Privacy statement

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

This privacy statement was last updated on 27th July 2018

Introduction

PwC is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

As used in this privacy statement, “PwC”, “us”, and “we” refer to the PwC network and/or one or more of its Member Firms that may process your personal information. Each Member Firm in the PwC network is a separate legal entity. The data controllers of your personal information are one or more of the Member Firms listed here. For further details, please see www.pwc.com/structure. See http://www.pwc.com/gx/en/about/office-locations.html for a list of countries and regions in which PwC Member Firms operate.

In this privacy statement, we refer to information about you or information that identifies you as “personal data” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information.

PwC processes personal data for numerous purposes. Our policy is to be transparent about why and how we process personal data. 

Click on the links in our index to take you to the more detailed sections of this privacy statement.

To find out more about our specific processing activities, go to our processing activities.

Our legal grounds for processing your personal data

Your local law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

  • our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);
  • our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights);
  • to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
  • to perform our obligations under a contractual arrangement with you; or
  • where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose.

Transfers of personal data

Cross-border transfers

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

Where we collect your personal information within the EEA, transfer outside the EEA will be only:

  • to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
  • under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

The US member firm of PwC, PricewaterhouseCoopers LLP and its affiliated US subsidiaries (together, “PwC US”), adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information that is transferred from the European Union and its Member States, and the EEA and Switzerland to the United States.  PwC US has certified that it adheres to the Privacy Shield Principles within the scope of PwC US’s Privacy Shield certification. To learn more, see the PwC US Privacy Shield Policy.

Other PwC Member Firms

For details of PwC Member Firm locations, please see http://www.pwc.com/gx/en/about/office-locations.html.

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing advice to that client.

Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other disclosures

We may also disclose personal information under the following circumstances:

  • with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
  • when explicitly requested by you;
  • when required to deliver publications or reference materials requested by you;
  • when required to facilitate conferences or events hosted by a third party;
  • To law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal information to determine whether disclosure is required or permitted.

Security

We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Changes to this privacy statement

This privacy statement was last updated on 27th July 2018.

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

Your legal rights in relation to personal data

You may have certain rights under your local law in relation to the personal information we hold about you. In particular, you may have a legal right to:

  • obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data
  • the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
  • The right to delete your personal data in the following cases:
    • the personal data is no longer necessary in relation to the purposes for which they were collected and processed;
    • our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
    • our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
    • you object to processing for direct marketing purposes;
    • your personal data has been unlawfully processed; or
    • your personal data must be erased to comply with a legal obligation to which we are subject.
  • The right to restrict personal data processing in the following cases:
    • for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data;
    • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
    • your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
    • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
  • The right to object to the processing of your personal data in the following cases:
    • our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
    • our processing is for direct marketing purposes.
  • The right to data portability
    • The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
  • The right to withdraw consent
    • Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).

Complaints

If you have questions or complaints about this privacy statement or the way your personal information is processed, or would like to exercise a legal right in relation to your personal data, please contact us by one of the following means:

Form: Contact form

Email: privacy@pwc.com
Post: PricewaterhouseCoopers LLP, One Embankment Place, London, UK, WC2N 6RH

You may have the right to lodge a complaint with your local data protection regulator.

Our processing activities

To find out more please go to the sections of this statement that are relevant to you.

Business contacts

Collection​ ​of​ ​personal​ data

PwC processes personal data about contacts (existing and potential PwC clients and/or individuals associated with them).

This includes name, employer name, contact title, phone, email and other business contact details. In addition, we may record information about our interactions with contacts.

