Logo
Privacy statement
Introduction

This privacy statement describes why and how PricewaterhouseCoopers LLP ("PwC", "we", "us", or "our") collects and uses personal data in connection with PwC Research platforms ("applications", "site") and provides information about your rights as a user of the application ("you", "user" or "individual").

You have been provided with access to the application in relation to the services provided by us to your employer or an organisation you are connected with ("your employer").

Personal data is any information relating to an identified or identifiable living person. This privacy statement applies to personal data provided to us, both by you or by others and any personal data created in connection with your use of the application. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection. This privacy statement has been developed to help survey participants understand what information PwC will collect and how it will be used and provides information about individuals´ rights.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities in connection with the application, please go to the relevant sections of this statement.

Security

We adhere to internationally recognised security standards. Our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. The Site uses secure socket layer (SSL) technology to encrypt survey responses submitted through the Site. The Site requires site administrators and certain users to maintain both a user ID and password. It is the responsibility of the relevant user and site administrator to protect the password and not share it with others, including co-workers.

Please contact your PwC Research support contact (as stated in the survey or survey invite) immediately if your user ID and/or password are compromised. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Changes to this privacy statement

We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.

This privacy statement was last updated on August 5th 2021.

Data controller and contact information

The data controller generally for personal data processed in connection with survey responses, any additional information volunteered by you is PricewaterhouseCoopers LLP (the limited partnership registered in England under registration no. OC303525 and with its registration address at 1 Embankment Place, London, WC2N 6RH). If you have any questions about our data processing activities please contact us at:

Data Protection Officer
PricewaterhouseCoopers LLP
1 Embankment Place
London
WC2N 6RH

Email: UK_privacy_information_management@pwc.com

Collection of personal data

We will collect personal data in connection with the application as described below.

Personal data provided by your employer to allow you to access the application:
    * We may obtain your personal data (such as your name, contact details and job title) from our client to enable you to log in to our applications and answer any questionnaires.
Personal data provided directly by you:
    * All other personal data is voluntarily provided by survey participants in response to the survey questions, including the survey participant´s contact details and answers to the survey questions on the Site.
Personal data captured, created, inferred or derived from your use of the application:

We may capture limited data automatically as follows:
      * "Cookies" are small text files placed on your hard drive that assist us in providing a better Site. The Site uses cookies to store information for anonymous/generic link surveys only and further information about any cookies we use is provided in the cookie policy at the start of the survey. For further information about our use of cookies, please see our
dedicated cookie statement
    * Information about the device used to complete the survey (IP address and domain), browser and operating system. This data is collected and aggregated in order to properly manage the Site and identify categories of visitors by items such as domains and browser types. These statistics are reported in aggregate to our PwC webmasters. This is to ensure that the Site presents the best web experience for you and is an effective resource.

Use of personal data

We use personal data for the following purposes:
    1. To authorise access to such data using PwC´s identity and access management system;
    2. To carry out research as engaged by our client;
    3. To contact you about your survey submissions and provide you reports;
    4. To analyse and compile the survey responses to produce data on the survey results;
    5. To report on the results of the survey for our client, PwC teams or other client teams in relation to the surveys we conduct;
    6. To de-identify your submissions for the purposes of statistics, benchmarks and to enable the improvement of our business, service delivery or offerings
    7. To monitor the performance of our products including collecting aggregation usage activity statistics to improve our operating effectiveness; and
    8. To contact you about participation in future research exercises.

Our lawful basis for this processing is based upon your consent. You do not have to consent if you do not wish to participate and if you later choose to withdraw your consent, you can do so at anytime. Please see Individuals´ rights and how to exercise them for further details on how you can withdraw this.

When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

We share personal data processed in connection with the application as follows:

* Other PwC member firms
          We share personal data processed in connection with the application with the following PwC member firms:


          Where we use PwC´s identity and access management system to authorise users to access data via an online dashboard, depending on the user´s location, the user will be authenticated by a data centre in the EU, Hong Kong or the USA.


          Our business contacts are visible to and used by PwC users from other PwC member firms to learn more about a contact, client or opportunity they have an interest in. Please see our
website privacy statement
          for further information. For details of our member firm locations,
please click here
          .


