Privacy statement

Privacy Statement

Last updated: 1 May 2020

Introduction

We value your privacy and rights to personal data protection and are strongly committed to protecting your personal information.

As used in this privacy statement, ‘PwC’, ‘us’, and ‘we’ refer to the PricewaterhouseCoopers member firms in Thailand Lao PDR of the PricewaterhouseCoopers (PwC) global network of member firms. Each PricewaterhouseCoopers member firm is a separate legal entity. For further details, please see www.pwc.com/structure.

This privacy statement is prepared primarily in accordance with the PwC Network Data Protection Program. Personal data refers to any information relating to an identified or identifiable living person. When ‘you’ or ‘your’ are used in this privacy statement, we are referring to the relevant individual who is the subject of the personal data. This privacy statement describes what personal data we collect and use, and why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others.

We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection. When collecting and using personal data, our policy is to be transparent about why and how we process personal data. 

Lawful basis for collecting and using personal data

We collect and use personal data only on a necessary basis or with any of the following lawful basis. 

• Contractual obligations
  To perform our obligations under contractual arrangements with our clients, we may collect and use personal data provided by our clients, third parties, or the data subjects as required by the agreements to provide advice and deliverables in a wide range of professional services, such as audit, advisory, tax and legal services. For example, we review payroll data as part of an audit and we often need to use personal data to provide global mobility, tax and pensions services.
• Compliance with laws, regulations, and regulatory orders
  We may collect, use, and share your personal data as required by specific laws, regulations, and regulatory orders imposed by government agencies and regulators.
• Legitimate interest
  Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation, provided that these do not interfere with your rights.
• This also includes our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings, provided that these do not interfere with your rights.
• Consent
  When no other lawful basis is available, we rely on your permission to allow us to collect and use your personal data.

How we process personal data

We collect and use personal data related to the following:

i.       Personal data obtained in connection with our provision of professional services

ii.      Business contact information

iii.     Marketing activities

iv.    PwC personnel

v.      Job applicants

vi.    Our website

I.     Personal data obtained in connection with providing professional services

We collect personal data only on a necessary basis from our clients (both corporate and individual clients),  from a third party to provide services under contract or as instructed by clients or to use the personal data for the purposes described below. The personal data we collect, as the case may require, includes the following:

• Personal details (e.g. name, age/date of birth, gender, marital status, country of residence)
• Contact details (e.g. email address, contact number, postal address)
• Financial details (e.g. salary, payroll details, income, investment, benefits, tax status, other financial interests)
• Job details (e.g. role, grade, title, position, experience, performance information)

We use the personal data, as the case may require, for the following purposes:

• to provide a wide range of professional services
• to administer, manage, and develop our business and services (e.g. business development, client relationship management and IT system management)
• to carry out security, quality, and risk management activities (e.g. carry out a public search to identify risks in connection with sanctions, criminal convictions, or reputational issues)
• to comply with requirements of laws, regulations or a professional body of which we are a member (e.g. keep certain records of our service provision that may contain personal data)
• to improve and develop our services (e.g. use the personal data for analysis to improve services and develop technologies and service offerings)

We may collect and process sensitive data including biometric data, race, and ethnicity, for example for providing immigration and tax services, or an audit of a business organisation in the healthcare sector.

We may collect personal data regarding social media accounts held by data subjects, for example to deliver immigration-related services.

We also collect personal data from our clients or from third parties as instructed by the client for the provision of specific services. For example, in a due diligence review for an acquisition of a target on behalf of a client, we may obtain personal data from the target’s management and employees or from a third party.

We retain the personal data processed by us for as long as it is considered necessary for the purposes for which it was collected and in accordance with PwC’s data retention policy and applicable laws.

II.   Business contact information

We collect and use business contact information obtained from existing and prospective clients and contractors and/or individuals associated with them. This  personal data includes the following:

• Name, employer name, title, role, phone number, email address, or other business contact information.
• We use this personal data for the following purposes:
• to develop our business and services
• to perform analytics such as relationship maps, sales intelligence, and analysing and evaluating the strength of interactions between PwC and a contact
• to administer and manage IT systems, websites and applications
• to manage relationships with clients
• to provide information about PwC and its services as permitted by law (e.g. offering services, sharing updates and insights, and inviting to events).

