Privacy Notice

Last update: 29.04.2022

This privacy and personal data protection policy, hereinafter referred to as "Policy" applies to the content of the pages of the Website, hereinafter referred to as the “Website", published by Deloitte société d’avocats, a law firm, an entity of the Deloitte network. Deloitte is a company incorporated under English law with limited liability. Deloitte and each of its member firms are separate and independent legal entities.

This Policy sets out our use of information about you, which we collect directly or indirectly (hereinafter the "personal data"), and the measures we are implementing to protect them. It also sets out your rights with regard to personal data concerning you and the point of contact to obtain more information about the processing we carry out or to exercise your rights.

This Policy applies to the processing of personal data carried out by Deloitte société d’avocats, and/or any of its affiliates and related entities (hereinafter together or individually "Deloitte”, “we”, or "our"), acting as data controller(s). The data controller(s) can be contacted at the following address: Deloitte société d’avocats, 6 place de la Pyramide, 92908 Paris La Défense Cedex.

The Website may refer to pages specific to the Website or possibly and, as the case may be, The contents appearing on these pages are provided by the entities that manage them and are not the responsibility of the Website. They are not in fact governed by this privacy and personal data protection policy. We strongly recommend that you read the privacy and personal data protection rules of each website before browsing the page.

The following rules of confidentiality and protection of personal data may be supplemented or modified if necessary by additional provisions specific to certain sections of the Website.

 The data subjects whose data processing we carry out are:

  • any visitor to our Website;
  • our customers, their employees, and/or customers and/or suppliers, and/or partners, and/or service providers;
  • our prospects;
  • candidates for our job offers.

(hereinafter together and individually "you”, “your”)

We understand the importance of protecting the privacy of minors. Our Website and services are not designed for and are not intended for minors 15 years of age or younger. Our Policy is not intended to intentionally collect or retain personal data of minors.

The collection, purposes and legal bases for the processing of your personal data

Collection of personal data

This Policy sets out how we collect, process, store and protect it when:

  • you browse or use our Website;
  • we provide professional services to our clients (including their employees);
  • we hire you as a service provider, partner or subcontractor;
  • you apply to Deloitte Société d'Avocats via contact form accessible on our Website;
  • any other operation falling under our generic offers or customer proposals in terms of services or sectors is carried out.

Visitors to our Website

When you browse our Website, we may collect your personal data because you voluntarily provide it to us or because we collect it automatically.

Data that you voluntarily provide to us:

When (i) you fill out a form on our Website, (ii) you subscribe to a newsletter or marketing communication, (iii) you register for an event we organize, we may collect the information described below.

We do not collect sensitive data intentionally. You have no obligation to provide us with sensitive data (data considered sensitive: data concerning the health, sex life or sexual orientation of a natural person, biometric data, genetic data, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership), and you should not communicate it to us. If you decide to provide us with sensitive data via our Website, you consent to this collection and processing of this data.

Data collected Purposes Legal basis

Data that you voluntarily provide to us:

Contact data: surname, first name, e-mail address, phone number

Business data: grade, function, company, industry

  • manage and respond to your requests transmitted on our Website;
  • invite you to the events that may be of interest to you.
Our legitimate interest to respond to any request or complaint received, to invite you to the events for which you have expressed an interest and/or send you information or newsletters according to your wishes or likely to interest you.
Any other data that you decide to communicate to us Your consent. By deciding to provide us with data that we have not requested, you consent to our use of such data for the above mentioned purposes.

Data we collect automatically:

Cookies and web beacons

  • manage, ensure the proper functioning, maintain and improve our Website;
  • adapt the content of our Website so that your experience is more personalized and improve your experience on our Website.

Our legitimate interest to personalize the online user experience, improve the performance, ergonomics of our Website, carry out and measure the effectiveness of our marketing activities

Your consent to the use of Cookies, where required.


Within the framework of the services we provide to you, or when we provide them to our customers and in connection with our internal procedures and due diligence process, in particular for the check of possible conflicts of interest or, as the case may be, during our pre-contractual exchanges concerning the services we may provide to you, we may collect and use personal data about you. The table below describes the personal data we may use when we act as a controller for the purposes set out below. We may process other personal data when we act as a processor in the name of and on behalf of our customers; where applicable, the processing is described in the contract between us and the customer.

