PwC recognizes that the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield are no longer valid transfer mechanisms for personal information from the European Union and its Member States, the European Economic Area, or Switzerland. The U.S. Department of Commerce, which oversees compliance with Privacy Shield, has stated that it will nonetheless continue to administer the Privacy Shield program and that participants are not relieved of their obligations under Privacy Shield. Accordingly, PwC, as a participant in the Privacy Shield program, will continue to comply with its commitments under the Privacy Shield (as described more fully below) and its robust internal data protection policies. Please see our Privacy Statement for information on how we protect cross-border transfers of personal information in accordance with applicable legal requirements, including the European Commission approved standard contractual clauses.
As set forth in PwC's Global Code of Conduct: "We respect the confidentiality and privacy of our clients, our people and others with whom we do business."
PricewaterhouseCoopers LLP and its affiliated US subsidiaries (“PwC,” “we,” “us,” or “our”) complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Principles”). PwC has certified that it adheres to the Principles with respect to personal information (as described below) that is transferred from the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland (“EU”) to the United States. If there is any conflict between the terms in this Privacy Shield Policy and the Principles, the Principles shall govern. PwC U.S. is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission.
This Privacy Shield Policy applies to personal information within the scope of PwC’s Privacy Shield certification, which covers the following categories of information:
We collect and process personal information from certain individuals and for the purposes described in this Privacy Shield Policy. Personal information covered by this Privacy Shield Policy is collected and processed only as permitted by the Principles.
Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this Privacy Shield Policy, other PwC website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements. Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means of communication (including opt-in consent for sensitive personal information).
Consistent with the Principles, PwC may transfer personal information to third parties, including transfers from one country to another. We will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:
Individuals whose personal information is covered by this Privacy Shield Policy have the right to access the personal information that PwC maintains about them as specified in the Principles. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Requests for access, correction, amendment or deletion should be sent to PwC's US Privacy Office.
PwC takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.
PwC collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the data subject. PwC does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized. PwC takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.
In compliance with the Principles, PwC commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact PwC's US Privacy Office. PwC has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint. If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact our U.S. based third party dispute resolution provider (free of charge), the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA"). Please contact or visit ICDR/AAA for more information or to file a complaint. If the dispute involved human resources personal information, or information collected in the context of an employment relationship, we will cooperate with the competent EU or Swiss data protection authorities and comply with the advice of such authorities.
You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework, and to view PwC’s certification, please visit https://www.privacyshield.gov.
PwC may update this Policy at any time by publishing an updated version here. We will not update this Privacy Shield Policy in contravention to the Principles so long as we remain certified to the Privacy Shield.
Last updated: December 1, 2020