Data protection information sheet for clients of Deloitte Austria according to Article 13 and 14 of the General Data Protection Regulation (‟GDPR”)
In the following Deloitte Austria informs you about the collection of your personal data (by Deloitte itself or in the form of transmission to Deloitte by Deloitte’s clients) and how they are processed. This data protection information sheet is aimed at our existing and former clients, prospective clients and potential future clients, as well as their respective shareholders, executive bodies and other employees as well as to any person about whom we receive personal data given by our clients or whose data we collect ourselves from other data sources. Since Deloitte Austria provides its services by different (affiliated) Deloitte companies (Deloitte Services Wirtschaftsprüfungs; Deloitte Tax Wirtschaftsprüfungs GmbH; Deloitte Consulting GmbH; Deloitte Financial Advisory GmbH; Deloitte Wirtschaftsprüfungs Styria GmbH; Deloitte Oberösterreich Wirtschaftsprüfungs GmbH; Deloitte Salzburg Wirtschaftsprüfungs GmbH; Deloitte Tirol Wirtschaftsprüfungs GmbH) depending on the individual areas (tax consulting; auditing; financial advisory; consulting; risk advisory) and the place of assignment, this data protection information sheet applies equally to all of the above-mentioned Austrian Deloitte companies in the contract or document applicable to the respective Deloitte company.
1. Purpose of data processing
We will process your personal data for the following purposes. In general:
• to establish, manage and settle the business relationship;
• to strengthen the existing client relationship or to establish new client relationships or to approach interested parties, including information on current legal developments and our range of services (marketing);
• organisation, for risk management and management of damages of the client or the firm that may have occurred or threaten to occur. Especially for the field of consulting services:
• to provide consulting services, particularly in the areas of Human Capital, Strategy & Operations and Technology in matters of work technology;
• to provide (consulting) services in the areas of organization, transformation and talent;
• to provide (consulting) services to increase value creation in companies (HR cloud applications, strategic personnel planning, workforce analytics, etc.);
• to implement and execute analysis tools and services to improve performance, reduce operating costs and improve customer understanding;
• to advise on and carry out recruiting services, in particular staffing and workforce evaluation;
• to develop strategies relevant for companies in individual areas;
• to advise in all industries and sectors in order to exploit growth opportunities, reduce costs, increase efficiency, improve profitability and productivity;
• to provide consulting services to optimize the supply chain;
• to advise strategic corporate buyers and private equity investors before, during and after M&A transactions;
• to promote entrepreneurial finance;
• to advise and support companies and executives in the development and implementation of IT strategies, the integration of IT systems, the use of SAP solutions and the management of Oracle projects;
• for the provision of application management services in the IT area;
• to provide services in the areas of business intelligence, data management, technology, next generation analytics, big data, cloud and machine learning, and digital. 16. May 2018 Service Area Consulting 02 As far as we collect your personal data from you, the provision of your data is in principle voluntary. However, if you do not provide us with your personal information, we may not be able to fulfil our order at all or completely.
2. Legal basis of data processing
If you are an interested party or a potential future client, we will process your contact data for the purpose of direct advertising via e-mail or telephone contact only with your consent (Art. 6 par. 1 lit. a GDPR). If you are our client, we process your personal data because this is necessary to fulfil the contract concluded with you (Art. 6 par. 1 lit. b GDPR). In addition, we process your personal data on the basis of our predominant legitimate interest in achieving the purposes stated under point 1 (Art. 6 par. 1 lit. f GDPR) and on the legal basis of the Austrian WTBG 2017 (Art. 9 par. 2 lit. g GDPR).
3. Transmission of your personal data
As far as this is absolutely necessary for achieving the purposes mentioned under point 1, we will transmit your personal data to the following recipients:
• IT service providers used by us as well as other service providers in connection with marketing activities;
• administrative authorities, courts and public law bodies;
• quality assurance auditors for carrying out quality assurance audits in accordance with the Austrian APAG and other mandatory statutory regulations;
• insurances in connection with the conclusion of an insurance contract for the benefit or the occurrence of the insured event (e.g. liability insurance);
• clients, as far as it concerns data of the partners, executive bodies and other employees of the respective client;
• cooperation partners, service providers and legal representatives working for us;
• to the group auditor and other auditors involved;
• other individually determined recipients (e.g. group companies of the client);
• the relevant member companies from the worldwide Deloitte network, which consists of Deloitte Touche Tohmatsu Limited (“DTTL”) and the member companies of DTTL and their affiliated companies;
• operators of digital data exchange platforms. Some of the recipients mentioned above may be outside Austria or may process your personal data outside of Austria. The level of data protection in other countries may not be the same as in Austria. We therefore take measures to ensure that all recipients offer an adequate level of data protection. For example, we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC). These are available on request (see point 6.).
4. Storage duration
We store your personal data until the end of the business relationship within the scope of which we have collected your data or until the expiry of the applicable statutory limitation and storage periods, beyond that until the end of any legal disputes in which the data is required as evidence and in any case for the duration of statutory warranty periods or contractually agreed warranty periods. If you are a client, former client, interested party or potential future client or a contact person of one of the aforementioned persons, we store your personal data for marketing purposes until you object or revoke your consent, provided that the marketing measure is based on your consent and provided that exceptionally there is no other legal basis for storing the data. 16. May 2018 Service Area Consulting 03
5. Your rights in connection with personal data
Among other things, you are entitled (i) to check whether and what personal data we process about you and to receive copies of this data, (ii) to request the correction, supplementation or deletion of your personal data if they are incorrect or if they are not processed in accordance with the law, (iii) to request us to restrict the processing of your personal data, (iv) to object in certain circumstances to the processing of your personal data or to revoke the consent previously given for the processing, whereby a revocation does not affect the legality of the processing that took place before the revocation, (v) to demand data transferability if you are our client, (vi) to know the identity of third parties to whom your personal data is transferred, and (vii) to lodge a complaint with the data protection authority.
6. Our contact details
If you have any questions regarding this statement or would like to file any requests, please contact the Deloitte company working for you or on your behalf: • Deloitte Consulting GmbH: email@example.com, Renngasse 1, 1010 Vienna Alternatively, you can also contact our Group Privacy Officer at Deloitte Services Wirtschaftsprüfungs GmbH, firstname.lastname@example.org, Renngasse 1, 1010 Vienna. Our Group Privacy Officer acts as Data Protection Officer for all of the aforementioned affiliated Deloitte companies.
Let's get in touch
Leave a message