which you provided to us in a structured machine – readable format and request us to transmit such data to another data recipient).

You can enforce all rights described here can be enforced by sending e-mail to: cesi@deloittece.com

or a written notice to: Deloitte svetovanje d.o.o./Deloitte revizija d.o.o., Dunajska cesta 165, 1000 Ljubljana.

Employee can also contact CEprivacy@deloittece.com for any questions related to processing your personal data including the security safeguards when transferring the data outside of the EU region.

It is also the right of each Employee to lodge a complaint with a local data protection supervisory authority in the country of your residence in case you are of an opinion that the processing of your personal data infringes the GDPR.

 

G.

The Employee confirms that he/she was informed of:

  • his/her rights arising from the Data Protection Act and other relevant legislation
  • the fact that the provision of Personal Data under this consent is on a voluntary basis.

 

H.

Employee may grant his/her consent to take, publish and process his/her photographs or audio and video recording in accordance to the applicable laws via the following platforms (Employee to choose from the below option(s) by ticking the box(es) on the onboarding platform)

  • social networking sites (e.g. LinkedIn, Facebook, Instagram) – the Employee is aware that the processing is governed by the Terms and Conditions of the respective web-site provider
  •  external website (www.deloitte.com) and other websites provided by Deloitte
  • intranet and office plasma TV’s

 

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. Deloitte Central Europe (“Deloitte CE”) refers to the regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited, the member firm of DTTL. DTTL and each of its member firms are legally separate and independent entities. Employer is a subsidiary or affiliated company of Deloitte CE.

2 Note, that the consent does not apply to the following purpose: support and promote services provided by the Employer and Deloitte CE Affiliates to their clients, in this case the legal basis of processing is employment contract between Employee and Employer (part of the respective job description e.g. client-facing documentation i.e. proposals, offers, entrance and security cards/badges etc.).

3 Note, that the consent does not apply to the following purpose: support and promote services provided by the Employer and Deloitte CE Affiliates to their clients, in this case the legal basis of processing is employment contract between Employee and Employer (part of the respective job description e.g. client-facing documentation i.e. proposals, offers, entrance and security cards/badges etc.).

OBVESTILO O OBDELAVI OSEBNIH PODATKOV

 

To obvestilo vam posreduje ena izmed naslednji Deloittovih družb:

  • Deloitte svetovanje d.o.o., Dunajska cesta 165, 1000 Ljubljana,
  • Deloitte revizija d.o.o., Dunajska cesta 165, 1000 Ljubljana

(v nadaljevanju „delodajalec“)

 

V skladu z vsakokrat veljavnim Zakonom o varstvu osebnih podatkov, skupaj s spremembami in dopolnitvami in Uredbo (EU) 2016/679 Evropskega parlamenta in Sveta z dne 27. aprila 2016 o varstvu posameznikov pri obdelavi osebnih podatkov in o prostem pretoku takih podatkov ter o razveljavitvi Direktive 95/46/ES (Splošna uredba o varstvu podatkov) (skupaj v nadaljevanju „Zakon o osebnih podatkih“) zaposleni potrdi, da njegove osebne podatke obdeluje delodajalec v vlogi upravljavca podatkov. Obdelava poteka v skladu s pogodbo o zaposlitvi med zaposlenim in delodajalcem v povezavi z delom, ki ga zaposleni opravlja za delodajalca, in zajema tudi namene uporabe informacijskih sistemov delodajalca ter skladnost z notranjimi pravili podjetij članic združenja DTTL ter njegovih odvisnih in pridruženih družb.

 

A.

Opredelitve:

(Spodnje opredelitve služijo izključno za namene nomenklature in v določenih primerih ne določajo obstoja delovnega razmerja v skladu z vsakokrat veljavnim Zakonom o delovnih razmerjih, skupaj s spremembami in dopolnitvami (v nadaljevanju „Zakona o delovnih razmerjih“.)

