Information about processing personal data for people associated with our corporate Clients or Suppliers

Fulfilling the obligations according to the art. 14 sec. 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter be referred to as “GDPR” the data controller informs that:

  1. PwC Advisory spółka z ograniczoną odpowiedzialnością sp.k. or another PwC entity which you have cooperation with - list of entities, with its registered seat in Warsaw (00-633), Polna 11 Street, („PwC”, “we”) will be the controller of your personal data.

  2. PwC processes your personal data for the following purposes and on the following legal bases:

A legal basis

A purpose of the processing

art. 6 sec. 1 let. c) of the GDPR - compliance with a legal obligation to which PwC is subject such as:

  • Art. 2 sec. 1 and Art. 34 of the Act on combating money laundering and the financing of terrorism;

  • Goods and Services Tax Act, Personal Income Tax Act or Corporate Income Tax Act;

  • Relevant legal provision in a given scope of services that require professional secrecy.

  1. Using financial security measures with regard to Customers and Beneficial Owners - to the extent that a PwC entity is an obliged institution;

  2. Fulfilling PwC's tax obligations;

  3. Keeping professional secrecy.

art. 6 sec. 1 let. f) of the GDPR – legitimate interests pursued by the PwC

  1. Enabling the provision of professional services to clients - Applies only to people whom the Client has indicated in the contract as contact persons

  2. Ordering and receiving services from Suppliers;

Applies only to people whom the Suppliers has indicated in the contract as contact persons

  1. Clients and Suppliers relationship management;

  2. Developing our businesses and services, including quality control;

  3. Identifying Clients with similar needs;

  4. PwC’s administration and management, in particular the website, IT systems and business applications;

  5. Performing data analytics;

  6. Safety management and operational risk assessment (e.g. Know Your Customer analysis or verification of the quality of Suppliers);

  7. Complying with any regulations of a professional body of which PwC is a member;

  8. Direct marketing of PwC’s products and services, in particular offering our services, presenting current industry information, inviting to events organized by PwC and informing about PwC and our range of  services;

  9. Exercising legal claims in particular by documenting completedservices.

3. Your personal data will not be disclosed to third parties except the following recipients:

  • other PwC member firms. For details of our member firm locations, please visit the website: https://www.pwc.com/gx/en/about/corporate-governance/legal-entities.html. We may share personal data with other PwC member firms where necessary for administrative purposes and purposes of processing referred to in pt 3;
  • service providers that aren’t members of the PwC network (“third party service providers”) to process on a PwC’s behalf. Third party service providers may include providers of IT services, including identity management, website hosting, data analysis, data back-up, security and storage services in so far as it refers to the relation with PwC;
  • governmental or regulatory authorities, courts and law enforcement authorities or agencies as required by and/or in accordance with applicable law or regulation.

4. Your personal data may be transferred to countries outside the European Economic Area (EEA) – third countries, based on:

  • art. 45 sec. 1 of the GDPR - European Commission’s adequacy decision (applies for countries, which were subject of decision);
  • art. 46 sec. 2 let. c) of the GDPR - standard data protection clauses adopted by the European Commission.

5. Your personal data will be retained until the end of cooperation with PwC. After that, personal data might be stored only for the period indicated by statutory provisions of law or as long as you or us may pursue legal claims towards each other.

6.  In accordance with processing your personal data you have the following rights:

  •  right of access, to rectification (updating), to erasure, to restriction of processing, and to data portability and to object; You can exercise these rights by using the form available here.
  • to lodge a complaint with a supervisory authority (Prezes Urzędu Ochrony Danych Osobowych).

7. The provision of personal data is:

  • Voluntary, but necessary in order to establish and perform cooperation with PwC - in the scope of processing purposes pursued within the legitimate interests of the data controller and the performance of the contract;
  • Mandatory - in the scope of processing purposes pursued within the legal obligation.

8. The represented entity (Client of Supplier) is a source of your personal data.

9. PwC processes, as a standard, the following categories of personal data: name, surname, employer’s name, position and business contact details (such as mobile number and email address). In some cases, the scope of processing may be wider (e.g. if PwC has to comply with anti-money laundering provisions or by providing tax advisory services). Then the data subjects are informed about this in separate information about the processing of personal data.