Personal Data Processing and Protection Policy

Version of 06 September 2018

This Personal Data Processing and Protection Policy (the "Policy") is adopted and in effect in the following firms of the PricewaterhouseCoopers International Limited global network: Private Limited Liability Company PricewaterhouseCoopers Russia B.V., AO PricewaterhouseCoopers Audit, OOO PricewaterhouseCoopers Advisory, OOO PricewaterhouseCoopers Audit Services, PwC Legal, OOO PricewaterhouseCoopers Property, OOO PricewaterhouseCoopers, Private Institution of continuing professional education "Corporate Training Centre "PricewaterhouseCoopers Expert", OOO PwC Professional Services which are all located at 10 Butyrsky Val, Moscow, Russia, 125047 ("the Company" or "we" [both references are used for each individual firm]).

1. General

We may collect and use the personal data you provide to us when:

  • you access our websites and mobile applications (the "websites") from any device or when communicating with us in any form in compliance with this Policy. By using our websites and providing your personal data to us, you give your consent to have your personal data processed in compliance with this Policy;
  • you get in touch with us with a question, complaint, comment or feedback (such as name, contact details and contents of the communication).  In these cases, the individual is in control of the personal data shared with us and we will only use the data for the purpose of responding to the communication and handling the matter as appropriate. The personal data referred above may include name, employer name, contact title, phone, email and other business contact details;

  • you apply online for a job at PwC via PwC careers website;

  • you visit our offices. We need to obtain and process your personal data in order to comply with security measures and build access control;

  • we provide services to our clients. Our policy is to collect only the personal data necessary for specified purposes and we ask our clients only to share personal data where it is strictly needed for those purposes. Where we need to process personal data to provide our services, we ask our clients to get appropriate person’s authorization and provide the necessary information to the data subjects concerned regarding its use;

  • we manage the relationship, contract and receive services from our suppliers and subcontractors.

We process personal data about contacts (existing and potential PwC clients and/or individuals associated with them) using a customer relationship management systems (the "PwC CRM").

The collection of personal data about contacts and the addition of that personal data to the PwC CRM is initiated by a PwC user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the PwC CRM helps PwC users to manage relations with contacts or third parties by observing  data concerning interactions between PwC users and contacts or third parties in PwC email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event). Personal data relating to business contacts may be visible to and used by PwC users to learn more about an account, client or opportunity they have an interest in.

2. Key terms and definitions

"Personal data" is any information that is related directly or indirectly to a specific or identifiable individual.

"Personal data processing" is performing any actions or sets of actions with respect to your personal data including the following: collect, record, systemise, gather, store, update, alter, extract, use, transfer (provide, access), depersonalise, block, delete, destroy with and without the use of personal data automated processing systems.

3. The Principles of processing of personal data

  • We process personal data lawfully and fairly.

  • Processing involves only the personal data which meet the intended purposes of the processing thereof.

  • The contents and scope of processed personal data correspond to the declared purposes of processing. Processed personal data is not excessive in respect of the declared purposes of processing thereof.

  • The term of processing of personal data is limited within the scope of specified, preset and lawful purposes.

  • We take all necessary measures for providing security of processing personal data.  

  • We respect lawful rights of personal data subjects and ensure their  protection in the processing of personal data.

4. The types of data we collect

We may collect the following types of data:

  • the personal data you provide to us when filling out information fields at our websites, including filling out the contact form, subscribing to news mailouts, registering for our events;

  • the personal data and other information contained in the messages you send to us;

  • the personal data you provide at our job and internship offerings website;

  • the technical data automatically transmitted by the device you use to access our websites including the device’s specifications, IP-address, cookies data sent to your device, browser information, date and time of access, addresses of the pages searched, and other similar information. Please visit our cookie policy to learn more about cookies;

  • the personal data you provide to us when you visit our offices;

  • the personal data that we need to obtain and process in order to render services and provide or receive professional advice and deliverables.

5. Purposes of personal data processing

We may process your personal data for purposes it has been provided for only, including the following:

  • registering you at our websites to grant access to selected sections;

  • providing you with information about the Company, our services and events;

  • answering your requests and enquiring for additional information;

  • organising your participation in our events and surveys;

  • sending you our news casts;

  • distributing requested reference materials;

  • submitting curriculum vitae;

  • discharging legal, regulatory and professional obligations imposed on the Company in compliance with the Russian law or by a professional body of which we  are a member. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data;

  • conducting client acceptance procedures;

  • providing or receiving professional services;

  • developing our businesses and services;

  • making personal data available to PwC employees for performing services and for offering new services;

  • identifying clients with similar needs;

  • performing analytics such as on market trends, relationships maps or sales opportunities; in addition, the PwC CRM uses an algorithm to evaluate the strength of interactions between a PwC user and a contact. This ranking is primarily based on interaction frequency, duration, recency and response time;

  • administering managing and developing our businesses and services, including:

➔ managing our relationship with clients;

➔ developing our businesses and services (such as identifying client needs and improvements in service delivery);

➔ maintaining and using IT systems;

➔ hosting or facilitating the hosting of events; and

➔ administering and managing our website and systems and applications;

  • security, quality and risk management activities, including:

➔ detecting, investigating and resolving security threats;

➔ monitoring the quality of our services and managing risks in relation to our clients as part of our client engagement and acceptance procedures;

➔ monitoring the quality of our services and managing risks in relation to our suppliers and subcontractors as part of our contracting procedures.

