data protection statement in accordance with Articles 13, 14 of the EU General Data Protection Regulation(GDPR)
The data protection statement below is intended to provide you with a clear, transparent and concise explanation of how your personal data is processed by us. If, having read it, you require further clarification or have other queries on data protection at PwC, please contact our data protection officer at DE_Datenschutz@pwc.com or by using the additional contact details provided below.
1. Controller and Data Protection Officer
The Controller as defined in Article 4(7) variation 1 of the EU General Data Protection Regulation (GDPR) with responsibility for processing your personal data is:
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
60327 Frankfurt am Main
Telephone switchboard: +49 69 9585-0
Fax: +49 69 9585-1000
2. Data Protection Officer
PwC has designated a Data Protection Officer in accordance with Article 37 of the GDPR. You can contact the PwC Data Protection Officer, Dr Tobias Gräber, using the contact details below:
Py Phone: +49 211 981-1837
PricewaterhouseCoopers GmbH WPG
Dr. Tobias Gräber, Datenschutzbeauftragter
60327 Frankfurt am Main
3. Your rights as a data subject
The applicable data protection laws grant you the following rights with respect to your personal data and PwC:
Right of access to information: You may request information from PwC at any time about whether and which personal data about you is stored by PwC. The information shall be provided by PwC free of charge.
The right to information shall not apply, or only to a limited extent, if and to the extent that it would require the disclosure of information that must be kept confidential, such as information that is subject to professional secrecy.
Right to rectification: If your personal data stored by PwC is inaccurate or incomplete, you have the right to request that PwC rectify this at any time.
Right to erasure: You have the right to request that PwC delete your personal information if and to the extent that the data is no longer needed for the purposes for which it was collected, or if the processing of your data requires your consent and you have withdrawn your consent. In this case, PwC must cease processing your personal data and remove it from its IT systems and databases.
No right to erasure shall apply if:
- the data may not be deleted due to a legal obligation or must be processed due to a legal obligation; or
- data processing is required to establish, exercise or defend legal claims.
Right to restrict processing: You have the right to request that PwC restrict the processing of your personal data.
Right to data portability: You have right to obtain the data you provide from PwC in a structured, common and machine-readable format, and the right to have this information transmitted to another Controller. This right exists only when:
- you have provided the data to PwC by giving your consent or by concluding a contract with us; and
- the processing of the data is carried out through the use of automated processes.
You can exercise all of your rights as a data subject listed above by sending a specific request to our Data Protection Officer using the contact details above.
Right to lodge a complaint with a data protection authority
If you believe that the processing of your personal data violates data protection law, you have the right to make a complaint to a data protection authority in accordance with Article 77 of the GDPR.
4. Purposes of processing and legal grounds for processing
4.1 Categories of data recipients
Data shall be transferred to Third Parties in order to fulfil the purposes of processing set out below. This may also include transmission of personal data to other countries both inside and outside Europe, as well as storage of data outside the EU or the European Economic Area (EEA).
Recipients bound by instructions
We may share your data with service providers bound by instructions, both within the PwC network and other Third Parties such as IT service providers who support us in our activities, for example with the administration and maintenance of our websites and the systems associated with them and/or for other internal or administrative purposes.
PwC GmbH Wirtschaftsprüfungsgesellschaft is a member of the global PwC network, which consists of the individual legally independent PwC firms. In the course of our activities, we use other German or foreign companies from the PwC network as network-internal IT service providers bound by instructions; these companies provide services for the operation, maintenance and care of the IT systems and applications used by the PwC network companies. In particular, this includes PwC IT Services Ltd., based in the United Kingdom (UK).
We do not require a separate legal basis to pass on data to service providers bound by instructions.
Recipients acting on their own responsibility
In individual cases, we may also share your data both within the PwC network and with other Third Parties who use your data on their own responsibility. For example, in individual cases we also transfer personal data to other companies in the PwC network to support and improve the effectiveness of our business processes (including coordinated marketing activities). Particularly to PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft.