Use​ ​of​ ​personal​ data

Personal data relating to business contacts may be used for the following purposes:

  • Administering, managing and developing our businesses and services
    This includes:
    • managing our relationship with clients;
    • developing our businesses and services (such as identifying client needs and improvements in service delivery and learning more about a client relationship opportunity);
    • analysing and evaluating the strength of interactions between PwC and a contact;
    • performing analytics, including producing metrics for PwC leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals;
    • administering and managing IT systems, websites and applications; and
    • hosting or facilitating the hosting of events
  • Providing information about PwC and its services
    • We use client business contact details to provide information that we think will be of interest about PwC and its services, in accordance with any permissions required by law. This may include industry updates and insights, other services that may be relevant and invites to events.
  • PwC does not sell or release personal data to third parties for purposes of allowing them to market their products and services without consent from individuals to do so.
Data retention

Personal data will be retained for as long as we have, or need to keep a record of, a relationship with a business contact, which is for the duration of our relationship with a contact or their organisation. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.  

Corporate clients (and individuals associated with our corporate clients)

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data with us where it is strictly needed for those purposes.

Where we need to process personal data to provide professional services, we ask our clients to provide the necessary information to the data subjects regarding its use. Our clients may use relevant sections of this privacy statement or refer data subjects to this privacy statement if they consider it appropriate to do so.

The categories of personal data processed by us in relation to the services we provide are generally:

  • Personal details (e.g. name, age/date of birth, gender, marital status, country of residence);
  • Contact details (e.g. email address, contact number, postal address);
  • Financial details (e.g. salary and other income and investments, benefits, tax status); and
  • Job details (e.g. role, grade, experience and performance information). 

For certain services or activities, we may process special categories of personal data (such as in performing client checks and providing immigration and tax services, which involve us processing government identification documents that may contain biometric data or data revealing racial or ethnic origin or as part of an audit of an organisation in the health sector).

Generally, we collect personal data from our clients or from third parties when providing services to the relevant client.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services
    We provide a diverse range of professional services. Some of our services require us to process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility, tax and pensions services.
  • Administering, managing and developing our businesses and services
    This includes:
    • managing our relationship with clients and prospective clients;
    • developing our businesses and services (such as identifying client needs and improvements in service delivery);
    • administering and managing IT systems, websites and applications; and
    • hosting or facilitating the hosting of events.
  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file.  We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
  • Providing clients and prospective clients with information about us and our range of services
    We use client and prospective client business contact details to provide information that we think will be of interest about us and our services in accordance with any permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
  • Complying with any requirement of law, regulation or a professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
  • Improving and developing our services
    We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new PwC technologies and offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

Data retention

We retain the personal data processed by us for as long as necessary for the purpose for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Personal clients

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes. We ask our clients only to share personal data where it is strictly needed for those purposes.

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to other data subjects concerned, such as family members, regarding its use.

Given the diversity of the services we provide to personal clients, we process many categories of personal data, including as appropriate for the services we are providing:

  • Contact details;
  • Business activities;
  • Family information;
  • Income, taxation and other financial-related details; andInvestments and other financial interests.

For certain services, and when permitted by law or with an individual's consent, we may also collect special categories of personal data. Examples of special categories include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records.

Generally, we collect personal data from our clients or from a third party acting on the instructions of the client.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services to personal clients
    We provide a diverse range of professional services. Some of our services require us to process personal data in order to provide advice and deliverables. For example, we need to use personal data to provide individual tax advice, immigration services or pensions advice.
  • Administering, managing and developing our businesses and services
    This includes:
    • managing our relationship with personal clients and prospective clients;
    • developing our businesses and services (such as identifying client needs and improvements in service delivery);
    • administering and managing IT systems, websites and applications; and
    • hosting or facilitating the hosting of events.
  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
  • Providing personal clients and prospective personal clients with information about us and our range of services
    We use client and prospective client contact details to provide information that we think will be of interest about us and our services in accordance with permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
  • Complying with a requirement of law, regulation or professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
  • Improving and developing our services
    We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new PwC technologies and offerings. To the extent that the information that we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

Data retention

We retain personal data processed by us for as long as necessary for the purpose for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Individuals whose personal data we obtain in connection with providing professional services to our clients

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data with us where it is strictly needed for those purposes.

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to the individuals who are the subject of the data. 

