Last revised: November 2, 2015
At PricewaterhouseCoopers, we are committed to protecting your privacy and safeguarding your personal, business and financial information. This Privacy Statement applies to PricewaterhouseCoopers LLP, PricewaterhouseCoopers Associates, PwC Management Services LP and their respective affiliates in Canada (collectively, “PwC”, “we” or “our”).
The purpose of this Privacy Statement is to inform you about the types of Personal Information that PwC collects, uses and discloses. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may correct that information.
As we are a national organization, this Privacy Statement is designed to meet the standards prescribed by the Personal Information Protection and Electronic Documents Act and the regulations thereunder (“PIPEDA”) as well as applicable provincial privacy legislation and regulations, including, the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), and An Act respecting the protection of personal information in the private sector (Quebec). We also note that in addition to these standards, we continue to be subject to the confidentiality rules of the Institutes of Chartered Accountants.
From time to time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the “last revised” date which appears at the top of this page.
The following topics will be covered in this Privacy Statement:
“Personal Information” is any information that is identifiable with you, as an individual. This information may include but is not limited to your name, mailing address, telephone number, email address, business facsimile number, age, gender, marital status, health status, financial status, credit card information and credit history. Personal Information, however, does not include your name, business title or business address or business telephone number in your capacity as an employee of an organization.
We will always collect your Personal Information by fair and lawful means (for example, when you engage us to provide services, use the PwC website or speak to a PwC representative). We collect Personal Information from you and from third party service providers, where we have obtained your consent to do so or as otherwise permitted by law.
From time to time you may voluntarily provide PwC with unsolicited personal information – that is, other than where PwC has requested same (for example, through the PwC websites). If you do wish to provide such information for any reason, you consent to PwC using that information in the ways described in this Privacy Statement or as described at the point where you choose to disclose this information. Further, when providing such unsolicited information, we ask that you not provide any sensitive information.
In addition, in order to properly manage our website, we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters.
To gather visitor statistics and manage cookies, we use electronic images called a “single-pixel GIF” or “Web beacon.” Web beacons allow our third-party tracking tools, Adobe Analytics and Google Analytics, to gather simple information such as the IP address of your computer, the time the material was viewed and the type of Internet browser used to access the page. This information is tracked on the third party tracking tools’ servers and reported in aggregate to our webmasters. If you are concerned about the use of Web beacons you can turn off your browsers’ cookies. This action will prevent Web beacons from tracking your specific activity, but the Web beacon may still record an anonymous visit from your IP address.
Finally, PwC understands the importance of protecting children’s privacy, especially in an online environment such as at our websites. The PwC websites covered by this Privacy Statement are not intentionally designed for or directed at children 13 years of age or younger. It is PwC’s policy never to knowingly collect or maintain information about anyone under the age of 13.
Personal Information provided to us by our clients is primarily stored on servers in Canada. However, except where restricted by contractual arrangements or legal requirements applicable to specific clients, PwC also may leverage the services of select service providers. Personal Information that is “in the cloud” may be stored on multiple servers in a number of locations around the world. Rest assured that PwC has taken appropriate steps for the protection of Personal Information handled by our service providers. However, information transmitted to other countries may be subject to the laws and lawful disclosure requirements of the jurisdiction(s) where the information is stored.
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use. We generally use your Personal Information for the following purposes (the “Purposes”):
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
For example, we may transfer your Personal Information to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes — such as service providers that provide telephone support or data storage or processing.
Generally, we will only make disclosures of Personal Information to such persons for which you provide your consent. Notwithstanding the foregoing, we may also make disclosures of Personal Information to a potential acquiror in connection with a transaction involving the sale of some or all of the business of PwC or as otherwise permitted or required by law, in which case the use of your personal information by the new entity would continue to be limited by applicable law.
In addition, we may send Personal Information outside of the country for the purposes set out above, including for process and storage by service providers in connection with such purposes. These other jurisdictions may include the United States, India, United Kingdom, Mauritius, Uruguay or the jurisdiction of any other PwC network firm (as per our engagement letters which allow us to draw on the resources of other firms), which latter jurisdiction(s) may be identified upon request. In particular, while electronic data storage for PwC is located in Canada and the primary and back-up servers are owned by an affiliated entity of PwC, email correspondence to and from PwC goes through PwC (US) servers located in the US. Electronic data sent in or as an attachment to an email is simply diverted through such US servers to Canadian located and owned servers and is not permanently stored on US located servers.
However, you should note that to the extent that any Personal Information is out of the country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. You may provide your consent to us either orally, electronically or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the personal information and the reasonable expectations you might have in the circumstances.
We will not, as a condition of the supply of our professional services or products, require you to consent to the collection, use, disclosure or protection of information beyond that which is required to fulfill the specified and legitimate purposes for which the information is being collected.
With respect to our websites, should visitors subsequently choose to unsubscribe from mailing lists or any registrations, visitors may contact the webmaster of the appropriate site e.g. email@example.com.
We may keep a record of your Personal Information, correspondence or comments in a file specific to you. We will utilize, disclose or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
If you make a written request to review any Personal Information about you that we have collected, utilized or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable, and will explain any abbreviations or codes.
We will ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your Personal Information, when required.
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. You have the right to make a complaint to the federal Privacy Commissioner in respect of this time limit.
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
We have implemented physical, organizational, contractual and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees who are granted access to your Personal Information are those with a business ‘need-to-know’ or whose duties reasonably require such information. On the PwC websites, we use secure socket layer technology for the protection of credit card information submitted through web forms.
Kai Brown, Chief Privacy Officer & Senior Legal Counsel
PwC Tower, 18 York Street, Suite 2600
Telephone: +1 416 815 5234