Deloitte Services Wirtschaftsprüfungs GmbH operates the website www.deloitte.at on behalf of itself and the other Austrian Deloitte entities listed in the legal notice (hereinafter also referred to as “Deloitte Austria,” “we,” “us,” or “our”). The website serves to present and promote the service offerings of Deloitte Austria and to facilitate contact with Deloitte Austria.

This Privacy Notice informs you about the processing of personal data collected during your visit to the website (i.e., any information that relates to you directly or indirectly, such as your name, address, etc.).

Protecting your privacy and personal data is a key concern for Deloitte Austria, and we take this into account at all times. Accordingly, we treat your personal data confidentially and in accordance with applicable data protection laws, in particular the General Data Protection Regulation (“GDPR”), the Austrian Data Protection Act (“DSG”), the Telecommunications Act 2021 (“TKG 2021”), and our privacy notices.

Deloitte.com includes various individual global, country-specific, regional, and service-specific websites. Each of these sites is operated by Deloitte Touche Tohmatsu Limited (“DTTL”) or a member firm (the “Deloitte Network”). These individual websites are identified in the upper right corner of each page.

This Privacy Notice applies to the specific deloitte.com website identified by “AT-DE” in the upper right corner as Deloitte Austria (hereinafter referred to as “this website”). Deloitte Austria, as a DTTL member firm in Austria (also referred to as “we,” “us,” or “our”), is aware of the importance of data protection. We are the entity within the Deloitte Network that provides this website, and this Privacy Notice explains how we protect the information collected from visitors to this website.

Please note that other country-specific, regional, and service-specific websites within deloitte.com are provided by other entities within the Deloitte Network and not by us. Such websites, as well as other websites that may be linked from this website, are not subject to this Privacy Notice.

We encourage visitors to review the privacy notices of those other websites before submitting any personal information.

This Privacy Notice also applies, by analogy, to other websites and processing activities that explicitly refer to this Privacy Notice, as well as to general inquiries and contact requests, including those made via email.

Controller of Data Processing
The controller responsible for the data processing described in this privacy policy is:

Deloitte Services Wirtschaftsprüfungs GmbH
Renngasse 1/Freyung
1010 Vienna, Austria
Phone: +43 (1) 537 00-0
Fax: +43 (1) 537 00-1000
Email: office@deloitte.at

Data Protection Officer:
Mag. Sascha Jung, LL.M. LL.M.
Phone: +43 1-537 00-0
Email: privacy@deloitte.at

If you have any questions regarding this privacy policy, please contact us via the contact form or directly reach out to our Data Protection Officer. Alternatively, you can write to us at the address provided above.

When you use our website purely for informational purposes—i.e., if you do not register or otherwise transmit information to us—we only collect the personal data that your browser automatically transmits to the server we use. When you access our website, we collect the following data, which is technically necessary for us to display the website and to ensure its stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software

This data is processed based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, namely to optimize this website in terms of system performance, user-friendliness, and the provision of useful information about our services, as well as to enhance the security and stability of the website and to detect and pursue attacks or misuse.

This data is not merged with data from other sources, nor is it shared with third parties (except with competent authorities, legal representatives, and insurers in the event of misuse of the website).

The data is stored only for as long as necessary to achieve the stated purposes.

If you voluntarily provide personal data for specific purposes in designated areas of this website (such as your name, inquiry text, job title, current employer, email address, telephone and fax number) as part of a request for information or contact, including through postings in blogs, forums, wikis, and other social media applications and services, we will process this data for the respective intended purpose.

When you contact us via email or through a contact form, including for participation in an event or survey, the data you provide will be stored by us in order to process your inquiry.

The legal basis for this processing is the performance of our (pre-)contractual obligations towards you (Art. 6(1)(b) GDPR). Additionally, both you and we have a legitimate interest in communicating with you based on your inquiry (Art. 6(1)(f) GDPR).

As a general rule, we do not request special categories of personal data—such as data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sexual orientation (also known as sensitive data). If such data is exceptionally required, we will ask for your explicit consent to process it. In such cases, the legal basis for processing is your consent pursuant to Art. 9(2)(a) GDPR.

We delete the data collected in this context once storage is no longer necessary, or restrict processing if statutory retention obligations apply. Data from contact forms or other communication channels will be deleted in cases of general communication once the conversation with you is concluded. A conversation is considered concluded when it can be inferred from the circumstances that the relevant matter or inquiry has been fully resolved.

If the communication with you results in a (potential) business relationship or another necessity, the data will be further processed for those purposes. Further information on such subsequent processing can be found in the specific privacy notices referenced under Section 1.