Given the diversity of the services we provide, we process many categories of personal data, including:

  • Personal details (e.g. name, age/date of birth, gender, marital status, country of residence);
  • Contact details (e.g. email address, contact number, postal address);
  • Financial details (e.g. salary, payroll details and other financial-related details such as income, investments and other financial interests, benefits, tax status); and
  • Job details (e.g. role, grade, experience, performance information and other information about management and employees). 

For certain services, we may process special categories of personal data (such as in performing client checks and providing immigration and tax services, which involve us processing government identification documents that may contain biometric data or data revealing racial or ethnic origin or as part of an audit of an organisation in the health sector).

Generally, we collect personal data from our clients or from a third party acting on the instructions of the client. For some of our services, for example, when undertaking a due diligence review of an acquisition target on behalf of a client, we may obtain personal data from that target’s management and employees or from a third party acting on the instructions of the target.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services
    We provide a diverse range of professional services.  Some of our services require us to process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility and pensions services.
  • Administering, managing and developing our businesses and services
    This includes:
    • managing our relationship with clients;
    • developing our businesses and services (such as identifying client needs and improvements in service delivery);
    • administering and managing IT systems, websites and applications; and
    • hosting or facilitating the hosting of events
  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats.  Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
  • Complying with any requirement of law, regulation or a professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
  • Improving and developing our services
    We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new PwC technologies and offerings. To the extent that the information that we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Individuals who use our applications

We provide external users access to various applications managed by us. Such applications will contain their own privacy statements explaining why and how personal data is collected and processed by those applications. We encourage individuals using our applications to refer to the privacy statements available on those applications.

Others who get in touch with us

We collect personal data when an individual gets in touch with us with a question, complaint or feedback (such as name, contact details and contents of the communication). In these cases, the individual is in control of the personal data shared with us. We only use the data as necessary to respond to the communication or resolve the complaint.

PwC personnel (partners, staff and individual contractors)

We collect personal data concerning our own personnel (partners, staff and individual contractors) to administrate the employment relationship and manage our business.

Please refer to our privacy statement available on Spark for information on why and how personal data is collected and processed in relation to your role with PwC.

Recruitment applicants

This section describes why and how we collect and use personal data in connection with our recruitment activities.

If your application is successful, we perform pre-employment screening checks as part of our onboarding process. Depending on the role you have applied for, these checks may include criminal records checks.

Collection of personal data

We collect personal data in connection with our recruitment activities as described below.

Most of the personal data we collect as part of our recruitment process is provided by you such as:

  • Contact details (name, email, telephone number);
  • Areas of interest;
  • Username and password to apply for a role;
  • CV, experience, education, academic and professional qualifications;
  • Information provided as part of interviews and assessments;
  • Diversity and equal opportunities data;
  • Pre-employment screening information if your application is successful;
  • Information about your and your immediate family’s financial relationships if your application is successful; and
  • Bank account details if your application is successful.

We create personal data in connection with our recruitment activities such as

  • Interview and assessment results and feedback; and
  • Offer details

We obtain personal data from third party sources such as:

  • References from your named referees
  • Information from your referrer (where applicable);
  • Results of screening checks (depending on the role applied for);
  • Verification of information provided during the recruitment process by contacting relevant third parties (for example, previous employers, education and qualification providers) or using publicly available sources (for example, to verify your experience, education and qualifications); and
  • Information from social media sites that you are a member of about your engagement with our recruitment campaigns.

