Last updated: 1 May 2020
We value your privacy and rights to personal data protection and are strongly committed to protecting your personal information.
As used in this privacy statement, ‘PwC’, ‘us’, and ‘we’ refer to the PricewaterhouseCoopers member firms in Thailand of the PricewaterhouseCoopers (PwC) global network of member firms. Each PricewaterhouseCoopers member firm is a separate legal entity. For further details, please see www.pwc.com/structure.
This privacy statement is prepared primarily in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA)]. Personal data refers to any information relating to an identified or identifiable living person. When ‘you’ or ‘your’ are used in this privacy statement, we are referring to the relevant individual who is the subject of the personal data. This privacy statement describes what personal data we collect and use, and why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others.
We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
Lawful basis for collecting and using personal data
We collect and use personal data only on a necessary basis or with any of the following lawful basis.
How we process personal data
We collect and use personal data related to the following:
i. Personal data obtained in connection with our provision of professional services
ii. Business contact information
iii. Marketing activities
iv. PwC personnel
v. Job applicants
vi. Our website
I. Personal data obtained in connection with providing professional services
We collect personal data only on a necessary basis from our clients (both corporate and individual clients), from a third party to provide services under contract or as instructed by clients or to use the personal data for the purposes described below. The personal data we collect, as the case may require, includes the following:
We may collect and process sensitive data including biometric data, race, and ethnicity, for example for providing immigration and tax services, or an audit of a business organisation in the healthcare sector.
We may collect personal data regarding social media accounts held by data subjects, for example to deliver immigration-related services.
We also collect personal data from our clients or from third parties as instructed by the client for the provision of specific services. For example, in a due diligence review for an acquisition of a target on behalf of a client, we may obtain personal data from the target’s management and employees or from a third party.
We retain the personal data processed by us for as long as it is considered necessary for the purposes for which it was collected and in accordance with PwC’s data retention policy and applicable laws.
II. Business contact information
We collect and use business contact information obtained from existing and prospective clients and contractors and/or individuals associated with them. This personal data includes the following:
We use this personal data for the following purposes:
We do not sell personal data to non-PwC parties for purposes of allowing them to market their products and services without consent from data subjects.
We retain the personal data processed by us for as long as it is considered necessary for the purposes for which it was collected and in accordance with PwC’s data retention policy and the applicable laws.
III. Marketing activities
Marketing includes any communications about PwC products and services. Where we are legally required to obtain your explicit consent to send you marketing materials, we will only provide you with marketing materials if you have provided consent for us to do so.
We retain contact information (including name and email address) on our mailing lists until an individual unsubscribes from our mailing lists. If you unsubscribe from our mailings, we may retain limited information sufficient to identify you so that we can honour your opt-out request. If you want to unsubscribe from one of our mailing lists, follow the instructions in the relevant material sent to you.
You can, at any time, contact us to request we stop sending you marketing materials. If you wish to no longer receive only certain communications, please identify which in your request.
PwC does not sell personal data to non-PwC parties for purposes of allowing them to market their products and services without consent from data subjects.
IV. PwC personnel
We collect personal data concerning our own personnel (partners, permanent and temporary staff and individual contractors) to administrate the employment relationship and manage our business.
Our Privacy Statement for the collection of personal data of our personnel can be found in our Staff Handbook, which describes why and how personal data is collected and processed in relation to your employment with PwC.
V. Job applicants
This section describes why and how we collect and use personal data in connection with our recruitment activities.
We collect personal data in connection with our recruitment activities, including the following:
We collect sensitive data, such as your criminal record, to comply with legal and contractual obligations to ensure an individual is eligible to work and to establish whether an applicant has committed unlawful acts or been involved in dishonesty, malpractice or other serious improper conduct.
We use your personal data for the following purposes:
We retain the personal data processed by us for as long as is considered necessary for the purposes for which it was collected and in accordance with PwC’s data retention policy and the applicable laws.
VI. Our website
Note, this privacy statement applies solely to www.pwc.com/th,and does not apply to other PwC websites or applications.
We collect only personally identifiable information that is specifically and voluntarily provided by visitors to PwC’s website. PwC receives limited identifiable information, such as name, title, company address, email address, and telephone and fax numbers, from website visitors. Typically, identifying information may be collected to:
Demographic information, including gender and occupation, is not actively sought, but may be submitted when a visitor responds to an online job application. It is PwC’s policy to limit the information collected to only the minimum information required to complete a visitor’s request. In any instance where non-mandatory information is sought, the website visitor will be notified of this at the point of collection.
Although most publications are provided as downloads, visitors may also have an opportunity to purchase PwC publications either online, by calling toll free numbers, or by faxing order forms to our fulfilment houses. We will collect order information and a customer’s credit card information, where applicable, in order to facilitate shipment and payment for the publication.
Visitors are also able to send emails through the site. Their messages will contain the user’s screen name and email address, as well as any additional information the user includes in the message. Because we use the website as a recruiting tool, a visit to the website may also result in the user sending a resume to an individual within PwC.
PwC’s intention is not to seek any sensitive information through our website unless legally required for recruiting purposes. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature. If you do wish to provide sensitive information for any reason, PwC accepts your explicit consent to use that information in the ways described in this privacy statement or as described at the point where you choose to disclose that information.
Use of data
A website visitor may choose to provide personal information in the following examples:
If you would like to find out more about the different categories of information collected, please review the data collection section above.