Data collected Purposes Legal basis

Contact data:

Your surname, first name, your professional email address  

Business data:

Company you work for and the position you hold

Any other personal data, concerning you or third parties, which you transmit to us in the context of the provision of our services or pre-contractual communication.

  • the needs of exchanges relating to our services and the organization of the missions we carry out with our customers. These exchanges may take place with you, our client, other members of the Deloitte network, our suppliers, or the competent authorities;
  • meet applicable legal, regulatory or ethical requirements (including the management of the obligation of independence, the management of conflicts of interest and quality control);
  • respond to communication requests from the competent authorities to which Deloitte may be subject;
  • opening of customer account(s) or for any other administrative purpose;
  • accounting and financial management, including invoicing of our services;
  • risk analysis and risk management;
  • managing the business relationship, including: (i) sending information or instruction about our products or services that may be of interest to you; (ii) sending a message to collect your feedback on our products or services; or (iii) contact you for other business or commercial purposes in connection with your business;
  • the administration and support of IT tools used in the context of our activities (e-mail, tools dedicated to businesses such as support applications);
  • hosting and maintenance of these IT tools, archiving and reprography;
  • professional services that may be provided to us by our own experts or advisors, such as lawyers, accountants or consultants;
  • the protection of our rights and those of our customers;
  • the fight against the breach of personal data, through the implementation of tools to detect, prevent and guard against any breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data (together,  hereinafter, the "breach(es)"). These tools used by Deloitte, to the extent permitted by law and regulation, include, but are not limited to: (i) tools to detect any breaches committed through the use of cloud storage services, messaging applications, and the use of USB external storage or memory card, (ii) tools to detect any breaches committed via Deloitte's shared spaces,  and (iii) traffic analysis tools to detect any breaches committed via Deloitte email.      

Our legitimate interest to provide you with an efficient service, in accordance with our contractual obligations, and to put in place all the elements necessary for the proper organization of the missions.

Our legitimate interest to exercise or defend your rights or our rights, in accordance with the applicable legal provisions.

Our legal obligations, regulatory or ethical (such as keeping records for tax purposes, providing information to a public institution, combating money laundering).

Sensitive data:

such as information or instruction (i) about your diet, or (ii) about your health

(i) To allow us to provide you with a meal tailored to your diet at a meeting.

(ii) When necessary, for us to be able to make necessary arrangements for you in our buildings.

Your consent
Location data Information security and the fight against the breach of personal data, through the implementation of tools to detect and prevent any security breach resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data.

Our legitimate interest to protect our data as well as the confidential data of our customers against any breach or attempted breach.

Our legitimate interest to prevent fraud and safeguard our information systems


When you (i) fill in a form on our Website, (ii) register for an event that we organize, your personal data that you provide us with is processed by our Marketing team acting as a data controller for strictly internal use.

In this context, all our communications provide an unsubscribe link in the event that you no longer wish to receive them. 

Also, we only disclose your personal data to Deloitte partners after obtaining your explicit consent, as the case may be.

Data collected Purposes Legal basis

Contact data

Your surname, first name, your address, your professional email  

Business data:

Company you work for and the position you hold

Any other optional personal data that you transmit to us within the framework of our prospecting actions

To enable us to contact you for future events organized by Deloitte

Your consent


For more information on our processing of personal data collected in the context of recruitment, please visit our website dedicated to recruitment accessible at the following address:

Persons whose personal data may be collected indirectly

In connection with the services we provide to our customers, we may indirectly obtain your personal data because our customers or others provide it to us (e.g. your counsel or employer, or service providers we use for the purposes of our business activities) or because such data is available in the public domain. Such data is processed in compliance with this Policy and the applicable law.

When we obtain your personal data from our customers, it is the responsibility of the customers (i) to ensure that all personal data that has been communicated to Deloitte, directly by the customers or indirectly on their behalf, has been collected in a lawful, fair and transparent manner, and (ii) to inform you of the processing we perform with your data.

The persons to whom we communicate your personal data

For any of the purposes mentioned in the section "The collection, purposes and legal bases of the processing of your personal data" above, we may communicate your personal data to:

  • other entities in the Deloitte network;
  • our service providers: our hosting providers, our IT service providers supporting and maintaining our systems, the providers we use to protect against loss of or unauthorized access to data, the publishers of software we may use to deliver our services, external service providers that we may use to provide services to our customers;
  • our counsels, including our lawyers, insurers, brokers, auditors; 
  • any competent authority (including courts and supervisory authorities that supervise us or other entities in the Deloitte network);
  • your employer and/or his/her counsel;
  • your counsel, including your lawyers, insurers, brokers, auditors;
  • credit rating agencies or other institutions that help us make decisions to open accounts or assignments and reduce the incidence of fraud;
  • other third parties who may need access to your personal data for one or more of the operations described above in the section "The collection, purposes and legal bases of the processing of your personal data".

