Menu

Menu

Loading Results

Privacy Notice

This privacy notice explains how we process personal data when you complete our free “Companies Health Check in Data Protection Compliance” form and, if you choose, when you subscribe to receive marketing communications about our GDPR/data protection services.

Who we are and how to contact us

Controller: PricewaterhouseCoopers Consulting SHPK

Municipal Unit No. 5, Ibrahim Rugova Street, Sky Tower, 9th Floor, Office 91

Telephone: +(355) 42 242 254

Email: al_pwc_albania@pwc.com 

Web: www.pwc.com/al

Data Protection Officer (DPO): Ejona Keçi (al_pwc_consulting_dpo@pwc.com)

What data we collect

  • Contact details: your business email address. We do not ask for your name; however, your email may identify you if it contains your name (e.g., firstname.lastname@company.com). Please avoid including special category data or any other personal data in free-text fields.                       

  • Questionnaire responses: your answers to the health-check questions (company compliance indicators).

Purposes and legal bases

Provide the health‑check and deliver your results: we process your email and responses to generate your assessment results and send them to you. Our legal basis is our legitimate interests in operating the assessment and delivering the results you request. Where the health‑check is provided under our terms, the legal basis is performance of a contract or steps taken at your request prior to entering into a contract.

Marketing (meetings, service promotions, newsletters, updates): we will only send marketing if you give us your consent via separate unticked checkboxes. You can withdraw consent at any time.

Profiling for tailored content: if you consent to marketing, we may segment your responses (e.g., compliance level) to tailor emails. There is no solely automated decision‑making with legal or similarly significant effects.

Direct marketing and your choices

We rely on your consent for all marketing to non‑clients (meeting invitations, service promotions, newsletters/updates). You may withdraw consent at any time using the unsubscribe link in each email or by contacting us; withdrawal does not affect earlier lawful processing.

You have the right to object to direct marketing at any time; if you object or withdraw consent, we will stop. 

Where we obtain data

Directly from you through the online form. If we ever use data from other sources, we will inform you of the source and categories of data at or before the first communication. 

Recipients and processors

We use vetted service providers acting under written contracts (e.g., survey, email marketing, CRM, hosting, IT support). They process personal data only on our instructions and under confidentiality. 

If relevant, PwC network entities may access data for support strictly for the purposes described here and subject to appropriate safeguards.

International data transfers

Personal data are stored and accessed only within Albania (and the EEA if applicable). If personal data are stored or accessed outside Albania or EEA, we will ensure an adequate level of protection through an adequacy decision or appropriate safeguards (e.g., standard data protection clauses approved by the Commissioner). We will disclose the safeguards and how to obtain a copy.

Retention

Questionnaire responses: retained for up to 12 months to generate and validate your assessment, improve the tool, and for audit purposes, then deleted or anonymized. Legal basis: our legitimate interests, subject to data minimisation. 

Marketing contact data: retained until you withdraw consent, then deleted or suppressed to honor opt‑outs. We may retain limited records to demonstrate compliance (e.g., consent logs) for longer where legally necessary. 

Your rights 

Subject to conditions in Law No. 124/2024 ‘On Personal Data Protection’, you have the right to:

  • Information and access to your personal data. 

  • Rectification of inaccurate data.

  • Erasure and restriction, in cases provided by law.

  • Data portability where processing is based on consent or contract and carried out by automated means.

  • Object at any time to processing based on legitimate interests and to direct marketing (including profiling for such marketing).

  • Withdraw consent at any time, without affecting prior processing. 

To exercise your rights, contact us at al_pwc_consulting_dpo@pwc.com. We will respond as soon as possible and no later than 30 days, extendable as permitted by law with notice to you. You also have the right to lodge a complaint with the Commissioner for the Right to Information and Personal Data Protection. An Albanian‑language version of this notice is available upon request.

Security 

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including access controls, encryption and regular testing, and we bind personnel and processors to confidentiality. 

If a personal data breach likely to result in high risk occurs, we will notify the Commissioner and, where required, communicate with you without undue delay, consistent with the law. 

Is provision of data mandatory? 

Providing your email and responses is necessary to receive your health‑check results. Marketing is optional and requires separate consent; refusing or withdrawing consent will not affect receipt of your results. 

Changes to this notice 

We may update this notice to reflect legal or operational changes; if the changes materially affect you, we will notify you through appropriate channels before they take effect.

How to manage your choices

Consent checkboxes (unticked by default):

  • “Send me promotional emails about GDPR/data protection services and invitations to meetings.”

  • “Subscribe me to the newsletter and updates.”

You can withdraw consent anytime via the unsubscribe link or by contacting al_pwc_consulting_dpo@pwc.com. 

Profiling statement 

If you consent to marketing, we may use your questionnaire responses to place you into segments (e.g., “basic,” “intermediate,” “advanced” compliance) so that we send you more relevant content. This profiling does not produce legal or similarly significant effects and is subject to your right to withdraw consent and to object to direct marketing. 

Regulatory contact  

Commissioner for the Right to Information and Personal Data Protection: IDPC – Official Website. Full contact details are available on the Commissioner’s official website. 

You have the right to lodge a complaint if you believe your personal data have been processed in violation of Law No. 124/2024.

Follow us

© 2024 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.