This document was last updated on June 26th 2025.
PwC is strongly committed to protecting your personal data. This privacy statement describes why and how PwC Finland handles your personal data, such as what data we collect about you, what we use it for and to whom we may transfer it. In this privacy statement we tell you about your rights in relation to your data and give contact information for requesting details about handling your data. This privacy statement applies to all occasions where we handle personal data, regardless of whether it is provided to us by individuals themselves or by others.
Please note that when you are involved and/or communicating with someone else than PwC Finland, this privacy statement does not apply. Each Member Firm in the PwC network is a separate legal entity. The data controller of your information are one or more of the Member Firms listed here. For further details about the countries where PwC Member Firms operate, please see www.pwc.com/structure.
In accordance with the applicable data protection legislation, in this privacy statement, “personal data” or “personal information” refer to data which allows you to be identified. “Processing personal data” refers to handling, collecting, protecting or storing your personal information.
You will find more detailed descriptions under the links indicated below.
The personal data we process depends on the purpose of the processing. We may process information belonging to, among others, the following categories of personal data:
contact information (for example, address, phone number, email address)
identification information (for example, name, date of birth, personal identification number)
information related to statutory requirements (for example, information related to customer due diligence and anti-money laundering obligations)
information concerning job applicants (for example, previous work experience, education, professional skills, and other information obtained during the recruitment process)
information concerning employees (for example, information related to fulfilling employer obligations and information regarding work performance)
communication and marketing information (for example, marketing prohibitions, event participation, and areas of interest)
essential information required for the provision of our services in order to carry out an engagement
We collect personal data from various sources, which may vary depending on the purpose for which the personal data is processed (for example, processing customer or job applicant information, or for marketing purposes). Sources of personal data may include:
you yourself
our customers
our partners
authorities
public sources or registers
Our operations essentially involve processing of personal data for different purposes, such as
Legal grounds for processing personal data are following:
our legitimate interests in the effective delivery of information and services to you
in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us (provided these do not interfere with your rights)
our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights)
to satisfy any requirement of laws and regulations (for example, for some of our services, we have a legal obligation to provide the service in a certain way or in situations where we are obliged to identify our client)
to perform our obligations under a contractual arrangement with you or under our terms and conditions
if you have agreed to us processing your personal information for the relevant purpose, provided no other processing condition is applicable.
PwC being a global network with member firms all over the world, your personal data may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information. Transfer outside the EU/EEA will only be made:
to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EU and the EEA, such as standard contractual clauses approved by the European Commission
or by using another transfer mechanism approved under data protection legislation.
We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing the services.
We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems, including providing support and information services. Examples of third party contractors we use are providers of cloud services and website administration and management. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and your personal data may be stored in any one of them.
The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.
We may also disclose personal data under the following circumstances:
when explicitly requested by you;
when required to deliver publications or reference materials requested by you;
when required to facilitate conferences or events hosted by a third party;
when mandatory regulations require this
as otherwise described in this privacy statement.
We may transfer your personal information to authorities and to professional bodies and other third parties as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal data to determine whether disclosure is required or permitted.
We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information processed by us, and such individuals have agreed to maintain the confidentiality of this information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
We store personal data processed by us only as long as we need it, taking into consideration the purpose for which it was collected, or as required by applicable data protection legislation.
We will send you marketing materials, such as newsletters, information about client events or events and trainings organized for marketing purposes, market research, and other possible direct marketing by email only if we have a legal basis for processing personal data for marketing as described above. The main legal bases in this context are legitimate interest and consent. PwC Finland processes your personal data based on legitimate interest when it is used for organizing client events and for electronic direct marketing to corporate clients, potential clients, or other stakeholders.
If you subscribe to our newsletters, we may contact you by email and send marketing messages on other topics that we believe may interest you. We may send emails and marketing ourselves or together with another organization with whom we cooperate.
Your legal rights in relation to your personal data
You have the right to
know whether PwC processes your personal data and what personal data is processed. You may also request a copy of your personal data held by us.
request for your personal data to be amended or rectified where you think it is inaccurate and to have incomplete personal data completed
request for your personal data to be deleted, or to restrict how it is used. Please note that a request for deletion cannot be fulfilled if the personal data is retained to comply with a legal obligation.
object to us processing your personal data
withdraw your consent to our processing of your personal data (to the extent the processing is based on consent and consent is the only legal basis for the processing.)
If you do not want to receive e-mails or marketing from us, you can any time forbid marketing communication via the link at the bottom of the message you have received, or you can contact us and request us to stop such communication.
If you want to exercise these rights or understand if the rights apply to you, you can contact us. Please note that there may be cases where our non-disclosure and other obligations may prevent us from giving or deleting your personal data or in some other way prevent you from exercising your rights above, if the processing of personal data is connected to our client work.
If you have questions or comments about this privacy statement or the way your personal information is processed, or would like to exercise your rights mentioned above, please contact us by one of the following means:
E-mail: fi_gdpr@pwc.com
Post:
PricewaterhouseCoopers Oy
Tietosuoja-asiat
PL 1015
00101 Helsinki
You also have the right to make a claim to the Data Protection authorities. In Finland, the authority is Office of the Data Protection Ombudsman.
This privacy statement was last updated in June 2025. We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.