Privacy Statement

This notice was last updated on June 2023.

Foreword

This privacy notice, given pursuant to Article 13 of EU Regulation 2016/679 (“GDPR”), explains what information on persons accessing the website (hereinafter, the “Data Subject(s)”, “you” or the “User(s)”) is collected by Servizi Aziendali PricewaterhouseCoopers Srl (hereinafter “SAPwC” or “Controller” ) on their own and on behalf of  other Italian legal entities belonging to the international PwC Network1 , for what purpose it is used and with whom it is shared (hereinafter, the “Notice” or “Privacy Notice”). The Notice also details the rights Data Subjects can exercise in relation to their personal data and whom they can address to obtain additional information or to inquire as to the use of their personal data.

The tools used to collect and process Users’ personal data are the following websites used by Italian and foreign legal entities of the PwC Network:  

(hereinafter, jointly "the PwC websites").

The PwC websites are designed through an IT tool (Adobe Experience Manager) belonging to foreign entities of the PwC Network; that tool is made available to the Italian legal entities of the Network (and those of other countries/territories) to generate the PwC websites devoted solely to the activities carried out by the local legal entities.

The PwC websites are operated by dedicated staff of the SAPwC. 

A special team, belonging to foreign entities of the PwC Network with technical competences, has administrative access solely to solve technological issues. 

By using the PwC websites, Users acknowledge they have read and understood the contents of the Notice. 

SAPwC with registered office in Milan, Piazza Tre Torri 2, represented by its pro-tempore legal representative, is a company providing administrative, accounting and organisational services to the Italian entities belonging to the PwC Network.

In this context, SAPwC is the joint controller of the personal data the controller of which is originally each of the above-mentioned Italian entities, with which it has executed specific and separate joint control agreements pursuant to Article 26 of GDPR , the key content of which is available on demand at the premises of SAPwC or of the relevant legal entity of the PwC Network involved as the original controller (hereinafter also the “Joint Controller” and, jointly with SAPwC, the “Joint Controllers”).

Moreover, in limited instances indicated further below in the Notice (e.g. the need for maintenance work on the PwC websites), Users’ data may also be viewed by foreign entities of the PwC Network. All the entities belonging to the PwC Network are separate, independent legal entities. For details, see www.pwc.com/structure and http://www.pwc.com/gx/en/about/office-locations.html where the countries in which PwC legal entities operate are listed.

In the event that, when browsing the PwC websites, Users access other websites of foreign legal entities of the PwC Network other than those referred to as Joint Controllers in the Notice, Users’ personal data shall be processed in accordance with the terms of the notices given by the other legal entities which will, in turn, become independent controllers. Consequently, the information in the Notice shall not apply.

1 Additional information on the PwC Network and on its member legal entities is available on www.pwc.com

Contact details of the Controller

Piazza Tre Torri, n. 2 - 20145 Milano
Fiscal Code and VAT Registration: 12449670152
Tel. +39 02 77851

Contact details of the Data Protection Officer

For any reports about the processing of Users’ personal data and to exercise the rights laid down in Chapter III, Section I, of GDPR, Users may contact the Data protection Officer of the Joint Controller Servizi Aziendali PricewaterhouseCoopers S.r.l, whose details are as follows:

Data Protection Officer (“DPO”)
Piazza Tre Torri, n. 2 - 20145 Milano
PEC (certified electronic mail): dpo-sap@pec-pwc.it
Tel. +39 02 66734162
Fax. +39 02 66734163

Legal basis for the processing of personal data

The legal basis applied by the Joint Controllers to process any personal data voluntarily provided by Data Subjects while browsing the PwC websites is the legitimate interest (Article 6, paragraph 1, letter f), GDPR) pursued by the Italian legal entities of the PwC Network to promote their initiatives and business activities targeting any subject who may decide to enter into a business relationship with one or more of the legal entities belonging to the PwC Network. Should Users, while browsing the PwC websites, reach any web pages through which specific, additional processing is performed (e.g., registering for a marketing event promoted by PwC), the legal basis shall be indicated in the separate notice prepared for that activity.

Use of personal data

No personal data are collected or used when a User simply browses the PwC websites. Any personal information collected through the PwC websites is only that released by the User within specific sections of the PwC websites (e.g. “Contact us”); those data may be used to respond to queries placed directly by Data Subjects through the communication channels available on the PwC websites. Those data may also be used for additional purposes related to the processing performed by the Joint Controllers in relation to specific activities carried out by PwC and managed through specific sections of the PwC websites containing relevant notices pursuant to informative Article 13 of GDPR (e.g. marketing initiatives promoted by the Joint Controllers).

In no event shall the data collected through the PwC websites be sold or transferred to third parties for marketing or other purposes. 

