Skip to main content

Privacy Notice | Registration in Deloitte Academy’s Seminars

Last updated: 01 December 2025

1. What is the purpose of this document?

“Deloitte Business Solutions Societe Anonyme of Business Consultants” (hereinafter referred to as “Data Controller”, “Deloitte”, “we”, “us” or “the Firm”) is committed to protecting your privacy and processing your data in a clear and transparent manner.

This privacy notice describes the processing of your personal data in the context of your registration in a Deloitte Academy Seminar (hereinafter the “Seminar”) and the creation of an account on the Deloitte Academy Platform (hereinafter the “Platform”) required only for specific Seminars, in accordance with the General Data Protection Regulation (GDPR), national law 4624/2019, as in force, and all the applicable data protection laws and regulations. It provides information on the nature of the personal data - where personal data means any information relating to an identified or identifiable natural person (“Data Subject”) - collected by the Data Controller, the purposes of the processing and indicates your rights in relation to the data processed and who to contact for further information or to send any requests.

2. What is the identity and contact details of the Data Controller?

The Data Controller is “Deloitte Business Solutions Societe Anonyme of Business Consultants” with the distinctive title “DELOITTE BUSINESS SOLUTIONS S.A.”, located in 3a Fragkokklisias & Granikou str., Marousi, Athens, P.O. 151 25.  

3. What are the contact details of the Data Protection Officer?

The Data Protection Officer can be contacted at the following e-mail address: DataPrivacyOfficer@deloitte.gr.

4. Which data do we collect about you, for which purposes and what are the sources of your data?

When registering in a Seminar, we process the following personal information that you submit via your application and/or during our respective interactions:

a)  your general identification information (e.g., name, surname),

b)  your contact information (e.g., address, telephone number, email address),

c)  information regarding your profession and your area of professional interest,

d)  VAT number, tax office, billing address and telephone number.

In cases where your registration for a seminar is carried out at the request of a third party legal entity (e.g., your employer), the source of your personal data may also be that third party.

For specific Seminars, when registering and creating an account to the Platform in order to access recordings and seminar content, you are requested to submit the following personal data: your first name, surname, username, e-mail address and -optionally- city/town, country.

We do not collect sensitive personal information (i.e., data relating to race or ethnic origin, religious or philosophical beliefs, trade union memberships, political opinions, medical or health conditions or information specifying the sex life or sexual orientation of an individual) from users. If necessary, we will obtain your explicit consent to collect and use such information.

We do not engage in the collection of personal information about your online activities across third-party websites or online services and we do not allow third parties to collect such personal information when you use the Deloitte Academy platform.

The purposes regarding the processing of your personal data are:

a)   Your registration in the Seminar.             

b)   The creation and management of your account on the Deloitte Academy web platform for accessing content and recordings for specific Seminars.

c)   The customization or improvement of the related services offered to you.

d)   The provision of information about future Deloitte Academy initiatives according to your interests.

e)   The protection of our rights or property and that of our users.

f)    The compliance with legal processes, where appropriate.

5. What is the legal basis on which we process your personal data?

The legal basis for the processing of your personal data for the purposes outlined above are:

a)   Regarding your registration in Deloitte Academy’s seminars, the processing of your personal data is necessary for the provision of the services agreed (art. 6 par.1b GDPR). In cases where your registration is made at the request of a third-party legal entity (e.g., your employer), the processing of your personal data is based on our legitimate interest in delivering the agreed services to our clients and efficiently managing seminar registrations (Article 6(1)(f) GDPR).

b)   Regarding the creation and management of your account on the Deloitte Academy web platform for specific Seminars, the processing of your personal data is necessary for the provision of the services agreed and specifically for accessing the seminar content and recordings (art. 6 par.1b GDPR).

c)   Regarding the customization or improvement of the related services offered to you, the legal basis is our legitimate interest to optimize service delivery and ensure quality of services, except where such interest is overridden by your interests or fundamental rights and freedoms, which require protection of personal data (article 6 par.1f GDPR).

d)   Regarding the provision of information about future Deloitte Academy initiatives according to your interests, the processing of your personal data for Deloitte’s marketing & communications activities is conducted according to article 11 par. 3 of Law 3471/2006, as in force. You have the right to object at any time to the processing of your personal data for such activities. Also, you may opt-out of receiving further communications at any time, by following the instructions included in the communications.

e)   Regarding the protection of our rights or property and that of our users, the legal basis is our legitimate interest, except where such interest is overridden by your interests or fundamental rights and freedoms, which require protection of personal data (article 6 par. 1f GDPR).

f)    Regarding  the compliance with legal processes, where appropriate, the legal basis is our compliance with legal obligations to which we are subject (article 6 par. 1c GDPR).

