Skip to main content

Privacy notice

We are committed to protecting your privacy.

Deloitte.com comprises several, separate, global, national, regional or other specific websites; each administered by Deloitte Touche Tohmatsu Limited (‘DTTL’) or by one of its affiliated firms or entities (jointly referred to as the ‘Deloitte Network’).

This privacy statement applies exclusively to personal data processed through the use of the specific deloitte.com websites that are intended for the Netherlands, as referred to in the top right corner on the website and the URL
(deloitte.com/nl/nl) (hereinafter referred to as ‘this website’). For more information about the processing of personal data of Deloitte customers,
suppliers and prospects, see the Privacy Statement for Business Relations.

Deloitte Netherlands, the member firm affiliated to DTTL for the Netherlands (hereinafter also referred to as ‘we’, ‘us’, or ‘our’) is responsible for this website and ther processing of personal data associated with visiting this website. Personal data refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

 We may also sometimes collectively refer to handling, collecting, protecting, and storing your personal data as “processing” such information.

We point out to you that the separate websites that fall under deloitte.com are administered by other entities within the Deloitte Network and therefore not by us. This Privacy Notice does not apply to these or to other websites linked to this website. We recommend visitors those other websites to read the corresponding Privacy Notices properly.

Deloitte.com includes webpages provided by other DTTL member firms
or their related entities, which are designated according to the geography
identified in the upper right-hand corner of the webpage. These webpages are
provided by the designated entities and are not the responsibility of DTTL.
Such webpages, as well as other websites that may be linked to the Website, are not governed by this Privacy Notice. We encourage you to review the applicable Privacy Notices on those webpages, which will inform you about who the related controller is and provide further information with respect to its processing of your personal data. 

We may collect and process your data because:

i. you give it to us (for example, (1) through the webpages of this website or any other website or application of Deloitte Netherlands which links to this Privacy Notice (collectively referred to as the “Website”), or (2) through any other mode of interacting with you relating to Deloitte communications, such as online or offline newsletters and magazines, that reference this Privacy Notice or link thereto (“Communication”));

ii. other people give it to us (for example, other entities of the Deloitte Network or third- party service providers that we use to help operate our business); or

iii. it is publicly available.

When other entities of the Deloitte Network or other third-parties give us your personal data about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, for example, that it has informed you of the processing, and has obtained any applicable and necessary permission for us to process that information as described in this Privacy Notice.

Log information, cookies and web beacons: We may process Personal Information from you when you interact with the Website or Communications. For example, we or our service provider(s) may also use cookies (small text files stored in a user's browser) or web beacons (electronic images that allow us to count users who have accessed particular content and to access certain cookies) to collect aggregate data. Where applicable, additional information on how we may use cookies and other tracking technologies, and how you can control these, can be found in the Cookie Notice on the applicable Website.

More information on how we use cookies and other tracking technologies on Deloitte Global’s Deloitte.com website can be found in its Cookie Notice.

The personal data we process may include your: name; current job title;
company name; (professional) e-mail address, country of residence, telephone
and fax number(s), physical address(es); business & industry interests;
gender; date of birth; marital status; employment and education details (such
as learning history, work experience and skills); CV; geolocation; certificate
or license number; account number; photograph, video or audio recording
identifiable to an individual; your postings on any blogs, forums, wikis and
any other social media applications that we provide; your IP address; your
browser type and language; your access times; referring website addresses;
cookies (small text files that are stored in your browser) and web beacons
(electronic images allowing this website to count how many visitors have
visited a specific page) complaint details; correspondence with you; the
newsletters you subscribe to; information relevant for entities of the Deloitte
Network to provide services to you; details of how you use Deloitte products or services,  details of how you like to interact with us, and other similar
information relevant to our relationship, information we collect when you
access our premises; and any other information that you voluntarily
provide to us. We may also collect or obtain personal data from you because of
the way you interact with us or others.

Where we do not usually seek to collect ‘sensitive’ or ‘special categories’ of personal data (e.g., data relating to race or ethnic origin, religious or philosophical beliefs, trade union membership, political opinions, medical or health conditions, or information specifying the sex life or sexual orientation of an individual), the personal data we collect may include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

  • dietary requirements (for example, when we would like to provide you with lunch during a meeting);
  • health (for example, so that we can make it easy for you to access our buildings, events).

