Skip to main content

Informativa sul trattamento dei dati personali, ai sensi dell’art. 13 del Regolamento Europeo (UE) 2016/679

Per l’iscrizione alla Talent Community italiana, si prega di fare riferimento alla seguente informativa

Ai sensi dell’art. 13 del Regolamento Europeo (UE) 2016/679 relativo alla protezione dei dati personali (in seguito, "Regolamento") e della normativa nazionale (D.lgs. 196/2003 – Codice della Privacy come modificato dal D.lgs. 101/2018 e ss.mm.) compresi i singoli provvedimenti dell'Autorità di controllo (Garante per la protezione dei dati personali), ove applicabile, La informiamo che i dati personali, da Lei forniti a seguito della Sua iscrizione alla Talent Community di Deloitte, saranno trattati nel rispetto delle disposizioni in materia di protezione dei dati personali vigenti e applicabili, per le finalità e con le modalità di seguito indicate.

Per “trattamento” di dati personali, si intende qualsiasi operazione o insieme di operazioni, compiute con o senza l'ausilio di processi automatizzati e applicate ai Suoi dati personali, come la raccolta, la registrazione, l'organizzazione, la strutturazione, la conservazione, l'adattamento o la modifica, l'estrazione, la consultazione, l'uso, la comunicazione mediante trasmissione, diffusione o qualsiasi altra forma di messa a disposizione, il raffronto o l'interconnessione, la limitazione, la cancellazione o la distruzione.

Il Titolare del trattamento (in seguito il “Titolare” o “Deloitte”) è Deloitte Italy S.p.A. S.B., c.f. 04963170966, con sede legale in Milano, Via Tortona 25.

Il Responsabile della Protezione dei Dati (“RPD”) nominato dal Titolare è contattabile al seguente indirizzo e-mail: dataprotectionofficer@deloitte.it.

Fonte dei dati personali

I dati personali - ove per “dato personale” si intende qualunque informazione a Lei relativa quale persona fisica, identificata o identificabile anche indirettamente mediante riferimento a qualsiasi altra informazione in nostro possesso (“Interessato”) – oggetto di trattamento possono essere acquisiti da parte di Deloitte direttamente da parte Sua, in occasione della Sua iscrizione alla Talent Community di Deloitte, compilando i campi di registrazione. 

Categorie dei dati personali 

I dati personali trattati da Deloitte sono dati personali comuni, quali dati identificati e di contatto (nome, cognome, e-mail, numero di telefono) e dati relativi alla Sua posizione professionale da Lei conferiti a Deloitte in occasione della Sua eventuale iscrizione alla Talent Community di Deloitte. 

Finalità, base giuridica del trattamento e natura del conferimento dei dati

Trattamento dei dati personali per invio di comunicazioni di Suo interesse 

Deloitte può trattare i Suoi dati personali al fine di informarLa circa le nuove opportunità di lavoro e le novità, gli eventi e le iniziative di Deloitte.

La base giuridica del trattamento è costituita dal Suo consenso, liberamente prestato ai sensi dell’art. 6, comma 1, lett. a) del Regolamento, tramite il form di iscrizione alla Talent Community di Deloitte. Il rilascio del consenso al trattamento dei Suoi dati personali è facoltativo, pertanto, un Suo eventuale rifiuto a fornire tale consenso comporta l’impossibilità per Deloitte di procedere all’invio delle suddette comunicazioni. 

Il consenso prestato potrà essere da Lei revocato in ogni momento. A seguito della revoca del consenso, i Suoi dati personali saranno trattati solo ed esclusivamente per il perseguimento delle ulteriori finalità contrattuali e per adempiere ad obblighi di legge.

I Suoi dati personali verranno trattati da Deloitte ai sensi della normativa sopra richiamata con l’ausilio di strumenti elettronici e manualmente, assicurando l’impiego di misure idonee per la sicurezza dei dati trattati e garantendo la riservatezza dei medesimi, in conformità ai principi applicabili al trattamento di dati personali ai sensi dell’art. 5 del Regolamento, quali liceità, correttezza e trasparenza, minimizzazione dei dati, esattezza, limitazione della conservazione, integrità e riservatezza.

