This Privacy Statement was last updated on 2 October 2019.
PwC is strongly committed to protecting personal information. This Privacy Statement explains what information we gather about you, what we use that information for, and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.
“PwC”, “we”, “us” and “our” refer to PwC Member Firms1 operating in Mainland China, Hong Kong SAR and Macau SAR.
Please click the links below for a list of all PwC Member Firms operating in the following locations:
Click on the links in our index below to take you to the more detailed sections of this Privacy Statement.
The privacy of your personal information is important to us. This Privacy Statement describes how PwC handles personal information collected through our websites, social media platforms, applications, products and/or services provided by PwC Member Firms operating in Mainland China, Hong Kong SAR and Macau SAR (referred to as “PwC Services”).
Many of our PwC Services require some personal data to be collected. If you choose not to provide us with the necessary data, you may not be able to use that product/service.
In this Privacy Statement, your information is sometimes called “personal data” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information.
This Privacy Statement applies to any personal data provided to us, and any personal data created in connection with our PwC Services. You should provide personal data only of yourself.
By using our PwC Services and providing personal information to us, you acknowledge that you have read this Privacy Statement, and subject to your explicit consent which we may separately seek from you as may be required by applicable law, you consent to the terms of this Privacy Statement (including international transfers as set out in this Privacy Statement to countries outside where you are located).
If you do not agree with the terms in this Privacy Statement and have concerns about the categories of personal data we require from you, please do not provide any personal information to us without contacting us.
If you are an individual based in the European Economic Area (“EEA”) and the European Union General Data Protection Regulation (“GDPR”) is applicable to PwC in providing the PwC Services in question, we may rely on legal basis other than consent to process your personal information as set out in Appendix 1
Some PwC Services may have Privacy Statements that differ from this one and/or contain additional information as required under local law. Please refer to the Privacy Statements relating to the relevant PwC Services in order to understand how they process your data.
When you use our PwC Services, we may collect information about you including through cookies and analytics tools. We may collect personally identifiable information about you either directly from you, or by combining information we collect and maintain through other means (such as client relationship management systems or identification and access management systems, including IP addresses) or as we may receive from social media or other third-party sites.
PwC collects and holds personal information from clients, customers, contractors, suppliers, and/or other business contacts for business purposes.
You may also choose to provide additional information to us, for instance, when you use any “Contact Us” features of our PwC Services, as part of the registration process, register a user account, and/or create and update your user profile.
It is our policy to collect only the minimum information required to complete your request and/or use our PwC Services.
We will only process sensitive personal data in accordance with the requirements under applicable laws. In particular, we may process the following categories of personal data, which may be regarded as sensitive personal data under relevant laws in Mainland China: your user account information, mobile number, residential address and personal email address. If your explicit consent is required under applicable law, we will not process sensitive personal data (other than as mentioned herein) in the ways described in this Privacy Statement or as described at the point where you choose to disclose this information, unless we have obtained your explicit consent as may be required.
By consenting to this Privacy Statement, you explicitly consent to our processing of your sensitive personal data above (as may be regarded under applicable law) for purposes described in this Privacy Statement.
You may wish to participate in the various blogs, forums, wikis and other social media platforms hosted by PwC (“Social Media Platforms") which we may make available. The main aim of these Social Media Platforms is to facilitate and allow you to share content voluntarily. However, PwC cannot be held responsible if you share personal information on Social Media Platforms that is subsequently used, misused or otherwise appropriated by another user.
When you provide personal information to us, we may use it for any of the purposes described in this Privacy Statement or as stated at the point of collection, including:
We will only use the personal information collected for the above purposes where we have a lawful basis for such processing, including obtaining any prior consent as may be required under applicable law.
Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so. We may also send you communications including publications from time to time, for example to advise you of information, technical updates, upcoming events/seminars/webcasts, or surveys, PwC's latest insights and activities in major business and industry areas which may be of interest to you, and products or services that you request from us.
You may opt out of receiving marketing materials from us at any time by following the instructions contained in our marketing communications. If you have any questions, please contact us using the details in the "Contact Us" section below.
We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information collected via the PwC Services; such individuals have agreed to maintain the confidentiality of this information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Where a personal information security incident arises, we shall respond to the incident, assess the likely impact of the incident, and take necessary actions to bring the incident under control. Where necessary, we will report to the appropriate authority and notify you of the incident as may be required under applicable laws and regulations.
Your personal data may be transferred to, processed by and stored with, the following classes of transferees/categories of recipients for the purposes as described in this Privacy Statement:
As PwC is a global network with Member Firms around the world, your personal information may be transferred to other PwC Member Firms (and their respective subsidiaries and affiliates). Other PwC Member Firms may process your personal information on behalf of the Data Controller2 for the same purposes as set out herein. In addition, each PwC Member Firm whom you share your information may determine jointly with other PwC Member Firms the means of processing of your personal information.
Your information may also be transferred to service providers that are not members of the PwC network (third party service providers) to process on a PwC Member Firm’s behalf. We may transfer or disclose the personal data we collect to third party contractors or subcontractors of PwC Member Firms (and their respective subsidiaries and affiliates), as well as other third parties. We use such third parties to support us in providing our PwC Services and to help provide, run and manage our business (including our internal IT systems). Third party service providers may include providers of IT services, identity management, website hosting and management, data analysis, data back-up and archiving, security and storage services (including cloud service providers), event management, and other services with respect to the operation of our business.