In exceptional cases, we could also process special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs). However, if this should occur, we will request the user's explicit consent to collect and use such information. 

We understand the importance of protecting the privacy of children in the interactive world of the internet. This website was not designed for, or intentionally aimed at, children of 16 years or younger. It is not our policy to intentionally collect or retain information of persons of 16 years or younger.

Use of personal data for our Website

We may use your personal data for the purposes of, or in connection with:

  • verifying your identity when you log in to a Website;
  • managing and/or improve our Website;
  • managing and promoting collaboration and communication;
  • providing and documenting training and qualifications;
  • tailoring the content of our Website to provide you with a more personalized experience; managing our relationship with you and responding to any request you submit through our Website; 
  • drawing your attention to information about products and services that may be of interest to you;
  • conducting data analysis including, for example, regarding usage of the Website and demographics analyses of Website users;
  • preventing fraud or criminal activity and safeguarding our technology systems and data security;
  • monitoring and enforcing compliance with applicable terms of use, and that only authorized parties are accessing the Website.
  • applicable legal or regulatory requirements;
  • fulfilling legal obligations, to comply with requests from Authorities, public entities, and organizations to exercise rights, including those of third parties, in court and, where applicable, in administrative proceedings or arbitration or conciliation procedures. relationship management, which may involve: (i) sending you thought leadership or details of products and services provided by entities within the Deloitte Network that may be of interest to you; (ii) contacting you to receive feedback on these services; and (iii) contacting you for other market or research purposes; (iv) sending insights, opinions, updates, reports on topical issues or details of our products and services that we think might be of interest to you.
  • Sending you targeted advertising from third parties through profiling cookies; 
  • inviting you to attend events, seminars, participate in forums, etc.;
  • surveys on Deloitte or business or societal related or relevant topics;
  • recruitment and business development;
  • investigating or preventing security incidents;
  • conducting and analyzing our marketing activities;
  • protecting our rights and/or those of other entities of the Deloitte Network;
  • For the performance of services requested and the management of activities instrumentally related to such services

We are required by law to set out in this Privacy Notice the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds when we use your personal data for the purposes outlined above:

  • the processing is necessary for compliance with a legal obligation we have such as keeping records or providing information to a public body or law enforcement agency;
  • the processing is necessary for the purposes of a legitimate interest pursued by us or a third party (and are not outweighed by your privacy interests), such as the effective delivery of our Website and related services offered to you; the effective and lawful operation of our Website orCommunications; to prevent fraud or criminal activity or to safeguard our technology systems and/or data security; to support or protect our business interests; to ensure that complaints are investigated; to evaluate, develop or improve our services or products; or you
  • have consented to us processing your information for a specific reason, consent that you can always withdraw.
  • the processing is necessary for the performing of a contract of which the user is a party or in order to take steps at the request of the user prior to entering into a contract.
 

To the extent that we process any sensitive personal data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that data; (ii) we are required by law to process that data, (iii) the processing is necessary for the establishment, exercise or defense of legal claims.

Please note that in certain circumstances it may be still lawful for us to continue processing your information for separate purposes even where you have withdrawn your consent, if one of the other legal bases described above is applicable.

We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and/or other electronic methods about products and services (including those of third parties) that may be of interest to you. Where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you.

You may, at any time, ask us not to send marketing information to you by following the unsubscribe instructions in Communications from us, or contacting us by using the “Contact information” section below.

In connection with one or more of the purposes outlined in the “Information use” section above, we may disclose details about you to: other members of the Deloitte Network for legitimate business-related purposes; third parties that provide services to us and/or the Deloitte Network; as part of a corporate transaction (such as a sale, divestiture, reorganization, merger or acquisition); competent authorities (including courts and authorities regulating us or another member of the Deloitte Network) and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Information use” section above.

We may also need to disclose your personal data if required to do so by law, by a regulator or during legal proceedings.

Although it is possible that we provide information relating to visitors to service providers who process this information on our behalf, it is not usual that we share this information with third parties or other parts within the Deloitte Network for other purposes.

It is, however, possible that personal data is transferred cross-border to other parts within the Deloitte Network or to third parties for the purposes as set out above. In such cases, we guarantee that the transfer will take place in accordance with the provisions of Chapter V of the GDPR through the adoption of appropriate safeguards that ensure a level of data protection in accordance with the obligations to which it is legally bound, such as, Standard Contractual Clauses, other applicable legal basis or based on a statutory exemption (e.g. if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority).

