Privacy statement

All personally identifiable information is encrypted in transit and at rest.

We adhere to internationally recognised security standards.  Our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013 and ISO/IEC 27701:2019.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.

This privacy statement was last updated on 02 October, 2023.

The data controller is PricewaterhouseCoopers LLP registered in England under registration no. OC303525, registration address at 1 Embankment Place, London, WC2N 6RH.

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Data Protection Officer
PricewaterhouseCoopers LLP
1 Embankment Place
London
WC2N 6RH

Email: UK_privacy_information_management@pwc.com  

We will collect personal data in connection with the application as described below.

Personal data provided directly by you:

• First name and last name.
• Business email address.
• Company.
• Company address.
• Country.

Personal data inferred or derived from your use of the application:

• IP address
• Date and time of your request/call to the website
• Time zone difference from Greenwich Mean Time
• Content of the request (information about which specific webpage you have visited)
• Access status/http status code
• Transferred data volume
• Website requesting the access
• Browser (information about the browser you use)
• Operating system and its interface
• Language and version of the browser software
• We use cookies necessary for the operation of the application. Details of the cookies used can be found in our cookie policy

Personal data obtained from third party sources:

• No personal data is obtained from third party sources.

PwC collects details including name, contact details (such as email address, phone number and address) and other information (such as job title, employer/organisation you are associated with, and areas of business interest).

PwC processes personal data about its business contacts using a customer relationship management system (the “PwC CRM”).

In addition to the above, the PwC CRM may collect data from PwC email and calendar systems (names, date, and time) in respect of interactions between PwC users and others.

When you provide personal data to us, we may use it for any of the purposes described in this privacy statement or as stated at the point of collection including:

Analytics

We use analytical cookies to understand how users are using our website. Please see our cookie statement for more information.

Administering, managing and developing our businesses and services. We process personal data in order to run our business, including:

• Collection of data that is technically necessary to display this website to you.
• where you submit your contact details, unless we are asked not to, we may contact you with information about PwC’s business, services and events, and other information which may be of interest to you. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email to UK_privacy_information_management@pwc.com
• administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site or premium content;
  to communicate with you in order to distribute requested materials or ask for further information;
• to communicate with you in order to distribute requested materials or ask for further information;
• to personalise and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you;
• to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites);
• to determine the company, organisation, institution, or agency that you work for or with which you are otherwise associated;
• to develop our businesses and services, including aggregating data for website analytics and improvements;
• aggregating data to conduct benchmarking and data analysis including, for example, regarding usage of our websites;
• to conduct quality and risk management reviews;
• to understand how people use the features and functions of our websites in order to improve the user experience;
• to monitor and enforce compliance with our terms, including acceptable use policies; and
• any other purposes for which you provided the information to PwC (such as to subscribe you to the updates you request).

Legal grounds: Legitimate interests
The processing of the personal data relating to business contacts to administer, manage and develop our business and services is in the legitimate interests of PwC and other PwC member firms

Conducting corporate research and market analytics
We use business contacts’ information to conduct surveys or other forms of market research, and to carry out market analytics and profiling, in order to develop and offer our products and services.

Legal grounds: Legitimate interests
The processing of the personal data relating to business contacts when conducting corporate research and market analysis is in the legitimate interests of PwC and other PwC member firms.

Undertaking marketing activities, including the provision of PwC business insights and information about PwC’s products and services that we consider relevant to business contacts
We process contact information and other information, such as job title, role, location, business sector and employer/organisation that individuals are associated with in order to send relevant marketing material.

Legal grounds: Legitimate interests
Undertaking marketing activities in order to keep business contacts up to date with market developments and PwC’s products, services and events is generally in the legitimate interest of PwC and other PwC member firms. However, where we hold a personal (i.e. non-corporate) email address for a business contact, we will only send marketing emails if the business contact has consented to receive marketing, for example where the business contact has asked us to add them to a mailing list or has ticked a box to receive marketing when visiting a PwC webpage or when signing up to an event or newsletter.

-----------------------------------------------------------

Our websites do not collect or compile personally identifying information for sale to non-PwC parties for their marketing purposes. If there is an instance where your personal data may be shared with a party that is not a PwC member firm, you will be asked for their consent beforehand.

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. 