Use​ ​of​ ​personal​ data

We process personal data for our legitimate interests to attract and secure the best talent to work with us as follows:

  • To attract talent and market opportunities at PwC including by arranging, hosting and participating in events, marketing and advertising opportunities and using recruiters to help find talent for us.
  • To identify and source talent including by searching our talent pool and publicly available sources (such as professional networking and job websites of which you are a member).
  • To process and manage applications for roles at PwC, evaluate you for open positions that match your interests and experience throughout the PwC network, manage your candidate profile, send you email notifications and other announcements, request additional information or otherwise contact you about your candidacy.
  • To screen and select talent by evaluating your suitability for employment with PwC, including through interviews and assessments and conducting background checks.
  • To hire and onboard talent by making an offer to successful applicants and carrying out pre-employment screening checks.
  • To conduct statistical analyses and create reports including for example regarding use of our careers websites, demographic analysis of candidates, reports on PwC recruitment activities, and analysis of candidate sourcing channels.
  • To administer and manage our careers websites and communicate with you about careers at PwC.
  • Any other purposes stated when you provide the information to PwC.

Where allowed by law, we carry out criminal records checks for the following purposes:

  • To comply with legal obligations to ensure an individual is eligible to work; 
  • As permitted by law, to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; or
  • To comply with government and public sector clearance requirements.

Data retention

We retain personal data processed in connection with recruitment activities as follows:

  • If your application is successful we retain relevant personal data as part of your employee record and your talent pool account (if you choose to join our talent pool).
  • If your application is unsuccessful, we retain and use the information you provided to PwC as part of your application for a reasonable period of time to deal with any matter which may arise in connection with your application, for purposes of contacting you regarding other employment opportunities and for our legitimate business purposes (for example, to make sure we do not contact an individual about a role they have already applied for) and for as long as you are a member of our talent pool (if you choose to join our talent pool).

Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)

Collection​ ​of​ ​personal​ data

We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients. The personal data is generally business card data and will include name, employer name, phone, email and other business contact details and the communications with us.

Use​ ​of​ ​personal​ data

We use personal data for the following purposes:

  • Receiving services
    We process personal data in relation to our suppliers and their staff as necessary to receive the services they are contracted to provide. For example, where a supplier is providing us with facilities management or other outsourced services, we will process personal data about those individuals that are providing services to us.
  • Providing professional services to clients
    Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients (for example, where our supplier is providing people to work with us as part of a PwC team providing professional services to our clients).
  • Administering, managing and developing our businesses and services
    This includes:
    • managing our relationship with suppliers;
    • developing our businesses and services (such as identifying client needs and improvements in service delivery);
    • hosting or facilitating the hosting of events; and
    • administering and managing IT systems, websites and applications
  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
  • Providing information about us and our range of services
    We use business contact details to provide information that we think will be of interest about us and our services in accordance with permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
  • Complying with any requirement of law, regulation or a professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Personal data will be retained about our contacts at our suppliers for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation). Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Websites

This section describes how PwC handles personal information collected through the sites on www.pwc.com that link to this privacy statement (collectively, “the Websites”).

By using the Websites and providing personal information to us, you acknowledge you have read this privacy statement, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such personal information by the PwC network and any third party recipients in accordance with this privacy statement.

Some sites of the Websites may have privacy statements that differ from this one and/or contain additional information as required under local law. Please refer to the privacy statements on the sites you visit in order to understand how they collect and process your data. By accessing any sites available within the Websites or content within them, you (a) acknowledge you will review those Privacy statements and (b) to the extent required under applicable law, consent to the collection, processing and use of your personal data as described in those Privacy statements.

Third Party Links

The Websites may link to third-party sites not controlled by PwC and which do not operate under PwC's privacy practices. When you link to third-party sites, PwC's privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personally identifiable information.

Collection of personal information through the Websites

When you use our Websites, we may collect information about you and your use of the relevant site, including through cookies and analytics tools. We may collect personal information about you, such as your name, job title, company name, address, email address and telephone number, either directly from you or by combining information we collect via the Websites with personal information we collect and maintain through other channels (such as client relationship management systems or identification and access management systems, including IP addresses) or as we may lawfully collect from social media or other third-party sites.

