Privacy Policy

Information on data protection in accordance with articles 13 and 14 of the EU General Data Protection Regulation (EU GDPR)

The following information on data protection is meant to provide you with a clear, transparent and comprehensible description of how we process your personal data. If you still have questions about what we do or other queries about privacy at PwC, feel free to contact our designated data protection officer, whose contact details are listed below under “Data Protection Officer”.

Controller

The party responsible, or controller, in the sense of Article 4(7) of the EU General Data Protection Regulation (EU GDPR), for determining how and for what purpose your personal data will be processed is:

PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35–37
60327 Frankfurt am Main
E-mail: DE_Kontakt@pwc.com
Main telephone number: +49 69 9585-0
Fax: +49 69 9585-1000

Data Protection Officer

PwC has designated a data protection officer in accordance with Article 37 of the EU GDPR. You can reach PwC’s data protection officer, Dr Tobias Gräber, in the following ways:

By e-mail: DE_Datenschutz@pwc.com

By telephone: +49 211 981-1837

By mail:

PricewaterhouseCoopers GmbH WPG
Dr. Tobias Gräber, Data Protection Officer
Friedrich-Ebert-Anlage 35–37
60327 Frankfurt am Main

Purposes of the processing and legal basis for the processing

We, PwC, have taken photographs or made video recordings of you, or commissioned an agency to do so on our behalf, and we shall store these images in our internal processing systems. The images were created in public while you attended an event.

The photographs and video recordings were created for the purposes of our legitimate interest in documenting this event and disseminating it for internal informational purposes. Since this is a business event, this precludes any greater interest on your part. In view of this, it is lawful to process your personal data in accordance with point (f) of Article 6(1) of the EU GDPR.

We will only process photographs and video recordings in which you appear for other purposes if you have given us your consent in accordance with the German Artistic Copyright Act (Kunsturhebergesetz, or KUG). This consent form is a contractual agreement about which images of you can be published. In this case, it is lawful to process your personal data in accordance with point (b) of Article 6(1) of the EU GDPR.

Recipients of data and transfer to third countries

In the course of providing the service you have requested us to provide, data will be transferred to third parties; this may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU.

Specifically, data shall be transmitted to the following categories of recipients:

Collaboration with other companies in the PwC network in the course of providing services to clients

PricewaterhouseCoopers GmbH WPG is a member of the global PwC network, which is made up of legally separate and independent PwC companies.

If it is necessary to achieve the objective described, there will be collaboration with other companies in the global PwC network. This may be the case if the objective has something to do with another country or requires the expertise of a member of staff from another (foreign) company in the PwC network for other reasons.

If data is transferred to a network company outside of the European Economic Area, an adequate level of data protection shall be guaranteed through the use of standard contractual clauses adopted by the EU Commission within the meaning of point (c) of Article 46(2) of the EU GDPR. The PwC Network companies have concluded an internal data protection contract which provides for the transfer of personal data from EU/EEA countries to other companies in compliance with the EU standard contractual clauses adopted by the EU Commission.

You can access the EU standard contractual clauses online at: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

Data transfer to service providers within the PwC network

In the course of conducting its activities, PwC engages other German or foreign companies in the PwC network as network-internal IT service providers to provide services for the operation, maintenance and upkeep of the IT systems and applications used by the PwC network companies.

The main companies engaged are PwC IT Services Europe GmbH, headquartered in Germany, and PwC IT Services Ltd., headquartered in the UK.

Furthermore, PwC uses network-internal service delivery centres (SDCs) to support other PwC companies in administrative organisation and executing client orders and mandates. This includes, for example, the generation and review of invoices, layout and design, editing, translation services and other services related to the services we provide our clients. These SDCs are located in Germany, Poland and Argentina, among other places.

If data is transferred to a network company outside of the European Economic Area, an adequate level of data protection shall be guaranteed through the use of standard contractual clauses adopted by the EU Commission within the meaning of point (c) of Article 46(2) of the EU GDPR. The PwC Network companies have concluded an internal data protection contract which provides for the transfer of personal data from EU/EEA countries to other companies in compliance with the EU standard contractual clauses adopted by the EU Commission.

Data transfer to external IT service providers

PwC also uses external IT service providers:

  • • General IT service providers: PwC uses external service providers who provide general IT services or IT systems that are used in the course of providing services to our clients. This includes, for example, operation of the system used for internal and external (e-mail) communication.
  • • Subject-specific and order-related IT service providers: PwC also uses external service providers who offer specialist applications for tax advisors, auditors and/or lawyers.

If the IT service providers are foreign cloud service providers, the data shall be stored in the service provider’s data centres within and outside of the EU.

