We are committed to protecting your privacy.

This Privacy Notice explains what Personal Information we, Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee with registered office at 1 New Street Square, London, United Kingdom, EC4A 3HQ (“DTTL”, also known as “Deloitte Global”), collects about you, what we use it for, who we share it with and how we protect it. It also sets out your rights and who you can contact for more information or queries.

When used in this Privacy Notice, “we”, “us” and “our” refer to Deloitte Global. In this Privacy Notice, information about you, which may be referred to as personal data in some jurisdictions, is referred to as “Personal Information”. Personal Information refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

We may also sometimes collectively refer to handling, collecting, protecting, and storing your Personal Information as “processing” such Personal Information.

As used in this Privacy Notice, "Deloitte Network" refers to one or more of Deloitte Global, its network of member firms and their related entities. DTTL and each of its member firms are legally separate and independent entities. Please see www.deloitte.com/about for a detailed description of the legal structure of DTTL and its member firms.

Deloitte.com includes webpages provided by other DTTL member firms or their related entities, which are designated according to the geography identified in the upper right-hand corner of the webpage. These webpages are provided by the designated entities and are not the responsibility of DTTL. Such webpages, as well as other websites that may be linked to the Website, are not governed by this Privacy Notice. We encourage you to review the applicable privacy notices on those webpages, which will inform you about who the related controller is and provide further information with respect to its processing of your Personal Information.

We may collect and process your data because:

i. you give it to us (for example, (1) through the webpages of this website or any other website or application of Deloitte Global which links to this Privacy Notice (collectively referred to as the “Website”), or (2) through any other mode of interacting with you relating to Deloitte communications, such as online or offline newsletters and magazines, that reference this Privacy Notice or link thereto (“Communication”));

ii. other people give it to us (for example, other entities of the Deloitte Network or third- party service providers that we use to help operate our business); or

iii. it is publicly available.

When other entities of the Deloitte Network or other third-parties give us Personal Information about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, for example, that it has informed you of the processing, and has obtained any applicable and necessary permission for us to process that information as described in this Privacy Notice.

Log information, cookies and web beacons: We may process Personal Information from you when you interact with the Website or Communications. For example, we or our service provider(s) may also use cookies (small text files stored in a user's browser) or web beacons (electronic images that allow us to count users who have accessed particular content and to access certain cookies) to collect aggregate data. Where applicable, additional information on how we may use cookies and other tracking technologies, and how you can control these, can be found in the Cookie Notice on the applicable Website.

More information on how we use cookies and other tracking technologies on Deloitte Global’s Deloitte.com website can be found in its Cookie Notice.

The Personal Information we process may include your: name; current job title; company name; (professional) e-mail address, country of residence, telephone and fax number(s), physical address(es); business & industry interests; gender; date of birth; marital status; employment and education details (such as learning history, work experience and skills); CV; geolocation; certificate or licence number; account number; photograph, video or audio recording identifiable to an individual; your postings on any blogs, forums, wikis and any other social media applications that we provide; your IP address; your browser type and language; your access times; complaint details; correspondence with you; the newsletters you subscribe to; information relevant for entities of the Deloitte Network to provide services to you; details of how you use Deloitte products or services, details of how you like to interact with us and other similar information relevant to our relationship, information we collect when you access our premises; and any other information that you voluntarily provide to us. We may also collect or obtain Personal Information from you because of the way you interact with us or others.

Where we do not usually seek to collect ‘sensitive’ or ‘special categories’ of Personal Information (e.g., data relating to race or ethnic origin, religious or philosophical beliefs, trade union membership, political opinions, medical or health conditions, or information specifying the sex life or sexual orientation of an individual), the Personal Information we collect may include so called ‘sensitive’ or ‘special categories’ of Personal Information, such as details about your:

• dietary requirements (for example, when we would like to provide you with lunch during a meeting);
• health (for example, so that we can make it easy for you to access our buildings, events).

We will only process these special categories of Personal Information when we are required to do so as a result of legal requirements imposed on us or after obtaining your explicit consent.