  • Upravljavec podatkov“ pomeni fizično ali pravno osebo, javni organ, agencijo ali drug organ, ki sam ali skupaj z drugimi določa namene in sredstva za obdelavo osebnih podatkov. Upravljavec osebnih podatkov zaposlenega je njegov delodajalec/pridružena družba Deloitte CE.
  • Zaposleni“ pomeni vsako osebo v delovnem ali podobnem razmerju (pogodba o delu) ali drugem pogodbenem razmerju z delodajalcem, vključno z zakonitimi zastopniki, pooblaščenci, strokovnimi svetovalci in drugimi strokovnjaki delodajalca.
  • Zaposlitev“ v okviru tega soglasja vključuje tudi podobna delovna razmerja ali druga pogodbena razmerja posameznikov, ki delujejo za delodajalca, kadar je to ustrezno.
  • Pogodba o zaposlitvi“ v okviru tega soglasja pomeni pogodbo, ki ureja zaposlitev, kot je opredeljena zgoraj.
  • Osebni podatki“ pomenijo vse podatke, ki se nanašajo na določeno ali določljivo fizično osebo; določljiva fizična oseba je tista, ki jo je mogoče neposredno ali posredno identificirati, zlasti z označevalci, kot so ime, identifikacijska številka, podatki o lokaciji, spletni identifikator oz. eden ali več dejavnikov, značilnih za fizično, fiziološko, genetsko, duševno, ekonomsko, kulturno oz. družbeno identiteto te fizične osebe.
  • Obdelovalec“ pomeni fizično ali pravno osebo, javni organ, agencijo ali drug organ, ki obdeluje osebne podatke v imenu upravljavca podatkov.
  • Prejemnik“ pomeni fizično ali pravno osebo, javni organ, agencijo ali drug organ, ki se mu osebni podatki posredujejo. Prejemniki osebnih podatkov zaposlenega so lahko npr. upravljavčevi zaposleni, obdelovalci podatkov in obdelovalčevi zaposleni. Javni organi, ki lahko v skladu z zakonom prejmejo osebne podatke v okviru določene poizvedbe, se ne štejejo za prejemnike.

 

B.

Obseg obdelave:

Delodajalec obdeluje osebne podatke zaposlenega v naslednjem obsegu:

  • osebne podatke v obsegu, kot to določa veljavna zakonodaja (Zakon o delovnih razmerjih in Zakon o evidencah na področju dela in socialne varnosti ter druga zakonodaja v povezavi z zaposlitvijo);
  • osebne podatke, ki jih je zaposleni posredoval delodajalcu pred sklenitvijo delovnega razmerja;
  • osebne podatke v zvezi s poklicnimi kvalifikacijami in izkušnjami zaposlenega;
  • druge osebne podatke zaposlenega, ki se nanašajo na njegovo zaposlitev pri delodajalcu in na njegovo izpolnjevanje obveznosti v okviru delovnega razmerja (na primer: podatki o upravljanju uspešnosti, podatki o usposabljanju in udeleževanju e-učenj, seznami telefonskih klicev itd.); in
  • fotografije, video ter zvočne posnetke zaposlenega.

 

C.

Namen obdelave osebnih podatkov s strani delodajalca:

Namen obdelave osebnih podatkov je, da delodajalec uveljavlja svoje pravice in izpolnjuje svoje obveznosti v skladu z Zakonom o delovnih razmerjih, pogodbo o zaposlitvi in ​​drugo veljavno zakonodajo, zlasti glede vzdrževanja postopkov kadrovske politike ter plačilnih list, glede dejanj, povezanih s tem, kako uspešno zaposleni izpolnjuje svoje obveznosti v okviru zaposlitve, glede usposabljanja in izobraževanja zaposlenega, glede ugodnosti in glede ponujanja ter zagotavljanja delodajalčevih storitev strankam, kot je podrobneje opredeljeno v spodnjem odstavku.

