Menu

Featured

Artificial Intelligence

Reinvention

Technology

Loading Results

Privacy statement

This privacy statement was last updated on 12 June 2026

Introduction 

Your privacy is important to us, and this privacy statement explains what personal data we collect about you and how we use that personal data. It applies to personal data about you which you provide to us, which we receive from third parties (such as your employer), and which we collect from publicly available sources. It also provides details about the rights you have, as well as how to exercise those rights.

In this privacy statement, “PwC”, “us”, and “we” refer to the PwC network and/or one or more of its member firms that process your personal data. Each member firm in the PwC network is a separate legal entity. The data controllers of your personal data are one or more of the firms with which you interact - whether in connection with receiving professional services, a contractual relationship, a supplier arrangement, an event or a marketing activity. You can find details of the member firms here, the countries and regions in which they operate here, and information about the structure of our network here.

Where two or more member firms determine together how your personal data is collected and used, they are jointly responsible for ensuring your personal data is handled properly and have entered into an arrangement that allocates responsibilities in compliance with applicable data protection laws.

We define any information about you or that identifies you as “personal data”. Throughout this document, terms such as handling, collecting, or storing your personal data are collectively referred to as “processing”. When referring to “you”, this could mean you as an individual client, as a representative of a client or supplier organisation, as a visitor to one of our websites, or as another type of data subject described in the ‘How do we use your personal data?’ section below.  

Who does this statement apply to?

This statement applies to the categories of individuals listed in the ‘How do we use your personal data?’ section below.

We have separate privacy statements for our employees and partners (which can be found on your employee or partner portal) and for certain digital products and applications used by clients or other users (which can be found within the specific product or application). If you are unclear which privacy statement applies to you, please contact us using the details below.

What is our lawful basis for processing your personal data?

We process your personal data only when we have a valid lawful basis to do so, in compliance with applicable data protection laws. We carefully assess the purpose and necessity of processing to ensure that your rights are always respected. The lawful bases we rely on include:

  • Performance of a contract: processing is necessary to fulfil our contractual obligations with you, or to take steps at your request before entering into a contract.
  • Compliance with a legal obligation: processing is necessary to comply with applicable legal obligations.
  • Legitimate interests: processing is necessary for our legitimate interests or those of third parties, such as operating and managing our business, improving our products and services, maintaining security, and protecting our rights, provided that such interests do not override your fundamental rights and freedoms.
  • Consent: processing based on your consent for specific purposes.

Some of the personal data we collect, store and use is considered more sensitive (e.g. personal data about health, political beliefs, religious beliefs, or biometric data). We will only process this special category personal data when permitted by law or with your consent.

The lawful basis we rely on may differ depending on your location and the applicable data protection laws. If you have any questions about the lawful basis that applies to you, please contact us using the details below.

How do we use your personal data?

Click on the section relevant to you for more information about personal data we collect and use, our lawful basis for that use and how long we keep your personal data. We retain personal data only for as long as necessary for the purposes described in this statement or as required by law.

How do we use your personal data? 

Click on the section relevant to you for more information about personal data we collect and use, our lawful basis for that use and how long we keep your personal data. We retain personal data only for as long as necessary for the purposes described in this statement or as required by law.

What happens if you do not provide personal data?

If we need to process your personal data to fulfil our legal obligations or execute a contract with you, and you do not provide the necessary information, we may be unable to enter into the contract or carry out your instruction. We will inform you if this situation arises.

Do we share your personal data?

We share personal data only when legally permitted, ensuring protective measures are in place to uphold data protection and security standards.

PwC member firms

We will share your personal data with other member firms where necessary for the provision of services, internal administrative or business purposes, or in connection with events, marketing activities and related communications. Details of member firm locations can be found here.

Third party providers

We use third party providers, including contractors, subcontractors and their subsidiaries or affiliates, who help us deliver our services and operate our IT systems. This includes providers of services such as identity management, website hosting, data analysis, cloud storage, security and facilities management.