Below are examples of how you may provide personal information to us via Websites:

  • searching and browsing for content;
  • subscribing to or ordering newsletters and/or publications;
  • registering for premium online services;
  • participating in "join our mailing list" initiatives;
  • participating in bulletin boards, discussion or message forums;
  • entering Quick Surveys, Quizzes or Benchmarking Surveys;
  • registering for events and conferences;
  • submitting resumes or work history information;
  • contacting us for further information;
  • visiting our Websites while logged into a social media platform; and/or
  • providing us with business cards or other contact information.

We do not intend to collect sensitive information through the Websites unless we are legally required to do so. Examples of sensitive information include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records. We ask that you do not provide sensitive information of this nature when using the Websites.  If you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under your local law, for us to collect and use that information in the ways described in this section of this Privacy statement or as described at the point where you choose to disclose this information.

We also do not actively seek demographic information from visitors to the Websites. However, you may choose to provide such information (including for example when becoming a Registered User, visiting our site from a social media site, submitting a resume, or responding to an online job application). If you choose to provide demographic information to us, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under applicable law, for us to collect and use that information in the ways described in this section of the Privacy statement or as described at the point where you choose to disclose this information.

It is our policy to collect only minimum personal information required. If the Websites seek non-mandatory personal information about you, you will be notified of this at the point of collection. If you believe a Website has collected excessive information about you, please contact us to raise any concerns.

Some pages on the Websites may permit you to send emails to us. Messages sent via the Websites will contain your screen name and email address, as well as any additional information you wish to include in the message.

Registered Users

If you choose to become a Registered User, as part of the registration process you will be asked to provide us with personal information through a registration form. Information we collect may include: your name, email address, password, country, organisation, and job title. Some of the information is required and, if you do not provide it, you will not be able to register and receive the benefits of being a Registered User (for example, obtaining access to premium content). We have marked with an * those registration fields seeking information that you must provide in order to become a Registered User.

For as long as you are a Registered User, you are responsible for providing us with accurate information about you and for keeping that information up to date. You may update your information by editing your user profile in your Account.

Once you are a Registered User, we may combine the information you give us as part of the registration process with information we collect and/or have previously collected through your use of the Websites (such as articles you read, comments you make). As a Registered User, all of the data you provide as part of registration may be tied back to the information we collect or have previously collected about you through your use of the Websites.

We may also match the information you provide us against third-party data to supplement your user profile. For example, if a third party has additional information related to your email address (such as a social media profile URL or a photo), we may match your email address and activity on the Websites (including activity information collected prior to your becoming a Registered User) against that data and then use the third party data for additional marketing activities.

Use of personal information

When you provide personal information to us through Websites, we may use it for any of the purposes described in this section of the privacy statement or as stated at the point of collection (or as obvious from the context of collection), including:

  • to administer and manage the Websites, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site, premium content, or other services limited to Registered Users;
  • to personalise and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you;
  • to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using the Websites);
  • to determine the company, organisation, institution, or agency that you work for or with which you are otherwise associated;
  • to develop our businesses and services;
  • to conduct benchmarking and data analysis including, for example, regarding usage of the Websites and demographics analyses of their users;
  • to conduct quality and risk management reviews;
  • to understand how people use the features and functions of our Websites in order to improve the user experience;
  • to monitor and enforce compliance with applicable terms of use, including acceptable use policies;  and/or
  • any other purposes for which you provided the information to PwC, including any of the purposes given in the ‘Collection of personal information’ section above.

Our Websites do not collect or compile personal information for sale to non-PwC parties for consumer marketing purposes.

If you would like to find out more about the different categories of information we collect on the Websites, please review the ‘Collection of personal information’ section.

Registered Users: additional uses of personal information

If you choose to become a Registered User, we may also use your information for the following purposes:

  • to tailor the content within our Websites and across PwC digital properties, including content shown to you, to your preferences and interests;
  • to manage our relationship with you or the organisation for which you work (for example, by including personal data we collect about you from your use of the Websites in our customer relationship management systems);
  • to provide you with information about us and our services including via personalised marketing messages and/or communications unique to your organisation about our products and services;
  • to invite you to attend events, participate in forums, etc.;
  • to conduct quality and risk management reviews;
  • any other purposes for which you provided the information to PwC.