We do not sell personal data to non-PwC parties for purposes of allowing them to market their products and services without consent from data subjects.

We retain the personal data processed by us for as long as it is considered necessary for the purposes for which it was collected and in accordance with PwC’s data retention policy and the applicable laws.

III.  Marketing activities

Marketing includes any communications about PwC products and services. Where we are legally required to obtain your explicit consent to send you marketing materials, we will only provide you with marketing materials if you have provided consent for us to do so.

We retain contact information (including name and email address) on our mailing lists until an individual unsubscribes from our mailing lists. If you unsubscribe from our mailings, we may retain limited information sufficient to identify you so that we can honour your opt-out request. If you want to unsubscribe from one of our mailing lists, follow the instructions in the relevant material sent to you.

You can, at any time, contact us to request we stop sending you marketing materials. If you wish to no longer receive only certain communications, please identify which  in your request.

PwC does not sell personal data to non-PwC parties for purposes of allowing them to market their products and services without consent from data subjects.

IV. PwC personnel

We collect personal data concerning our own personnel (partners, permanent and temporary staff and individual contractors) to administrate the employment relationship and manage our business.

Our Privacy Statement for the collection of personal data of our personnel can be found in our Staff Handbook, which describes why and how personal data is collected and processed in relation to your employment with PwC.

V.   Job applicants

This section describes why and how we collect and use personal data in connection with our recruitment activities.

We collect personal data in connection with our recruitment activities, including the following:

• Contact details (name, email, telephone number)
• Areas of employment interest
• Username and password for the Workday platform to apply for a role
• CV information, including experience, education, and academic and professional qualifications
• Information provided as part of interviews and assessments
• Information about your financial interests
• Information from and about third party sources, such as references from your named referees and information about them, and information received from previous employers for verification purposes.

If your application is successful, we perform pre-employment screening checks as part of our onboarding process. During these, we may collect:

• Pre-employment screening information, such as medical examination results.
• Bank account details
• Your immediate family’s financial relationships
• Information about your criminal record (depending on your role).

We collect sensitive data, such as your criminal record, to comply with legal and contractual obligations to ensure an individual is eligible to work and to establish whether an applicant has committed unlawful acts or been involved in dishonesty, malpractice or other serious improper conduct.

We use your personal data for the following purposes:

• To screen and select candidates by evaluating your suitability.
• To process and manage applications for roles at PwC, evaluate you for open positions that match your interests and experience throughout the PwC network, manage your candidate profile, send you email notifications and other announcements, request additional information or otherwise contact you about your candidacy.
• To attract talent and market opportunities at PwC including by arranging, hosting and participating in events, marketing and advertising opportunities and using recruiters to help find talent for us.
• To hire and onboard talent by making an offer to successful applicants and carrying out pre-employment screening checks.
• To conduct statistical analyses and create reports.
• To administer and manage our careers websites and communicate with you about careers at PwC.

We retain the personal data processed by us for as long as is considered necessary for the purposes for which it was collected and in accordance with PwC’s data retention policy and the applicable laws.

VI. Our website

By using or accessing www.pwc.com/la, you agree to the terms of this privacy statement and our Terms of Use; if you do not agree, please do not continue to access www.pwc.com/la. Note that this privacy statement may change from time to time and your continued use of www.pwc.com/la, is deemed as acceptance of those changes. Please check this privacy statement periodically for updates.

Note, this privacy statement applies solely to www.pwc.com/la,and does not apply to other PwC websites or applications.

Data collection

We collect only personally identifiable information that is specifically and voluntarily provided by visitors to PwC’s website. PwC receives limited identifiable information, such as name, title, company address, email address, and telephone and fax numbers, from website visitors. Typically, identifying information may be collected to:

• Register for certain areas of the site
• Enquire for further information
• Distribute requested reference materials
• Submit resumes

Demographic information, including gender and occupation, is not actively sought, but may be submitted when a visitor responds to an online job application. It is PwC’s policy to limit the information collected to only the minimum information required to complete a visitor’s request. In any instance where non-mandatory information is sought, the website visitor will be notified of this at the point of collection.

Although most publications are provided as downloads, visitors may also have an opportunity to purchase PwC publications either online, by calling toll free numbers, or by faxing order forms to our fulfilment houses. We will collect order information and a customer’s credit card information, where applicable, in order to facilitate shipment and payment for the publication.