Delodajalec je tudi upravičen do obdelave osebnih podatkov z namenom spremljanja skladnosti zaposlenih z ustreznimi politikami delodajalca v zvezi z varnostjo naprav in elektronskega sistema delodajalca. Obdelava v tem obsegu temelji na zakonitem interesu delodajalca, da zagotovi svojo poslovno kontinuiteto in zaščito svojih gospodarskih, poslovnih in finančnih interesov ter zlasti skladnost s pravili o zaupnosti. To med drugim vključuje preprečevanje in odpravo tehničnih težav, preprečevanje in zatiranje dejavnosti, ki so namerno nezakonite, v nasprotju z javnim redom ali ki namerno štejejo pravice in dostojanstvo katere koli tretje osebe, preprečevanje in zatiranje kakršne koli kršitve pravic intelektualne lastnine ter zaupnosti in celovitosti podatkov delodajalca – varnosti in dobrega tehničnega delovanja njegovih sistemov ter stroškov, povezanih z tem, ter materialne zaščite vseh sredstev delodajalca.

 

D

Delodajalec ima pravico posredovati osebne podatke zaposlenega naslednjim prejemnikom, ki so delodajalčevi obdelovalci podatkov, ki v delodajalčevem imenu obdelujejo osebne podatke v skladu s pogoji in v obsegu, kot jih določa pisni dogovor z delodajalcem v obliki pooblastila ali pogodbe. Namen obdelave so zlasti evidence o zaposlenem v kadrovskih sistemih in obdelava teh kadrovskih evidenc ter evidenc o izplačanih plačah, zagotavljanje bonitet zaposlenemu in tudi zagotavljanje storitev IS, arhiviranje dokumentov, e-poštne storitve in druge storitve gostiteljskih aplikacij; obseg obdelave pa je takšen, kot je potreben za uveljavljanje pravic oz. izpolnjevanje obveznosti, ki izhajajo iz delovnega razmerja med zaposlenim in delodajalcem ali po dogovoru med zaposlenim in delodajalcem pa tudi za spremljanje skladnosti dela zaposlenih z ustreznimi politikami delodajalca v zvezi z varnostjo naprav in sistema delodajalca, ki temeljijo na zakonitem interesu delodajalca za zagotavljanje kontinuitete poslovanja in varstva gospodarskih, poslovnih in finančnih interesov ter zlasti skladnosti s pravili o zaupnosti.

 

Seznam delodajalčevih obdelovalcev podatkov v okviru Deloitte CE je objavljen in dostopen tukaj:

https://resources.deloitte.com/sites/centraleurope/CE%20Policies/1600%20Security/1611%20Data%20Processors%20-%20Regional/1611.01%20List%20of%20Employee%20Personal%20Data%20Processors.pdf

 

Seznam lokalnih obdelovalcev podatkov delodajalca je objavljen in dostopen tukaj:

https://resources.deloitte.com/sites/centraleurope/Pages/CE-Policies.aspx?RootFolder=%2Fsites%2Fcentraleurope%2FCE%20Policies%2F1600%20Security%2F1612%20Data%20Processors%20%2D%20Local&FolderCTID=0x01200036B21D48CCFE694A8A956D23555F7F02&View={18EC9E21-8952-4FBB-853E-20D63819E4D9}

 

Natisnjene različice zgoraj navedenih seznamov so dostopne pri lokalnem kadrovskem oddelku in so zaposlenemu na voljo na zahtevo.

Osebni podatki zaposlenega se lahko razkrijejo tudi pristojnim oblastem, kot to dovoljujejo veljavni zakoni.

Zaposleni je s tem dokumentom obveščen, da lahko delodajalec posreduje njegove osebne podatke za namene, navedene zgoraj, družbi Deloitte CE in družbam članicam DTTL ter njihovim odvisnim in pridruženim družbam v času trajanja delovnega razmerja, tudi v države izven ozemlja EU, ki ne zagotavljajo vedno enake ravni varstva, kot jo zahteva zakonodaja EU. Takšni prenosi v države izven EU, bodisi obdelovalcu (kot so navedeni na seznamu delodajalčevih obdelovalcev podatkov znotraj Deloitte CE) ali upravljavcu, temeljijo na standardnih pogodbenih klavzulah, ki jih je odobrila EU. V posebnih primerih, kot sta npr. program mobilnosti ali zagotavljanje čezmejnega sodelovanja, se lahko osebni podatki zaposlenih prenesejo na prejemnika izven EU, pri čemer je ta prejemnik odgovoren za upoštevanje lokalne zakonodaje pri obdelavi osebnih podatkov.