Information attained by the site is used only for the intended purpose stated at the time that the information is collected. This data is not shared with other entities in the network for secondary or unrelated purposes, or shared with a third party, unless otherwise disclosed at the point of collection. If there is an instance where information may be shared, the visitor will be asked for permission beforehand.
PwC makes every practical effort to avoid excessive or irrelevant collection of data. If a visitor believes the site has collected excessive information, we encourage the visitor to contact us at firstname.lastname@example.org to raise any concerns.
Except for the mailing list initiatives described in III Marketing activities above, where visitors explicitly choose to receive specific PwC marketing materials, PwC will not use personal data collected from our websites to facilitate unsolicited marketing activities.
Cookies and log files
If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, you can always delete the cookies from your system if you wish.
In order to properly manage our website we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.
It is PwC’s policy only to disclose information to third parties under the following circumstances:
PwC’s policy is to disclose information about third parties when visitors submit their requests (e.g. when ordering a publication, we display the party fulfilling the order).
PwC websites do not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.
Third party links
www.pwc.com/th may link to other websites that do not operate under PwC’s privacy practices. When you navigate to other websites, PwC’s privacy practices no longer apply. We encourage visitors to review each site’s privacy statement before disclosing any personally identifiable information.
Some of the information we receive is not retained. For example, we usually do not keep mailing addresses for publications. Contact information about visitors (such as information generated though registration for access to areas on the site) will be kept as long as the information is required to completely service the contact request or until a user requests that we delete that information. Mailing list information, discussion posts and email are kept for only the period of time considered reasonable to facilitate the visitor’s requests. Resumes are disposed of when they are either no longer under consideration, or are considered dated by our Human Resources departments.
As a policy, visitors are not required to register to gain access to areas of the PwC websites. In certain cases in the future, as your PwC website experience expands, we may require visitors to register in order to obtain a username and password for authentication and secure access to a transaction or certain business confidential or proprietary information services on premium websites.
Personally identifiable information provided to PwC through its website is provided voluntarily by visitors. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions in the appropriate website area or in communications to our visitors; or a visitor may contact the webmaster of the site e.g. email@example.com.
Each visitor has the right of access to personal data they have submitted through the websites to PwC.
User updates of information should be handled by going back through the registration process. Enquiries about the accuracy of identifying information previously submitted to PwC through its website, or requests to have outdated information removed, should be directed to: firstname.lastname@example.org. PwC is committed to providing reasonable and practical access to visitors to allow them the opportunity to identify and correct any inaccuracies. When requested and practical, PwC will delete identifying information from current operational systems.
When personally identifiable information is retained, PwC assumes responsibility for keeping an accurate record of the information once a visitor has submitted and verified the data. PwC does not assume responsibility for verifying the ongoing accuracy of the content of personal information. When practically possible, if PwC is informed that any personal data collected through a website is no longer accurate, PwC will make appropriate corrections based on the updated information provided by the authenticated visitor.
PwC has implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. All PwC employees follow a network-wide information security policy. Only authorised PwC personnel are provided access to personally identifiable information and these employees have agreed to ensure strict confidentiality of this information. PwC’s policy is to use secure sockets layer technology for the protection of credit card information submitted through web forms. This policy is also required for any fulfilment agents of our firms.
PwC understands the importance of protecting children’s privacy, especially in an online environment. The PwC sites covered by this privacy statement are not intentionally designed for or directed at children 13 years of age or younger.
PwC reserves the right to modify or amend this privacy statement at any time. The effective date will be displayed at the beginning of this statement. To keep visitors informed, PwC will notify users of changes to our privacy statement by prominently identifying the alteration for a period of not less than two weeks on our home page at www.pwc.com/th.
Your legal rights in relation to personal data
In connection with your personal data we collect and use, to the extent permitted by applicable laws, you may have a legal right to:
Transfer of personal data
Personal data collected by PwC may be transferred to other individual PwC firms, which are member firms of the worldwide PwC organisation, where it is necessary (i) to meet the purpose for which you have submitted the information including for providing services by other PwC member firms; or (ii) to enable you to be provided with information at a later date which may be of relevance and interest to you based on the nature and purpose of your requests; or (iii) maintaining our operations or client relationship management systems; or (iv) quality and risk management reviews; or (v) for marketing purposes. Your personal information may also be transferred to third party service providers who process information on PwC's behalf, including providers of information technology, identity management, website hosting and management, data analysis, data back-up, and security and storage services. By submitting data to PwC, you are providing explicit consent for cross border transmission of data collected for the fulfilment of your requests. As a result, your personal information may be transferred outside the country where you are located. This includes countries that do not have laws that provide specific protection for personal information.
For details of PwC member firm locations, please see www.pwc.com/gx/en/about/office-locations.html.
Third party providers
We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties include those who support the PwC Network in providing its services and help provide, run and manage IT systems such as contractors who are providers of identity management, website hosting and management, data analysis, data backup, and security and cloud storage services. The servers powering and facilitating our IT infrastructure are located at secure data centres around the world, and personal data may be stored in any one of them.
The third-party providers may use their own third-party subcontractors that have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.
We may also disclose personal data under the following circumstances:
We use a range of measures to keep your personal data safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out work on our behalf to comply with appropriate privacy standards including obligations to protect any personal data and applying appropriate measures for the use and transfer of personal data.
Changes to this privacy statement
This privacy statement was last updated on 1 May 2020.
We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will show the revision date at the top of this page. The amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be accurately informed about how we are protecting your information.