Deloitte provides global, regional, national and/or practice-specific services; each service is administered by Deloitte Touche Tohmatsu Limited (‘DTTL’) or by one of the affiliated member firms or entities related thereto (jointly referred to as the ‘Deloitte Network’).
Deloitte the Netherlands (hereinafter also referred to as ‘we’, ‘us’ or ‘our’) is used to refer to all independent subsidiaries or affiliates of Deloitte Holding B.V., which is part of Deloitte NSE, the member firm affiliated with DTTL. We are a global organization that handles your privacy consciously. We are the entity within the Deloitte Network that is responsible for GDPR compliance within the relationship between Deloitte partners or employees and Deloitte The Netherlands and therefore act as ‘controller’ in the sense of the General Data Protection Regulation (‘GDPR’). In this Privacy Statement we explain how we use and protect your personal data.
This Privacy Statement applies to the following categories of individuals, jointly referred to as ‘Deloitte partners or employees’ or ‘Deloitte partners and employees’:
- Partners: individuals who perform work for Deloitte The Netherlands on the basis of a partnership contract.
- Applicants: individuals who will potentially perform work for Deloitte The Netherlands on the basis of an employment contract.
- Employees: individuals who perform work for Deloitte The Netherlands on the basis of an employment contract.
- Former Employees: individuals who have performed work for Deloitte The Netherlands on the basis of an employment contract.
- Interns: individuals who perform work for Deloitte The Netherlands on the basis of an internship contract.
- Third parties: individuals working at Deloitte The Netherlands other than on the basis of an internship contract, partner, employment or internship contract or affiliation agreement (e.g. contractors).
Why is my personal data used?
There are several applicable legitimate grounds for processing your personal data. In most cases processing your personal data is necessary for the performance of the contract between you and Deloitte The Netherlands. Processing personal data can also begin prior to that, if it is needed to enter into the contract between you and Deloitte The Netherlands. Another reason why we can process personal data is in order to comply with legal obligations to which Deloitte The Netherlands is subject, for example for tax purposes. Additionally, personal data be processed for the purposes of protecting your vital interest, in case of an emergency or for the purposes of our legitimate interest, such as a monitoring of specific zones within our office buildings for security purposes.
The purpose of processing your personal data is primarily to ensure that you and Deloitte The Netherlands are enabled to fulfill all of the obligations that arise from your contract, such as, performing your daily work activities or paying your monthly imbursement. Other purposes for which we process your personal data are: [Deloitte will process personal data for recruitment purposes, including determining the most suitable fit with the vacancy we need to fill.
We process the following types of personal data: contact details, gender and recruitment data including resume, motivation letter andgrade list. Throughout this Privacy Statement these categories of personal data are jointly referred to as ‘your personal data’.
The GDPR provides for a number of exemptions on the basis of which Deloitte The Netherlands is enabled to process special categories of personal data, such as data relating to race or ethnic origin, religious conviction, criminal record, physical and mental health status or sexual orientation. Where necessary, Deloitte The Netherlands will comply with the following exemptions to process specials categories of personal data:
- the processing is necessary in the context of the implementation of rules in the field of employment and social security law;
- the processing is necessary to protect your vital interests;
- the processing relates to special personal data that are apparently made public by yourself;
- the processing is necessary for reasons of substantial public interest;
- the processing is necessary for purposes of preventive or occupational medicine, for the assessment of the employment capacity of the data subjects.
We will exercise the utmost care when processing these categories of data.
How is my personal data used?
Your personal data will only be used for the beforementioned legitimate grounds and purposes. For these daily operations, we also use the services of these external parties, which also involves processing of personal data: SmartRecruiters Ltc, Hofkes Frölke Meekel Organisatiepsychologen B.V.(“HFMtalentindex”), Starred B.V., Berenschot Groep B.V., Stichting DSI. Additionally, we use services provided by other Deloitte entities, within the Deloitte Network, that are located outside the European Union/European Economic Area (EU/EAA). For these and other transfers of personal data outside the EU/EEA, an intra group transfer agreement is in place. For more information, please contact the Privacy Office at NLRotterdamRRLGDPR@deloitte.nl.
There is no automated decision-making, including profiling, involved in the processing of personal data. Your personal data may be used to protect our rights or properties and, if necessary, to comply with legal proceedings.
How can I exercise my rights?
If you wish to exercise your rights under the GDPR, such as accessing, rectifying or erasing personal data, please fill in the form ‘Data subject rights request’ available on myDeloitte.
How long is my data processed?
We will process the personal data for the duration of the recruitment process at Deloitte The Netherlands. We shall retain the personal data for four weeks or up to one year, depending on the provided consent. The personal data can be retained for a longer period, if this is required either, directly or indirectly by law, or by another type of obligation where Deloitte The Netherlands is subject to, such as insurance agreements or other contractual obligations. We will make our best effort to ensure optimal data protection measures are in place to make sure that the personal data is securely processed throughout its entire lifecycle.
How can I file a complaint?
We make every effort to process your personal data in a lawful manner. If you are of the opinion that we violate or harm any of your privacy rights, you have the right to lodge a complaint with the Dutch Data Protection Authority (‘Autoriteit Persoonsgegevens’). Before turning to the Data Protection Authority, we kindly request you to first inform the Privacy Office at NLRotterdamRRLGDPR@deloitte.nl.
If there are any questions or concerns about the processing of your personal data in respect of the contract between you and Deloitte The Netherlands, please contact the Privacy Office at NLRotterdamRRLGDPR@deloitte.nl.