 

E.

Podatki se bodo obdelovali, dokler ni izpolnjen namen njihove obdelave oz. kot to zahteva veljavna zakonodaja. Delodajalec ima pravico obdelovati osebne podatke zaposlenega za obdobje treh mesecev po prenehanju delovnega razmerja oz. v skladu z zahtevami veljavne zakonodaje. Po preteku tega obdobja se bodo osebni podatki o zaposlenem anonimizirali ali trajno izbrisali.

Zaposleni je odgovoren za točnost in posodobitev osebnih podatkov, ki jih je posredoval delodajalcu. Zaposleni se zavezuje, da bo delodajalca brez kakršnihkoli nepotrebnih zamud obveščal o vseh spremembah posredovanih osebnih podatkov.

 

F.

Zaposleni je med trajanjem in po prenehanju delovnega razmerja dolžan varovati zaupnost osebnih podatkov delodajalčevih zaposlenih, strank, zunanjih dobaviteljev in drugih fizičnih oseb, s katerimi se je zaposleni srečal v času trajanja zaposlitve, ki se obdelujejo v povezavi z njegovimi delovnimi obveznostmi pri delodajalcu; osebnih podatkov teh oseb ne sme uporabljati za osebne namene in jih ne sme objavljati niti omogočati dostopa do njih brez delodajalčevega soglasja ali soglasja pristojne fizične osebe. Druge obveznosti zaposlenega v zvezi z delom z osebnimi podatki so opredeljene z notranjimi pravili in ureditvami, o katerih je bil zaposleni obveščen in za katere se zaveže, da bo ravnal v skladu z njimi.

 

G.

Delodajalec mora vzpostaviti tehnična, fizična, administrativna in postopkovna varovala, ki bodo v celoti v skladu s standardi, sprejetimi v industriji, za namene varovanja obdelanih osebnih podatkov in zagotavljana njihove zaupnosti, celovitosti in dostopnosti, za namene preprečevanja nepooblaščene uporabe osebnih podatkov ali nedovoljenega dostopa do njih oz. preprečevanja kršitev varstva osebnih podatkov (varnostnega incidenta) v skladu z Deloittovimi navodili in politikami ter veljavno zakonodajo. Deloitte je nosilec certifikata ISO 27001 certification – splošno priznanega globalnega informacijskega standarda:

 

H.

Pravice posameznika, na katerega se podatki nanašajo

Zaposleni, na katerega se osebni podatki nanašajo, ima pravico:

  • do dostopa do svojih osebnih podatkov,
  • do njihovega popravka,
  • do izbrisa,
  • do omejitve obdelave
  • ugovora njihovi obdelavi ter do prenosljivosti svojih osebnih podatkov.

 

Zaposleni lahko ugovarja obdelavi osebnih podatkov (v določenih primerih kot so določeni v GDPR) in do pravice po prenosljivosti svojih podatkov.

Vse pravice, opisane tukaj, je mogoče uveljavljati s pisnim obvestilom, ki se ga pošlje lokalnemu kadrovskemu oddelku na naslov cesi@deloittece.com, pisno preko pošte na naslov Deloitte svetovanje d.o.o./Deloitte revizija d.o.o.,Duajska cesta 165, 1000 Ljubljana ali na naslov CEprivacy@deloitte.com.

Zaposleni ima prav tako pravico vložiti pritožbo pri pristojnemu nadzornem organu za varstvo podatkov v državi svojega prebivališča.

Za več informacij o pravicah zaposlenih prosim preberite sledečo politiko: 1604.03 Data Subjects’ Rights

Execution policy, ki je na voljo tukaj.

Zaposleni potrjuje, da je seznanjen:

  • s svojimi pravicami, ki izhajajo iz Zakona o osebnih podatkih in druge veljavne zakonodaje;
  • z dejstvom, da je zagotovitev osebnih podatkov, ki jih obravnava to obvestilo, obvezna.

