Privacy policy

Introduction

The PwC network and each of the individual PwC firms are strongly committed to protecting personal data.

This Privacy Statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this Privacy Statement or as otherwise stated at the point of collection. Please note that this Privacy Statement serves as a general overview and data subjects might receive further specific information about their rights and the use of their data at the point of collection.

In this Privacy Statement, ‘PwC’, ‘we’ or ‘us’ refers to PricewaterhouseCoopers AG, which is a separate legal entity of the PwC network.

Strategy& is the brand under which the legally independent firms of the PwC network provide professional strategy consulting services. Details on the structure of the PwC network can be found at www.pwc.com/structure.

Personal data are any information relating to an identified or identifiable natural person (data subject). PwC processes personal data for numerous purposes. The means of collection, lawful basis of processing, use, disclosure and retention periods may differ for each of these purposes.

Data controller and contact information

The data controller responsible for the processing of your personal data as described in this Privacy Statement is PricewaterhouseCoopers AG (CHE-106.839.438). You’ll be informed in the event that a different data controller makes decisions about the processing of your data.

We’ve appointed a Data Protection Officer. If you have any questions about this Privacy Statement or about how and why we process personal data, please contact our Data Protection Officer at:

Data Protection Officer
PricewaterhouseCoopers AG
Birchstrasse 160
8050 Zurich

Email: ch_swiss_data_privacy@pwc.ch
Phone: +41 (0) 58 792 00 00

Our processing activities

In the following sections, we take a detailed look at the data subject groups for which we process personal data. Please note that other data subjects whose personal data we might process (e.g. partners, staff and suppliers), will be informed separately about the processing of their data.

Clients and individuals associated with our clients

Relevant personal data and their source

We only process personal data as necessary for providing our services or for agreed purposes. Generally, we collect this personal data from our clients or from a third party acting on the instructions of the relevant client. In such a case, we ask our clients to provide associated data subjects (e.g. employees, suppliers, customers or other associated individuals) with the necessary information regarding the processing. Our clients may use relevant sections of this Privacy Statement or refer data subjects to this Privacy Statement if they consider it appropriate to do so.

We provide a diverse range of professional services (click here for information on our services). Some of our services require us to process personal data in order to provide advice and deliverables. Given the diversity of the services that we provide to clients, we process many categories of personal data, including: :

  • contact details
  • business activities
  • information about management and employees
  • payroll and other financial and tax-related data
  • information about internal processes and procedures
  • data contained in corporate IT systems such as SAP
  • bank, salary and payment data
  • information about investments and other financial interests
  • family-related information in the case of individual clients. .

For certain services (e.g. payroll and immigration services, specific advisory mandates) or with the data subject’s consent, we may also process special categories of personal data such as information about religious beliefs, physical or mental health, sexual life or sexual orientation, excerpts from the debt register or criminal records.

Purposes of processing personal data

  • Initiating and fulfilment of contracts
    PwC processes personal data to carry out pre-contractual measures (such as preparing an offer or creating a contract) and to provide the contractually agreed services, including the administering the business relationship and billing of the services.
  • Complying with any requirement of law, a regulation or requirements of a professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. In particular, we need to collect and keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
  • Security, quality and risk management activities
    To safeguard our own legitimate interests, we have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.

    In addition, we monitor the services provided to clients for quality purposes, which may involve processing personal data stored in the relevant client file.

    Finally, we have policies and procedures in place to manage risks in relation to client engagements. We process personal data as part of our client engagement and acceptance procedures during which, in particular, we carry out searches using publicly available sources (e.g. the Internet and sanctions lists) or third-party data to identify heightened risks and/or issues that would prevent us from working with a particular client.
  • Developing our business and services and providing our clients with information about us and our range of services
    We’re continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes. This may include conducting analyses to better understand a particular issue, industry or sector, providing insights to our clients, improving our business, service delivery and offerings, and developing new PwC technologies and offerings. We might also use contact details to obtain client feedback to improve and develop our business and our services.
  • Marketing and contact management purposes
    In line with the applicable laws, PwC also uses contact data (e.g. name, email address, phone number and postal address) to provide the client with information on other PwC offers, services or events we believe to be of interest to our clients. For this purpose, we transfer the contact data into the customer relationship management (CRM) systems.

