Polityka Prywatności

Data Protection Officer Compliance Tool

Privacy Statement

This Privacy Statement was last updated on 2019, February 3.

This privacy statement describes why we collect personal data through Data Protection Officer Compliance Tool and provides information about individuals’ rights in relation to personal data. We may use the personal data provided through Data Protection Officer Compliance Tool for any of the purposes described in this privacy statement. This privacy statement applies to personal data provided to us, either by you or by others (such as your employer).

In this privacy statement, “PwC”, “us”, and “we” refer to the PwC Network and/or one or more of its Member Firms that may process your personal information. Each Member Firm in the PwC Network is a separate legal entity.

The data controller of your personal information is: PwC Advisory sp. z o.o. spółka komandytowa with its registered seat in Warsaw (ul. Polna 11, 00-633 Warszawa, Poland).

In some instances your personal data may be processed by one or more of the Member Firms listed at: https://www.pwc.com/gx/en/about/corporate-governance/legal-entities.html]

In this privacy statement, we refer to information about you or information that identifies you as “personal data” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information.

This privacy statement relates only to Data Protection Officer Compliance Tool. It does not override any separate privacy statement or agreement relating to other products, services or sites of PwC.

By using Data Protection Officer Compliance Tool and providing personal information to us, you acknowledge you have read this privacy statement.

The purpose of Data Protection Officer Compliance Tool

Data Protection Officer Compliance Tool is a dedicated software which supports organisations in daily duties related to compliance with the GDPR requirements, risk analysis in the context of data protection (Data Protection Impact Assessment), data breaches assessment, maintaining and monitoring company’s compliance with data protection regulations.

Personal Information We Collect About You

We collect the following personal information about you through Data Protection Officer Compliance Tool:

name, telephone or mobile number, email address, organisation and other contact details of users, employees, third parties etc.
logins and passwords and functions of authorised users of Data Protection Officer Compliance Tool.

PwC may also collect information about you when you use this Application, for example, logs of your activities on the site (for example, when you add a new document or assess the risks within DPIA module.)

This personal information is necessary in order to use Data Protection Officer Tool.

When we have not obtained data directly from you, the data is sent by your employer or organisation. We can receive this data in order to authorise you within the Data Protection Officer Tool and maintain your user’s account.

How We Use Personal Information

We use the personal information collected through Data Protection Officer Compliance Tool for the following specific purposes:

to authenticate your identity and provide you with an access to the application
to ensure the security of the application
to administer and manage the application and provide you with the services you have requested from us
to generate and share within the PwC Network aggregated reports regarding usage of the application in order to improve the services.

PwC does not use the information we collect about you through Data Protection Officer Compliance Tool to provide you with promotional communications, nor will we pass your information to third parties for promotional purposes.

Cookies

Cookies are small text files that are placed on your computer by the site that you visit. They are widely used in order to make sites work, or work more efficiently, as well as to provide information to the owners of the site. The use of cookies is now standard for most sites. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your 'browser history' (cache) when you leave the site.

Managing cookies on your device

We use cookies to personalize content and to provide you with an improved user experience. By using this application you consent to the deployment of cookies. You can control and manage cookies using your browser (see below). Please note that removing or blocking cookies can impact your user experience and some functionality may no longer be available.

Using your browser to control cookies

Most browsers allow you to view, manage, delete and block cookies for a site. Be aware that if you delete all cookies then any preferences you have set will be lost, including the ability to opt-out from cookies as this function itself requires placement of an opt out cookie on your device. Guidance on how to control cookies for common browsers is linked below.

Google Chrome

Mozilla Firefox

MacOS Safari

Microsoft Internet Explorer

For information on additional browsers and device types please see http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/.

Types of cookies

‘Session’ cookies remain in your browser during your browser session only, ie until you leave the mobile .application.‘Persistent’ cookies remain in your browser after the session (unless deleted by you).
‘Performance’ cookies collect information about your use of the app, such as pages visited and any error messages; they do not collect personally identifiable information, and the information collected is aggregated such that it is anonymous. Performance cookies are used to improve how a mobile application works.
‘Functionality’ cookies allow the site to remember any choices you make about the mobile application (such as changes to text size, customized pages) or enable services such as commenting on a blog.

Use of cookies by PwC

The following table explains the way in which we use cookies in this application:

Name	Purpose	Type	Duration
.ASPXAUTH	The cookie is used to determine if a user is authenticated.	First party session	Session
EntityId	This cookie stores the selected entity id provided by authenticated user.	First party session	Session
XSRF-TOKEN	The cookie prevents malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.	First party session	Session
currentUICulture	This cookie represents the current user interface culture	First party session	Session
lng	This cookie represents the current user interface language translations	First party session	1 years from set/update

Our legal grounds for processing personal data

We rely on one or more of the following processing conditions:

our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);

our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights).

to perform our obligations under a contractual arrangement with you (applicable when you are the party to the agreement with PwC as well as the user of Data Protection Officer Compliance Tool).

Transfers of personal data

Cross-border transfers

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

Where we collect your personal information within the EEA, transfer outside the EEA will be only:

to a recipient located in a country which provides an adequate level of protection for your personal information; and/or

under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

Other PwC Member Firms

For details of PwC Member Firm locations, see https://www.pwc.com/gx/en/about/office-locations.html

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing advice to that client.

Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other disclosures

We may also disclose personal information under the following circumstances:

with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;

To law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal information to determine whether disclosure is required or permitted.

Security

We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information. These individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or transmitted by us.

Retention

We will retain your personal information only for as long as we need it for the purposes described in this privacy statement unless we are required by law to retain it for a longer period.

Changes to this privacy statement

This privacy statement was last updated on 2019, February 3.

We may update this privacy statement at any time by publishing an updated version here.

Your legal rights in relation to your personal data

You may have certain rights under your local law in relation to the personal information we hold about you.

In particular, you may have a legal right to:

request a copy of personal information we hold about you
ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete
ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information
restrict or object to our processing of your personal information
request a copy or transfer of your data (data portability), and/or
withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).

To exercise any of the abovementioned rights, please contact us as set forth below.

You may have the right to lodge a complaint with your local data protection regulator.

Contact Us

If you have questions about this privacy statement or the way your personal information is processed, or would like to exercise a legal right in relation to your personal data, please contact our appointed data protection officer using the following contact details:

email: pl_privacy@pwc.com;

phone: +48 22 746 40 00.