I Suoi dati personali saranno conservati per il periodo strettamente necessario al conseguimento della finalità per le quali sono stati raccolti, in particolare,  in relazione alla finalità di cui all’art. 2 della presente informativa, i Suoi dati personali saranno conservati fino a quando Lei non deciderà di revocare il consenso e comunque non oltre 36 mesi. A seguito della revoca del consenso, i Suoi dati saranno conservati solo ed esclusivamente per il perseguimento delle ulteriori finalità contrattuali e per obblighi di legge.

Decorsi tali termini, Deloitte provvederà alla cancellazione automatica dei Suoi dati personali raccolti, ovvero alla loro trasformazione in forma anonima in maniera irreversibile.

I Suoi dati personali verranno trattati da dipendenti e/o collaboratori del Titolare, appositamente autorizzati e vincolati alla riservatezza.

Nei limiti del perseguimento delle finalità sopra indicate potrebbe essere necessario che Deloitte comunichi i Suoi dati personali alle seguenti categorie di destinatari, che in qualità di Responsabili e/o Titolari tratteranno i Suoi dati personali a titolo esemplificativo e non esaustivo:

  • Soggetti terzi che supportano Deloitte nell’attività di selezione del personale
  • Società di servizi a cui è affidata la gestione dei sistemi informatici
  • Società appartenenti al network Deloitte per lo svolgimento di attività di amministrazione interna.

Per maggiori informazioni in merito ai destinatari dei Suoi dati personali Lei può contattare il Titolare o il RPD all’indirizzo indicato nell’art. 1 della presente informativa. 

I Suoi dati personali verranno trattati all’interno del territorio dell’Unione Europea e non verranno diffusi. Se necessario, per ragioni di natura tecnica od operativa, Deloitte si riserva, nel rispetto delle disposizioni di legge applicabili, di trasferire i Suoi dati personali in Paesi al di fuori dell’Unione Europea per i quali esistono decisioni di “adeguatezza” della Commissione Europea, ovvero sulla base delle adeguate garanzie oppure delle specifiche deroghe previste dal Regolamento.

Le sono riconosciuti, in qualità di Interessato, i diritti di cui agli artt. 15-21 del Regolamento, compatibilmente con le necessità di trattamento indicate nella presente informativa e in relazione al trattamento dei dati personali ivi descritto, ed in particolare:

  • Ricevere conferma dell’esistenza dei Suoi dati personali, accedere al loro contenuto e ricevere informazioni relativamente alle finalità del trattamento (diritto di accesso)
  • Aggiornare, modificare e/o correggere i Suoi dati personali (diritto di rettifica)
  • Chiedere la cancellazione o la limitazione del trattamento dei Suoi dati personali trattati in violazione di legge e quelli di cui non è necessaria la conservazione in relazione agli scopi per i quali sono stati raccolti o altrimenti trattati (diritto all'oblio e diritto alla limitazione)
  • Opporsi al trattamento (diritto di opposizione) in qualsiasi momento
  • Revocare il consenso, ove prestato, senza pregiudizio per la liceità del trattamento basata sul consenso prestato prima della revoca
  • Ricevere copia dei Suoi dati personali in formato strutturato, di uso comune e leggibile da dispositivo automatico e chiedere che tali dati personali siano trasmessi ad un altro titolare del trattamento (diritto alla portabilità dei dati).

Per esercitare tali diritti Lei potrà rivolgersi al RPD inviando una comunicazione al relativo indirizzo e-mail.

La informiamo, inoltre, che Lei ha il diritto di proporre reclamo all’Autorità Garante per la Protezione dei Dati Personali Italiana o ricorso dinanzi all’Autorità giudiziaria.

For the registration to Deloitte Malta Talent Community, please see the following Privacy Notice

Whilst thanking you for your interest in exploring future career opportunities with Deloitte Malta, please rest assured that Deloitte Malta is committed to protect your privacy and processing your data in a clear and transparent manner.

This Privacy Notice for prospective candidates describes the processing of your personal data as part of our recruitment activities, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Data Protection Act, Chapter 586 of Laws of Malta, and all other applicable data protection legislation.