When we share your personal data with them, we require such third parties to maintain appropriate security and confidentiality standards, process personal data only on our instructions, and ensure that any subcontractors they engage to process personal data are subject to the same obligations.

Other recipients

Additionally, we will disclose personal data:

  • to professional advisers (e.g. law firms or external auditors) as necessary in connection with the services they have been engaged to provide; 
  • when explicitly requested by you; 
  • to our partners when required to facilitate conferences or events hosted by a third party; or
  • to professional bodies, law enforcement, regulatory and other government agencies in accordance with the services we are performing for you or to fulfil a specific request. To the extent we are required to provide your personal data, we will only do so in accordance with applicable laws and regulations.

Transfers to other countries

Your personal data may be transferred to and stored outside the country where you are located. This includes transfers to countries outside the European Economic Area (“EEA”) and to regions that may not have established laws that provide adequate protection for personal data. When your personal data is collected within the EEA, transfers outside the EEA will only be:

  • to a recipient in a country which provides an adequate level of protection for your personal data; or
  • under an agreement meeting EU requirements for transferring personal data to processors or controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

Our use of artificial intelligence

We may use artificial intelligence (“AI”) to support or enhance the functionality of our websites, internal operations, analytics and the delivery or improvement of professional services. We maintain governance frameworks for the approval and use of AI, including policies, training, and monitoring, to support the responsible, ethical and secure use of AI technologies in accordance with applicable laws and professional standards.

Security

We follow internationally recognised standards for technology and operational security to safeguard personal data against loss, misuse, alteration and destruction. The data centres we use are aligned with ISO 27001 security standards or equivalent industry-recognised security frameworks, and only authorised personnel have access to personal data, all of whom are bound to maintaining confidentiality. We have established a comprehensive framework of policies and procedures addressing data protection, confidentiality and security, and we continuously review and enhance our security measures to ensure your data remains secure. 

Your rights

Depending on local data protection laws, you may have rights concerning the personal data we hold about you. Not all rights apply in all circumstances, and we will assess each request to exercise rights on a case-by-case basis in accordance with applicable law.

These rights may include:

  • Right to information: You can ask us at any time whether we are processing your personal data, request a copy of your personal data, and obtain details about how and why we process your personal data.
  • Right to rectification: If the personal data we hold about you is incorrect or incomplete, you can ask us to correct it. You can also request that the processing is limited while we are dealing with your request.
  • Right to erasure: You can ask for your data to be deleted if it is no longer required for our processing or if you consider our processing is unlawful. This may result in us not being able to provide you with services.
  • Right to data portability: You may have the right to receive your personal data in a common data format. You can also request that this data be transferred directly to another controller if processing is based on your consent.
  • Right to restriction: You can ask us to limit how we process your personal data.
  • Right to object: If we process your personal data based on legitimate interests, you have the right to object to the processing. This may result in us not being able to provide you with services.
  • Right to withdraw consent: If we process your data based on your consent, you can withdraw your consent for data processing at any time. However, this does not affect the lawfulness of any processing conducted prior to withdrawal.

If you believe that the processing of your personal data violates applicable laws, you may have the right to lodge a complaint with the data protection supervisory authority responsible for enforcement of data protection law in your country of residence, workplace, or where the alleged infringement occurred.  

How to contact us

Should you have any questions on how we process personal data, want to exercise your rights or have a complaint, please submit a request using the form linked here.

You may also contact us at the following postal address:

PricewaterhouseCoopers LLP
One Embankment Place
London
WC2N 6RH
UK  

Changes to this privacy statement

This privacy statement was last updated on 12 June 2026.

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your personal data.  

Consent

By providing personal data to us, you acknowledge you have read this privacy statement and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such personal data by the PwC network and any third party recipients in accordance with this privacy statement.  

Follow us

© 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. This website contains content generated by or created with the assistance of AI.