This notice was last updated on January 2022.
This privacy notice, given pursuant to Article 13 of EU Regulation 2016/679 (“GDPR”), explains what information on persons accessing the website is collected by the Italian legal entities belonging to the international PwC Network1 (hereinafter, the “Data Subject(s)”, “you” or the “User(s)”), for what purpose it is used and with whom it is shared (hereinafter, the “Notice” or “Privacy Notice”). The Notice also details the rights Data Subjects can exercise in relation to their personal data and whom they can address to obtain additional information or to inquire as to the use of their personal data.
The tools used to collect and process Users’ personal data are the following websites used by Italian and foreign legal entities of the PwC Network:
(hereinafter, jointly "the PwC websites").
The PwC websites are designed through an IT tool (Adobe Experience Manager) belonging to foreign entities of the PwC Network; that tool is made available to the Italian legal entities of the Network (and those of other countries/territories) to generate the PwC websites devoted solely to the activities carried out by the local legal entities.
The PwC websites are operated by dedicated staff of Servizi Aziendali PricewaterhouseCoopers Srl (hereinafter “SAPwC”). A special team, belonging to foreign entities of the PwC Network with technical competences, has administrative access solely to solve technological issues.
By using the PwC websites, Users acknowledge they have read and understood the contents of the Notice.
As illustrated in the Notice and on the PwC websites, Users’ personal data may be processed by one or more Italian legal entities of the PwC Network hereinafter referred to as “Joint Controllers” or “PwC”, those entities having executed joint control agreements with SAPwC, based in Milan, Piazza Tre Torri n. 2, an entity that provides administrative, accounting and organisational services to all the Italian entities of the PwC Network, and which also responsible for operating and updating the PwC websites. The key content of the joint control agreement is available on demand on the premises of the Joint Controllers.
Moreover, in limited instances indicated further below in the Notice (e.g. the need for maintenance work on the PwC websites), Users’ data may also be viewed by foreign entities of the PwC Network. All the entities belonging to the PwC Network are separate, independent legal entities. For details, see www.pwc.com/structure and http://www.pwc.com/gx/en/about/office-locations.html where the countries in which PwC legal entities operate are listed.
In the event that, when browsing the PwC websites, Users access other websites of foreign legal entities of the PwC Network other than those referred to as Joint Controllers in the Notice, Users’ personal data shall be processed in accordance with the terms of the notices given by the other legal entities which will, in turn, become independent controllers. Consequently, the information in the Notice shall not apply.
1 Additional information on the PwC Network and on its member legal entities is available on www.pwc.com
For any reports about the processing of Users’ personal data and to exercise the rights laid down in Chapter III, Section I, of GDPR, Users may contact the Data protection Officer of the Joint Controller Servizi Aziendali PricewaterhouseCoopers S.r.l, whose details are as follows:
Data Protection Officer
Piazza Tre Torri n. 2 – 20145, Milano
PEC (certified electronic mail): email@example.com
Tel. +39 02 66734162
Fax +39 02 66734163
The legal basis applied by the Joint Controllers to process any personal data voluntarily provided by Data Subjects while browsing the PwC websites is the legitimate interest (Article 6, paragraph 1, letter f), GDPR) pursued by the Italian legal entities of the PwC Network to promote their initiatives and business activities targeting any subject who may decide to enter into a business relationship with one or more of the legal entities belonging to the PwC Network. Should Users, while browsing the PwC websites, reach any web pages through which specific, additional processing is performed (e.g., registering for a marketing event promoted by PwC), the legal basis shall be indicated in the separate notice prepared for that activity.
No personal data are collected or used when a User simply browses the PwC websites. Any personal information collected through the PwC websites is only that released by the User within specific sections of the PwC websites (e.g. “Contact us”); those data may be used to respond to queries placed directly by Data Subjects through the communication channels available on the PwC websites. Those data may also be used for additional purposes related to the processing performed by the Joint Controllers in relation to specific activities carried out by PwC and managed through specific sections of the PwC websites containing relevant notices pursuant to informative Article 13 of GDPR (e.g. marketing initiatives promoted by the Joint Controllers).
In no event shall the data collected through the PwC websites be sold or transferred to third parties for marketing or other purposes.