The Data Controller is Deloitte Malta based in Deloitte Place, Triq L-Intornjatur Central Business District, CBD 3050  (hereinafter referred to as “Data Controller” or “we” or “us”). Each entity of Deloitte Malta may be considered as a Joint Controller as per the General Data Protection Regulation in relation to the data processed as described within this Privacy Notice.

The Data Protection Officer can be contacted at the following e-mail address: dataprotectionofficer@deloitte.com.mt.

We process personal data provided directly from you, by filling in the registration form, when you join the Deloitte Talent Community. The personal data we process may be categorized as follows:

  • Identification data (such as name, surname)
  • Contact information (such as telephone number, email address)
  • Professional Data (such as data relating to your education, qualifications, work experience, etc.) that you provide to us when you sign up for the Deloitte Talent Community.

Your data are processed specifically for us to assess your suitability for any other current or future roles at Deloitte Malta, to inform you of any new job opportunities and Deloitte new, events and any initiatives related to our recruitment process, as well as build a relationship with you and learn more about your career interests and aspirations.

We do not carry out any automated decision-making processes, including profiling, that produce legal effects concerning you or significantly affecting you.

If you are providing personal information about an individual other than yourself (such as a referred candidate), you must obtain the consent of the individual before submitting any of their personal information.

The legal basis on which we are basing the processing of your personal data is your consent that you are providing us with through Deloitte Talent Community’s registration form (article 6 par. 1a GDPR). You may revoke your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

It is important to note that the provision of your consent in the context of Deloitte Talent Community is optional, and therefore, any refusal to provide such consent will not prejudice the candidate application process in any way.

Your personal data will not be published, exposed, or made available and / or consulted by indeterminate subjects. 

In connection with one or more of the purposes set out in the paragraph 4, we may disclose information about you to:

  • Companies belonging to the Deloitte Network
  • Third parties delegated and/or appointed by us for the performance of activities or part of the activities related to the provision of the services
  • Competent authorities (including courts), for the performance of their institutional functions within the limits established by laws or regulations.

If necessary for the purposes stated above, the data collected may be transmitted or made accessible to other companies in the Deloitte Network, to entities that provide services to us and/or the Deloitte Network (e.g., vendors, suppliers), to competent authorities (e.g., courts, tax authorities, regulatory authorities) including those based in other countries, which may include countries outside the European Economic Area (EEA). Third parties to whom your personal data are transferred, are bound by specific agreement and are required to keep your data securely. 

In such cases, we guarantee that the transfer will take place in accordance with the provisions of Chapter V of the GDPR through the adoption of appropriate safeguards that ensure a level of data protection in accordance with the obligations to which it is legally bound, such as, Standard Contractual Clauses, Binding Corporate Rules, other applicable legal basis or based on a statutory exemption (e.g. if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority).

If you have any questions about this, please contact us at dataprotectionofficer@deloitte.com.mt.

Υour personal data will be stored until you decide to revoke your consent. In any case, the retention of your personal data will not surpass a period of three (3) years. Once the three (3) year terms has elapsed, your personal data will automatically be deleted or  converted into an anonymous form in an irreversible manner.

The above-mentioned data retention period may, however, be affected by other legal requirements which may extend minimum data retention requirements. Additionally, one general consideration when determining data retention periods (including archiving periods) is the possibility that this data may be needed to pursue or defend legal claims.

We will process your data with the utmost care and respect.

Your personal data are processed with the aid of electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality, in accordance with the principles applicable to the processing of personal data pursuant to Article 5 of the GDPR, such as lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. These measures can include:

  • The training and updating activities of its staff ensuring that they are informed about privacy obligations if they have access to and process personal data
  • Administrative and technical controls in order to limit access only to personal data that need to be known in relation to the purposes of the processing
  • Technical security measures (e.g., firewalls, cryptography, antivirus software)
  • Physical security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any possible data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Third parties will only process your personal data where they have agreed to treat the data confidentially and to keep it secure in compliance with the applicable law.