If you have provided your consent during the collection of your data, Deloitte Austria will process your personal data (salutation, first name, last name, academic title, company affiliation, company address, department/area, position, email address) for marketing purposes. This specifically includes the sending of promotional materials or communications regarding services offered by us or other members of the Deloitte Network that may be of interest to you, as well as contacting you to obtain feedback on services offered within the Deloitte Network or for market or other research purposes.

By giving your consent, you agree to the processing of your data for the aforementioned purposes and to the receipt of promotional communications and other contact in accordance with Article 6(1)(a) GDPR and Section 174 of the Telecommunications Act 2021 (TKG 2021).

If you are in an ongoing business relationship with Deloitte Services Wirtschaftsprüfungs GmbH or one of the affiliated Deloitte entities listed in the legal notice, the respective entity may also send promotional newsletters regarding Deloitte Austria’s service offerings to the email address you have provided, based on and in compliance with the provisions of Section 174(4) and (5) TKG 2021. The legal basis for this data processing is our legitimate interest in maintaining customer relationships pursuant to Article 6(1)(f) GDPR.

To make our email communications as helpful and relevant as possible, we use tracking technologies that allow us to determine whether you have opened, read, or forwarded the emails we send, and specifically which links you have clicked within the email. We use the evaluated data to send you tailored offers via email, phone, or postal mail that match your interests. If you do not wish to allow this, please do not subscribe to email communications or unsubscribe accordingly. Unfortunately, in such cases, we are unable to continue email communications, as we cannot provide this service without the use of tracking technology.

Registered recipients of our mailings can update their preferred communication method at any time by notifying us accordingly. You may also unsubscribe at any time by following the instructions provided in each mailing.

Regardless of whether your personal data is processed for the receipt of promotional communications based on your consent or an ongoing business relationship (Section 174 TKG 2021), you may unsubscribe from the newsletter at any time and without providing reasons via the option indicated in the respective communication (e.g., unsubscribe link), or by email or postal mail to the contact details listed under Section 1. If the communication is sent by one of the affiliated Deloitte entities mentioned above, you may also contact that entity directly. The lawfulness of the processing carried out prior to your unsubscription remains unaffected.

This website may host or provide access to various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (“Social Media Applications”). Any personal data or other information you contribute to Social Media Applications may be read, collected, and used by other users of these applications, over whom we have little or no control. Therefore, we are not responsible for any misuse or misappropriation of personal or other information you contribute to a Social Media Application by another user.

For more information on how we use Social Media Applications and how you can manage your preferences, please refer to our Cookie Notice.

In addition to the data mentioned above, cookies are stored on your device when you use this website. These cookies collect and store information about you and your usage behavior to provide you with tailored and relevant content based on your individual needs.

Cookies are small text files placed on your computer or other internet-enabled devices by a website server. Your web browser sends these cookies back to the website each time you visit, allowing us to recognize you and store information about your preferences. For more information about cookies and how they work, please visit: http://www.aboutcookies.org/.

Some of the cookies we use are essential to enable navigation on our website and the use of certain features, such as access to secure areas and content for registered users, as well as to improve performance (“Strictly Necessary Cookies”). These cookies are generally deleted when you close your browser.

We also use functional cookies to store information about your selected settings and to tailor our website to your individual needs—for example, language and region selection or information indicating that you have already participated in a specific survey (“Functional Cookies”). This information is anonymized and used solely for the purposes described here. These cookies are generally deleted when you close your browser.

Analytics and performance cookies help us understand how many individual visitors access our website and how often. This data is collected solely for statistical purposes and is not used to personally identify users. If you have registered and logged in on our website, we may link this information with data provided by our analytics services and analytics/performance cookies. This helps us better understand your usage behavior on our website. These cookies are not deleted when you close your browser but remain stored and are automatically deleted after a certain period following your last visit.

Advertising and targeting cookies may be set by our advertising partners through our website. These partners may use them to build a profile of your interests and show you relevant advertisements on other websites.

We also use web beacons—electronic images that allow our website to count visitors to specific pages and access certain cookies.

For more information on how we use cookies and other tracking technologies, and how you can manage them, please refer to our Cookie Notice and Cookie Settings.

The processing of cookie data related to strictly necessary cookies is based on our legitimate interest pursuant to Article 6(1)(f) GDPR, namely to ensure the functionality and security of this website.

The processing of other cookies is based on your consent, which you provide via the cookie settings at the beginning of your visit to this website. You can adjust your consent at any time via the cookie settings and withdraw it with future effect.

You can also manage and control the use of cookies independently at any time. However, disabling or deleting cookies already stored on your device may limit your ability to access and use certain parts of the website. Your browser settings usually allow you to view which cookies are stored, delete individual cookies, or disable cookies from selected or all websites. Deleting all cookies will also delete all preference settings, including any opt-out cookies you may have set. Web beacons cannot be removed or blocked, as they are part of the website content and do not store information on your device.

However, disabling cookies will prevent web beacons from tracking your usage behavior, as web beacons function in conjunction with cookies. In such cases, the web beacon will only record an anonymous visit. For more information on how to disable or filter cookies via your browser settings, please visit: http://www.aboutcookies.org/.

In addition to the services mentioned in the Cookie Notice and Cookie Settings, the following technologies are also used:

Google Ads Lead Forms

Lead forms are advertisements placed on social networks, search engines, and external websites that allow contact forms to be embedded directly into online ads. Google Ads Lead Forms is a service provided by Google Inc. (“Google”). We use this service to promote our offerings in Google Search and through advertising on external websites (ad delivery), thereby increasing our online advertising reach and enabling us to connect with interested parties via contact forms.

If you voluntarily enter data (contact details, employer information, expressions of interest in our specific services) into these contact forms and consent to being contacted, Google will electronically transmit this data to us. We then use this data to get in touch with you. For more information on how Google processes data, please visit: https://policies.google.com/privacy#infocollect

Please note that under the U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws, U.S. telecommunications and internet service providers may be required to disclose data to U.S. authorities without a court order, which may result in surveillance of users abroad (e.g., in the EU). The U.S. does not offer a level of fundamental rights protection comparable to the European right to privacy. As a U.S.-based company, Google is subject to these legal provisions.

In addition to the recipients mentioned in the context of specific processing purposes, your personal data is disclosed as described below.

To provide you with the best possible service, we share data within Deloitte Austria where necessary to pursue our legitimate interests, provided that your interests or fundamental rights and freedoms do not override ours. Within Deloitte Austria, only those entities or individuals who require access to your data to fulfill their responsibilities, pursue our legitimate interests, or meet contractual and legal obligations—such as the relevant Deloitte entity responsible for responding to your inquiry—will have access to your data.

We may exceptionally disclose personal data to courts, regulatory authorities, tax authorities, and other public bodies if required by law or legal obligations (e.g., for public safety or criminal prosecution).

Additionally, IT service providers and providers of tools and software solutions (e.g., web designers) who support us in delivering our services generally have access to personal data. In all cases, appropriate data processing agreements have been concluded in accordance with Article 28 GDPR.

Specifically, your personal data is transferred to the following data processor:
Amazon Web Services, Inc. (410 Terry Avenue North, Seattle, WA 98109-5210, USA)

Data transfers to countries outside the EU or EEA (so-called third countries) only occur if necessary to process your request, if legally required (e.g., tax reporting obligations), or if you have given us your consent (e.g., cookies and similar technologies). In all cases, the relevant data protection provisions (particularly Articles 44 et seq. GDPR) are complied with.

Retention Period

In addition to the retention periods mentioned in the context of specific processing purposes, your personal data is processed for as long as necessary to fulfill the purpose for which it was collected. Once the data is no longer required for that purpose, it will be deleted—unless its (temporary) continued processing is necessary for the following reasons:

Legal Retention Obligations
To comply with statutory (corporate and tax-related) retention and documentation obligations under the Austrian Federal Fiscal Code (BAO) and the Austrian Commercial Code (UGB). These retention periods are generally ten years.

Preservation of Evidence
To preserve evidence within the scope of statutory limitation periods. Under the Austrian Civil Code (ABGB), these limitation periods can be up to thirty years, although the standard limitation period is three years.

As a data subject, you generally have the right at any time to obtain information about your processed personal data, its origin and recipients, and the purpose of the data processing. You also have the right to rectification, data portability, restriction of processing, and the blocking or deletion of inaccurate or unlawfully processed data.

You also have the right to object to the processing of your personal data if there are reasons arising from your particular situation. You may object to processing for direct marketing purposes at any time and without providing reasons.

Furthermore, you have the right to withdraw any consent you have given for the processing of your personal data at any time with effect for the future.

Please direct any inquiries regarding the exercise of your rights or any withdrawal of consent to one of the contact points listed under Section 1.

If you believe that the processing of your personal data violates applicable data protection laws or that your data protection rights have been infringed in any other way, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority.

Protection of Minors’ Privacy and Personal Rights

We recognize the importance of protecting the privacy and personal rights of minors in the interactive online environment. Therefore, we would like to point out that this website is not designed to target minors or to collect data from them.

Changes

We may modify or supplement this Privacy Notice and the Cookie Notice at our sole discretion from time to time. If changes are made, we will update the revision date at the top of the page. We recommend reviewing this Privacy Notice regularly to stay informed about how we process your data and which cookies we use. Where necessary, you will be prompted again—e.g., via the cookie settings (cookie banner) or similar technologies—to acknowledge or consent to the changes.