Information about processing personal data for people whose personal data we obtain in connection with providing services to our clients

Fulfilling the obligations according to the art. 14 sec. 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter be referred to as “GDPR” the data controller informs that:

  1. PwC Advisory spółka z ograniczoną odpowiedzialnością sp.k. or another PwC entity which our Client has cooperation with - list of entities, with its registered seat in Warsaw (00-633), Polna 11 Street, („PwC”, “we”) will be the controller of your personal data.
  2. PwC processes your personal data for the following purposes and on the following legal bases:
A legal basis A purpose of the processing
art. 6 sec. 1 let. c) of the GDPR - compliance with a legal obligation to which PwC is subject from the regulations governing the provision of professional services (e.g. Act on statutory auditors)
  • Demonstrating PwC’s compliance with applicable regulations especially by keeping records;
  • Enabling the provision of professional services covered by regulations e.g. auditing financial statements or providing legal advice;
  • Keeping professional secrecy.
art. 6 sec. 1 let. f) of the GDPR – legitimate interests pursued by the PwC
  • Enabling the provision of professional services to Clients;
  • Administration of PwC services;
  • Developing our businesses and services, including quality control;
  • PwC’s administration and management, in particular the website, IT systems and business applications;
  • Performing data analytics;
  • Safety management and operational risk assessment (e.g. Know Your Customer analysis);
  • Complying with any regulations of a professional body of which PwC is a member;
  • Exercising legal claims in particular by documenting completed or received services.

 

3. Your personal data will not be disclosed to third parties except the following recipients:

  • other PwC member firms. For details of our member firm locations, please visit the website. We may share personal data with other PwC member firms where necessary for administrative purposes and purposes of processing referred to in pt 3;
  • service providers that aren’t members of the PwC network (“third party service providers”) to process on a PwC’s behalf. Third party service providers may include providers of IT services, including identity management, website hosting, data analysis, data back-up, security and storage services in so far as it refers to the relation with PwC;
  • governmental or regulatory authorities, courts and law enforcement authorities or agencies as required by and/or in accordance with applicable law or regulation.

4. Your personal data may be transferred to countries outside the European Economic Area (EEA) – third countries, based on:

  • art. 45 sec. 1 of the GDPR - European Commission’s adequacy decision (applies for countries, which were subject of decision);
  • art. 46 sec. 2 let. c) of the GDPR - standard data protection clauses adopted by the European Commission.

5. Your personal data will be retained until the end of Client’s cooperation with PwC. After that, personal data might be stored only for the period indicated by statutory provisions of law or as long as you or us may pursue legal claims towards each other.

6. In accordance with processing your personal data you have the following rights:

  •  right of access, to rectification (updating), to erasure, to restriction of processing, and to data portability and to object; You can exercise these rights by using the form available here.
  • to lodge a complaint with a supervisory authority (Prezes Urzędu Ochrony Danych Osobowych).

7. The provision of personal data is:

  • necessary in order to establish and perform Client’s cooperation with PwC - in the scope of processing purposes pursued within the PwC legitimate interests;
  • mandatory - in the scope of processing purposes pursued within the legal obligation.

8. The entity that provides PwC with personal data as part of using our services (Client) is a source of your personal data.

9. PwC processes, as a standard, the following categories of personal data: name, surname and business contact details (such as mobile number and email address). In some cases, the scope of processing may be wider. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility and pensions services or we are processing a national identification number complying with the provisions on anti-money laundering and terrorist financing provisions.