Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)
Collection of personal data
We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, to receive services from our suppliers and, where relevant, to provide professional services to our clients. The personal data we will collect typically includes:
- personal details (e.g. name, country of residence);
- contact details (e.g. email address, contact number, postal address);
- financial details (to the extent we require personal data rather than corporate data); and
- job details (e.g. employer details, role/position in organisation).
Personal data will be collected either from you directly, your employer, a third party acting on your/your employer’s instructions, or from information that has been made publicly available. We will only ask for personal data that is necessary for the agreed services and request that you (or your employer) do not provide anything in addition to what is necessary.
How do we use your personal data?
We use personal data for the following purposes:
- to conduct due diligence checks for suppliers and prospective suppliers
Before entering into a contract with you (and on an ongoing basis once we are in contract) we carry out due diligence checks to manage risk in relation to our suppliers. As part of these checks we will carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify any risks that would prevent us from working with a particular supplier.
- to communicate with you and manage the services we receive from you
We will use your personal data to communicate with you about the services and the ongoing management of our relationship with you, including any payments, service delivery and continuous service improvements.
- to provide professional services to our clients
Where you help us deliver professional services to our clients, we will use your personal data in order to administer and manage our relationship with you and the relevant individuals and to provide such services to our clients (for example, where our supplier is providing people to work with us as part of a PwC team providing professional services to our clients).
- to manage recordings, publicity and course materials
When you are providing training, we may use your name, professional profile, photograph and recordings or images from training sessions to advertise or promote the relevant course or to make recordings and any supporting materials containing any such personal data available to registered participants or clients for later viewing.
- for security monitoring purposes
To protect both our own and our clients’ information, we carry out security monitoring to detect, investigate, and resolve security threats. This involves scans of our systems and software, where client files and personal data are stored.
This processing is necessary for the purpose of our legitimate interests to ensure that our systems remain secure and to prevent and detect crime.
- to comply with a requirement of law, regulation or a request from a professional body to which we are subject
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
How long will we keep your personal data?
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
When permissible, we may anonymise your personal data instead of deleting it. In such cases, all identifying information is removed, making it impossible to associate the data with you.
