Privacy Statement

The Deloitte Accounting Research Tool (“DART”) contains content provided by various member firms (or their affiliates) of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities.

Content is organized into the channels specified in the paragraph below. The specific channel that you are viewing is designated in the upper right-hand corner of each DART webpage. The specific DTTL member firm or its affiliate responsible for providing the content you are viewing will vary depending upon the channel you are viewing.

All content on the ‘iGAAP’ and ‘GAAP in the UK’ channels is provided by Deloitte LLP (the United Kingdom affiliate of Deloitte NSE LLP, a member firm of DTTL). All content on the US channel is provided by a subsidiary of a US member firm of DTTL. .

The following privacy terms apply to personal data collected with respect to content provided by an affiliate of a US member firm of DTTL. The following privacy terms apply to personal data collected with respect to content provided by Deloitte LLP.

Deloitte Accounting Research Tool (DART), U.S. Version — Privacy Statement

https://www2.deloitte.com/us/en/footerlinks1/privacy.html

Deloitte Accounting Research Tool (DART), U.K. Version — Privacy Statement

Privacy statement

Last revised: March 2019

1 Who this privacy statement applies to and what it covers

1.1 This privacy statement applies to Deloitte LLP with registered office address at 1 New Street Square, London EC4A 3HQ, and the entities we own or control ("Deloitte", "we", "us" or "our").

1.2 We are committed to protecting your privacy and handling your information in an open and transparent manner.

1.3 This privacy statement sets out how we will collect, handle, store and protect information about you when you use:

1.3.1 dart.deloitte.com;

1.3.2 dart.deloitte.com/iGAAP; or

1.3.3 dart.deloitte.com/UKGAAP

1.4 When we refer to the "DART website” in this policy we mean the specific webpages of the Deloitte Accounting Research Tool (“DART”) designated in the upper-right hand corner as either the iGAAP Channel or the GAAP in the UK Channel and specific webpages containing IFRS related content which are included in the US Channel.

1.5 This privacy statement also contains information about when we share your personal data with other member firms of the Deloitte Touche Tohmatsu Limited network and their affiliates and other third parties (for example, our service providers).

1.6 In this privacy statement, your information is sometimes called "personal data". We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data as "processing" such personal data.

2 What information we collect

2.1 In the course of providing services to you or our client and performing due diligence checks in connection with our services (or discussing possible services we might provide), we will collect or obtain personal data about you. We may also collect personal data from you when you use the DART website.

2.2 We may collect or obtain such data because you give it to us (for example in a form on the DART Website), because other people give that data to us (for example your employer or adviser, or third party service providers that we use to help operate our business) or because it is publicly available.

2.3 We may also collect or obtain personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, to improve your experience when you use the DART website and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal data. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookies notice.

2.4 The personal data that we collect or obtain may include:

2.4.1 your name;

2.4.2 your contact information, such as your address and contact details (including your email and mobile telephone number);

2.4.3 country of residence;

2.4.4 employment details (for example, the name and contact details of the organisation you work for, whether you or your organisation are a Deloitte client, your job title and department details);

2.4.5 financial information (for example) credit or debit card information);

2.4.6 the email address of relevant contacts you may have in Deloitte;

2.4.7 your IP address, your browser type and language, your access times; complaint details;

2.4.8 details of how you use our products and services;

2.4.9 details of how you like to interact with us and other similar information.

3 Information provided by third parties

3.1 Where we are provided with personal data about you by our client or another third party, we take steps to ensure that the client or other third party has complied with the privacy laws and regulations relevant to that information; this may include, for example, that the client or other third party has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to process that information as described in this privacy statement.

4 How we use information about you?

4.1 We collect and process information about you to enable us and other Deloitte Member Firms to provide our services to you and our clients and in order to meet our legal or regulatory obligations.

4.2 In addition, some of your personal data may be used for other business purposes. Examples of the types of uses are set out below:

Use of personal data to provide services to our clients

4.3 We will use your personal data to provide you or our clients or other third parties with services. As part of this, we may use your personal data in the course of correspondence relating to the services. Such correspondence may be with you, other third parties, other Deloitte Member Firms, our service providers or competent authorities.