Visitors are also able to send emails through the site. Their messages will contain the user’s screen name and email address, as well as any additional information the user includes in the message. Because we use the website as a recruiting tool, a visit to the website may also result in the user sending a resume to an individual within PwC.

PwC’s intention is not to seek any sensitive information through our website unless legally required for recruiting purposes. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature. If you do wish to provide sensitive information for any reason, PwC accepts your explicit consent to use that information in the ways described in this privacy statement or as described at the point where you choose to disclose that information.

Use of data

A website visitor may choose to provide personal information in the following examples:

• Order publications
• Submit resumes or work history information
• Participate in ‘join our mailing list’ initiatives
• Participate in bulletin boards, discussions or message forums
• Contact us for further information
• Enter quick surveys, quizzes or benchmarking surveys
• Register for events and conferences
• Register for premium online services.

If you would like to find out more about the different categories of information collected, please review the data collection section above.

Information attained by the site is used only for the intended purpose stated at the time that the information is collected. This data is not shared with other entities in the network for secondary or unrelated purposes, or shared with a third party, unless otherwise disclosed at the point of collection. If there is an instance where  information may be shared, the visitor will be asked for permission beforehand.

PwC makes every practical effort to avoid excessive or irrelevant collection of data. If a visitor believes the site has collected excessive information, we encourage the visitor to contact us at th_dpo@pwc.com to raise any concerns.

Except for the mailing list initiatives described in III Marketing activities above, where visitors explicitly choose to receive specific PwC marketing materials, PwC will not use personal data collected from our websites to facilitate unsolicited marketing activities.

Cookies and log files

Cookies may be used on some pages of our site. ‘Cookies’ are small text files placed on your hard drive that assist us in providing a more customised website experience. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area. It is PwC’s policy to use cookies to make navigation of our websites easier for visitors and to facilitate efficient registration procedures. Site statistics are compiled by third parties, and therefore your IP address will be passed to third parties for statistical reporting only.

If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, you can always delete the cookies from your system if you wish.

In order to properly manage our website we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.

For more information about cookies and log files, please click here.

Third parties

It is PwC’s policy only to disclose information to third parties under the following circumstances:

• As required by law through subpoenas, search warrants or other legal processes
• When explicitly requested by a visitor
• When required to deliver publications or reference materials requested by a visitor
• When required to facilitate conferences or events hosted by a third party

PwC’s policy is to disclose information about third parties when visitors submit their requests (e.g. when ordering a publication, we display the party fulfilling the order).

PwC websites do not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.

Third party links

www.pwc.com/la may link to other websites that do not operate under PwC’s privacy practices. When you navigate to other websites, PwC’s privacy practices no longer apply. We encourage visitors to review each site’s privacy statement before disclosing any personally identifiable information.

Data retention

Some of the information we receive is not retained. For example, we usually do not keep mailing addresses for publications. Contact information about visitors (such as information generated though registration for access to areas on the site) will be kept as long as the information is required to completely service the contact request or until a user requests that we delete that information. Mailing list information, discussion posts and email are kept for only the period of time considered reasonable to facilitate the visitor’s requests. Resumes are disposed of when they are either no longer under consideration, or are considered dated by our Human Resources departments.

Choices

As a policy, visitors are not required to register to gain access to areas of the PwC websites. In certain cases in the future, as your PwC website experience expands, we may require visitors to register in order to obtain a username and password for authentication and secure access to a transaction or certain business confidential or proprietary information services on premium websites.

Personally identifiable information provided to PwC through its website is provided voluntarily by visitors. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions in the appropriate website area or in communications to our visitors; or a visitor may contact the webmaster of the site e.g. th_dpo@pwc.com.

Access

Each visitor has the right of access to personal data they have submitted through the websites to PwC.

User updates of information should be handled by going back through the registration process. Enquiries about the accuracy of identifying information previously submitted to PwC through its website, or requests to have outdated information removed, should be directed to: th_dpo@pwc.com. PwC is committed to providing reasonable and practical access to visitors to allow them the opportunity to identify and correct any inaccuracies. When requested and practical, PwC will delete identifying information from current operational systems.