Cookies and Beacons

Please see our Cookie Policy.

Data retention

We will retain your personal information on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. We keep mailing list information until a user unsubscribes from our mailing lists. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.

Marketing

Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so. 

If you opt into any subscriptions, you will receive automated emails when content is updated. If you opt into any newsletters, you will receive curated emails known as newsletters. If you select any preferences such as issues, topics, subjects or industries, you may receive email communications related to those self-selected topics.

Unsubscribe

If you want to unsubscribe from mailing lists or any registrations, you should look for and follow the instructions we have provided within the appropriate area(s) of the Websites or in the relevant communications to you.

If you do not wish to receive emails or marketing communications from us, you can at any time contact us to request that such communications cease. If you wish to unsubscribe or no longer receive only certain communications, please identify such communications in your request.

If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.

Account Deactivation

If you are a Registered User, you may deactivate your account at any time via the Registered User section of the Websites. If you deactivate your account on the Websites, you will no longer receive the benefits of being a Registered User. If you choose to deactivate your account, we may retain information sufficient to identify you so that we can honour your request.

If you have other registrations with PwC, or have provided your information to PwC through other means (such as subscribing to newsletter), those registrations will be maintained unless you take specific action to inform us to cease contacting you.

Any user generated content that you may have created before then will not be anonymised following deactivation, nor will it be immediately removed from our systems or records.

Access to data

We are committed to providing reasonable and practical access that allows visitors to the Websites to identify and correct any inaccuracies in the information we collect about them.

When we keep personal information about you, we are responsible for keeping an accurate record of the information that you have submitted to us. We do not assume responsibility for verifying the ongoing accuracy of your personal information. If you are a Registered User, you may update your personal information; to do so, log in using your account credentials and update your information.

If you have questions about the accuracy of identifying information you previously submitted to PwC, or want to have outdated information removed, please contact us. When requested, and provided that it is practical and commercially feasible to comply with the request and there is no legal or regulatory need for us to keep the information, we will delete identifying information from current operational systems.

Children

We understand the importance of protecting children's privacy, especially in an online environment. The Websites covered by this Privacy statement are not intentionally designed for or directed at children, and our terms and conditions of use require all users to be above the age of majority in their local country. We adhere to laws regarding marketing to children. We never knowingly collect or maintain personal information about individuals under the age of 18.

Marketing activities

Marketing

Marketing includes any communications about PwC products and services. Where we are legally required to obtain your explicit consent to send you marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.

We retain contact information (including name and email address) on our mailing lists until an individual unsubscribes from our mailing lists. If you unsubscribe from our mailings, we may retain limited information sufficient to identify you so that we can honour your opt out request.

PwC does not sell personal information to non-PwC parties for consumer marketing purposes.

How to unsubscribe from marketing communication

You can at any time contact us to request that we stop sending you email marketing communications. If you want to unsubscribe from mailing lists, you should look for and follow the instructions we have provided in the relevant communications to you.

If you wish to no longer receive only certain communications, please identify such communications in your request.

Visitors to our Offices

We have security measures in place at PwC offices, including CCTV and building access controls.

CCTV

We only perform CCTV monitoring where allowed by law. CCTV images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). We use the CCTV images for the legitimate purposes of promoting security and safety of our personnel and members of the public, preventing and detecting crime and establishing, exercising and defending legal claims. We may disclose CCTV images to law enforcement bodies as requested and permitted by law.

CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

Visitor records

We require visitors to our offices to sign in at reception and we keep that record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).

Guest WIFI

We may monitor traffic on our guest WIFI networks using industry standard intrusion detection systems. This allows us to see limited information about a user’s network behaviours but will include being able to see at least the source and destination addresses the user is connecting from and to. We cannot inspect encrypted web pages and therefore do not have access to any information (personal or otherwise) that the user might share via these web pages.