4.4 In addition to the purposes connected to the operation of our business above, we may also use your personal data collected via the DART website:

4.4.1 to manage and improve the DART website;

4.4.2 to tailor the content of the DART website to provide you with a more personalised experience and draw your attention to information about our products and services that may be of interest to you; or

4.4.3 to manage and respond to any request you submit through the DART website.

5 The legal grounds we use for processing personal data

5.1 We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:

5.1.1 you have explicitly agreed to us processing your information for a specific reason;

5.1.2 the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;

5.1.3 the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or

5.1.4 the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:

(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;

(b) to prevent fraud;

(d) to ensure that complaints are investigated;

(e) to evaluate, develop or improve our services or products; or

(f) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so.

6 Sharing your personal data

6.1 In connection with one or more of the purposes outlined in the "How we use information about you" section above, we may disclose details about you to the following recipients, or categories of recipients:

6.1.1 Other Deloitte Member Firms or other third parties that provide services to us;

6.1.2 competent authorities (including courts and authorities regulating us or another member of the Deloitte Network);

6.1.3 your advisers or your employer and/or their advisers;

6.1.4 anyone to whom we may transfer our rights and/or obligations under the Terms;

6.1.5 any other person or organisation after a restructure, sale or acquisition of Deloitte LLP, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both).

7 Transferring your personal data outside the UK

7.1 Information about you in our possession may be transferred to other countries (which may include countries outside the European Economic Area ("EEA")), such as jurisdictions in which and through which transactions are effected; jurisdictions linked to your engagement with us; jurisdictions from which you regularly receive or transmit information; or jurisdictions where our third parties conduct their activities.

7.2 You understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

7.3 When we, or our permitted third parties, transfer your personal data outside the EEA, we or they will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. We or they may also require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your personal data where:

7.3.1 the transfer is to a country deemed to provide adequate protection of your personal data by the European Commission; or

7.3.2 where you have consented to the transfer.

7.4 If we transfer your personal data outside the EEA in other circumstances (for example because we have to provide such information by law), we will put in place appropriate safeguards to ensure that your personal data remains adequately protected.

8 Protection of your personal data

8.1 We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

8.1.1 education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;

8.1.2 administrative and technical controls to restrict access to personal data to a 'need to know' basis;

8.1.3 technological security measures, including fire walls, encryption and anti-virus software; and

8.1.4 physical security measures, such as staff security passes to access our premises.

8.2 Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

9 How long we keep your information for

9.1 We will hold your personal data on our systems for the longest of the following periods: (i) until you request that your account and information are deleted; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise in respect of the services.

10 Your rights

10.1 You have various rights in relation to your personal data. In particular, you have a right to:

10.1.1 obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;

10.1.2 be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from where it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);

10.1.3 ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;

10.1.4 receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);

10.1.5 ask us to stop sending you marketing messages at any time by using the below contact details;

10.1.6 object to our processing of your personal data.

10.2 Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with applicable data protection laws. We will comply with our legal obligations as regards your rights as a data subject.

10.3 We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change using the contact details set out in paragraph 12.1.

10.4 You may also use the contact details in paragraph 12.1 if you wish to make a complaint to us relating to your privacy.

11 Sending you marketing information

11.1 We and other Deloitte Member Firms may use your information from time to time to inform you by letter, telephone, email and other electronic methods, about similar products and services (including those of third parties) which may be of interest to you.

11.2 You may, at any time, request that we and/or other members of the Deloitte Network do not send such information to you by one, some or all channels, by following the opt-out instructions in communications from us or contacting us in the way described in paragraph 12 below.

12 Right to complain

12.1 If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about privacy issues, or you wish to raise a complaint about how we are using your information you can contact us in the following ways:

12.1.1 Write to Head of Deloitte Business Security, Deloitte LLP at 1 New Street Square, London EC4A 3HQ

12.1.2 Send an email to DPO@deloitte.co.uk

12.2 If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113. If you are based in an EEA jurisdiction other than the UK, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.

13 Changes to this privacy statement

13.1 We may modify or amend this privacy statement from time to time.

13.2 To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.