In relation to the processing of your personal data, you have specific rights in accordance with Articles 12 – 22 of the GDPR:

  • Access: you can ask for confirmation as to whether or not a certain processing of data concerning you is in place, as well as further clarifications about the information referred to in this privacy notice
  • Rectification: you can ask to rectify or supplement the data you have provided to us, if inaccurate
  • Erasure: you can request that your data be deleted, if they are no longer necessary for our purposes, in case of withdrawal of consent or your opposition to the processing, in case of unlawful processing, or there is a legal obligation to erase them
  • Restriction: you can request that your data be processed only for the purpose of storage, with the exclusion of other processing activities, for the period necessary for the correction of your data, in case of unlawful processing for which you oppose the cancellation, if you have to exercise your rights in court and the data stored by us may be useful to you and,  finally, in the event of opposition to the processing and a review is in progress on the prevalence of our legitimate reasons over yours
  • Object: you can object at any time to the processing of your data, unless there are our legitimate reasons to proceed with the processing that prevail over yours, for example for the exercise or our defence in court
  • Withdrawal: you may revoke your consent at any time, in all cases where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal
  • Portability: you can ask to receive your data, or to have them transmitted to another Data Controller indicated by you, in a structured format, commonly used and readable by automatic device.

Processing activities are carefully evaluated to ensure a fair balance between your rights, which are assessed on a case-by-case basis (e.g., by considering the respective legal basis in each case and the purposes of the processing) and our interests. To exercise these rights, you can write to the Data Protection Officer by sending an e-mail to dataprotectionofficer@deloitte.com.mt

The time limit for Deloitte Malta to address your request is one (1) month, which may be extended up to two (2) further months in cases of particular complexity. 

We also inform you that you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC), by following the instructions found on the IDPC’s website.

We may modify or amend this Privacy Notice from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended Privacy Notice will be effective from that revision date. We therefore invite you to regularly consult our Privacy Policy in order to stay up to date with any changes made since your last consultation.

For the registration to Deloitte Greece Talent Community, please see the following Privacy Notice

Thank you for your interest in exploring career opportunities with Deloitte. 

Deloitte Greece is committed to protecting the privacy and security of your personal data. This privacy notice describes the processing of your personal following your registration to the Deloitte Talent Community, in accordance with the applicable Data Protection Legislation  and all the applicable data protection laws and regulations. It provides evidence of the nature of the personal data - where personal data means any information relating to an identified or identifiable natural person (“Data Subject”) - collected by the Data Controller, the purposes of the processing and indicates your rights in relation to the data processed and who to contact for further information or to send any requests.

Joint Data Controllers are the Deloitte Greece Entities (hereinafter referred to as “Data Controller” or “we” or “us”), and more specifically:

  1. “Deloitte Business Solutions Societe Anonyme of Business Consultants” with the distinctive title “DELOITTE BUSINESS SOLUTIONS SA”
  2. “Deloitte Certified Public Accountants Societe Anonyme” with the distinctive title “DELOITTE”
  3. “Deloitte Alexander Competence Center Single-Member Societe Anonyme of Business Consultants” with the distinctive title “DACC SA”
  4. “Koimtzoglou-Bakalis-Venieris-Leventis & Associates Law Partnership” with the distinctive title “KBVL Law firm”.

Deloitte Business Solutions SA, Deloitte and KBVL Law Firm are based in 3a Fragkokklisias & Granikou str., Marousi, Athens, P.O. 151 25. DACC SA is based in Pempti and Triti 6th Industrial Area Block of Technopolis Thessaloniki, Municipality of Pylaia Chortiatis, D.E. Pylaia, P.E. Thessaloniki.

The Data Protection Officer can be contacted at the following e-mail address: DataPrivacyOfficer@deloitte.gr.

We process personal data provided directly from you, by filling in the registration form, when you join the Deloitte Talent Community. The personal data we process may be categorized as follows:

  • Identification data (such as name, surname)
  • Contact information (such as telephone number, email address)
  • Professional Data (such as data relating to your education, qualifications, work experience, etc.) that you provide to us when you sign up for the Deloitte Talent Community.

Your data are processed in order to assess your suitability for other current and future roles at Deloitte, inform you about new job opportunities and Deloitte news, events and initiatives related to our recruitment process, as well as build a relationship with you and learn more about your career interests.

