PwC COVID-19 Private Sector Group (CPSG): Privacy statement

1. Introduction

PricewaterhouseCoopers ("PwC", "we", "us", or "our") is strongly committed to protecting personal information. This privacy statement describes our reasons for collecting personal data through CPSG Events and Activities (hereafter refer as “ the Events) and provides information about individuals’ rights in relation to personal data. When collecting and using personal data our policy is to only collect what we need and to be transparent about why and how we process personal data. We may use the personal data provided in connection with the Events for any of the reasons set out in this privacy statement.

This privacy statement relates only to the Events. It does not relate to other products, services or sites of PwC or any other party.

Data Controller Information - The data controller is the entity with primary responsibility for the protection of personal information. The data controller of the personal information collected in connection with the Events is the PwC firm responsible for the Events, that is PwC & Consultants (Shenzhen) Limited

2. Definitions

In this privacy statement, we use the following terms:

“Personal data or personal information” refers to any information or data (in a form in which access to or processing is practicable) relating directly or indirectly to a living or natural individual from which independently or in combination with other information it is practicable for the identity of the individual to be directly or indirectly ascertained or for the activity of the natural person to be directly or indirectly ascertained.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, transferring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“PwC, we, us and our” refer to the PwC network and/or one or more of its member firms. Each member firm in the PwC network is a separate legal entity. For a list of PwC firms see https://www.pwc.com/gx/en/about/corporate-governance/legal-entities.html. For countries and regions in which PwC firms operate see http://www.pwc.com/gx/en/about/office-locations.html.

3. Collection of personal data

PwC may collect, use, collect, disclose and otherwise process your personal information including the following:

  • contact person, mobile, email
  • Organisation name (bilingual), website, address, organisation phone#, business type, organisation description

You may be asked to provide personal information (where necessary) to meet purposes of collection in connection with the Events.

You may also choose to provide additional personal information on voluntary basis if you wish to do so. We do not intend to collect sensitive and/or special category of personal information for the Events. Please do not provide any sensitive and/or special category personal data.

Sensitive personal data and/or special category of personal data, covers information relating to, among other things, race, ethnicity, political opinions, religious or philosophical beliefs, biometric or genetic data when used to uniquely identify you, information about health, sexual life or sexual orientation.

By using this Site and providing personal information to us, you acknowledge that you have read this privacy statement, and consent to the collection, use and disclosure of such personal information by PwC and any third party recipients (as set out in section 6 of this privacy statement), including international transfers to countries outside where you are located.

If you do not agree with the terms in this privacy statement or have concerns about the categories of personal data we require from you, please do not provide any personal information to us without contacting us.

4. Purposes of collection and process of personal data

To the extent necessary, we may collect, disclose and otherwise process your personal information in connection with the Events for the purposes including:

  • To set up and administer the COVID-19 Private Sector Group and to facilitate the activities and discussions of this Group
  • To facilitate event management such as registration and identity authentication
  • To communicate with you and provide the services requested by you or your organisation
  • To facilitate security of the Events, authenticating the identity of users, authorising access to the Events (including preventing unauthorised access) and for other security-related purposes, including system monitoring.
  • To facilitate all logistics for the Events and sharing with you
  • To obtain your feedback and/or evaluation
  • To maintain our administrative or client relationship management systems
    • Where you are a business contact of ours, we will include your business contact details on our administrative or client relationship management systems, contact you in relation to the Events and we may send you other material relevant to your interests (provided we have appropriate permission from you to do this, as required by law).
  • To analyse the performance of the Events and associated services
    • We may analyse the performance of the Events and associated services by reviewing the user data we capture.
5. Security of personal data

We adhere to internationally recognised standards of technology and operational security in order to protect personal information from loss, misuse, alteration and destruction. Only authorised persons are provided access to personal information collected via the Events. These individuals have agreed to maintain the confidentiality of this information. We have a framework of policies and procedures in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by email) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted electronically over the Internet.

Where a personal information security incident arises, we shall respond to the incident, assess the likely impact of the incident, and take necessary actions to bring the incident under control. Where necessary, we will report to the appropriate authority and notify you of the incident as may be required under applicable laws and regulations.

6. Transfer of personal data

PwC is a global network with member firms and third party service providers located around the world. If we process your personal information, your personal information may be transmitted and stored outside the country or region where you are located. PwC member firms, our service providers and sub-processors they engage may use servers and other resources in various countries and territories to process your information. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

For personal information collected within Mainland China, such transfer will be done under agreements that provide sufficiently similar protection to your personal information as it would have under applicable laws in Mainland China.

Where we collect your personal information within the European Economic Area, transfer outside the European Economic Area will be only:

  • to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
  • under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

The US member firm of PwC, PricewaterhouseCoopers LLP and its affiliated US subsidiaries (together, “PwC US”), adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information that is transferred from the European Union and its Member States, and the EEA and Switzerland to the United States. PwC US has certified that it adheres to the Privacy Shield Principles within the scope of PwC US’s Privacy Shield certification. To learn more, see https://www.pwc.com/us/en/site/privacy-shield.html.

Your personal data as set out above may be transferred to, processed by and stored with, the following classes of transferees/categories of recipients for the purposes as described in this privacy statement:

(a) Recipients of personal data: other PwC member firms

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, in connection with organising the Events we may share personal information with PwC member firms in different territories that are involved in the Events.

(b) Recipients of personal data: third party providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC network in providing its services and/or organising events, help provide, run and manage IT systems. Examples of third party contractors we use include providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure may be located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

(c) Other recipients of personal data

We may also disclose personal information under the following circumstances to the extent permitted under applicable law:

  • with other members of the COVID-19 Private Sector Group; experts or other parties, government organisations or regulators contacted by the Group in connection with the activities of the Group;
  • with professional advisers, for example, auditors and law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our businesses;
  • when explicitly requested by you;
  • when required to deliver publications or reference materials requested by you;
  • with law enforcement or other government and regulatory agencies or with other third parties as required by, and in accordance with, applicable law and regulation;
  • Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law and regulation. This includes disclosures outside the country or region where you are located.
7. Retention of personal data

It is our policy not to retain personal data longer than is necessary for the fulfilment of the purposes for which the data are or are to be used.

8. Your rights to personal data

You may have certain rights in relation to personal data we hold about you including:

  • Right to request for copy of certain categories of personal data;
  • Right to update/correct your personal data which is inaccurate; and/or
  • Right to request deletion of your personal data
  • Right to revoke any consent on use of your personal data (if processing is based on consent)
9. Contact us

If you wish to submit a request to exercise your rights, under applicable privacy law, or have questions about how your information is handled at any time, or to make complaints, please send your request to our Privacy Team https://www.pwccn.com/en/privacy-team-contact-form.html or https://www.pwchk.com/en/privacy-team-contact-form.html. When requested, and provided that it is practical and commercially feasible to comply with the request, we will respond to your request within the time required under applicable law.

10. Changes to this privacy statement

We may need to update this privacy statement from time to time to comply with applicable law and regulations or other legitimate purposes. We will not make any changes that will affect your rights under this privacy statement without first obtaining your consent as may be required by applicable law. If we make any material changes, we will notify you of the change and amend the revision date of this privacy statement. The new modified privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.