          We have the European Commission approved standard contractual clauses in place with the other PwC member firms to provide appropriate safeguards for personal data transferred outside of the EU. The standard contractual clauses are available
here
          .


* Third party organisations that provide applications/functionality, data processing or IT services to us
              We are part of a global network of firms and in common with other professional service providers, we use third parties to help us run our business and these third parties may be located in other countries. We share personal data processed in connection with the application as follows:


              We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. Their details are captured on our main privacy statement which is
available here
              .Where the locations of processing are outside of the EU, we have the European Commission approved standard contractual clauses in place to provide appropriate safeguards for personal data transferred outside of the EU. The standard contractual clauses are
available here
              .
* Third party organisations that otherwise assist us in providing goods, services or information
              We use third parties to support us in providing our services such as Focus Groups, Online Panel Providers and Field agencies. For example, recruiting individuals on behalf of PwC for focus groups/depth interviews, field data collection and online panel access. All Third parties have been reviewed and approved by PwC in providing goods, services and information.Where the locations of processing are outside of the EU, we have the European Commission approved standard contractual clauses in place to provide appropriate safeguards for personal data transferred outside of the EU. The standard contractual clauses are
available here
              .
* Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
              Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Data retention

          Research derived data is kept for as long as is required to complete the relevant Project and to provide the services we have been engaged to provide to our client. For the majority of research projects, personal data collected via the survey process will be held for 3 years


          In certain circumstances, PwC conducts benchmarking surveys for which PwC reserves the right to retain all of the associated personal data for a period of up to 20 years.


Individuals´ rights and how to exercise them

          You have certain rights over your personal data. Data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller.


          Individuals´ rights are the right of access to personal data, to rectification of personal data, to erasure of personal data / right to be forgotten, to restrict processing of personal data, to object to processing of personal data, to data portability, the right to withdraw consent at any time (where processing is based on consent) and the right to lodge a complaint with a supervisory authority.


          Please see further information about these rights (and when they are available) below. You may exercise your rights as follows:

            * To exercise your rights in relation to personal data for which your employer is the controller, please contact your employer.

            * To exercise your rights in relation to personal data for which PwC is a controller, please email
UK_privacy_information_management@pwc.com
Right of access

          You have the right to receive a copy of your personal data held by a data controller and obtain certain other information about how and why the data controller processes your personal data (similar to the information provided in this privacy statement).


Right to rectification

          You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.


The right to erasure / right to be forgotten

          You have the right to obtain deletion of your personal data in the following cases:

            * the personal data are no longer necessary in relation to the purposes for which they were collected and processed;

            * the lawful basis for processing is consent, you withdraw consent and we have no other lawful basis for the processing;

            * the lawful basis for processing is that the processing is necessary for a legitimate interest, you object to such processing and the controller or third party does not have overriding
              legitimate grounds;
            * you object to our processing for direct marketing purposes;

            * your personal data have been unlawfully processed; and

            * your personal data must be erased to comply with a legal obligation to which we are subject.

The right to restrict processing

          You have the right to restrict our processing of your personal data in the following cases:

            * for a period enabling the controller to verify the accuracy of the personal data where you have contested the accuracy of the personal data

            * your personal data have been unlawfully processed and you request restriction of processing instead of deletion;

            * the personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or
              defend legal claims; and
            * for a period enabling the controller to verify whether the legitimate grounds relied on override your interests (where you have objected to processing based on it being necessary for
              the pursuit of a legitimate interest identified by the controller).

The right to object to processing

          You have the right to object to processing of your personal data in the following cases:

            * the lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; and

            processing for direct marketing purposes.

Complaints

          We hope that you won´t ever need to, but if you do want to complain about our use of personal data, please contact your employer or send an email with the details of your complaint to
UK_privacy_information_management@pwc.com
          . We will look into and respond to any complaints we receive.


          You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. The Information Commissioner's Office ("ICO") is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please refer to the
ICO website.

Browser Compatibility

          We would advise that if you are using the following browsers, or more recent versions of those displayed below, then you should not experience any difficulties in accessing the survey whilst online. Please ensure you are using a browser which is compatible with TLS v1.2 (as listed below).


          Chrome v30

          Firefox v27

          Internet Explorer 11

          Microsoft Edge

          Safari 7

          Opera 17h.


If you have any technical questions or concerns, please email uk_pwc_research@pwc.com.
©2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.