The adequate level of data protection as required by EU data protection law shall be guaranteed by the use of standard contractual clauses adopted by the EU (EU Model Clauses). For more information about PwC’s cloud service providers, please visit: www.pwc.de/externe-dienstleister

If an adequate level of data protection which is comparable to that within the EU cannot be guaranteed on a case-by-case basis, transmission shall only be permissible with your explicit consent.

Rights of person affected/Your rights according to data protection law

The applicable data protection laws grant you the following rights with respect to your personal data and PwC:

Right to access information: You may request information from PwC at any time about whether and which personal data about you is stored by PwC. The information shall be provided by PwC free of charge.

The right to information shall not apply, or only to a limited extent, if and to the extent that it would require the disclosure of information that must be kept confidential, such as information that is subject to professional secrecy.

Right to rectification: If your personal data stored by PwC is incorrect or incomplete, you have the right to request that PwC rectify this at any time.

Right to erasure: You have the right to request that PwC delete your personal information if and to the extent that the data is no longer needed for the purposes for which it was collected or if the processing of your data requires your consent and you have withdrawn your consent. In this case, PwC must cease processing your personal data and remove it from its IT systems and databases.

No right to erasure shall apply if

  • the data may not be deleted due to a legal obligation or must be processed due to a legal obligation, or
  • data processing is required to establish, exercise or defend legal claims.

Right to restrict processing: You have the right to request that PwC restrict the processing of your personal data.

Right to data portability: You have the right to obtain from PwC the data you provide in a structured, common and machine-readable format, and the right to have this information transmitted to another controller. This right exists only when

  • you have provided the data to us by giving your consent or by concluding a contract with us, and
  • the processing of the data is carried out through the use of automated processes.

Right to object to processing: You may object to the processing of your data by PwC at any time when the processing of your data is based on point (f) of Article 6(1) of the EU GDPR.

To exercise any of the rights described above, kindly direct your specific request to our data protection officer, whose contact details are listed above under “Data Protection Officer”.

Right to lodge a complaint with a data protection authority

If you believe that the processing of your personal data violates data protection law, you have the right to make a complaint to a data protection authority in accordance with Article 77 of the EU GDPR.

Duration of data retention period

We generally keep photographs and video recordings for one year from the date on which they were made in order to compare the event with that of the following year.

If you have given us consent to publish photographs and video recordings in which you appear, we will keep this material for three years and then delete it, unless otherwise agreed in the consent form or you do not renew your consent.

PwC will use an image gallery to provide a selection of these videos and photographs to interested parties. The image gallery will be made available on the internet for a period of six weeks after the event and then it will be deleted.

If you have consented to the public communication of photographs and video recordings in which you appear, we will keep this consent form – for evidence purposes – for three years after the last time that we processed, in this connection, photographs and video recordings in which you appear.

In individual cases, the retention period may also be extended if the information is required to, for example, establish, exercise or defend legal claims even after the retention period has ended.

Use of Cookies

Our website uses “cookies”. Cookies are small text files containing configuration information. When you visit our website, our web servers send cookies to your browser, which stores them on your computer so that the information can be retrieved later.

By using cookies, our website can retrieve or store information from your browser. This can be information about you, your settings or your device. It is mostly used to ensure that the website functions as you expect it to. This information does not usually identify you directly, but it can offer you a more personalised web experience.

Our website also use “session cookies” (also called temporary or transient cookies). Session cookies are only stored for the duration of your visit to our website. The session cookies we use serve only to identify you when you are logged into our website. Session cookies are automatically deleted once the session ends. There is no further use of session cookies.

These cookies are essential for the proper functioning of our website and cannot be disabled in our systems. In general, these cookies will only be stored in response to actions you take to satisfy a service request, such as setting your privacy preferences, logging in, or completing forms. You can set your browser to block these cookies or notify you of the use of these cookies. However, doing so may prevent you from being able to fully use all features of this website.

The use of these session cookies occurs in accordance with point (f) of Article 6(1) of the EU GDPR. Without the use of these cookies, it is not technically possible to present the website or for you to access and use the website.

Disabling cookies

Most browsers are preset to automatically accept cookies. You may object to the creation of cookies by disabling cookies in the system settings of your browser. Please note, however, that some of the cookies are necessary for our website to function properly and that the page cannot be accessed and displayed without them. When you disable cookies, you will not be able to fully use the website (without restriction).

Cookies which are not absolutely necessary for our website to function will only be used with your prior explicit consent.

Furthermore, you can also control the installation of cookies at any time by changing your browser settings and/or deleting all cookies.

Follow us
© 2017-2019 PwC. All rights reserved. PwC refers to the PwC network and/or one of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.