PwC Privacy Statement

General Data Protection Regulation (“GDPR”)

A new data privacy law has been introduced and this policy statement has been framed to make it easier for you to understand how we hold and protect your personal data within our PwC Partner Office systems.  Our commitment to privacy has not changed and we will not be changing the way that we use your personal information; however, you will have additional rights under GDPR and these are explained below.  We are responsible for fulfilling these rights as we are a data controller for your personal data and in this context, it may be helpful to summarise that personal data is any information relating to an identified or identifiable living person.

Use​ ​of​ ​personal ​data:

we will use your personal data obtained in a legal, fair and transparent manner in order to administer the provisions and the policies of the firm’s Agreements (such as the Members’ LLP Agreement or the Partnership Agreements of the firm or predecessor firms) as they apply to you or as set within any associated formal agreement or deed that has been set in place with you.  Where there is a link to legislation then we will adhere to that legislation e.g., for tax administration purposes.  Similarly, where there are independence compliance provisions, then we will adhere to the related requirements e.g., Securities and Exchange Commission Rules.  We therefore have a legitimate interest to process your personal data within our Partner Office system to comply with the obligations such as administering partnership benefits for you.  We will always agree with you in advance if we wish to use your consent as the legal basis to justify the lawful processing of any of your personal data.

Collection of personal data:

this privacy statement applies to:-

• personal data (such as, your name, postal or electronic contact information, banking details and any password credentials for our systems) provided to us either by you or by the agents (e.g., legal and financial advisers) specifically authorised by you; and,
• any personal, financial or compensation data created in connection with this.  Examples of how we would create data for you either as a current partner, former partner, dependant or an associated stakeholder, would be when we provide new income or profit share detail, current partner Capital Loan Agreement details with external lending institutions, pension benefit calculation or any increased benefit payment amount figures.

Data retention:

your personal data will only be retained within our Partner Office systems for the purposes for which it was collected or as required by law.  For example, financial and tax related information will be kept for a period of up to eight years but where such details are required for pension purposes then certain elements will be retained for a period of up to twelve years from the date of death of the final beneficiary.

Sensitive Information:

within the provisions of GDPR we would only hold general information relating to our ill health / incapacity provisions, life assurance / medical insurance subscription cover arrangements or annual medical dates.   We do not hold any personal medical / health details or notes that relate to you unless you have consented to share such information with us.

Security - quality control:

we adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Security - access analysis:

where you have access to our web based applications, we may retain access logs and statistics (such as your IP address, date and time of access) to either help to ensure the effectiveness of our security measures in preventing unauthorised access to your personal data or to help us to assess how we can improve the access to our system content as covered by the “cookies” section below.

Security - your responsibilities:

please be aware of the security features available to you through your own internet browser software (e.g., Google Chrome, Internet Explorer, Safari, Firefox) as we recommend that you enable these functions to help you to ensure that your communications are secure.  You can monitor the URL of the services you are visiting (secure URLs begin with https:// rather than http://) along with the security symbol of your browser to help identify when you are communicating with a secure server.

Security - cookies:

like many websites, our services use cookies. Cookies are small text files of information that a web server transfers to a cookie file on the device you are using to browse this website (commonly a computer or mobile phone) to collect and store information.  It is important for us to use them because we can deliver an efficient service to you and also analyse customer journeys through the website to inform future enhancements.  Likewise, cookies are beneficial to your use of this website because they avoid the need for you to enter the same information several times during one transaction and also safeguard your security when using our secure online services.  None of the cookies used on our websites collect personally identifiable information about you.  By continuing to use this website, you are consenting to us placing cookies on your device for the purposes detailed above.  If you do not want cookies placed on your device, you can find details of how to block them on the most widely used devices and browsers at www.allaboutcookies.org.  Please note though that by blocking our cookies, we cannot guarantee that the website and your experience whilst visiting are as we intended it to be.  There are two types of cookies which can be stored on your device:

• Session cookies - these last for the amount of time you keep your web browser open for and so are not stored on your hard drive.
• Persistent cookies – these are stored on your device for a defined period of time.

We use both of these types of cookies which fall into two categories termed by us as (1) strictly necessary cookies, and (2) performance analytics cookies.

• Strictly necessary cookies: These are the types of cookies that let you move around the website and use its features. In this category we use both session and persistent cookies. The session cookies help you make applications for services and also login and navigate around secure areas of the website.
• Performance analytics cookies: We use performance analytics cookies to gather statistical information on how people navigate the site such as, the number of visits and number of pages per visit, paths taken by visitors through the site, duration and time of visits, type of web browsers used and other general data. From this detail, we are able to continuously improve our visitors’ experience of this website.

