Privacy Policy
Last Update: 03.02.2022
Summary
This privacy notice, given pursuant to Article 13 of EU Regulation 2016/679 (“GDPR”), explains what information on persons accessing the website is collected by the Italian legal entities belonging to the international PwC Network (1) (hereinafter, the “Data Subject(s)”, “you” or the “User(s)”), for what purpose it is used and with whom it is shared (hereinafter, the “Notice” or “Privacy Notice”). The Notice also details the rights Data Subjects can exercise in relation to their personal data and whom they can address to obtain additional information or to inquire as to the use of their personal data.
The tools used to collect and process Users’ personal data is the website www.store.pwc.it used by Italian and foreign legal entities of the PwC Network (hereinafter, for brevity, 'the PwC Website').
The PwC Website is created through various software, using Dato, Sylius, OSS and is hosted on Microsoft belonging to foreign entities of the PwC Network. This tool is made available to the Italian legal entities of the PwC Network in order to generate the PwC Website dedicated exclusively to the promotion of assets and products made by the Italian legal entities.
The PwC websites are operated by dedicated staff of Servizi Aziendali PricewaterhouseCoopers Srl (hereinafter “SAPwC”). A special team, belonging to foreign entities of the PwC Network with technical competences, has administrative access solely to solve technological issues.
By using the PwC websites, Users acknowledge they have read and understood the contents of the Notice.
As illustrated in the Notice,Users’ personal data may be processed by one or more Italian legal entities of the PwC Network hereinafter referred to as “Joint Controllers” or “PwC”, those entities having executed joint control agreements with SAPwC, based in Milan, Piazza Tre Torri n. 2, an entity that provides administrative, accounting and organisational services to all the Italian entities of the PwC Network, and which also responsible for operating and updating the PwC websites. The key content of the joint control agreement is available on demand on the premises of the Joint Controllers.
Moreover, in limited instances indicated further below in the Notice (e.g. the need for maintenance work on the PwC website), Users’ data may also be viewed by foreign entities of the PwC Network. All the entities belonging to the PwC Network are separate, independent legal entities. For details, see www.pwc.com/structure and http://www.pwc.com/gx/en/about/office-locations.html where the countries in which PwC legal entities operate are listed.
In the event that, when browsing the PwC website, Users access other websites of foreign legal entities of the PwC Network other than those referred to as Joint Controllers in the Notice, Users’ personal data shall be processed in accordance with the terms of the notices given by the other legal entities which will, in turn, become independent controllers. Consequently, the information in this Notice shall not apply.
(1) Additional information on the PwC network and its member legal entities is available on www.pwc.com.
Servizi Aziendali PricewaterhouseCoopers S.r.l
Piazza Tre Torri n. 2 – 20145, Milano
C.F. e P. IVA: 12449670152
Tel: (02)77851
PricewaterhouseCoopers SpA
Piazza Tre Torri n. 2 – 20145, Milano
C.F. e P. IVA: 12979880155
PricewaterhouseCoopers Advisory SpA
Piazza Tre Torri n. 2 – 20145, Milano
C.F. e P.IVA: 03230150967
TLS Associazione Professionale di Avvocati e Commercialisti
Piazza Tre Torri n. 2 – 20145, Milano
C.F. e P.IVA: 12142310155
PwC Business Services S.r.l.
Piazza Tre Torri n. 2 – 20145, Milano
C.F. e P.IVA: 06234620968
PwC Services S.r.l.
Piazza Tre Torri n. 2 – 20145, Milano
C.F. e P.IVA: 05508970968
For any reports about the processing of personal data and to exercise the rights laid down in Chapter III, Section I, GDPR, Users may contact the Data Protection Officer of the Joint Controller Servizi Aziendali PricewaterhouseCoopers S.r.l , whose details are as follows:
Data protection Officer
Piazza Tre Torri n. 2 – 20145, Milano
Indirizzo PEC (certified electronic mail): dpo-sap@pec-pwc.it
Tel. (02) 66734162
Fax (02) 66734163
The legal basis applied by the Joint Controllers to process any personal data voluntarily provided by Data Subjects while browsing the PwC website is the legitimate interest (Article 6, paragraph 1, letter f), GDPR) pursued by the Italian legal entities of the PwC Network to promote their initiatives and business activities targeting any subject who may decide to enter into a business relationship with one or more of the legal entities belonging to the PwC Network. Should Users, while browsing the PwC website, reach any web pages through which specific, additional processing is performed (e.g., registering for a marketing event promoted by PwC), the legal basis shall be indicated in the separate notice prepared for that activity.
No personal data is collected or used when a User simply browses the PwC website. Any personal information collected through the PwC website is only that released by the User within specific sections of the PwC website (e.g. “Contact us”); those data may be used to respond to queries placed directly by Data Subjects through the communication channels available on the PwC website. Those data may also be used for additional purposes related to the processing performed by the Joint Controllers in relation to specific activities carried out by PwC and managed through specific sections of the PwC websites containing relevant notices pursuant to informative Article 13 of GDPR (e.g. marketing initiatives promoted by the Joint Controllers).
