Our privacy commitment

This document was last updated on March 26th 2019.

View this page in Finnish

Summary

PwC is strongly committed to protecting your personal data. This privacy statement describes why and how PwC Finland handles your personal data, such as what data we collect about you, what we use it for and to whom we may transfer it. In this privacy statement we tell you about your rights in relation to your data and give contact information for requesting details about handling your data. This privacy statement applies to all occasions where we handle personal data, regardless of whether it is provided to us by individuals themselves or by others.

Please note that when you are involved and/or communicating with someone else than PwC Finland, this privacy statement does not apply. Each Member Firm in the PwC network is a separate legal entity. The data controller of your information are one or more of the Member Firms listed here. For further details about the countries where PwC Member Firms operate, please see www.pwc.com/structure.

In accordance with the applicable data protection legislation, in this privacy statement, “personal data” or “personal information” refer to data which allows you to be identified. “Processing personal data” refers to handling, collecting, protecting or storing your personal information.

You will find more detailed descriptions under the links indicated below.

The purposes of processing personal data

Our operations essentially involve processing of personal data for different purposes, such as

  • management of client and marketing registers
  • processing personal data of our stakeholders
  • abiding by legal obligations, such as processing data for customer due diligence and prevention of anti money laundering
  • data processing when we are providing professional services
    • According to our practice, we collect personal data in connection with professional services only to the extent as needed for the agreed purpose. We request our clients to share personal data with us only to the extent required for the purposes. Depending on the content of the professional services, we process personal data either as controller or as processor.
  • processing of data of job seekers (recruitment applicants) for recruitment purposes
  • processing of employee data for fulfilling our obligations regarding employment relationships
  • processing of personal data of our alumni in the context of our alumni activities
  • carrying out quality and risk management controls
  • developing our business and services
  • understanding how people use our Website and its features so that we can improve their user experience
  • any other purposes, for which you have given your data to PwC.

Our legal grounds for processing your personal data

Legal grounds for processing personal data are following:

  • our legitimate interests in the effective delivery of information and services to you
  • in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us (provided these do not interfere with your rights)
  • our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights)
  • to satisfy any requirement of laws and regulations (for example, for some of our services, we have a legal obligation to provide the service in a certain way or in situations where we are obliged to identify our client);
  • to perform our obligations under a contractual arrangement with you or under our terms and conditions
  • if you have agreed to us processing your personal information for the relevant purpose, provided no other processing condition is applicable.

Transfers of personal data

Cross-border transfers

PwC being a global network with member firms all over the world, your personal data may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information. Transfer outside the EU/EEA will only be made:

  • to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
  • under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EU and the EEA, such as standard contractual clauses approved by the European Commission.

The US member firm of PwC, PricewaterhouseCoopers LLP and its affiliated US subsidiaries (together, “PwC US”), adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information that is transferred from the European Union and its Member States, and the EEA and Switzerland to the United States.  PwC US has certified that it adheres to the Privacy Shield Principles within the scope of PwC US’s Privacy Shield certification. To learn more, see the PwC US Privacy Shield Policy.

Transfers to other PwC Member Firms

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing the services.

Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems, including providing support and information services. Examples of third party contractors we use are providers of cloud services and website administration and management. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and your personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other disclosures

We may also disclose personal data  under the following circumstances:

  • when explicitly requested by you;
  • when required to deliver publications or reference materials requested by you;
  • when required to facilitate conferences or events hosted by a third party;
  • when mandatory regulations require this
  • as otherwise described in this privacy statement.

We may  transfer your personal information to authorities and to professional bodies and other third parties as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal data to determine whether disclosure is required or permitted.

Security of personal data

We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information processed by us, and such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Storage of personal data

We store personal data processed by us only as long as we need it, taking into consideration the purpose for which it was collected, or as required by applicable data protection legislation.

Marketing

We send you marketing materials only if we have a legitimate ground for processing your personal data and allowing us to send you marketing materials.

If you make an order, you will receive automatic e-mails, when the content is updated. If you decide to order newsletters, you will receive them as e-mails. If you choose interesting topics, eg. some business sectors, you may receive e-mails connected with the chosen topics.

If you become a registered user, we may contact you via e-mail and send marketing messages about topics that we believe would interest you. We may send e-mails and marketing communication ourselves or together with another organisation with which we cooperate.

We store your contact details (such as mailing list information) until you cancel your order or request that we delete the information in question. If you want to delete your name from a mailing list, we may keep certain limited information about you in order to be able to meet your request.

Your legal rights in relation to your personal data

You have the right to

  • receive a copy of your personal data that we have about you
  • request for your personal data to be amended or rectified where you think it is inaccurate and to have incomplete personal data completed
  • request for your personal data to be deleted , or to restrict how it is used
  • forbid us to process your personal data
  • withdraw your consent to our processing your personal data (to the extent the processing is based on consent and consent is the only legal basis for the processing.)

If you do not want to receive e-mails or marketing communication from us, you can any time forbid marketing communication via a link at the bottom of the message you have received, or you can contact us and request us to stop such communication. If you only want to unsubscribe certain communication or stop receiving it, please let us know which communication you are referring to. If you decide to stop some or all mailings, we may keep sufficient information about you to identify you so that we can meet your request.

If you want to excercise these rights or understand if the rights apply to you, you can contact us. Please note that there may be cases where our non-disclosure and other obligations may prevent us from giving or deleting your personal data or in some other way prevent you from excercising your rights above, if the processing of personal data is connected to our client work.

Contact us

If you have questions or comments about this privacy statement or the way your personal information is processed, or would like to exercise your rights mentioned above, please contact us by one of the following means:

By filling in this form

E-mail: info@fi.pwc.com

Post:

PricewaterhouseCoopers Oy
Tietosuoja-asiat
PL 1015
00101 Helsinki

You also have the right to make a claim to the Data Protection authorities. In Finland, the authority is Office of the Data Protection Ombudsman.

Changes to this privacy statement

This privacy statement was last updated in March 2019. We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

 

Stay connected