Privacy statement

This privacy statement was last updated on 18 April 2024

Introduction

PwC is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

As used in this privacy statement, “PwC”, “us”, and “we” refer to the PwC network and/or one or more of its Member Firms that may process your personal information. Each Member Firm in the PwC network is a separate legal entity. The data controllers of your personal information are one or more of the Member Firms listed here. For further details, please see www.pwc.com/structure. See http://www.pwc.com/gx/en/about/office-locations.html for a list of countries and regions in which PwC Member Firms operate.

In this privacy statement, we refer to information about you or information that identifies you as “personal data” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information.

PwC processes personal data for numerous purposes. Our policy is to be transparent about why and how we process personal data. 

To find out more about our specific processing activities, go to our processing activities.

Our legal grounds for processing your personal data

Your local law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

  • our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);
  • our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights);
  • to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
  • to perform our obligations under a contractual arrangement with you; or
  • where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose.
  • For the establishment, exercise or defence of a legal claim.

 

Transfers of personal data

Cross-border transfers

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located. This includes countries that do not have adequate or appropriate laws and safeguards that provide specific protection for personal information.  In this case, we will put in place the required organisational and technical measures before such transfer.

Transfer outside the EEA (where applicable) will be only:

  • to a recipient located in a country which provides an adequate level of protection for your personal information; and/or

  • under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

Other PwC Member Firms

For details of PwC Member Firm locations, please see http://www.pwc.com/gx/en/about/office-locations.html.

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing advice to that client.

Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other disclosures

We may also disclose personal information under the following circumstances:

  • with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
  • when explicitly requested by you;
  • when required to deliver publications or reference materials requested by you;
  • when required to facilitate conferences or events hosted by a third party;
  • to law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal information to determine whether disclosure is required or permitted.

Security

We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our Information Security Management System relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Your legal rights in relation to personal data

You may have certain rights under your local law in relation to the personal information we hold about you. In particular, you may have a legal right to:

  • Obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data
  • The right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
  • The right to delete your personal data in the following cases:
    • the personal data is no longer necessary in relation to the purposes for which they were collected and processed;
    • our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
    • our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
    • you object to processing for direct marketing purposes;
    • your personal data has been unlawfully processed; or
    • your personal data must be erased to comply with a legal obligation to which we are subject.
  • The right to restrict personal data processing in the following cases:
    • for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data;
    • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
    • your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
    • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
  • The right to object to the processing of your personal data in the following cases:
    • our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
    • our processing is for direct marketing purposes.
  • The right to data portability
    • The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
  • The right to withdraw consent
    • Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).

We hope that you won't ever need to, but if you do want to complain about our use of your information, please reach out to us with the details of your complaint. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Changes to this privacy statement

This privacy statement was last updated on 09 January 2024

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.
 

This privacy statement is in compliance with the requirements of the Data Protection Act, 2023.

  • Please submit a request to exercise a legal right in relation to your personal data, or an enquiry if you have a question or complaint about the handling of your personal data.
  • For anything else, please use our general contact form.
  • Let us know if you would like to unsubscribe from PwC marketing.

You may also contact us at the following postal address:

PricewaterhouseCoopers
5B Water Corporation Road
Landmark Towers Victoria Island 
Eti-Osa 101233
Lagos
Nigeria

 

Contact us

Okemute Olatunji - Albert

Okemute Olatunji - Albert

Manager, PwC Nigeria

Tel: +2342012711700

David Meres

David Meres

Manager, PwC Nigeria

Tel: +234 (1) 271 1700

Follow us