Categories of personal data processed

When Users access the PwC websites, information may be collected on the manner in which they use the PwC websites they are browsing through cookies and other analytical tools. This information is collected in anonymised form (for details, see the Cookie information section).

The personal information that PwC needs to collect and process through the PwC websites is ‘common’ data, i.e. identification details: given name and family name, email address, telephone number, corporate role/company, as provided directly by the User. 

PwC does not need to collect ‘special’ data as defined in Article 9, GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health) or ‘criminal’ data as defined in Article 10, GDPR through the PwC websites, unless a legal obligation to that effect exists. Should such information be provided but not be necessary, the Joint Controllers shall erase it. 

It should be noted that Users’ personal data are processed – whether or not by automated means, through the operations listed in Article 4, item 2), GDPR, such as collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment or combination, restriction, erasure or destruction.

Recipients of personal data

For the purposes mentioned above, access to the personal data that you provide may be given to:

  1. Employees and freelancers of the Joint Controllers, in their capacity as persons entrusted with processing the data (“Persons authorised to process the personal data”); 
  2. Judicial or supervisory authorities, public sector (domestic and foreign) administrations, bodies and organisations, and professional bodies;
  3. Employees and freelancers of other Italian and foreign entities of the PwC Network, solely in relation to maintenance of the PwC websites, as well as any contractors/subcontractors engaged by those entities for the same purpose.

Period of storage

PwC shall store Users’ personal data in its systems for the length of time strictly necessary for the various purposes for which they have been collected, or for the length of time allowed by law. PwC shall store personal data provided voluntarily by a User until the User requests their erasure, which can be requested through this link. If a User requests to be removed from a mailing list, only the information necessary to act on the request is stored. 

Transfers of personal data

Because PwC is an international network of legal entities present throughout the world, a User’s personal data may be transferred outside the country where they are collected for the purpose of maintaining the PwC websites and archiving the data contained therein. Any transfers of personal data, for the above purposes, to countries outside the EU take place in accordance with the law in force, as well as with the decisions on personal data protection taken by the European Court of Justice and national and foreign authorities.

In any case, foreign entities of the PwC Network may access those data solely for the purpose of maintaining the PwC websites.

Links to third parties

Within the PwC websites Users may find links to external, third party websites that do not belong to, and are not operated by, PwC; data processing performed through those websites (including but not limited to, suppliers, social networks, trade partners, universities, non-profit organisations, etc.) are not governed by the Notice. Whenever a Data subject connects to a third party website, the Notice will no longer be applicable and the provisions of the notices provide by the controllers of the third party websites shall apply. 

Security of personal data

The Joint Controllers have implemented suitable security measures applied by the PwC Network globally in order to protect personal data from loss, improper use, alteration or destruction. Only persons authorised by and bound to PwC by specific confidentiality obligations may access Users’ personal data collected through the PwC websites. In any case, the logic security and physical safety of the systems used and the confidentiality of the personal data processed shall be ensured, through the implementation of all necessary, appropriate technical and organizational measures.

Cookies 

For details, please consult the Cookie information section.

Exercisable rights

PwC guarantees the exercise of the rights of Data Subjects pursuant to Article 15 and ensuing articles of GDPR. In accordance with Chapter III, Section I, GDPR, a Data Subject may exercise the rights listed therein, specifically:

  • Right of access - The right to obtain confirmation as to whether or not a Data Subject’s personal data are being processed and, where that is the case, to obtain information, in particular about: the purposes of the processing, the categories of personal data processed and the period of storage, the recipients to whom the personal data may be disclosed (Article 15, GDPR);

  • Right to rectification - The right to obtain, without undue delay, the rectification of inaccurate personal data concerning a Data Subject and to have incomplete personal data completed (Article 16, GDPR);

  • Right to erasure - The right to obtain, without undue delay, the erasure of a Data Subject’s personal data, in the circumstances envisaged by GDPR (Article 17, GDPR);

  • Right to restriction of processing - The right to obtain from the Controllers or Joint Controllers referred to in the Notice the restriction of processing in the circumstances envisaged by GDPR (Article 18, GDPR);

  • Right to data portability - The right to receive a Data Subject’s personal data provided to the legal entities of the Italian PwC Network referred to in the Notice as Controllers or Joint Controllers in a structured, commonly used and machine-readable format, and to have those data transmitted to another controller without hindrance, in the circumstances envisaged by GDPR (Article 20, GDPR);

  • Right to object - The right to object to processing of a Data Subject’s personal data, unless legitimate grounds exist for the legal entities of the Italian PwC Network referred to in the Notice as Controllers or Joint Controllers continuing the processing (Article 21, GDPR);

  • Right to file a complaint with the authority - The right to file a complaint with the Italian data protection authority, Garante per la protezione dei dati personali. (Information and contact details can be found on the authority’s website www.garanteprivacy.it).

You can exercise the above rights or request further information on the processing of your personal data at the following link.