 

 

 

SOGLASJE ZAPOSLENEGA1 Z OBDELAVO OSEBNIH PODATKOV

 

To soglasje je podanoeni izmed naslednji družb Deloitte2 :

  • Deloitte svetovanje d.o.o., Dunajska cesta 165, 1000 Ljubljana;
  • Deloitte revizija d.o.o., Dunajska cesta 165, 1000 Ljubljana.

(v nadaljevanju „delodajalec“)

 

A.

Opredelitve:

(Spodnje opredelitve služijo le za namene nomenklature in v določenih primerih ne določajo obstoja delovnega razmerja v skladu z vsakokrat veljavnim Zakonom o delovnih razmerjih, s spremembami in dopolnitvami (v nadaljevanju: „Zakona o delovnih razmerjih“)

  • Upravljavec podatkov“ pomeni fizično ali pravno osebo, javni organ, agencijo ali drug organ, ki sam ali skupaj z drugimi določa namene in sredstva za obdelavo osebnih podatkov. Upravljavec osebnih podatkov zaposlenega je njegov delodajalec/pridružena družba Deloitte CE.
  • Zaposleni“ pomeni vsako osebo v delovnem ali podobnem razmerju (pogodba o delu) ali drugem pogodbenem razmerju z delodajalcem, vključno z zakonitimi zastopniki, pooblaščenci, strokovnimi svetovalci in drugimi strokovnjaki delodajalca.
  • Zaposlitev“ v okviru tega soglasja vključuje tudi podobna delovna razmerja ali druga pogodbena razmerja posameznikov, ki delujejo za delodajalca, kadar je to ustrezno.
  • Pogodba o zaposlitvi“ v okviru tega soglasja pomeni pogodbo, ki ureja zaposlitev, kot je opredeljena zgoraj.
  • Osebni podatki“ pomenijo vse podatke, ki se nanašajo na določeno ali določljivo fizično osebo; določljiva fizična oseba je tista, ki jo je mogoče neposredno ali posredno identificirati, zlasti s pomočjo označevalcev, kot so ime, identifikacijska številka, podatki o lokaciji, spletni identifikator ali eden ali več dejavnikov, značilnih za fizično, fiziološko, genetsko, duševno, ekonomsko, kulturno oziroma družbeno identiteto te fizične osebe.
  • Obdelovalec“ pomeni fizično ali pravno osebo, javni organ, agencijo ali drug organ, ki obdeluje osebne podatke v imenu upravljavca podatkov.
  • Prejemnik“ pomeni fizično ali pravno osebo, javni organ, agencijo ali drug organ, ki se mu osebni podatki posredujejo. Prejemniki osebnih podatkov zaposlenega so lahko npr. upravljavčevi zaposleni, obdelovalci in obdelovalčevi zaposleni. Javni organi, ki lahko v skladu z zakonom prejmejo osebne podatke v okviru določene poizvedbe, se ne štejejo za prejemnike.

 

B.

V skladu z vsakokrat veljavnim Zakonom o varstvu osebnih podatkov, s spremembami in dopolnitvami (v nadaljevanju: „Zakon o osebnih podatkih“) zaposleni podaja soglasje, da delodajalec obdeluje njegove osebne podatke v vlogi upravljavca podatkov. To soglasje se prostovoljno poda v zvezi s podatki, ki jih je zaposleni posredoval delodajalcu v obdobju trajanja zaposlitve pri delodajalcu, in sicer za naslednji namen: obveščanje javnosti o različnih dejavnostih, ki sta jih izvajala, organizirala ali podprla delodajalec in Deloitte (razen tistih dejavnosti, ki so potrebne za opravljanje nalog zaposlenega v opisu njegovega delovnega mesta), zlasti za fotografiranje in ustvarjanje zvočnih ter video posnetkov zaposlenega in za objavo ter obdelavo teh fotografij in video posnetkov.

 

C.

Če zaposleni soglaša s objavo svojih fotografij ali zvočnih in video posnetkov na družbenih omrežjih, potrjuje, da obdelavo takšnih podatkov urejajo določila in pogoji ponudnika teh omrežij.