It is noted that data processing will be reduced to the minimum and every operation made will be done with the strict necessary means due to purposes mentioned above, adopting any measure to mitigate or reduce the extent and impact of data processing.

6.    Who has access to your personal data and to whom is it disclosed?

When it is necessary to perform one or more of the purposes outlined above by use of appropriate partners, we may disclose your personal data to:

  • other members of the Deloitte Network;
  • entities that provide services to us and/or the Deloitte Network (e.g. Qualtrics LLC, a third-party provider based in the United States of America, whom Deloitte has engaged to process the entries submitted to the registration form by all interested individuals;);
  • competent authorities (including courts, tax authorities, social security authorities and regulatory authorities overviewing the Firm and/or the Deloitte Network);
  • other third parties, as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition, and only provided that the law permits such disclosure.

In all cases, we may be requested to disclose your personal data if required to do so by law, a regulator or during legal proceedings.

Your data will be communicated to these third parties after being appointed as data processors or recognized as autonomous data controllers and will be processed by collaborators and/or employees of Deloitte in the context of their respective functions and in accordance with the instructions given by Deloitte itself.

7. Are your data transferred abroad?

If necessary for the purposes stated above, the data collected may be transmitted or made accessible to other companies in the Deloitte Network, to entities that provide services to us and/or the Deloitte Network (e.g., vendors, suppliers), to competent authorities (e.g., courts, tax authorities, regulatory authorities) including those based in other countries, which may include countries outside the European Economic Area (EEA). Third parties to whom your personal data are transferred are bound by specific agreement and are required to keep your data securely.

In such cases, we guarantee that the transfer will take place in accordance with the provisions of Chapter V of the GDPR through the adoption of appropriate safeguards that ensure a level of data protection in accordance with the obligations to which we are legally bound, such as Standard Contractual Clauses, Binding Corporate Rules, other applicable legal basis or based on a statutory exemption (e.g. if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority). For further information about the third parties, how we work with them and their processing of your personal data, or for information about the adequate safeguards installed by us in respect of data transfers please send an e-mail to the  DataPrivacyOfficer@deloitte.gr.

8. What is the data retention period, or if not possible, the criteria used to determine it?

We will hold your personal data in our systems for five (5) years after the completion of your registration in the Seminars.

9. How do we protect and safeguard your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, processed, or accessed in an unauthorized way, altered, or disclosed. These measures can include:

  • Education and training of relevant staff to ensure they are aware of our privacy and data protection obligations when processing personal data;
  • Administrative and technical controls to restrict access to personal data on a “need to know” basis;
  • Technical security measures including, but not limited to: firewalls, encryption and anti-virus software;
  • Physical security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any incident that may lead to a security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Third parties will only process your personal data on our instructions and only where they have agreed to treat the data confidentially and to keep it secure in compliance with the applicable law.

10. What are your rights and how can you exercise them?

In relation to the processing of your personal data, you have specific rights according to articles 12-22 of the GDPR:

  • Access: you can ask for confirmation as to whether or not a certain processing of data concerning you is in place, as well as further clarifications about the information referred to in this privacy notice;
  • Rectification: you can ask to rectify or supplement the data you have provided to us, if inaccurate;
  • Erasure: you can request that your data be deleted, if they are no longer necessary for our purposes, in case of withdrawal of consent or your opposition to the processing, in case of unlawful processing, or there is a legal obligation to erase them;
  • Restriction: you can request that your data be processed only for the purpose of storage, with the exclusion of other processing, for the period necessary for the correction of your data, in case of unlawful processing for which you oppose the erasure, if you have to exercise your rights in court and the data stored by us may be useful to you and,  finally, in the event of opposition to the processing and a review is in progress on the prevalence of our legitimate reasons over yours;
  • Object: you can object at any time to the processing of your data, unless there are our legitimate reasons to proceed with the processing that prevail over yours, for example for the exercise or defence of our legal claims in court;
  • Withdrawal of consent: you may withdraw your consent at any time, in all cases where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
  • Portability: you can ask to receive your data, or to have them transmitted to another Data Controller indicated by you, in a structured format, commonly used and readable by automatic device.