We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

We do not sell your personal data.

The Website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively referred to as “Social Media Applications”). Any personal data or other information that you contribute to any Social Media Application can be read, collected and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user's use, misuse or misappropriation of any personal data or other information that you contribute to any Social Media Application.

This Privacy Notice addresses only the use and disclosure of information we collect through your interaction with the Websites or Communications. Other websites or applications that may be accessible through links from the Websites and Communications have their own Privacy Notices and personal data collection, use and disclosure practices. We encourage you to familiarize yourself with the Privacy Notices provided by these other parties prior to providing them with information.

"Do Not Track" is a preference you can set in your web browser
to let websites and applications you visit know that you do not want them
collecting information about you. The Websites do not currently respond to a
"Do Not Track" or similar signal.

We will process youri data with the utmost care and respect.  

Your personal data are processed with the aid of electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality, in accordance with the principles applicable to the processing of personal data pursuant to Article 5 of the GDPR, such as lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. These measures can include: 

  • The training and updating activities of its staff ensuring that they are
    informed about privacy obligations if they have access to and process
    personal data; 
  • Administrative and technical controls in order to limit access only to personal data that need to be known in relation to the purposes of the processing;  
  • Technical security measures (e.g., firewalls, cryptography, antivirus software);  
  • Physical security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.  

We have put in place procedures to deal with any possible data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Third parties will only process your personal data where they have agreed to treat the data confidentially and to keep it secure in compliance with the applicable law. 

We will hold your personal data on our systems for the longest of
the following periods: (i) as long as necessary to carry out the purposes of
processing the personal data; (ii) any retention period that is required by
law; (iii) the end of the period in which litigation or investigations might
arise in respect of the services; (iv) until the consent is withdrawn or
according to the timing provided in the Cookie Notice.

You have the following rights under the General Data Protection Regulation (GDPR):

Right of access: you have the right to request access to your personal data that we process

Right to rectification: you may request that any inaccurate personal data be rectified, and any incomplete personal data be completed by us 

Right to erasure (right to be forgotten): you have the right to request the erasure of your personal data when the data is no longer necessary for the original purpose of processing, when consent is withdrawn, or when you believe there is no legitimate interest in processing or processing is unlawful

Right to restriction of processing: you have the right to request that processing of your personal data be restricted in certain circumstances, such as when accuracy or lawfulness of processing is contested

Right to data portability: you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request that the data be transferred to another organization

Right to object: you may object to the processing of your personal data on grounds relating to your particular situation. This includes the right to object to direct marketing and processing for scientific or historical research purposes

If you wish to exercise your GDPR rights or to unsubscribe for notifications for example, you can contact the Deloitte Privacy office via the 'contact‘ link and select the ‘Privacy’ subject. In this document, you will find an explanation of the submission of your request and what your request has to comply with. If your request does not comply with these requirements, we may not process your request.

If you feel that we have not processed your personal data properly, we request you to view our complaints procedure. You may also lodge a complaint with the Dutch supervisory authority, the ‘Autoriteit Persoonsgegevens’. View the
website of the Autoriteit Persoonsgegevens for more information
(information provided in Dutch).

For certain personal data requests, we must first verify your identity
before processing your request. To do so, we may ask you to provide us with
your full name, contact information, and relationship to Deloitte. Depending on
your request, we may ask you to provide additional information. Once we receive
this information, we will then review it and determine whether we are able to
match it to the information Deloitte maintains about you to verify your
identity.

If you are submitting a personal data request on behalf of someone other
than yourself, please contact us by using the “Contact information” section
below and include proof that you are authorized to make the request. This may
be in the form of a written authorization signed by the person whom you are
acting on behalf of or a valid power of attorney.

If you have any questions or concerns about your privacy in respect of the use of this website and to exercise your data subject rights, please contact us via the 'contact‘ link.

If you wish to contact the Data Protection
Officer, please indicate this in your request and we will forward the message.

We may modify or amend this Privacy Notice from time to time.

When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended Privacy Notice will be effective from that revision date. Therefore, we encourage you to periodically review this Privacy Notice to be informed about how we are protecting your information.