Individuals whose personal data we obtain in connection with the provision of services to our customers

According to our standards we only collect personal data necessary for our specified purposes, and we encourage our customers to only share personal data where it is strictly required for those purposes.

If, as part of the professional services provided to customers, we also need to process the data of individuals with whom we do not have direct communication (for example, members of the client's family), we ask our customers to provide the relevant data subjects with information about the use of their data. Our customers may use the relevant sections of this privacy statement or refer to this privacy statement in their communication with these data subjects if they deem it appropriate.

PwC may process the following personal data:

  • name and surname;

  • contact information (e.g. email address, phone);

  • position or information about economic activity;

  • salary information and other financial information;

  • information on investments and other financial holdings.

Generally, we obtain personal data from our customers or third parties acting on instructions of that customer. For some of our services, such as conducting due diligence on an acquisition transaction on behalf of a customer, we may obtain personal data from the target company's management and employees or third parties acting on the target company's instructions.

Legal basis of processing Purposes of processing Retention
PwC’s legitimate interests (subsection f) of Article 6(1) of General Data Protection Regulation).

Personal data of individuals associated with the customers may be processed for the following purposes (description of legitimate interests):

  • to fulfill PwC's obligations stipulated in the contract concluded with the customer(for example, as part of the audit of financial statements, we need salary data of the customer’s employees);

  • to improve PwC and the quality of its services (for example, we monitor the quality of the services provided to customers, which may include the processing of personal data held in the relevant customer’s file. We have implemented policies and procedures to monitor the quality of the services provided and manage risks related to contracts concluded with customers);

  • to make personal data available to PwC employees who provide services and offer new services;

  • to carry out security and risk management activities (for example, we have implemented security measures to protect our own and our customers' information (including personal data), which include the detection, investigation and prevention of security threats; personal data may also be processed as part of our security monitoring, for example, by performing automated scans to identify malicious emails);

  • to prove the provision of services to the customer;

  • to enforce legal claims.

As long as the personal data is necessary for the described purposes or as long as there are other legitimate interests of PwC that are considered more important than the interests of the data subject.

In the absence of specific regulatory or contractual requirements or other legal basis, we generally keep documents and other documentary evidence arising from the provision of services for no longer than 5 years.

Contact us

Aija Panke

Aija Panke

Data protection specialist, PwC Latvia

Tel: +371 67094400

Follow us