When Users access the PwC websites, information may be collected on the manner in which they use the PwC websites they are browsing through cookies and other analytical tools. This information is collected in anonymised form (for details, see the Cookie information section).
The personal information that PwC needs to collect and process through the PwC websites is ‘common’ data, i.e. identification details: given name and family name, email address, telephone number, corporate role/company, as provided directly by the User.
PwC does not need to collect ‘special’ data as defined in Article 9, GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health) or ‘criminal’ data as defined in Article 10, GDPR through the PwC websites, unless a legal obligation to that effect exists. Should such information be provided but not be necessary, the Joint Controllers shall erase it.
It should be noted that Users’ personal data are processed – whether or not by automated means, through the operations listed in Article 4, item 2), GDPR, such as collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment or combination, restriction, erasure or destruction.
For the purposes mentioned above, access to the personal data that you provide may be given to:
PwC shall store Users’ personal data in its systems for the length of time strictly necessary for the various purposes for which they have been collected, or for the length of time allowed by law. PwC shall store personal data provided voluntarily by a User until the User requests their erasure, which can be requested through this link. If a User requests to be removed from a mailing list, only the information necessary to act on the request is stored.
Because PwC is an international network of legal entities present throughout the world, a User’s personal data may be transferred outside the country where they are collected for the purpose of maintaining the PwC websites and archiving the data contained therein. Any transfers of personal data, for the above purposes, to countries outside the EU take place in accordance with the law in force, as well as with the decisions on personal data protection taken by the European Court of Justice and national and foreign authorities.
In any case, foreign entities of the PwC Network may access those data solely for the purpose of maintaining the PwC websites.
Within the PwC websites Users may find links to external, third party websites that do not belong to, and are not operated by, PwC; data processing performed through those websites (including but not limited to, suppliers, social networks, trade partners, universities, non-profit organisations, etc.) are not governed by the Notice. Whenever a Data subject connects to a third party website, the Notice will no longer be applicable and the provisions of the notices provide by the controllers of the third party websites shall apply.
The Joint Controllers have implemented suitable security measures applied by the PwC Network globally in order to protect personal data from loss, improper use, alteration or destruction. Only persons authorised by and bound to PwC by specific confidentiality obligations may access Users’ personal data collected through the PwC websites. In any case, the logic security and physical safety of the systems used and the confidentiality of the personal data processed shall be ensured, through the implementation of all necessary, appropriate technical and organizational measures.
PwC guarantees the exercise of the rights of Data Subjects pursuant to Article 15 and ensuing articles of GDPR. In accordance with Chapter III, Section I, GDPR, a Data Subject may exercise the rights listed therein, specifically:
Right of access - The right to obtain confirmation as to whether or not a Data Subject’s personal data are being processed and, where that is the case, to obtain information, in particular about: the purposes of the processing, the categories of personal data processed and the period of storage, the recipients to whom the personal data may be disclosed (Article 15, GDPR);
Right to rectification - The right to obtain, without undue delay, the rectification of inaccurate personal data concerning a Data Subject and to have incomplete personal data completed (Article 16, GDPR);
Right to erasure - The right to obtain, without undue delay, the erasure of a Data Subject’s personal data, in the circumstances envisaged by GDPR (Article 17, GDPR);
Right to restriction of processing - The right to obtain from the Controllers or Joint Controllers referred to in the Notice the restriction of processing in the circumstances envisaged by GDPR (Article 18, GDPR);
Right to data portability - The right to receive a Data Subject’s personal data provided to the legal entities of the Italian PwC Network referred to in the Notice as Controllers or Joint Controllers in a structured, commonly used and machine-readable format, and to have those data transmitted to another controller without hindrance, in the circumstances envisaged by GDPR (Article 20, GDPR);
Right to object - The right to object to processing of a Data Subject’s personal data, unless legitimate grounds exist for the legal entities of the Italian PwC Network referred to in the Notice as Controllers or Joint Controllers continuing the processing (Article 21, GDPR);
Right to file a complaint with the authority - The right to file a complaint with the Italian data protection authority, Garante per la protezione dei dati personali. (Information and contact details can be found on the authority’s website www.garanteprivacy.it).
You can exercise the above rights or request further information on the processing of your personal data at the following link.