Deloitte 360

Privacy Statement

Introduction

This Privacy Statement explains how we will collect or obtain, handle, store and protect the information about you that is provided by your Organisation for the use of (1) E360 Platform provided by Astix Infolytics (referred to as the “Application”) and/or (2) in the course of providing services. This Privacy Statement also sets out your rights in relation to personal information and tells you who you can contact if you have questions. By using the Application and/or by receiving services, you agree to the use of such information in accordance with this Privacy Statement.

This Privacy Statement is divided into the sections listed below.

To whom this Privacy Statement applies and what it covers
Types of personal information we collect
How we collect personal information
How we use personal information
On what basis we process personal information
To whom we disclose personal information
Selling of personal information
Do not track
How we keep personal information secure
How long we will keep personal information
Your rights in relation to personal information
Changes to this Privacy Statement
Contact us

To whom this Privacy Statement applies and what it covers

When used in this Privacy Statement “Deloitte”, “we”, “us” and “our” refers to any entity within the Deloitte Network that invited you to use the Application and/or is involved in the provision of services.

As used in this Privacy Statement, the “Deloitte Network” refers to one or more of Deloitte Touche Tohmatsu India LLP (“DTTILLP”), its network of member firms and the affiliates of such member firms or its authorized third parties. DTTILLP and each of its member firms and the affiliates of such member firms are legally separate and independent entities. Please see deloitte.com/about for a detailed description of the legal structure of DTTILLP and its member firms.

This Privacy Statement is being provided to you in connection with your use of the Application and/or services. It sets out how the Application will process the personal information for 360-Degree Feedback for employees. Deloitte is providing these services either under a direct contract with you or via a contract with another person (such as a company or a partnership or a trustee) who has asked us to provide the services.

Personal information will be protected and handled with consideration for its confidentiality.

In this Privacy Statement, we refer to handling, collecting, protecting and storing personal information as "processing".

Types of personal information we collect

Deloitte may collect personal information relating to you such as:

your name,
contact details,
job title,
Department / team information
any other personal information you or your employer share during the course of your interaction with us as part of the engagement.

How we collect personal information

Deloitte may collect personal information about you in different ways:

you may upload the data onto the Application
you may provide it directly to us
we may obtain it because of the services that Deloitte provides or has previously provided
we may observe or infer it from the information you provide to us and/or the way you interact with us

This personal information can be received in any manner, including in-person discussions, telephone conversations, and electronic or other written communications.

Without access to all the personal information that we need, Deloitte may be unable to provide or complete the services.

How we use personal information

Deloitte processes personal information to provide services to you or to the entity that has entered into subscription agreement or service arrangement with us as regards the Application.

Deloitte may also use personal information for the purposes of, or in connection with:

compliance with applicable legal, regulatory or professional requirements
protecting our rights and/or property
developing or improving services and products.

On what basis we process personal information

This Privacy Statement sets out the grounds upon which we rely in order to process personal information.

Deloitte may use personal information for the purposes outlined above because:

(a) where relevant, we have a contract with you to provide services and processing personal information is necessary for the performance of such contract.

(b) we are subject to legal, regulatory or professional obligations.

To whom we disclose personal information

In connection with one or more of the purposes outlined in this Privacy Statement, we may disclose personal information to:

other firms within the Deloitte Network
competent authorities, including courts and authorities regulating us or another firm within the Deloitte Network, in each case to comply with legal, regulatory or professional obligations, process or requests
vendors and administrative support, infrastructure and other service providers handling your information on our behalf; in each case, such vendors and service providers will be contractually bound by confidentiality and privacy obligations consistent with the obligations in this Privacy Statement
third parties to whom we disclose information in the course of providing services to you or to the entity that has engaged us to provide the services.

Any personal information that we have referenced above under “How we collect personal information” may be disclosed to the third parties identified in this section for the purposes set forth herein.

Selling of personal information

We do not sell your personal information.

How we keep personal information secure

We have in place reasonable commercial standards of technology and operational security to protect personal information from loss, misuse and unauthorized access, disclosure, alteration or destruction.

The admin right at an Application level is with Deloitte personnel. In case of subscription model, the admin right at a client level is with licensee admin (i.e. client admin). The licensee admin will create client account, user master, role creations, etc. Deloitte admin cannot see any data of any client. Role based access control (RBAC) has been implemented on the Application. Users will view/ edit /access data based on role assigned, organizational structure to which the Use is mapped.

How long we will keep personal information

We retain personal information as long as is necessary to fulfill the purposes identified in this Privacy Statement or (i) as otherwise necessary to comply with applicable laws or professional standards, or (ii) as long as the period in which litigation or investigations might arise in respect of our services.

Without prejudice to the above,

Source data which are uploaded by the users in the Application (except JSON file) will be kept for X year; and
Rest of the data processed and generated from the tool (JSON, supporting repository documents, user remarks, backend calculations/ validations, audit trail, search words, etc) to be kept for X

The Information shall not be retained beyond the period mentioned below from the date of collection.

Your rights in relation to personal information

You have various rights in relation to personal information. In particular, you have a right to:

obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you
ask that we update the personal information we hold about you, or correct such information that you think is inaccurate or incomplete

Depending on the jurisdiction in which you are located, you may also have the right to:

ask that we delete personal information that we hold about you, or restrict the way in which we use your personal information
request that we provide the following information regarding the personal information we hold about you:
- The categories and/or specific pieces of personal information we collected
- The categories of sources from which personal information is collected
- The business or commercial purpose for collecting personal information
- The categories of third parties with whom we shared personal information

However, we may still retain a copy of the relevant information for as long as necessary to comply with applicable laws or professional standards, or as long as the period in which litigation or investigations might arise in respect of our services.

To exercise any of your rights under applicable law described above regarding our use of personal information, please contact us at 360feedback@deloitte.com.

Applicable laws may also give you the right to lodge a complaint with a local supervisory authority related to this Privacy Statement.

We will not discriminate against you for exercising any of your rights with respect to personal information.

In addition to describing our current privacy practices, this Privacy Statement also describes the categories of personal information we collected or disclosed. We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Privacy Statement, we will amend the revision date at the top of this page and the modified or amended Privacy Statement shall apply to personal information as of that revision date. We encourage you to review this Privacy Statement periodically to be informed about how we are protecting your personal information.

Contact us

If you have any questions or concerns regarding this Privacy Statement or you are unsatisfied with the way in which personal information has been processed or the manner in which a privacy query or request that you have raised has been handled, please contact by emailing 360feedback@deloitte.com.