  • other purposes upon your consent.

We process technical data to:

  • ensure our websites’ operability and security;

  • improve our websites’ quality.

We do not place your personal data in publicly available sources. We do not make any decisions that would have adverse legal implications for or otherwise violate your rights and rightful interests based on personal data automated processing only.

6. Your rights

Protecting your personal data rights and liberties is pivotal to the way we do business.

To ensure your rights and liberties are protected, upon your request, we will:

  • confirm whether we process your personal data and will allow you to look through it within 30 days from the receipt of your request;

  • inform you on the source and contents of your personal data that we process;

  • inform you on the legal basis, purposes, terms and means of processing your personal data;

  • introduce the necessary changes to your personal data if you confirm it is incomplete, inaccurate or outdated within 7 business days from the date of the receipt of such confirmation and notify you on the changes made;

  • notify you on the cross-border transfer of your personal data made or planned;

  • notify you on the name and location of the organisations, which have access to your personal data and to which your personal data may be disclosed upon your consent;

  • inform you about the company name or full name of entities/individuals charged with processing your personal data;

  • notify you on the exercise of your rights during our processing of your personal data;

  • exclude you from our news mailout list;

  • stop processing your personal data within 30 days from the date of the receipt of withdrawal of your consent provided there are no other legal basis for personal data processing stipulated by the Russian law;

  • stop processing your personal data if unlawful processing on our side is confirmed and notify you on remedial action taken;

  • destroy your personal data if unlawful receipt or unintended use thereof is confirmed within 7 business days from the date of the receipt of such confirmation and notify you on remedial action taken;

  • answer any questions related to your personal data we process.

7. How you can contact us

You can send us a request or complaint related to your personal data processing by email or by post under the subject "Request on Personal Data" including information on the purposes for which your data was provided to us and context of our processing activities  to the following email address: privacy@ru.pwc.com or postal address: 10 Butyrsky Val, Moscow, Russia, 125047. We may ask you to provide additional information regarding your request which is necessary for provision of response to you.

8. Consent Withdrawal

You can send us a personal data consent withdrawal under subject "Personal Data Processing Consent Withdrawal") including information on the purposes for which your data was provided to us and context of our processing activities to the following email address: privacy@ru.pwc.com or postal address: 10 Butyrsky Val, Moscow, Russia, 125047. 

9. When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

We are part of a global network of firms and in common with other professional service providers, we use third parties located in other countries to help us run our business.  As a result, personal data may be transferred outside the countries where we and our clients are located. Your personal data security during cross-border transfers is very important to us. We take all necessary measures to guarantee confidentiality and security of your personal data.

Cross-border transfers of personal data to countries that do not ensure adequate protection of personal data are permissible only with your written consent or to execute a contract to which you are a Party, and in other cases provided by the Russian law on personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data are done lawfully.

Personal data held by us may be transferred to:

  • Other PwC member firms. For details of our member firm locations, please click here. We may share personal data with other PwC member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from PwC member firms in different territories).  Our business contacts may be visible to and used by PwC users from other PwC member firms to learn more about a contact, client or opportunity they have an interest in.

  • Third party organisations that provide applications/functionality, data processing or IT services to us.

  • We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

  • Third party organisations that otherwise assist us in providing goods, services or information.

  • Auditors and other professional advisers.

  • Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.

  • Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

10. Personal data security

To ensure the security of your personal data during processing, we take all necessary and sufficient legal, organisational and technical measures to protect personal data from unauthorised or accidental access, destruction, alteration, blocking, copying, disclosure, or distribution, as well as against all other unlawful actions with respect to personal data.

For ensuring the adequate protection of your personal data, we assess the potential damage that could be inflicted on you if your personal data were compromised, and identify relevant threats to your personal data security during processing in personal data information systems.

The Company has adopted internal regulations on personal data security. The Company's employees who have access to personal data are familiar with this Policy and internal regulations on personal data security.

11. Cessation of personal data processing

We stop processing your personal data in the following cases:

  • conditions of cessation of personal data processing arise or the agreed term expires;

  • data processing purposes are achieved or it is no longer necessary to achieve such purposes;

  • upon your request if the personal data processed have been obtained unlawfully or are not necessary for the stated purpose of processing;

  • if the processing is identified as unlawful and it is impossible to ensure its lawfulness;

  • when your data processing consent expires or you withdraw your consent provided there are no other legal bases for personal data processing stipulated by the Russian law;

  • if the Company is liquidated.

12. Cookies

We use cookies. Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The use of cookies is now standard for most websites. Most browsers allow you to view, manage, delete and block cookies for a website. Please visit our cookie policy for details.

13. Links to third-party websites

Our websites may contain links to third-party websites and services beyond our control. We do not bear any liability for security and confidentiality of any information collected by third-party websites or services.

14. Policy Changes

We may update the Policy if necessary. We advise you to check for the latest version of this Policy from time to time. By continuing to use our websites after the Policy is updated, you agree with the latest changes introduced.

*****

If you have any questions about this policy, please contact our personal data team by sending your message by email or by post under the subject ‘Request on Personal Data’ to the following email address: privacy@ru.pwc.com or postal address: 10 Butyrsky Val, Moscow, Russia, 125047.

Contact us

PwC office
Reсeption, PwC Russia
Tel: +7 (495) 967 6000
Email

Follow us