If you choose not to provide, or – where applicable - object to us processing the information we collect (see section “Your rights” below), we may not be able to process your instructions or provide you tailored communication, service, or assistance.

We understand the importance of protecting children's privacy. Our Website is not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.

Use of Personal Information for our Website

We may use your Personal Information for the purposes of, or in connection with:

• verifying your identity when you log in to a Website;
• managing and/or improve our Website;
• managing and promoting collaboration and communication;
• providing and documenting training and qualifications;
• tailoring the content of our Website to provide you with a more personalised experience;
• managing our relationship with you and responding to any request you submit through our Website;
• drawing your attention to information about products and services that may be of interest to you;
• conducting data analysis including, for example, regarding usage of the Website and demographics analyses of Website users;
• preventing fraud or criminal activity and safeguarding our technology systems and data security;
• monitoring and enforcing compliance with applicable terms of use and that only authorised parties are accessing the Website.
• applicable legal or regulatory requirements;
• requests and communications from competent authorities;
• relationship management, which may involve: (i) sending you thought leadership or details of products and services provided by entities within the Deloitte Network that may be of interest to you; (ii) contacting you to receive feedback on these services; and (iii) contacting you for other market or research purposes;
• inviting you to attend events, seminars, participate in forums, etc.;
• surveys on Deloitte or business or societal related or relevant topics;
• recruitment and business development;
• investigating or preventing security incidents;
• conducting and analysing our marketing activities;
• protecting our rights and/or those of other entities of the Deloitte Network.

We are required by law to set out in this Privacy Notice the legal grounds on which we rely in order to process your Personal Information. We rely on one or more of the following lawful grounds when we use your Personal Information for the purposes outlined above:

• the processing is necessary for compliance with a legal obligation we have such as keeping records or providing information to a public body or law enforcement agency;
  
  
• the processing is necessary for the purposes of a legitimate interest pursued by us or a third party (and are not outweighed by your privacy interests), such as the effective delivery of our Website and related services offered to you; the effective and lawful operation of our Website or Communications; to prevent fraud or criminal activity or to safeguard our technology systems and/or data security; to support or protect our business interests; to ensure that complaints are investigated; to evaluate, develop or improve our services or products; or

• you have consented to us processing your information for a specific reason, consent that you can always withdraw.

To the extent that we process any sensitive Personal Information relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that data; (ii) we are required by law to process that data, (iii) the processing is necessary for the establishment, exercise or defence of legal claims or (iv) you have made the data manifestly public.

Please note that in certain circumstances it may be still lawful for us to continue processing your information for separate purposes even where you have withdrawn your consent, if one of the other legal bases described above is applicable.

We and other members of the Deloitte Network may use your information from time to time to inform you by letter, telephone, email and/or other electronic methods about products and services (including those of third parties) that may be of interest to you. Where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you.

You may, at any time, ask us not to send marketing information to you by following the unsubscribe instructions in Communications from us, or contacting us by using the “Contact information” section below.

In connection with one or more of the purposes outlined in the “Information use” section above, we may disclose details about you to: other members of the Deloitte Network for legitimate business-related purposes; third parties that provide services to us and/or the Deloitte Network; as part of a corporate transaction (such as a sale, divestiture, reorganisation, merger or acquisition); competent authorities (including courts and authorities regulating us or another member of the Deloitte Network) and other third parties that reasonably require access to Personal Information relating to you for one or more of the purposes outlined in the “Information use” section above.

We may also need to disclose your Personal Information if required to do so by law, by a regulator or during legal proceedings.

Please note that some of the recipients of your Personal Information referenced above may be based in countries without data protection laws similar to those in the UK or in effect in your area of residence. In such cases, we will ensure that you consented to the transfer or that there are adequate safeguards in place to protect your Personal Information that comply with our legal obligations. For example, the adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the UK Information Commissioner’s Office (ICO) for transfers of Personal Information to third countries.