Insolvencies and restructuring

Introduction

In this section of our privacy statement on insolvencies, the term “company” refers to the company, corporation or institution which is subject to an insolvency or restructuring regime and “debtor” refers to an individual who is subject to an insolvency or restructuring regime (each referred to as an “Insolvency”).

When a company undergoes an Insolvency, one or more PwC insolvency practitioners may be appointed to manage the company’s affairs, business and property. Similarly, when a debtor is subject to an Insolvency, one or more PwC insolvency practitioners may be appointed to manage the debtor’s affairs, business and property.

To find out more about the roles of the company, the debtor, the insolvency practitioners and PwC and why and how personal data is collected and used in connection with an Insolvency, please read the information below.

Roles of the company, the debtor, the insolvency practitioners and PwC

Where PwC insolvency practitioners are appointed:

  • they act in the capacity of agents of the company or debtor in fulfilling the role of managing the company’s or the debtor’s affairs, business and property; and
  • they may process personal data to comply with their own legal and regulatory requirements as insolvency practitioners.

Where PwC insolvency practitioners, the debtor or the company engages PwC to provide services in relation to an Insolvency, PwC may act on behalf of the PwC insolvency practitioners or the debtor or the company as appropriate.

Collection of personal data

The PwC insolvency practitioners collect and process personal data for the purposes of complying with their legal obligations as licensed insolvency practitioners and for the  legitimate interests of the Insolvency.

The nature and amount of personal data the company or debtor has about an individual will depend on the type of company, the nature of the debtor’s business affairs (e.g. industry/sector) and an individual’s relationship with the company or debtor.

Typical personal data processed by the company or debtor may involve employees, officers or directors of the company and would include name and contact details, role/position/title and area of responsibility, other identifying information (eg passport photo, etc) as required by laws and regulations, information about pay and performance.

If you have dealt with the company or the debtor in an individual capacity (e.g. as a customer or a client) then the company or the debtor is likely to hold information about your interactions with the company or debtor (such as purchases and correspondence).

Use of personal data

The company, the debtor and the PwC insolvency practitioners process personal data for the purposes of:

  • the provision of references or reports to financial institutions, regulatory authorities, appropriate bodies in connection with the holding of public office;
  • analysis for management purposes and statutory returns;
  • the provision of business services including the realisation of assets, agreement of claims and the payment of dividends
  • the reasonable and lawful provision of information to interested parties;
  • the calculation and analysis of payroll, billing, credit control and other data relating to the company’s finances and the transfer of such data for use by financial personnel and other appropriate independent third parties;
  • maintaining security of the company, any personnel and data;
  • the prevention and detection of crime or fraud;
  • quality and risk management purposes;
  • compliance with any request from regulatory authorities or other relevant public authorities or agencies;
  • legal proceedings (including prospective legal proceedings);
  • obtaining legal advice;
  • establishing, exercising or defending legal rights;
  • compliance with certain legal obligations to which the company or debtor may be subject;
  • processing for personal purposes of employees in accordance with the law and the company’s and/or debtor’s policies and rules.

The PwC insolvency practitioners may collate, process and disseminate statistics based on an aggregation of data held by them, the company and/or debtor provided that any individual is not identifiable from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.

Data retention

The PwC insolvency practitioners will delete personal data once it is no longer required for the purposes of the Insolvency and the relevant statutory retention periods have passed.

Individuals’ rights

You may exercise your legal rights in relation to personal data by making a written request to the party responsible for your personal information (the company, the debtor or the PwC insolvency practitioners) using the contact details provided in communications about the Insolvency.

Contact us

If you have any questions or complaints about this Privacy statement or the way your personal information is processed on the Websites, or would like to exercise one of your rights set out above, please contact us by one of the following means:

Form: Contact form

Email: privacy@pwc.com

Post:  One Embankment Place

          London, UK WC2N 6RH

You may also have the right to lodge a complaint with your local data protection regulator.

Follow us