In addition, in individual cases, we may also disclose your data to other Third Parties – such as public authorities, courts or other bodies – if we are required by law or by official order or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.
Where you have given your explicit consent, the legal basis for this data transfer is as set out in Article 6(1)(a) of the GDPR. Where there is a legal obligation to disclose the data, the legal basis for the data transfer is as set out in Article 6(1)(c) of the GDPR. However, if the disclosure is aimed at fulfilling a contractual or pre-contractual measure with you as a natural person to be required , the legal basis is as set out in Article 6(1)(b) of the GDPR. Otherwise, such transfer is based on our legitimate interests and the legal basis is as set out in Article 6(1)(f) of the GDPR. We and the other companies in the PwC network have an interest in making our work processes efficient and in sharing out business processes within the PwC network for this purpose.
Data transfer to recipients in third countries outside the EU/EEA
Where any of the above data transfers are made to a recipient outside the European Economic Area, an appropriate level of data protection for this foreign transfer is ensured through suitable security measures.
For data transfers within the PwC network, the PwC network companies have agreed on measures including an internal data protection agreement, which provides for compliance with the European Commission’s standard contractual clauses as defined in Article 46(2)(c) of the GDPR for the transfer of personal data from EU/EEA countries to PwC network companies outside the EU/EEA.
If you have any questions regarding such internal data protection agreements based on the EU standard contractual clauses, or you would like more information on further security mechanisms and security measures for data transfer to third countries, please feel free to contact our Data Protection Officer on DE_Datenschutz@pwc.com or by other means.
4.2 Processing of personal data during website visits
When you visit our website, we collect the data that is technically necessary to display the web page to you. The following personal data is automatically transmitted to our server by your browser:
- Session ID
- Device information (browser, resolution etc.)
- Log data on the web server
Processing of this personal data is carried out on the basis of Article 6(1)(f) of the GDPR. The web page cannot be accessed and made available to users unless this data is used; we have a legitimate interest in technically enabling the web page to be accessed and used.
The above data is stored for 90 days and then erased. Insofar as your personal data is subject to legal obligations to retain data, PwC shall store this data for the statutory retention period.
This website is hosted by an external provider (U2D/up2date solutions GmbH, Prinzregentenufer 3, 90489 Nuremberg) and the data collected on our website is therefore stored on the external provider’s servers. These servers are located in Germany.
4.3 Contacting us by email
You can find the email addresses of contact persons on the event page. You can also contact us by email.
If you contact us, the data communicated by you (in particular your email address, your first and last name, and the text of your enquiry, as well as any additional information you may have provided in the contact form or by email) will be stored by us in order to process your enquiry and answer your questions.
Data processing is justified in accordance with Article 6(1)(f) of the GDPR. We have an interest in contacting you via the website in response to your request. If your request is aimed at fulfilling a contractual or pre-contractual measure with you as a natural person, the legal basis for the data processing is as set out in Article 6(1)(b) of the GDPR.
The data provided when you contact us or make an enquiry is erased by us once it is no longer necessary for processing your enquiry. Insofar as your personal data is subject to legal obligations to retain data, PwC shall store this data for the statutory retention period.
We use ‘cookies’ on our website. Cookies are small text files with configuration information that are sent to your browser from our web servers when you visit our website and are kept on your computer by your browser for subsequent visits.
5.1 Session cookies (temporary/transient cookies)
We use ‘session cookies’ (also known as temporary or transient cookies) on our website. These session cookies are only stored for the duration of your session on our website. The session cookies we use are used solely to identify you as long as you are logged onto our website. The session cookies are erased at the end of each session. The session cookies are not used for any other purpose.
These cookies are strictly necessary for our website to operate and cannot be disabled in our systems. These cookies are normally only placed on your device in response to actions made by you that correspond to a service request, such as registering or completing forms. You can configure your browser to block these cookies or to be notified about these cookies. If you do so, however, some parts of the website may not function.
Use of these session cookies is carried out on the basis of Article 6(1)(f) of the GDPR. It is not technically possible for you to access or use our website or its features unless these cookies are used.