The legal basis for the processing of your personal data is your consent that you provide us through Deloitte Talent Community’s registration form (article 6 par. 1a GDPR). You may revoke your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal. 

Please note that provision of your consent in the context of Deloitte Talent Community is optional and, therefore, any refusal to provide such consent will not prejudice in any way any candidate application process.

Your data may be communicated to the following categories of recipients:

  • Companies belonging to the Deloitte Network
  • Companies that provide services to us and/or the Deloitte Network
  • Public Administrations, within the limits established by law and regulations
  • Οther entities within the Deloitte Network and other third parties, as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition, and only provided that the law permits such disclosure

If necessary for the purpose stated above, the data collected may be transmitted or made accessible to other companies in the Deloitte       network according to our Interfirm Privacy and Confidentiality Agreement, to entities that provide services to us and/or the Deloitte network (e.g., vendors, suppliers), to competent authorities (e.g., courts, tax authorities, regulatory authorities) including those based in other countries, which may include countries outside the European Economic Area (EEA ). Third parties to whom your personal data are transferred, are bound by specific agreement, and are required to keep your data securely.

In such cases, we guarantee that the transfer will take place in accordance with the provisions of Chapter V of the GDPR through the adoption of appropriate safeguards that ensure a level of data protection, as provided for in the applicable legal framework.

For further information about the third parties, how we work with them and their processing of your personal data, or for information about the adequate safeguards adopted by us in respect of data transfers please send an e-mail to DataPrivacyOfficer@deloitte.gr.

Υour personal data will be stored until you decide to revoke your consent and in any case no longer than two years . Once these terms have expired, Deloitte will automatically delete your collected personal data, or transform it into anonymous form in an irreversible manner.

The above-mentioned data retention period may, however, be affected by other legal requirements which may extend minimum data retention requirements. Additionally, one general consideration when determining data retention periods (including archiving periods) is the possibility that this data may be needed to pursue or defend legal claims.

We will process your data with the utmost care and respect. 

Your personal data are processed with the aid of electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality, in accordance with the principles applicable to the processing of personal data pursuant to Article 5 of the GDPR, such as lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. These measures can include:

  • The training and updating activities of its staff ensuring that they are informed about privacy obligations if they have access to and process personal data
  • Administrative and technical controls in order to limit access only to personal data that need to be known in relation to the purposes of the processing
  • Technical security measures (e.g., firewalls, cryptography, antivirus software) 
  • Physical security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any possible data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Third parties will only process your personal data where they have agreed to treat the data confidentially and to keep it secure in compliance with the applicable law.

In relation to the processing of your personal data, you have specific rights according to articles 12-22 of the GDPR:

  • Access: you can ask for confirmation as to whether or not a certain processing of data concerning you is in place, as well as further clarifications about the information referred to in this privacy notice 
  • Rectification: you can ask to rectify or supplement the data you have provided to us, if inaccurate
  • Erasure: you can request that your data be deleted, if they are no longer necessary for our purposes, in case of withdrawal of consent or your opposition to the processing, in case of unlawful processing, or there is a legal obligation to erase them
  • Restriction: you can request that your data be processed only for the purpose of storage, with the exclusion of other processing, for the period necessary for the correction of your data, in case of unlawful processing for which you oppose the cancellation, if you have to exercise your rights in court and the data stored by us may be useful to you and,  finally, in the event of opposition to the processing and a review is in progress on the prevalence of our legitimate reasons over yours
  • Withdrawal of consent: you may withdraw your consent at any time, in all cases where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal
  • Portability: you can ask to receive your data, or to have them transmitted to another Data Controller indicated by you, in a structured format, commonly used and readable by automatic device.

To exercise these rights, you can contact our Data Protection Officer by sending an e-mail to DataPrivacyOfficer@deloitte.gr.

The time limit for the Deloitte Greece Entities to address your request is 1 month, which may be extended up to 2 further months in cases of particular complexity. 

We also inform you that you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA), by following the instructions found on the HDPA’s website

We may modify or amend this Privacy Notice from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended Privacy Notice will be effective from that revision date. We therefore invite you to regularly consult our Privacy Policy in order to stay up to date with any changes made since your last consultation.