    There’s a legitimate interest in informing PwC’s clients about our offers and events in order to establish and maintain a long-term relationship.

    If PwC has received contact data within the framework of a business event held by PwC or others, within the framework of a business appointment (e.g. by exchanging business cards), within the framework of a survey or within the framework of an order, we also use the contact data (in particular, name, address and email address) to maintain our business contacts.

    PwC has a legitimate interest in maintaining contacts established in the course of business transactions beyond the initial contact, using them to establish a business relationship and remaining in contact with those affected for this purpose.

Data retention

We retain the personal data processed for as long as is considered necessary for the purpose for which it was collected and described above (including as required by applicable laws or regulations).

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is ten years.

Profiling and automated decision-making

If no information to the contrary is provided, we don’t generally perform profiling or undertake any automated decision-making when processing personal data provided by our corporate clients.

Visitors to our website

Relevant personal data and their source

We process limited personal data of visitors to our websites, such as:

  • contact details including name and email address
  • business-related information including job title, job level and company name
  • order information and customer’s credit card information when a purchase is made via our website
  • content of (email) correspondence between website visitors and us.

This data is collected directly from the website visitors and generally on a voluntary basis. An exception is the provision of credit card details when a purchase is made via our website.

Purposes of processing personal data

When a website visitor provides personal data to us, we use the data in connection with the purposes stated below or as is obvious from the context of collection.

  • Initiation and fulfilment of a contract
    We process your data to provide you with information materials that you’ve requested or to invite you to events or conferences that you’ve registered for. Although most publications are provided as downloads, website visitors may also have the opportunity to purchase PwC publications online. In this case, we process the order information and your credit card information, where applicable, in order to facilitate shipment and payment of the publication.
  • Use of the website and communication
    In addition, your personal data is processed in order for you to benefit fully from all functions on our website and from services provided via the website, including registration for webinars and events, subscriptions to updates or newsletters, participation in surveys, quizzes or polls, requests for further information or for reference materials.

    If we’ve obtained consent to the respective tracking cookies, we may use a visitor’s interactions with the website to display specific recommended content in line with their interests.

    Website visitors are also able to send us emails or contact us via specific forms on our website. Their messages will contain their name and email address, as well as any additional information the user may wish to include in the message.
  • Security, quality and risk management
    We process your personal data for administering and managing our website, including monitoring and enforcing compliance with the terms and conditions for the use of our website, confirming and authenticating identity and preventing unauthorised access to restricted areas, premium content or other services limited to registered users.

    In accordance with our policy, visitors aren’t required to register to gain access to the areas of PwC websites. In certain cases, as a visitor’s PwC website experience expands, we may require, in the future, that a visitor registers in order to obtain a user ID and password for authentication and secure access to a transaction or to certain confidential business or proprietary information services on premium websites.
  • Website analytics
    We aggregate data in order to assess the usage of our website and improve the user experience.
  • Marketing purposes
    Unless requested otherwise, we may also use your data to contact you with information about PwC’s business, services and events, and other information that may be of interest to you. If visitors subsequently choose to unsubscribe from mailing lists or revoke their registration, we provide instructions on the related website or in our communication to the individual, or the individual may contact us by email. Users may visit the preference centre to adjust their interests, subscriptions and their consent to marketing communications.

Cookies and log files

Cookies may be used on some pages of our website. Cookies are small text files placed on your hard drive that help us to provide a more customised website experience. For example, a cookie can be used to store registration information in an area of the website so that a user doesn’t need to re-enter it on subsequent visits to that area. It’s PwC’s policy to use cookies to make it easier for visitors to navigate our websites and to facilitate efficient registration procedures. Site statistics are compiled by third parties and therefore your IP address will be passed to third parties for statistical reporting only.

Our website uses cookies for a variety of purposes detailed on cookies information page. Visitors to the website are prompted to accept or reject these cookies during their first visit. There are options to set preferences for analytics, personalisation and advertising cookies.

Please bear in mind that the cookie settings don’t apply to third-party websites.

Data retention

We retain the personal data processed for as long as is considered necessary for the purpose for which it was collected and described above (including as required by applicable laws or regulations).

Contact information about visitors (such as information generated though registration for access to areas on the website) will be kept as long as the information is required to service the contact request, or until a user requests that we delete that information. Mailing list information, discussion posts and emails are only kept for the period of time considered reasonable to facilitate the visitor’s requests.