When we transfer personal data, we do so for the purposes for which the information has been submitted, for the purposes listed above under Use of Personal Information, for the administration and maintenance of websites and associated systems, and/or other internal or administrative purposes.
The third party service providers may also use their respective subsidiaries and affiliates, and their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party service providers that are bound to maintain appropriate levels of security and confidentiality and process personal information only as instructed by PwC.
We may also disclose personal information to third parties under the following circumstances:
We may also disclose your personal information to law enforcement, regulatory and other government agencies and authorities, professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation. This includes disclosures outside the country or region where you are located.
As PwC is a global network with Member Firms and third party service providers located around the world, your personal information may be transferred to and stored outside the country or region where you are located. PwC Member Firms, our service providers and sub-processors they engage may use servers and other resources in various countries and territories to process your information.
Where we collect personal information from within the EEA, in circumstances where the GDPR is applicable to PwC in providing the PwC Services in question, please refer to Appendix 1.
This Privacy Statement discusses information practices of PwC in the ordinary course of its business. PwC reserves the right to transfer all data in its possession to a successor-in-interest to its business or assets.
It is our policy not to retain personal data longer than is necessary for the fulfilment of the purposes for which the data are to be used. We will retain personal information on our systems for as long as we need it, given the purposes for which it was collected, or as required to do so by law. Personal data may be held for longer periods where extended retention are agreed or are required by law or regulation or professional standards and in order to establish, exercise or defend our legal rights.
We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.
You may have certain rights under applicable laws in relation to the personal information we hold about you, including:
If you would like to understand whether these rights apply to you or to exercise these rights, please contact us. When requested, and provided that it is practical and commercially feasible to comply with the request, we will respond to your request within the time required under applicable law. We may charge a fee for your request to access your information, if permitted by applicable law.
If you are an individual based in the EEA and GDPR is applicable to PwC in providing the PwC Services in question, you may be entitled to additional rights (see Appendix 1).
We understand the importance of protecting children's privacy, especially in an online environment. The PwC Services covered by this Privacy Statement are not intentionally designed for or directed at anyone under the age of 18.
If you wish to exercise any of these rights, under applicable privacy law, or have questions about how your information is handled at any time, or to make complaints, please contact our Privacy Team.
We may update this Privacy Statement at any time by publishing an updated version here. Subject to obtaining your explicit consent as may be required by applicable law, the new modified or amended Privacy Statement will apply from that revision date. Therefore, we encourage you to review this Privacy Statement periodically to be informed about how we are protecting your information.
This section of the Privacy Statement applies if you are an individual based in the EEA regardless of nationality or your employer or authorised representative is providing your personal data to us from a country in the EEA, and the GDPR is applicable to PwC in providing the PwC Services in question.
We process personal data for the purposes set out in this Privacy Statement, as described above. For the purposes of complying with the GDPR, we do not need to collect your consent in order to process your personal data (except in limited circumstances where we process your special categories of personal data, where we may sometimes require your consent, in which case we will obtain your consent). Instead, we rely on one or more of the following processing conditions:
These are the principal legal grounds that justify our processing of your information:
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal and regulatory obligation: where we need to use your information to comply with our legal and regulatory obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
Employment legal obligations and rights: where our legal duties as employers necessitate the processing.
Consent: where you have consented to our use of your information.
We justify our use of personal data in the manner set out in clause 3 of the Privacy Statement above as follows:
Use justification: contract performance, legitimate interests (to enable us to provide our products/services).
Use justification: legitimate interests (to enable us to effectively communicate with you).
Use justification: legitimate interests including:
Use justification: legal and regulatory obligations and legal claims (to enable us to cooperate with law enforcement and regulatory authorities).
Use justification: legal and regulatory obligations, legitimate interests (to enable us to achieve a consistent approach to compliance across our business).
Our business may require us to transfer your personal data to countries outside the EEA, including countries that may not provide the same level of data protection as your home country. Where we collect personal data from within the EEA, transfer outside the EEA will be only:
Please contact us at the contact details in the Privacy Statement if you would like to see a copy of the specific safeguards to export of your personal information.
Subject to limitations in applicable law, you are entitled to object to or request the restriction of processing of your personal data, and to request access to, rectification, erasure and portability of your own personal data.
Where the use of your personal data is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You may also have the right to object to any processing based on the legitimate interests ground if our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
Whilst a complaint is being investigated, you have the right to restrict how we use your information.
Your exercise of these rights is subject to certain exemptions to safeguard public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to lodge a complaint with a relevant supervisory authority.
1. "Member Firm" means an entity or partnership within the worldwide network of PricewaterhouseCoopers firms and entities, each of which is a separate and independent legal entity. For further details, please see pwc.com/structure.
For a list of countries and regions where PwC firms are located, please see http://www.pwc.com/gx/en/about/office-locations.html .
2. "Data Controllers" of personal information are one or more of the PwC Members Firms, that either alone or jointly or in common determines the purposes and means of the processing of personal data.
Generally, the Data Controller for the personal data is the PwC Member Firm(s) operating in Mainland China, Hong Kong SAR and Macau SAR providing the relevant PwC Services unless specified otherwise (e.g. by way of contracts).