5.2 Persistent cookies
We also use other cookies on our website that allow us to identify your browser the next time you visit us and provide you with a better user experience.
These cookies are automatically erased after a predefined period which may vary depending on the cookie. The cookies are stored on your device until the period of validity of the cookies expires, or until you delete them.
We use the following categories of cookies:
These cookies allow us to determine the number of visits and identify traffic sources to find out how our website is performing and to improve its performance. They help us to identify which pages are most visited, which are least used and how users navigate the website. All the information collected by these cookies is aggregated and therefore anonymous. If you do not accept these cookies, we cannot identify when you visited our website.
We place performance cookies on your device based on a legitimate interest as defined in Article 6(1)(f) of the GDPR. We have a legitimate interest in analysing the use of our website as a whole based on aggregated, anonymous data to improve our website offering.
We may show you ads on other websites to advertise relevant services, articles or events. This is possible through the use of advertising cookies which are used to make ads more relevant to you and your interests. These cookies also have other functions; for example, they prevent the same ad from constantly reappearing. The ads are used solely to draw your attention to relevant PwC marketing campaigns. We do not sell your data to Third Parties.
Some of these cookies are personalised and help us to track how effective our marketing campaigns are and to improve your online experience with us by personalising it.
We only use advertising cookies with your explicit consent.
Some of the performance and advertising cookies used on our website are third-party cookies. These are cookies provided by Third Parties/external providers whose tools we use on our website.
For example, these may include cookies used by providers of tracking and analytical tools used by us. You can find more information about third-party cookies on our information page on tracking and analytical tools and additional features which use third-party cookies. You can also find a list of all cookies used on this website, their functions and their retention periods on our cookie information page.
We only use third-party cookies with your explicit consent.
5.3 Information on individual cookies
You can find information on the precise period of validity for individual cookies in the list below.
U2D Ventari automatically places two cookies on your device. These are technically necessary to operate the websites; however, only the first cookie is transient and the second is persistent:
- This session cookie is used to maintain the session between the browser and server.
- It stores a non-personalised ID which is generated by the app server.
- The cookie expires after 60 minutes of inactivity or when you quit the browser, i.e. the cookie is deleted (transient cookie). The maximum session time is 12 hours.
- This cookie is used to identify the user logged in to the website. If this cookie is deleted, you will need to log in again or provide authentication.
- It stores an encrypted hash.
- The cookie is retained when you quit the browser (persistent cookie), but is deleted after 12 hours.
5.4 Disabling cookie settings
Most browsers automatically accept cookies by default. You can prevent cookies being generated by disabling cookies in your browser’s system settings. However, please note that some of the cookies are strictly necessary for our website to function, since pages cannot otherwise be accessed and displayed. Disabling cookies will prevent or limit your usage of some parts of the website.
Where we place cookies on your device that are not strictly necessary for our website to function, we do this only with your prior explicit consent.
You can also control the installation of cookies at any time by changing the settings on your browser and/or deleting all cookies.
6. Links to social media
We currently link to the following social media providers using social media buttons: Twitter, LinkedIn, YouTube, Pinterest and Instagram. If you don’t want your usage data (such as the address of the page you are currently visiting) to be sent to these services, note that you will only access these social networks if you click a link to them. These social networks can collect usage data and in some cases user data on their pages. We have no control over the data collected or the data processing procedures and we do not know the full extent of data collection, the purposes of the processing or retention periods. We do not have any information on the deletion of data collected by the providers of these plug-ins.
The following information is therefore only correct to the best of our knowledge:
Your browser does not directly connect to the servers of the social media services listed above until you click on the links. A message (referrer) is then sent indirectly to these services telling them that you have visited our website. If you are logged in to the social media service with your personal user account when visiting our website, you can usually ‘share’ the document, leave a comment or similar by clicking on the social media buttons. If you want to avoid this kind of data transfer, we advise you not to click on the social media buttons.
Please refer to these services’ privacy notices for the purposes and scope of data collection, for information on further processing and use of your data by these services, as well as your associated rights and configuration options for protecting your privacy.