We are part of a global network of firms and in common with other professional service providers, we use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the United Kingdom. We will do so only where we have a lawful basis, for example to recipients: (i) in countries which provide an adequate level of protection for personal data; or (ii) if adequacy is not available, under agreements which meet UK and/or European Commission Decision 2021/914 requirements for those transfers, as appropriate.

Personal data held by us may be transferred to:

• Other PwC member firms
  • For details of our territory member firm locations, please click here.
  • For details of our other member firm locations please click here
  • We may share personal data with other PwC member firms where necessary for administrative purposes, to provide professional services to our clients (for example when providing services involving advice from PwC member firms in different countries ), and to develop new PwC technologies and services across the PwC network of member firms.
  • We use other PwC member firms as IT service providers for the operation, maintenance and care of the IT systems and applications used by us.
  • We store personal data on other PwC member firm servers in the EU.
  • Our business contacts are visible to and used by other PwC member firms to learn more about a contact, client or opportunity they have an interest in (please see the Business contacts section of this privacy statement for more information about our processing of this type of data).
• Third party organisations that provide applications/functionality, data processing or IT services to us
  We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers are located in secure data centres around the world, and personal data may be stored in any one of them.
• Further details of these providers are set out below:

  Name	Role	Address
  Salesforce	Customer relationship management system	Salesforce.com EMEA, Village 9, Floor 26 Salesforce Tower, 110 Bishopsgate, London, EC2N 4AY, UK Salesforce.com Sàrl, route de la Longeraie 9, 1110 Morges, Switzerland
  Piwik	Analytics platform	Benelux, Piwik PRO LLC, Stationsplein 45 unit A4.004, 3013 AK Rotterdam, Netherlands NORTH AMERICA, Piwik PRO LLC, 222 Broadway, New York, NY 10038, USA

  The PwC CRM is provided by Salesforce and is hosted in Salesforce’s European data centres. Use of the PwC CRM is supported by additional functionality provided by a third party, Introhive. The PwC CRM may also be accessed by PwC member firms for the purposes described above. For details of our member firm locations, please click here. Further details about the processors (such as IT service providers) used by PwC and locations of processing are provided here.
• Where we have entered into a business relationship, a collaboration agreement or joint marketing venture, we will share your personal data with the associated organisation to provide a service.
  
  
• Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

We retain personal data processed in connection with the application as follows:

• 2 years, after which the data is deleted.

You have certain rights over your personal data.  Data controllers are responsible for fulfilling these rights.  Where we decide how and why personal data is processed, we are a data controller.

Individuals’ rights are the right of access to personal data, to rectification of personal data, to erasure of personal data / right to be forgotten, to restrict processing of personal data, to object to processing of personal data, to data portability, the right to withdraw consent at any time (where processing is based on consent) and the right to lodge a complaint with a supervisory authority.

Please see further information about these rights and how to exercise them below.

You have the right to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data held by us as a data controller and obtain certain other information about how and why we process your personal data (similar to the information provided in this privacy statement).  

You may exercise this right by emailing us at UK_privacy_information_management@pwc.com. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.

You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.

To update personal data submitted to us, please email us at UK_privacy_information_management@pwc.com. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates, as appropriate, based on your updated information.

You have the right to obtain deletion of your personal data in the following cases:

• the personal data are no longer necessary in relation to the purposes for which they were collected and processed;
• our lawful basis for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
• our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us, you object to our processing and we do not have overriding legitimate grounds;
• you object to our processing for direct marketing purposes;
• your personal data have been unlawfully processed; and
• your personal data must be erased to comply with a legal obligation to which we are subject.

To request deletion of your personal data, please email us at UK_privacy_information_management@pwc.com.

You have the right to restrict our processing of your personal data in the following cases:

• for a period enabling us to verify the accuracy of the personal data where you have contested the accuracy of the personal data 
• your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
• the personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims; and
• for a period enabling us to verify whether the legitimate grounds relied on by us override your interests (where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us). 

To restrict our processing of your personal data, please email us at UK_privacy_information_management@pwc.com

 You have the right to object to our processing of your personal data in the following cases:

• our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us; and
• our processing for direct marketing purposes.

To object to our processing of your personal data, please email us at UK_privacy_information_management@pwc.com.

You have a right to receive your personal data provided to us and have the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.

To exercise your right to data portability, please email us at UK_privacy_information_management@pwc.com.

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to UK_privacy_information_management@pwc.com.  We will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU.  The Information Commissioner's Office (“ICO”) is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please refer to the ICO website.