Profiling and automated decision-making

If a user has accepted personalisation cookies, we might use automated technology to display personalised content such as reading recommendations, event invitations or other relevant content related to a user’s browsing behaviour. Users can opt out at any time by declining these cookies.

Recruitment applicants

When applying for a job, applicants should refer to the details provided on why and how personal data are collected and processed. If you enter into an employment relationship with us, contractual agreements will regulate our use of your personal data. For more details about how we handle recruitment data, please visit our separate privacy statement and terms of use for the relevant tools.

Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)

We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship and the contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients. We commonly process contact details, e.g. name, job title, work telephone numbers, work email addresses and other contact details.

Purposes of processing personal data

  • Receiving services: We process personal data in relation to our suppliers and their staff as necessary to receive the services.
  • Providing professional services to clients: Where a supplier is supporting us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients.
  • Administering, managing and developing our businesses and services.
  • Security, quality and risk management activities: We have security measures in place to protect our information and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake, e.g. automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
  • Providing information about us and our range of services: Unless requested otherwise, we use business contact details to provide information that we think will be of interest about us and our services.
  • Complying with any requirement of law, a regulation or a professional body of which we’re a member: As a professional services provider, we’re subject to legal, regulatory and professional obligations. We need to collect personal data or keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Data retention

We retain personal data processed by us for as long as necessary for the purpose for which it was collected (including as required by applicable laws or regulations). Personal data may be held for longer periods where extended retention periods are required by laws or regulations and in order to establish, exercise or defend our legal rights.

 

Alumni

We use personal data collected in connection with the PwC Switzerland alumni community through the offboarding process or registration on the alumni website for our global community platform and for communication purposes, including sending alumni newsletters and event invitations. The following categories of personal data will be processed to enable you to use the application and its features: 

  • first and last name; 
  • email address; 
  • leaving grade; 
  • joining and leaving date; 
  • last PwC office location; 
  • last PwC territory; and 
  • new employer and job title. 

 In addition, you may voluntarily and optionally provide further information in the course of using PwC’s alumni community platform. 

The data processing is conducted solely for the specified purposes and will not be carried out in a manner incompatible with these objectives. Further details on the processing of your personal data can be found in the global alumni privacy statement. 

Others

Individuals who use our applications

We give external users access to various applications managed by us. Such applications generally include their own Privacy Statements explaining why and how personal data are collected and processed by those applications.

Children

PwC understands the importance of protecting children’s privacy, especially in an online environment. Our website is not intentionally designed for or directed at children 16 years of age or younger. PwC will never knowingly collect or maintain information about anyone under the age of 16.

Participants of events, fairs or similar

PwC organises and helps organise events and takes part in fairs (e.g. at universities) and other social gatherings. We may use various applications to manage event registration processes, for which the applications will contain their own privacy statements explaining why and how personal data are collected and processed by these applications. Please refer to the privacy statements available on these applications.

If you register for an event via our website, please see the earlier section regarding website visitors. As part of our event management, we may process event-related data (but only to the extent required for a specific event), such as dietary restrictions, special requirements and travel information. We do not intentionally collect sensitive personal data unless you provide us with such data.

Participants of such events can interact with our employees and provide their personal data (such as information on business cards or by registering for talent pools, newsletter or games etc.). We’ll use this data to fulfil the purpose for which your data has been collected or to get in touch with you with information about us or our services which could be of interest to you. You can at all times request us to stop our communication in accordance with your privacy rights described below.

Third parties

We’ll only share personal data with third parties when and as far as we’re legally permitted to do so. When we share data with third parties, we protect the data and comply with our data protection, confidentiality and security standards by means of e.g. security mechanisms, contractual and organisational arrangements.

It may be possible to transfer personal data to:

  • Other PwC member firms
    For details of our member firm locations, please click here.

    We may share personal data with and store it on servers of other PwC member firms where necessary for administrative, quality control or risk management purposes and to provide professional services to our clients (e.g. when providing services involving advice from PwC member firms in different territories). Our business contacts are visible to and used by PwC users from other PwC member firms to learn more about a contact, a client or an opportunity in which they have an interest.