When personally identifiable information is retained, PwC assumes responsibility for keeping an accurate record of the information once a visitor has submitted and verified the data. PwC does not assume responsibility for verifying the ongoing accuracy of the content of personal information. When practically possible, if PwC is informed that any personal data collected through a website is no longer accurate, PwC will make appropriate corrections based on the updated information provided by the authenticated visitor.

Security

PwC has implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. All PwC employees follow a network-wide information security policy. Only authorised PwC personnel are provided access to personally identifiable information and these employees have agreed to ensure strict confidentiality of this information. PwC’s policy is to use secure sockets layer technology for the protection of credit card information submitted through web forms. This policy is also required for any fulfilment agents of our firms.

Children

PwC understands the importance of protecting children’s privacy, especially in an online environment. The PwC sites covered by this privacy statement are not intentionally designed for or directed at children 13 years of age or younger.

Modifications

PwC reserves the right to modify or amend this privacy statement at any time. The effective date will be displayed at the beginning of this statement. To keep visitors informed, PwC will notify users of changes to our privacy statement by prominently identifying the alteration for a period of not less than two weeks on our home page at www.pwc.com/la.

Your legal rights in relation to personal data

In connection with your personal data we collect and use, to the extent permitted by applicable laws, you may have a legal right to:

• withdraw the consent given for collection and use of your personal data as permitted by law
• access to and request a copy of your personal data that we collect as a data controller
• request we disclose how we obtained your personal data for personal data you have not given your consent for
• request to receive information about your personal data that we collect and use as a data controller provided that the personal data is available in a readable format or in a format used by automatic devices, and to request to transfer the personal data to another controller
• object to the collecting, using, and disclosing your personal data
• request we delete, destroy, or anonymise your personal data
• restrict personal data processing in circumstances permitted by law
• request your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
• lodge a complaint with the data protection regulatory authority responsible for enforcement of the data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred if you consider that the processing of your personal data infringes the law.

Transfer of personal data

Cross-border transfers

Personal data collected by PwC may be transferred to other individual PwC firms, which are member firms of the worldwide PwC organisation, where it is necessary (i) to meet the purpose for which you have submitted the information including for providing services by other PwC member firms; or (ii) to enable you to be provided with information at a later date which may be of relevance and interest to you based on the nature and purpose of your requests; or (iii) maintaining our operations or client relationship management systems; or (iv) quality and risk management reviews; or (v) for marketing purposes. Your personal information may also be transferred to third party service providers who process information on PwC's behalf, including providers of information technology, identity management, website hosting and management, data analysis, data back-up, and security and storage services. By submitting data to PwC, you are providing explicit consent for cross border transmission of data collected for the fulfilment of your requests. As a result, your personal information may be transferred outside the country where you are located. This includes countries that do not have laws that provide specific protection for personal information.

For details of PwC member firm locations, please see www.pwc.com/gx/en/about/office-locations.html.

Third party providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties include those who support the PwC Network in providing its services and help provide, run and manage IT systems such as contractors who are providers of identity management, website hosting and management, data analysis, data backup, and security and cloud storage services. The servers powering and facilitating our IT infrastructure are located at secure data centres around the world, and personal data may be stored in any one of them.

The third-party providers may use their own third-party subcontractors that have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other disclosure

We may also disclose personal data under the following circumstances:

• Personal data may be shared with advisers as necessary in connection with the services they have been engaged to provide
• When explicitly requested by you
• When required to facilitate conferences or events hosted by a third party
• Personal data may be shared with law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal information to determine whether disclosure is required or permitted.

Security

We use a range of measures to keep your personal data safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out work on our behalf to comply with appropriate privacy standards including obligations to protect any personal data and applying appropriate measures for the use and transfer of personal data.

Changes to this privacy statement

This privacy statement was last updated on 1 May 2020.

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will show the revision date at the top of this page. The amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be accurately informed about how we are protecting your information.

Contact us

• Please submit a request to exercise your legal rights in relation to your personal data, or an enquiry if you have a question or complaint about the handling of your personal data. Fulfilling the request may take up to 30 days.
• You may also contact us at the following postal address:
  PricewaterhouseCoopers (Lao) Sole Company Limited.
  4th Floor, ANZ  Commercial Building, 33 Lane Xang Avenue, PO Box 7003, Vientiane Lao PDR