Skip to main content

Deloitte CE – Information on Personal Data Processing in Intela

Last updated: 29 April 2025

This information of Personal Data processing (Privacy Statement)  is provided to you in connection with your use of Intela data exchange platform (Application) and/or in connection with the provision of services that use the Application.

When used  in this Privacy Statement  “Deloitte”, “we”, “us” and “our” refer to a Deloitte CE entity within the Deloitte Network that invited you to use Intela  and/or is involved in the provision of services that use the Application. Deloitte (as Personal Data Controller)  is providing  Tax advisory services either under a direct contract with you or via a contract with another person (such as a company or a partnership or a trustee) who has asked us to provide the services.

As used in this Privacy Statement, the “Deloitte Network” refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms the affiliates of such member firms and their related entities. DTTL and each of its member firms and the affiliates of such member firms are legally separate and independent entities. Please see deloitte.com/about for a detailed description of the legal structure of DTTL and its member firms. “Deloitte Central Europe (Deloitte CE)” is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited, the member firm in Central Europe of DTTL. Services are provided by the subsidiaries and affiliates of Deloitte Central Europe Holdings Limited, which are separate and independent legal entities.

Controller will process Personal Data for (i) the performance of the contract to which you are a party, or if you are not a party to the contract, then (ii) for the legitimate interest of Deloitte in providing the services based on the contract (ii) compliance with legal obligations to which Deloitte is subject to.

Personal Data and other relevant information exchanged in the Application shall be retained for a period of 10 years following the provision of services under the contract or as required by the applicable laws or relevant regulations.

For the purposes indicated above Controller may share Personal data with the following recipients to the extent necessary for the provision of services under the contract: Deloitte CE group of entities:  https://www.deloitte.com/ce/en/about/story/our-markets.html .

Deloitte Advisory & Management Consulting Private Limited Company, Dózsa Gy út 84.C., 1068 Budapest, Hungary
Deloitte CE Business Service Sp. z o.o., Al. Jana Pawla II 22, 00-133 Warsaw, Poland
Deloitte Central Europe Service Centre s.r.o., Karolinská 654/2, 186 00, Prague 8, Czech Republic
Deloitte CZ Services s.r.o., Karolinská 654/2, 186 00 Prague 8, Czech Republic
Digital Resources a.s., Poděbradská 520/24, 190 00 Prague 9, Czech Republic
SI-Consulting Sp. z o.o., Slezna Str. 118, 53-111 Wroclaw, Poland

Deloitte Global Services Limited, Hill House, 1 Little New Street, EC4A 3TR London, United Kingdom
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA

Access rights of Processors are strictly limited to the extent it is only for necessary technical, administrative and help desk support services.

If the transfer of Personal Data across country borders (including the territories outside of the European Union) or access from those territories occur, then it will take place only in the case that the obligations as stipulated by the Data Protection Legislation for such transfers are fulfilled.

Deloitte and its data Processors established technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of all personal data processed; prevent the unauthorized use of or unauthorized access to the personal data or prevent a personal data breach (security incident) in accordance with Deloitte policies and applicable laws. Deloitte is a holder of ISO 27001 certification – widely recognized global information standard.

You may review and/or update the Personal Data provided. Following any changes, you make the Personal Data will be updated or removed, except in a situation where it is not possible due to the services provided or the applicable laws and regulations. You also have your right to request access to your Personal Data and rectification or erasure of your Personal Data (where possible), or a restriction on the processing. You may object to the processing (in certain cases as specified by GDPR), as well as execute your right to data portability. All rights described here can be enforced by sending a written notice to:  CEIntela@deloittece.com

It is also your right to lodge a complaint with a local data protection supervisory authority in the country of your residence in case you are of an opinion that the processing of your personal data infringes the GDPR. If you have any questions on privacy and personal data protection at Deloitte Central Europe, contact CEprivacy@deloittece.com

By uploading Personal Data to the Application:

  • You confirm that you are providing Deloitte with relevant, accurate and up-to-date information and Personal Data.
  • You confirm that you will only furnish Deloitte with the Personal Data of any third person if there exist legitimate grounds based on which you are entitled to disclose such Personal Data of third person and the respective persons are informed about the disclosure and way of processing their personal data as described here-in.

 

“Controller” means a controller or data controller (as defined in the Data Protection Legislation).

“Processor” means a data processor or processor (as defined in the Data Protection Legislation).

“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) national laws implementing the Directive on Privacy and Electronic Communications (2002/58/EC); (b) the GDPR; and (c) any other similar national privacy law.

“GDPR” means the General Data Protection Regulation (EU) (2016/679).

“Personal Data” means any personal data (as defined in the Data Protection Legislation) processed in connection with or as part of the Services.

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed (as further defined in the Data Protection Legislation).