To exercise any of your rights or make a complaint to us relating to your privacy or if you have any other questions about our use of your personal data, please send an email to the Firm’s DPO at the following email address: DataPrivacyOfficer@deloitte.gr. We will make every possible effort to respond as soon as possible and in any case within the 30-day time limit or as set out in law.

You always have the right to file a complaint before the competent supervisory authority, which in Greece is the Hellenic Data Protection Authority (HDPA), by following the instructions found on the HDPA’s website.

However, should you have a complaint or question, it is advisable to contact the Firm first, in order to try and solve the matter amicably.

11. Changes to this Privacy Notice

We may modify or amend this Privacy Notice from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended Privacy Notice will be effective from that revision date. We therefore invite you to regularly consult our Privacy Notice in order to stay up to date with any changes made since your last consultation.

This document has been prepared by Deloitte Business Solutions Societe Anonyme of Business Consultants, Deloitte Certified Public Accountants Societe Anonyme and Deloitte Alexander CompetenceCenter Single Member Societe Anonyme of Business Consultants.

Deloitte Business Solutions Societe Anonyme of Business Consultants, a Greek company, registered in Greece with registered number 000665201000 and its registered office at Marousi Attica, 3a Fragkokklisias & Granikou str., 151 25, Deloitte Certified Public Accountants Societe Anonyme, a Greek company, registered in Greece with registered number 001223601000 and its registered office at Marousi, Attica, 3a Fragkokklisias & Granikou str., 151 25 and Deloitte Alexander Competence Center Single Member Societe Anonyme of Business Consultants, a Greek company, registered in Greece with registered number 144724504000 and its registered office at Thessaloniki, Municipality of Pylaia - Chortiatis of Thessaloniki, Vepe Technopolis Thessaloniki (5th and 3rd street), 555 35, are all companies of the Deloitte Central Mediterranean S.r.l. (“DCM”) geography. DCM, a company limited by guarantee registered in Italy with registered number 09599600963 and its registered office at Via Santa Sofia no. 28, 20122, Milan, Italy is one of the Deloitte NSE LLP geographies. Deloitte NSE LLP is a UK limited liability partnership and member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of any of each other. DTTL does not provide services to clients.

Please see www.deloitte.com/ about to learn more.

DTTL, Deloitte NSE LLP and Deloitte Central Mediterranean S.r.l. do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.

Deloitte is a leading global provider of audit and assurance, consulting, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 460,300 people make an impact that matters at www.deloitte.com.

This document and its contents are confidential and prepared solely for your use, and may not be reproduced, redistributed or passed on to any other person in whole or in part, unless otherwise expressly agreed with you. No other party is entitled to rely on this document for any purpose whatsoever and we accept no liability to any other party, who is provided with or obtains access or relies to this document.

© 2025 For more information contact Deloitte Central Mediterranean.

Let's connect

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of any of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.

Deloitte Business Solutions Societe Anonyme of Business Consultants, a Greek company, registered in Greece with registered number 000665201000 and its registered office at Marousi Attica, 3a Fragkokklisias & Granikou str., 151 25, Deloitte Certified Public Accountants Societe Anonyme, a Greek company, registered in Greece with registered number 0001223601000 and its registered office at Marousi, Attica, 3a Fragkokklisias & Granikou str., 151 25 and Deloitte Alexander Competence CenterSingle Member Societe Anonyme of Business Consultants, a Greek company, registered in Greece with registered number 144724504000 and its registered office at Thessaloniki, Municipality of Pylaia - Chortiatis of Thessaloniki, Vepe Technopolis Thessaloniki (5th and 3rd street), are all companies of the Deloitte Central Mediterranean S.r.l. (“DCM”) geography. DCM, a company limited by guarantee registered in Italy with registered number 09599600963 and its registered office at Via Santa Sofia no. 28, Milan, Italy is one of the Deloitte NSE LLP geographies. Deloitte NSE LLP is a UK limited liability partnership and member firm of DTTL, a UK private company limited by guarantee.

This communication contains general information only, and Deloitte Business Solutions Societe Anonyme of Business Consultants, Deloitte Certified Public Accountants Societe Anonyme and Deloitte Alexander Competence Center Single Member Societe Anonyme of Business Consultants, is not, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.

No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication.

© 2025 For more information contact Deloitte Central Mediterranean.