We inform you that some recipients of your personal data mentioned above may reside in a country other than a Member State of the European Union or the European Economic Area, whose laws and regulations do not provide the same level of personal data protection. In these situations, we will ensure that the safeguards put in place to protect your personal data comply with the legal obligations in force within the European Union and we will put in place appropriate safeguards to secure the data transfer, such as the implementation of Binding Corporate Rules (BCR),  the conclusion of a data transfer agreement with the recipient, including the standard contractual clauses approved by the European Commission for the purpose of transferring personal data to third countries.

Blogs, forums, wikis and other social media

Our Website may host various blogs, forums, wikis and other social media applications or services that allow you to communicate content to other users (hereinafter the "social networks”). Any personal data or other information disclosed through these applications may be read, collected and used by users of these social networks. We have very little, if any, control over such other users. In fact, we cannot be held responsible for the use, misuse or misappropriation of your personal data by another user of these social networks.

Technical and operational measures to protect your personal data

We use a set of technical and organizational measures to protect your personal data, process it lawfully, fairly and transparently, and ensure an appropriate level of security with regard to the potential risk.

These measures include:

  • raising awareness and training staff to ensure that they are aware of our obligations to protect personal data and best practices to be adopted to protect them;
  • administrative (HR, CIO) and technical controls in order to limit access to personal data only to staff who need to know for any of the aforementioned purposes;
  • periodic audits to analyse the measures put in place and monitor their effectiveness;
  • the implementation of internal procedures and policies, in particular for the management of requests for the exercise of rights and the adaptation of procedures for dealing with confidentiality incidents;
  • IT security measures to ensure protection against attacks and failures, in accordance with the ISO 27001 standard; including firewalls, encryption, antivirus software, antimalware and tools to prevent cyber attacks and personal data breaches;
  • physical security measures to protect our premises, including access badges.

Although Deloitte takes all appropriate security measures at the time of collection of your personal data and in connection with any processing of personal data, the transmission of data over the Internet (including by email) is never completely secure.

The retention period of your personal data

We will keep your personal data in our systems for the longer of the following periods:

  1. the time necessary to achieve the objective or objectives pursued at the time of their collection;
  2. the retention, archiving and limitation periods set out by law or regulations;
  3. the end of the applicable limitation period following a dispute or investigation in connection with one of our offers or proposals, or one of our services.

Your rights

You have the right to:

  • Obtain confirmation that we are processing your personal data and obtain a copy of the personal data we hold about you;
  • Ask us to update your personal data held or to correct incorrect or incomplete personal data;
  • Ask us to delete the personal data we hold about you, or to limit our use of it;
  • Withdraw your consent to allow us to process your personal data (to the extent that such processing is subject to consent);
  • To the extent required by applicable law or regulation, receive a copy of the personal data you have transmitted to us, in a structured, commonly used and machine-readable form and for transmission to another party (to the extent that such processing is subject to consent or contract);
  • Object to the processing of your personal data;
  • Define the fate of your personal data after your death;

by contacting Deloitte's Communication department:

How to exercise your rights?

  • If you no longer wish to receive marketing or commercial material from us, please click on the unsubscribe link in any communication email we send you.
  • You can set your cookies here.
  • For any other questions regarding our use of your personal data, the exercise of your rights or the filing of a complaint, you can contact our Data Protection Officer ("DPO") at
  • For any question or request raised with our services that has remained unsuccessful, you are entitled to file a complaint with the French Data Protection Authority ("Commission Nationale de l'Informatique et des Libertés, or “CNIL”), located at 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

Changes to this Policy

We may modify this Policy periodically, in particular due to legislative and/or regulatory developments and internal policies concerning the protection of your personal data.

If we make changes to this Policy, we will change the last update date at the top of the page. The amended version of this Policy will be effective from that date. As such, we encourage you to regularly review this Policy to stay informed about how we protect your personal data.

Souad El Halfi joins Deloitte Société d’Avocats as a partner.

Read more!