    In addition, PwC uses Service Delivery Centres (SDC), which operate within the PwC network to support several PwC firms in the administrative organisation and processing of client orders and mandates. This includes, for example, the preparation and review of invoices, layout and design, editing, translation services and other services relating to client orders and mandates.

    The PwC member firms have concluded an internal data protection agreement that provides for the transfer of personal data from EU/EEA countries and Switzerland to PwC network firms in other territories in compliance with the applicable legal requirements (e.g. the applicable EU standard contract clauses of the EU Commission as approved by the Swiss Federal Information and Data Protection Commissioner available here, or a legally accepted set of rules to ensure data protection). If you’d like more information about further security measures for the transfer of personal data to third countries, please feel free to contact our data protection officer.
  • Third parties that provide applications or IT services to us
    We and the PwC network use third parties to support us in providing our services and to help provide, run and manage our IT systems in Switzerland and abroad. For these purposes, your personal data might be shared with or accessed by such third-party service providers. For data transfers in connection with the cookies we use, please see here.
  • Third parties that otherwise assist us
    Your personal data might also be shared with other third-party service providers such as suppliers and business partners supporting us in providing goods, services or information but also in supporting and making our business development activities more effective.
  • We may also share your personal data with auditors and other professional advisers as necessary.
    Your personal data are also shared with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable laws or regulations.
  • Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable laws and regulations, to investigate an alleged crime or to establish, exercise or defend legal rights. We shall only fulfil requests for access to personal data where we’re permitted to do so in accordance with applicable laws or regulations.

The data are not shared further within the PwC network for secondary or unrelated purposes. Nor are they shared with a third party other than as described in this Privacy Statement or otherwise disclosed at the point of collection. If there’s an instance where such information may be shared, the visitor’s permission will first be requested.

Third-party links

In several places, pwc.ch may link to other websites that don’t operate under the privacy practices of pwc.ch. If visitors follow links to other websites, PwC’s privacy practices no longer apply. We encourage visitors to review each website’s Privacy Statement before disclosing any personally identifiable information.

Individual’s rights

PwC makes every practical effort to avoid the excessive or irrelevant collection of data. If you believe that we’ve collected excessive information, we encourage you to contact us to raise any concerns.

  • Access to personal data
    You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us. We aim to respond to any requests for information promptly and, in any event, within the legally required time limit.
  • Amendment of personal data
    To update personal data submitted to us, you may email us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.

    When PwC retains personally identifiable information, PwC assumes responsibility for keeping an accurate record of the information once the data subject has submitted and verified the data. PwC does not assume responsibility for verifying the ongoing accuracy of the content of personal data. When feasible in practice, if PwC is informed that any personal data collected are no longer accurate, PwC shall make appropriate corrections based on the updated information provided by the data subject.

    When requested and legally permitted, PwC shall delete identifying information from current operational systems.
  • Withdrawal of consent
    Where we process personal data based on consent alone, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data, please email us or, to stop receiving an email from a PwC marketing list, please click on the ‘unsubscribe’ link in the email you received from us.
  • Erasure/deletion of personal data
    You have the right to request that PwC deletes your personal data if there’s no legal or regulatory requirement for PwC to keep your data (such as retention obligations). To request the deletion of your personal data, please send an email, ideally together with an identification document, and the reasons why you wish us to delete the data.
  • Right to lodge a complaint with a supervisory authority
    You have the right to appeal to a data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection law.

    For Switzerland, this is Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Tel.: +41 (0)58 462 43 95 (https://www.edoeb.admin.ch/edoeb/en/home.html).
  • Other data subject rights
    In addition to the rights referred to above, individuals may have other rights in relation to the personal data we hold, such as the right to restrict or object to our processing of personal data and the right to data portability. If you wish to exercise these rights, please send us an email.

Security

Information Security is a high priority for the PricewaterhouseCoopers network. PwC member firms are accountable to their people, clients, suppliers and other stakeholders to protect information that is entrusted to them. The PwC Information Security Policy (ISP) outlines the minimum security requirements with which every member firm must comply.

The PwC ISP has been developed to safeguard the confidentiality, integrity and availability of the information and technology assets used by the PwC member firms. The PwC ISP is aligned with industry standard ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls.

Modifications to this privacy statement

PwC reserves the right to modify or amend this Privacy Statement at any time by publishing an updated version here. The current version of the statement shall be accessible on this website. This Privacy Statement was last updated on July 1, 2025.