Further details of the transfers described above, and the adequate safeguards used by us in respect of such transfers, are available from us. For such information, please contact us by using the “Contact information” section below.

We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

We do not sell your personal information.

The Website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively referred to as “Social Media Applications”). Any Personal Information or other information that you contribute to any Social Media Application can be read, collected and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user's use, misuse or misappropriation of any Personal Information or other information that you contribute to any Social Media Application.

This Privacy Notice addresses only the use and disclosure of information we collect through your interaction with the Websites or Communications. Other websites or applications that may be accessible through links from the Websites and Communications have their own privacy notices and Personal Information collection, use and disclosure practices. We encourage you to familiarise yourself with the privacy notices provided by these other parties prior to providing them with information.

"Do Not Track" is a preference you can set in your web browser to let websites and applications you visit know that you do not want them collecting information about you. The Websites do not currently respond to a "Do Not Track" or similar signal.

We use a range of physical, electronic and managerial measures to keep your Personal Information secure, accurate and up to date. These measures include:

• education and training to relevant staff so they are aware of our privacy obligations when handling Personal Information;
• administrative and technical controls to restrict access to Personal Information on a ‘need to know’ basis;
• technological security measures, including fire walls, encryption and anti-virus software; and
• physical security measures, such as staff security passes to access our premises.

Although we use appropriate security measures once we have received your Personal Information, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect Personal Information, but we cannot guarantee the security of data transmitted to us or by us over the internet.

We will hold your Personal Information on our systems for the longest of the following periods: (i) as long as is necessary for the relevant activity or services; (ii) any retention period that is required by law; (iii) the end of the period in which litigation or investigations might arise in respect of the services.

You have various rights in relation to your Personal Information. In particular, you have a right to:

• obtain confirmation that we are processing your Personal Information and request a copy of the Personal Information we hold about you;
• ask that we update the Personal Information we hold about you, or ask that we correct such Personal Information that you think is incorrect or incomplete;
• ask that we delete Personal Information that we hold about you, or restrict the way in which we use such Personal Information; withdraw consent to our processing of your Personal Information (to the extent such processing is solely based on previously obtained consent);
• receive a copy of the Personal Information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such Personal Information to another party (to the extent the processing is based on consent or a contract); and
• object to our processing of your Personal Information.

To help us maintain the accuracy of your Personal Information, please contact us by using the “Contact information” section below if any of your personal details have changed.

If you are unsatisfied with the way in which we have handled your Personal Information or any privacy query or request that you have raised to us, you have a right to complain to the data protection authority in the UK or your jurisdiction. For such information, please contact us by using the “Contact information” section below.

For certain Personal Information requests, we must first verify your identity before processing your request. To do so, we may ask you to provide us with your full name, contact information and relationship to Deloitte. Depending on your request, we may ask you to provide additional information. Once we receive this information, we will then review it and determine whether we are able to match it to the information Deloitte maintains about you to verify your identity.

If you are submitting a Personal Information request on behalf of someone other than yourself, please contact us by using the “Contact information” section below and include proof that you are authorised to make the request. This may be in the form of a written authorisation signed by the person whom you are acting on behalf of or a valid power of attorney.

To exercise your rights or if you have any questions concerning your privacy while using the Website, please contact DTTLPrivacy@deloitte.com or 1-844-919-0713.

DGSL Privacy Services Limited, with registered office at 29 Earlsfort Terrace, Dublin 2, Ireland, is appointed as our representative in the European Union to act on our behalf if, and when, we undertake data processing activities to which the EU General Data Protection Regulation (GDPR) applies. It can be contacted at DTTLPrivacyEU@deloitte.com.

We may modify or amend this Privacy Notice from time to time.

To let you know when we make changes to this Privacy Notice, we will amend the date at the top of this page. The new, modified, or amended Privacy Notice will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Notice to be informed about how we are protecting your information.

This Privacy Notice was written in English. To the extent any translated version of this Privacy Notice conflicts with the English version, the English version controls.