Last revision: 28 February 2018
Introduction
Deloitte Central Europe (“DCE”) is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited (“DCEHL”), the member firm of Deloitte Touche Tohmatsu Limited (“DTTL”) in Central Europe. Services are provided by the subsidiaries and affiliates of DCEHL, which are separate and independent legal entities. The following affiliates or associated entities of DCEHL operate in Hungary: Deloitte Advisory and Management Consulting Ltd., Deloitte Auditing and Consulting Ltd., Deloitte CRS Ltd., , and Deloitte Legal Erdos and Partners Law Firm(together referred to as “Deloitte in Hungary”).
The “Deloitte Network” refers to Deloitte Touche Tohmatsu Limited, the member firms of DTTL, and their related entities.
This Privacy Statement applies to the website https://peopleport.deloitte.cz, placed also on the https://peopleport.cz domain, including an application “People Port” (the “Application”), which is placed thereon (together further referred to as “this Website”).
The operator of this Website is Deloitte CZ Services s.r.o., with its registered office at Italská 2581/67, 120 00 Prague 2, the Czech Republic, Corporate ID No.: 05660904, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 268054.
The provider of the content of this Website is Deloitte CRS Ltd (registered office: 1068 Budapest, Dozsa Gyorgy ut 84/C, Hungary; company registration number: 01-09-975176, registered by the Company Registry Court of Budapest-Capital Regional Court) and Bipros Kft. (registered office: 1027 Budapest, Kacsa utca 15-23., Hungary; company registration number: 01-09- 928946; registered by the Company Registry Court of Budapest-Capital Regional Court) its subcontractor (sub-processor) , also referred to below as “we”, “us” or “our”.
This information on personal data collection and processing (“Privacy Statement”) explains how we protect visitors’ data gathered via this Website.
Contact:
If you have any questions regarding this Privacy Statement, collection and processing of your personal data while using this Website, please contact your employer, as a personal data controller as defined below.
Definitions:
“Controller” means a controller or data controller (as defined in the Data Protection Legislation).
“Processor” means a data processor or processor (as defined in the Data Protection Legislation).
“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) national laws implementing the Directive on Privacy and Electronic Communications (2002/58/EC); (b) the GDPR; and (c) any other similar national privacy law.
“GDPR” means the General Data Protection Regulation (EU) (2016/679).
“Personal Data” means any personal data (as defined in the Data Protection Legislation) processed in connection with or as part of the Services.
Personal data collection and processing
As a visitor, you do not have to submit any personal data in order to view the homepage of this Website.
Based on the instruction of the controller, ie. your employer, we process personal data provided by you or by the authorized personnel of the controller through the Application as a personal data processor. The purpose of processing of these personal data designated by the controller is payroll. The personal data are processed in the manner, extent and for the term designated by the controller. Staff members of the data processor and sub-processor have access to the personal data on a need to know basis, i.e. in case it is necessary for the service provision to the data controller. However, in order to log in to the Application it is necessary to provide us with your username (in the form of your business email address), password and business phone number, to which an SMS with authorization code will be sent.
Please, acknowledge that our providers of technical infrastructure, support and security, as listed below, participate on the processing of personal data provided by you or by the authorized personnel of the controller through the Application and of the Personal data provided for the log in purpose:
- Deloitte Advisory and Management Consulting Private Limited Company, Dózsa Gy út 84.C., 1068 Budapest, Hungary;
- Deloitte CZ Services s.r.o., Italská 2581/67, 120 00 Prague 2, Czech Republic;
- Deloitte CE Business Service Sp. z o.o., Al. Jana Pawla II 22, 00-133 Warsaw, Poland;
- Deloitte Central Europe Service Centre s.r.o., Italská 2581/67, 120 00 Prague 2, Czech Republic;
- in relation to your phone number also the company ProfiSMS s.r.o., with its registered office at Rohanské nábř. 678/29, 186 00 Prague 8, the Czech Republic, Corporate ID No.: 03676307, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 236070, which ensures the sending of the authorization SMS.
In compliance with instructions of the controller, we established technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of the personal data processed. The safeguards will prevent the unauthorized use of or unauthorized access to the personal data or prevent a personal data breach (security incident) in accordance with DCE instructions, policies and applicable Data Protection Legislation. DCE entities processing client data are also ISO 27001 certified ( ISO/IEC 27001 Information security management ).
The processing of personal data is necessary for the provision of the payroll services under the contract, which we concluded with the controller as our client.
Log information, cookies and web beacons
This Website collects standard internet log information including your IP address, browser type and language, access times and referring website addresses. To ensure that this Website is well managed and to facilitate improved navigation, we or our service providers may also use cookies (small text files stored in a user’s browser) or Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data. We do not collect or store any individual (non-aggregated) cookies. We only have an access to aggregate data on cookies for functional purposes. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie Notice.
Information security
We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this Website from unauthorized access, disclosure, alteration, or destruction. In April 2017 DCE obtained the ISO/IEC 27001 certificate for Information Security Management System. ISO/IEC 27001 ensures that all DCE policies and procedures are compliant with best practices and duly enforced by our practitioners.
Changes to the Privacy Statement
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Privacy Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information.
Data Subjects’ rights
It is the responsibility of the data controller to inform the data subjects about the data process, the purpose and the legal basis of process, the scope of the personal data involved, the recipients of the personal data (including the data processors and sub-processors), the term of the data process and the data subjects’ rights. The data processor and the sub-processor provide all necessary support to the data controller to help fulfilling its above mentioned obligation, but all requests of the data subjects shall be managed by the data controller.