 

D.

Zaposleni delodajalcu poda soglasje za obdobje, dokler ni izpolnjen namen obdelave osebnih podatkov, vendar ne za dlje od trajanja delovnega razmerja oz. do preklica soglasja po spodaj navedenih navodilih. Po preteku tega obdobja bodo osebni podatki zaposlenega anonimizirani ali trajno izbrisani.

 

E.

Delodajalec mora vzpostaviti tehnična, fizična, administrativna in postopkovna varovala, ki bodo v celoti v skladu s standardi, sprejetimi v industriji, za namene varovanja obdelanih osebnih podatkov in zagotavljana njihove zaupnosti, celovitosti in dostopnosti, za namene preprečevanja nepooblaščene uporabe osebnih podatkov ali nedovoljenega dostopa do njih oz. preprečevanja kršitev varstva osebnih podatkov (varnostnega incidenta) v skladu z navodili Deloitte CE, politikami in veljavno zakonodajo. Deloitte CE je nosilec certifikata ISO 27001– splošno priznanega globalnega informacijskega standarda:

 

F.

Pravice posameznika, na katerega se podatki nanašajo

Zaposleni, na katerega se osebni podatki nanašajo, ima pravico, da kadarkoli prekliče svoje soglasje brez škode, da zahteva dostop do svojih osebnih podatkov, njihov popravek, izbris ali omejitev obdelave, in pravice do ugovora njihovi obdelavi ter do prenosljivosti podatkov v primerih, kjer obdelava temelji na soglasju. Vse pravice, opisane tukaj, je mogoče uveljavljati s pisnim obvestilom, ki se ga pošlje lokalnemu kadrovskemu oddelku ali na naslov CEprivacy@deloitte.com.

Zaposleni ima prav tako pravico vložitvi pritožbo pri pristojnemu nadzornemu organu za varstvo podatkov v državi svojega prebivališča.

 

G.

Zaposleni potrjuje, da je seznanjen:

  • s svojimi pravicami, ki izhajajo iz Zakona o osebnih podatkih in druge veljavne zakonodaje;
  • z dejstvom, da je zagotavljanje osebnih podatkov, ki jih obravnavana to soglasje, prostovoljno.

 

H.

Zaposleni podaja soglasje, da se ga fotografira in da se ustvarja njegove zvočne ter video posnetke ter da se te fotografije in posnetki objavijo in obdelujejo v skladu z veljavno zakonodajo na naslednjih platformah (zaposleni ročno označi polje/polja, s katerimi soglaša na onboarding platformi):

  • družbena omrežja (npr. LinkedIn, Facebook, Instagram) – zaposleni se zaveda, da obdelavo urejajo določila in pogoji ponudnika zadevne spletne strani,
  • zunanja spletna stran (www.deloitte.com) in druge spletne strani, ki jih zagotavlja Deloitte,
  • intranet.

 

 

1 Upoštevajte, da soglasje ne velja za naslednji namen: podpora in spodbujanje storitev, ki jih delodajalec in deloitte CE zagotavljajo svojim strankam, v tem primeru je pravna podlaga za obdelavo pogodba o zaposlitvi med zaposlenim in delodajalcem (del ustreznega opisa delovnega mesta, npr. dokumentacija, s katerimi se soočajo stranke, npr. predlogi, ponudbe, vhodne in varnostne kartice/značke itd.).

2 Ime Deloitte se nanaša na Deloitte Touche Tohmatsu Limited, pravno osebo, ustanovljeno v skladu z zakonodajo Združenega kraljestva Velike Britanije in Severne Irske (v izvirniku „UK private company limited by guarantee“), in mrežo njenih članic ter njihovih povezanih družb. Deloitte Central Europe („Deloitte CE“) se nanaša na regionalno organizacijo družb, ki so organizirane pod okriljem družbe Deloitte Central Europe Holdings Limited, članice združenja DTTL. DTTL in njene družbe članice predstavljajo ločene in samostojne pravne osebe.