In no event shall the data collected through the PwC websites be sold or transferred to third parties for marketing or other purposes.
When Users access the PwC website, information may be collected on the manner in which they use the PwC website they are browsing through cookies and other analytical tools. This information is collected in anonymised form (for details, see the Cookie information section).
The personal information that PwC needs to collect and process through the PwC website is ‘common’ data, i.e. identification details: given name and family name, email address, telephone number, corporate role/company, as provided directly by the User.
PwC does not need to collect ‘special’ data as defined in Article 9, GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health) or ‘criminal’ data as defined in Article 10, GDPR through the PwC website, unless a legal obligation to that effect exists. Should such information be provided but not be necessary, the Joint Controllers shall erase it.
It should be noted that Users’ personal data are processed – whether or not by automated means, through the operations listed in Article 4, item 2), GDPR, such as collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, alignment or combination, restriction, erasure or destruction.
For the purposes mentioned above, access to the personal data that you provide may be given to:
- Employees and freelancers of the Joint Controllers, in their capacity as persons entrusted with processing the data ("Persons authorised to process the personal data");
- Judicial or supervisory authorities, public sector (domestic and foreign) administrations, bodies and organisations, and professional bodies;
- Employees and freelancers of other Italian and foreign entities of the PwC Network, solely in relation to maintenance of the PwC Website, as well as any contractors/subcontractors engaged by them for the same purpose.
PwC shall store Users’ personal data in its systems for the length of time strictly necessary for the various purposes for which they have been collected, or for the length of time allowed by law. PwC shall store personal data provided voluntarily by a User until the User requests their erasure, which can be requested through this link. If a User requests to be removed from a mailing list, only the information necessary to act on the request is stored.
Because PwC is an international network of legal entities present throughout the world, a User’s personal data may be transferred outside the country where they are collected for the purpose of maintaining the PwC website and archiving the data contained therein. Any transfers of personal data, for the above purposes, to countries outside the EU take place in accordance with the law in force, as well as with the decisions on personal data protection taken by the European Court of Justice and national and foreign authorities.
In any case, foreign entities of the PwC Network may access those data solely for the purpose of maintaining the PwC website.
Within the PwC website Users may find links to external, third party websites that do not belong to, and are not operated by, PwC; data processing performed through those websites (including but not limited to, suppliers, social networks, trade partners, universities, non-profit organisations, etc.) are not governed by the Notice. Whenever a Data subject connects to a third party website, the Notice will no longer be applicable and the provisions of the notices provide by the controllers of the third party websites shall apply.
The Joint Controllers have implemented suitable security measures applied by the PwC Network globally in order to protect personal data from loss, improper use, alteration or destruction. Only persons authorised by and bound to PwC by specific confidentiality obligations may access Users’ personal data collected through the PwC website. In any case, the logic security and physical safety of the systems used and the confidentiality of the personal data processed shall be ensured, through the implementation of all necessary, appropriate technical and organisational measures.
For details, please consult the Cookie Information section.
PwC guarantees the exercise of the rights of Data Subjects pursuant to Article 15 and ensuing articles of GDPR. In accordance with Chapter III, Section I, GDPR, a Data Subject may exercise the rights listed therein, specifically:
- Right of access - The right to obtain confirmation as to whether or not a Data Subject’s personal data are being processed and, where that is the case, to obtain information, in particular about: the purposes of the processing, the categories of personal data processed and the period of storage, the recipients to whom the personal data may be disclosed (Article 15, GDPR);
- Right to rectification - The right to obtain, without undue delay, the rectification of inaccurate personal data concerning a Data Subject and to have incomplete personal data completed (Article 16, GDPR);
- Right to Erasure - The right to obtain, without undue delay, the erasure of a Data Subject’s personal data, in the circumstances envisaged by GDPR (Article 17, GDPR);
- Right to restriction of processing - The right to obtain from the Controllers or Joint Controllers referred to in the Notice the restriction of processing in the circumstances envisaged by GDPR (Article 18, GDPR);
- Right to data portability - The right to receive a Data Subject’s personal data provided to the legal entities of the Italian PwC Network referred to in the Notice as Controllers or Joint Controllers in a structured, commonly used and machine-readable format, and to have those data transmitted to another controller without hindrance, in the circumstances envisaged by GDPR (Article 20, GDPR);
- Right to object - The right to object to processing of a Data Subject’s personal data, unless legitimate grounds exist for the legal entities of the Italian PwC Network referred to in the Notice as Controllers or Joint Controllers continuing the processing (Article 21, GDPR);
- Right to file a complaint with the Authority - The right to file a complaint with the Italian data protection authority, Garante per la protezione dei dati personali. (Information and contact details can be found on the authority’s website www.garanteprivacy.it).
Your personal data rights
You can exercise the above rights or request further information on the processing of your personal data at the following link.