Privacy Statement

Last revision: 28 February 2018

Introduction

Deloitte Central Europe (“DCE”) is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited (“DCEHL”), the member firm of Deloitte Touche Tohmatsu Limited (“DTTL”) in Central Europe. Services are provided by the subsidiaries and affiliates of DCEHL, which are separate and independent legal entities. The following affiliates or associated entities of DCEHL operate in the Czech Republic: Deloitte Advisory s.r.o. Deloitte Audit s.r.o., Deloitte BPS a.s., Deloitte CZ Services s.r.o., Deloitte Security s.r.o., Ambruz & Dark Deloitte Legal s.r.o., advokátní kancelář and ELBONA AUDIT s.r.o. (together referred to as “ Deloitte in Czech Republic ”).

The “Deloitte Network” refers to Deloitte Touche Tohmatsu Limited, the member firms of DTTL, and their related entities.

This Privacy Statement applies to the website https://peopleport.deloitte.cz, placed also on the https://peopleport.cz domain, including an application “People Port” (the “Application”), which is placed thereon (together further referred to as “this Website”).

The operator of this Website is Deloitte CZ Services s.r.o., with its registered office at Karolinská 654/2, 186 00 Prague 8, the Czech Republic, Corporate ID No.: 05660904, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 268054.

The provider of the content of this Website is Deloitte BPS a.s., with its registered office at Karolinská 654/2, 186 00 Prague 8, the Czech Republic, Corporate ID No.: 27160831, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 9402, also referred to below as “we”, “us” or “our”.

This information on personal data collection and processing (“Privacy Statement”) explains how we protect visitors’ data gathered via this Website.

Contact:

If you have any questions regarding this Privacy Statement, collection and processing of your personal data while using this Website, please contact your employer, as a personal data controller as defined below.

Definitions:

“Controller” means a controller or data controller (as defined in the Data Protection Legislation).

“Processor” means a data processor or processor (as defined in the Data Protection Legislation).

“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) national laws implementing the Data Protection Directive (95/46/EC) and the Directive on Privacy and Electronic Communications (2002/58/EC); (b) the GDPR; and (c) any other similar national privacy law.

“GDPR” means the General Data Protection Regulation (EU) (2016/679).

“Personal Data” means any personal data (as defined in the Data Protection Legislation) processed in connection with or as part of the Services.

Personal data collection and processing

As a visitor, you do not have to submit any personal data in order to view the homepage of this Website.

Based on the instruction of the controller, ie. your employer, we process personal data provided by you or by the authorized personnel of the controller through the Application as a personal data processor. The purpose of processing of these personal data designated by the controller is payroll. The personal data are processed in the manner, extent and for the term designated by the controller, who also designates or approves to the processor the range of persons authorized to access the personal data, or approves the rules for the access.

However, in order to log in to the Application it is necessary to provide us with your username (in the form of your business email address), password and business phone number, to which an SMS with authorization code will be sent.

Please, acknowledge that our providers of technical infrastructure, support and security, as listed below, participate on the processing of personal data provided by you or by the authorized personnel of the controller through the Application and of the Personal data provided for the log in purpose:

  • Deloitte Advisory & Management Consulting Private Limited Company, Dózsa Gy út 84.C., 1068 Budapest, Hungary;
  • Deloitte CZ Services s.r.o., Karolinská 654/2, 186 00, Prague 8, Czech Republic;
  • Deloitte CE Business Service Sp. z o.o., Al. Jana Pawla II 22, 00-133 Warsaw, Poland;
  • Deloitte Central Europe Service Centre s.r.o., Karolinská 654/2, 186 00, Prague 8, Czech Republic;
  • in relation to your phone number also the company ProfiSMS s.r.o., with its registered office at Rohanské nábř. 678/29, 186 00 Prague 8, the Czech Republic, Corporate ID No.: 03676307, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 236070, which ensures the sending of the authorization SMS.

In compliance with instructions of the controller, we established technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of the personal data processed. The safeguards will prevent the unauthorized use of or unauthorized access to the personal data or prevent a personal data breach (security incident) in accordance with DCE instructions, policies and applicable Data Protection Legislation. DCE entities processing client data are also ISO 27001 certified (ISO/IEC 27001 Information security management).

The processing of personal data is necessary for the provision of the payroll services under the contract, which we concluded with the controller as our client.

Log information, cookies and web beacons

This Website collects standard internet log information including your IP address, browser type and language, access times and referring website addresses. To ensure that this Website is well managed and to facilitate improved navigation, we or our service providers may also use cookies (small text files stored in a user’s browser) or Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data. We do not collect or store any individual (non-aggregated) cookies. We only have an access to aggregate data on cookies for functional purposes. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie Notice.

Information security

We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this Website from unauthorized access, disclosure, alteration, or destruction. In April 2017 DCE obtained the ISO/IEC 27001 certificate for Information Security Management System. ISO/IEC 27001 ensures that all DCE policies and procedures are compliant with best practices and duly enforced by our practitioners.

Changes to the Privacy Statement

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Privacy Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information.

Children's privacy protection

We understand the importance of protecting children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children under the age of 16. It is not our policy to intentionally collect or maintain information about anyone under the age of 16. However, in case when it is necessary for the purpose defined by the controller (ie. for the payroll purposes only), such personal data may be collected through the Application.