This Privacy Statement explains what personal information we may gather about you when we provide our clients with services and how this personal information may be used and shared. This Privacy Statement also sets out your rights in relation to your personal information and tells you who you can contact if you have questions.
This Privacy Statement is divided into the sections listed below. If you receive it in electronic form then you can click on the links below to navigate to the relevant topic:
As used in this Privacy Statement, the “Deloitte Network” refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. Deloitte AG and Deloitte Consulting AG are companies registered in Switzerland with registered numbers CHE-101.377.666 and CHE-106.114.341 respectively, with registered office as Pfingstweidstrasse 11, 8005 Zurich, Switzerland. Deloitte AG and Deloitte Consulting AG are affiliates of Deloitte NWE LLP, a member firm of the DTTL. Please see www.deloitte.com/ch/en/about for a detailed description of the legal structure of DTTL and its member firms.
This Privacy Statement applies to the Audit part of Deloitte AG and Deloitte Consulting AG (also referred to as “Deloitte”, “we”, “us”, and “our”) business and sets out how we will process your personal information. This business carries out external audits and external assurance engagements, in many cases because of a legal requirement, as well as related services and giving of advice.
In most circumstances when providing our services in Audit we will be acting as a Data Controller, and this Privacy Statement sets out how we will process your personal information when providing these services.
Your personal information will be protected and handled with utmost consideration for its confidentiality and your privacy.
This Privacy Statement contains additional details about when we may share your personal information with other members of the Deloitte Network and other third parties (for example, our service providers).
In this Privacy Statement, we refer to handling, collecting, protecting and storing your personal information as "processing".
Deloitte may collect personal information relating to you such as:
Deloitte may also need to process personal information about you that may be considered sensitive or a special category (for example about your health or ethnic origin) that we require to be able to provide the services or that may become apparent to us based on the personal information that we receive.
Deloitte may collect personal information about you in different ways, for example:
This personal information can be received in any manner, including in-person discussions, telephone conversations, and electronic or other written communications.
Without access to all the personal information that we need, we may be unable to provide or complete the services for our client.
Where another person (a company or a partnership, e.g. your employer or any third parties acting on your or their behalf) provides your personal information to us, they must also comply with their obligations under the relevant privacy laws and regulations.
If any personal information which you provide to us relates to any third party, then by providing us with their personal information you confirm that you have obtained any necessary permissions from those persons to the reasonable use of their personal information in the way set out in this Privacy Statement, or you are otherwise permitted to give us this personal information. You should share a copy of this Privacy Statement with those other individuals when disclosing any personal information about them to us.
Deloitte collects personal information about you to:
We may also use your personal information for the purposes of, or in connection with:
We are required by law to set out in this Privacy Statement the legal grounds upon which we rely in order to process your personal information.
We may use your personal information for the purposes outlined above because:
(a) we are subject to legal or regulatory obligations. This is the most common ground for external audits and external assurance. For example, it is a legal obligation for most companies to have an external audit, which involves them passing data to an independent external auditor. There may be other legal obligations, for example, the rules around client money held by financial institutions requires those institutions to have someone independent check it is being handled properly. In addition, we may need to provide information to a public body or law enforcement agency; or
(b) we have a legitimate interest in processing your personal information, which may be to:
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that data; (ii) we are required by law to process that data in order to ensure we meet our 'know your client' and 'anti-money laundering' obligations (or other legal obligations imposed on us); (iii) the processing is necessary to carry out our obligations under employment, social security or social protection law; (iv) the processing is necessary for the establishment, exercise or defence of legal claims; (v) you have made the data manifestly public; or (vi) the processing is necessary for reasons of substantial public interest.
In connection with one or more of the purposes outlined in the “How do we use information about you?” section above, we may disclose your personal information to:
Please note that some of the recipients of your personal information referred to above may be based in countries or regions without data protection rules similar to those in effect in your area of residence. In such cases, adequate safeguards will be in place to protect your personal information. Such adequate safeguards might include a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to those countries.
For further details about the transfers described above and the adequate safeguards used by Deloitte with respect to such transfers, please contact us using the details below.
We have in place reasonable commercial standards of technology and operational security to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration or destruction. Only authorised personnel, with appropriate awareness of privacy and security obligations, are provided access to personal information.
We retain personal information as long as is necessary to fulfil the purposes identified in the “How do we use information about you?” section above or as otherwise necessary to comply with applicable laws, professional standards, or as long as the period in which litigation or investigations might arise in respect of our services to our client.
We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and other electronic methods, about similar products and services (including those of third parties) which may be of interest to you.
You may, at any time, request that we and/or other members of the Deloitte Network do not send such information to you by one, some or all channels, by following the opt-out instructions in communications from us or writing to us.
You have various rights in relation to your personal information. In particular, you have a right to:
Any request for access to or a copy of your personal information must be in writing and we will endeavour to respond within a reasonable period and in any event within the period required by applicable data protection legislation. We will comply with our legal obligations as regards your rights as a data subject.
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Statement, we will amend the revision date at the top of this page and the modified or amended privacy statement shall apply to you and your personal information as of that revision date. We encourage you to review the Privacy Statement on our website periodically to be informed about how we are protecting your personal information.
If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about privacy issues, or you wish to raise a complaint about how we are using your information you can contact us in the following ways: