Privacy Notice | Deloitte Talent Community

1. What is the purpose of this Privacy Notice?

Thank you for your interest in exploring career opportunities with Deloitte.

Deloitte Greece is committed to protecting the privacy and security of your personal data. This privacy notice describes the processing of your personal following your registration to the Deloitte Talent Community, in accordance with the applicable Data Protection Legislation^[1] and all the applicable data protection laws and regulations. It provides information on the nature of the
personal data - where personal data means any information relating to an
identified or identifiable natural person (“Data Subject”) - collected by the
Data Controller, the purposes of the processing and indicates your rights in
relation to the data processed and who to contact for further information or tosend any requests. 

[1] Means (a) the General Data Protection Regulation (GDPR); (b) national law 4624/2019, as applicable; (c) national law implementing the Directive on Privacy and Electronic Communications (2002/58/EC);  and (d) any other similar national privacy law.

2. What is the identity and contact details of the Data Controller?

Joint Data Controllers are the Deloitte Greece Entities (hereinafter referred to as “Data Controller” or “we” or “us”), and more specifically:

1. “Deloitte Business Solutions Societe Anonyme of Business Consultants” with the distinctive title “DELOITTE BUSINESS SOLUTIONS S.A.”

2. “Deloitte Certified Public Accountants Societe Anonyme” with the distinctive title “DELOITTE.”

3. “Deloitte Alexander Competence Center Single-Member Societe Anonyme of Business Consultants” with the distinctive title “DACC S.A.”

4. “Koimtzoglou-Bakalis-Venieris-Leventis & Associates Law Partnership” (“KBVL Law Firm”);

Deloitte Business Solutions S.A., Deloitte. and KBVL Law Firm are based in 3a Fragkokklisias & Granikou str., Marousi, Athens, P.O. 151 25. DACC SA is based in Pempti and Triti 6^th Industrial Area Block of Technopolis Thessaloniki, Municipality of Pylaia Chortiatis, D.E. Pylaia, P.E. Thessaloniki.

3. What are the contact details of the Data Protection Officer?

The Data Protection Officer can always be contacted at the following e-mail address: DataPrivacyOfficer@deloitte.gr.

4. Which data do we collect about you, for which purposes and what are the sources of your data?

We process personal data provided directly from you, by filling in the registration form, when you join the Deloitte Talent Community. The personal data we process may be categorized as follows:

• Identification data (such as name, surname);
• Contact information (such as telephone number, email address);
• Professional Data (such as data relating to your education, qualifications, work experience, etc.) that you provide to us when you sign up for the Deloitte Talent Community;

Your data are being processed in order to assess your suitability for current and future roles at Deloitte, inform you about new job opportunities and Deloitte news, events and initiatives related to our recruitment process, as well as build a relationship with you and learn more about your career interests.

5. What is the legal basis on which we process your personal data?

The legal basis for the processing of your personal data is your consent that you provide us through Deloitte Talent Community’s registration form (article 6 par. 1a GDPR). You may revoke your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

Please note that provision of your consent in the context of Deloitte Talent Community is optional and, therefore, any refusal to provide such consent will not prejudice in any way any candidate application process.

6. Who has access to your personal data and to whom is it disclosed? 

Your data may be communicated to the following categories of recipients:

• Companies belonging to the Deloitte Network;
• Companies that provide services to us and/or the Deloitte Network;
• Public Administrations, within the limits established by law and regulations;
• Οther entities within the Deloitte Network and other third parties, as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition, and only provided that the law permits such disclosure.

7. Are your data transferred abroad?

If necessary for the purpose stated above, the data collected may be transmitted or made accessible to other companies in the Deloitte network according to our Interfirm Privacy and Confidentiality Agreement, to entities that provide services to us and/or the Deloitte network (e.g., vendors, suppliers), to competent authorities (e.g., courts, tax authorities, regulatory authorities) including those based in other countries, which may include countries outside the European Economic Area (EEA^[2]). Third parties to whom your personal data are transferred, are bound by specific agreement and are required to keep your data securely.

In such cases, we guarantee that the transfer will take place in accordance with the provisions of Chapter V of the GDPR through the adoption of appropriate safeguards that ensure a level of data protection, in accordance with the obligations to which we are legally bound, such as Standard Contractual Clauses, Binding Corporate Rules, other applicable legal basis or based on a statutory exemption (e.g. if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority).

For further information about the third parties, how we work with them and their processing of your personal data, or for information about the adequate safeguards adopted by us in respect of data transfers please send an e-mail to DataPrivacyOfficer@deloitte.gr.

[2] The EEA includes EU countries and also Iceland, Liechtenstein, and Norway.

8. What is the data retention period, or if not possible, the criteria used to determine it?

Υour personal data will be stored until you decide to revoke your consent and in any case no longer than two (2) years. Once this term expires, Deloitte will automatically delete your collected personal data or transform it into anonymous form in an irreversible manner.

The above-mentioned data retention period may, however, be affected by other legal requirements which may extend minimum data retention requirements. Additionally, one general consideration when determining data retention periods (including archiving periods) is the possibility that this data may be needed to pursue or defend legal claims.

9. How do we protect and safeguard your personal data?

We will process your data with the utmost care and respect.

Your personal data are processed with the aid of electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality, in accordance with the principles applicable to the processing of personal data pursuant to Article 5 of the GDPR, such as lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. These measures can include:

• The training and updating activities of our staff ensuring that they are informed about privacy obligations if they have access to and process personal data;
• Administrative and technical controls in order to limit access only to personal data that need to be known in relation to the purposes of the processing;
• Technical security measures (e.g., firewalls, cryptography, antivirus software);
• Physical security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any possible data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Third parties will only process your personal data where they have agreed to treat the data confidentially and to keep it secure in compliance with the applicable law.

10. What are your rights and how can you exercise them?

In relation to the processing of your personal data, you have specific rights according to articles 12-22 of the GDPR:

• Access: you can ask for confirmation as to whether or not a certain processing of data concerning you is in place, as well as further clarifications about the information referred to in this privacy notice;
• Rectification: you can ask to rectify or supplement the data you have provided to us, if inaccurate;
• Erasure: you can request that your data be deleted, if they are no longer necessary for our purposes, in case of withdrawal of consent or your opposition to the processing, in case of unlawful processing, or there is a legal obligation to erase them;
• Restriction: you can request that your data be processed only for the purpose of storage, with the exclusion of other processing, for the period necessary for the correction of your data, in case of unlawful processing for which you oppose the erasure, if you have to exercise your rights in court and the data stored by us may be useful to you and,  finally, in the event of opposition to the processing and a review is in progress on the prevalence of our legitimate reasons over yours;
• Withdrawal of consent: you may withdraw your consent at any time, in all cases where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
• Portability: you can ask to receive your data, or to have them transmitted to another Data Controller indicated by you, in a structured format, commonly used and readable by automatic device.

To exercise these rights, you can contact our Data Protection Officer by sending an e-mail to DataPrivacyOfficer@deloitte.gr.

The time limit for the Deloitte Greece Entities to address your request is 1 month, which may be extended up to 2 further months in cases of particular complexity.

We also inform you that you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA), by following the instructions found on the HDPA’s website.

11. Changes to this Privacy Notice

We may modify or amend this Privacy Notice from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended Privacy Notice will be effective from that revision date. We therefore invite you to regularly consult our Privacy Notice in order to stay up to date with any changes made since your last consultation.

This document has been prepared by Deloitte Business Solutions Societe Anonyme of Business Consultants, Deloitte Certified Public Accountants Societe Anonyme and Deloitte Alexander CompetenceCenter Single Member Societe Anonyme of Business Consultants.

Deloitte Business Solutions Societe Anonyme of Business Consultants, a Greek company, registered in Greece with registered number 000665201000 and its registered office at Marousi Attica, 3a Fragkokklisias & Granikou str., 151 25, Deloitte Certified Public Accountants Societe Anonyme, a Greek company, registered in Greece with registered number 001223601000 and its registered office at Marousi, Attica, 3a Fragkokklisias & Granikou str., 151 25 and Deloitte Alexander Competence Center Single Member Societe Anonyme of Business Consultants, a Greek company, registered in Greece with registered number 144724504000 and its registered office at Thessaloniki, Municipality of Pylaia - Chortiatis of Thessaloniki, Vepe Technopolis Thessaloniki (5th and 3rd street), 555 35, are all companies of the Deloitte Central Mediterranean S.r.l. (“DCM”) geography. DCM, a company limited by guarantee registered in Italy with registered number 09599600963 and its registered office at Via Santa Sofia no. 28, 20122, Milan, Italy is one of the Deloitte NSE LLP geographies. Deloitte NSE LLP is a UK limited liability partnership and member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of any of each other. DTTL does not provide services to clients.

Please see www.deloitte.com/ about to learn more.

DTTL, Deloitte NSE LLP and Deloitte Central Mediterranean S.r.l. do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.

Deloitte is a leading global provider of audit and assurance, consulting, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 460,300 people make an impact that matters at www.deloitte.com.

This document and its contents are confidential and prepared solely for your use, and may not be reproduced, redistributed or passed on to any other person in whole or in part, unless otherwise expressly agreed with you. No other party is entitled to rely on this document for any purpose whatsoever and we accept no liability to any other party, who is provided with or obtains access or relies to this document.

© 2025 For more information contact Deloitte Central Mediterranean.