We use Google Analytics to help us to interpret cookie information. This sets both session and persistent cookies to help us understand user behaviour. The session cookies (_utmb and _utmc) tell us when a user enters the website and either exits it or performs no further actions for longer than 30 minutes. The persistent cookies (_utma and _utmz) tell us how visitors find our website and their uniqueness i.e. their number of visits and how recent or frequent they are.  You can block all Google Analytics cookies across all websites by getting the Google Analytics Opt-out Browser Add-on.

Sharing personal data and locations of processing:

we will only share personal data with others when we are legally permitted to do so or in accordance with any permission or authority that you have explicitly provided e.g., where you ask us to share information with your financial adviser(s).    When we share data with others, we will put suitable contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.  We have the European Commission approved standard contractual clauses in place with the other PwC member firms to provide appropriate safeguards for personal data transferred outside of the EU.  The PwC network is a global organisation with member firms throughout the world and we may transfer and disclose your information to other network member firms but only in connection with the core purposes set out above.  We do not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.  Examples of why or how we share your personal data are given below:-

• Law enforcement agencies: occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

• External professional advisers: where required under the firm’s Agreements we will, for example, seek external independent guidance from e.g., external auditors (Crown Clark Whitehall), actuaries (Aon) and lawyers (Linklaters).

• Third party services providers: The Partner Office systems and services are primarily delivered through the web-enabled Compendia administration platform which is a third-party product provided in the UK by Equiniti.  The administration and system security control framework for Compendia subject to annual review by the firm’s Internal Audit team.

• External lending institutions: current partners are required to contribute part of the firm's working capital and to support this specific loan facilities have been arranged to finance such capital contributions with ANZ, Barclays, Citi, Lloyds Bank. In order to minimise the sharing of personal data the firm acts as the agent for the loans with these institutions and they each also have their own privacy notices.  Where access to details these have been made available to us, they are listed below:-

   

  ANZ = http://www.anz.com/auxiliary/help/help/website-security-privacy/privacy/#ANZPrivacyPolicy

  Barclays = https://www.barclays.co.uk/important-information/privacy-policy/

  Citi = https://www.privatebank.citibank.com/home/citi-private-bank-privacy-and-security.html

  Lloyds Bank = https://www.lloydsbank.com/help-guidance/privacy.html

Your rights and how to exercise them:

these comprise the right of access to personal data, to rectification of personal data, to erasure of personal data (“the right to be forgotten”), to restrict processing of personal data, to object to processing of personal data and the right to lodge a complaint with a supervisory authority.

• Right of access: you have the right to receive a copy of your personal data held by us as a data controller and obtain certain other information about how and why we process your personal data (similar to the information provided in this privacy statement).  You may exercise this right by emailing the UK_privacy_information_management@pwc.com. We will aim to respond to any requests for information promptly and in any event within the legally required time limits.

• Right to rectification: you have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.  To update personal data submitted to us, please use the existing Partner Office postal, email GBL_compendia-support@pwc.com or on-line website options that are already open to you.  When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates, as appropriate, based on your updated information.

• Right to erasure / right to be forgotten: you have the right to obtain deletion of your personal data by emailing the UK_privacy_information_management@pwc.com in the following cases:
  • the personal data are no longer necessary in relation to the purposes for which they were collected and processed;
  • you object to our processing and we do not have overriding legitimate grounds. In this context, our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us;
  • your personal data have been unlawfully processed; and,
  • your personal data must be erased to comply with a legal obligation to which we are subject.

• The right to restrict processing: you have the right to restrict our processing of your personal data by emailing the UK_privacy_information_management@pwc.com in the following cases:
  • for a period enabling us verify the accuracy of the personal data where you have contested the accuracy of the personal data;
  • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
  • the personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims; and,
  • for a period enabling us to verify the whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.

• The right to object to processing: you have the right to object to the processing of your personal data within our GDPR legal foundation of a legitimate interest by emailing the UK_privacy_information_management@pwc.com.  You must have an objection on grounds relating to your particular situation and there is an obligation for us to stop processing your personal data unless we can demonstrate:
  • compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or
  • the processing is for the establishment, exercise or defence of legal claims.

Changes to this privacy statement:

when collecting and using your personal data, our policy is to be transparent about why and how we process the details relating to you.  We recognise that transparency is an ongoing responsibility so we will keep this privacy statement (updated on 23 May 2018) under regular review.

Contact information:

the data controller is PwC (the limited partnership registered in England under registration no. OC303525 and with its registration address at 1 Embankment Place, London WC2N 6RH.  If you have any questions about this privacy statement or how and why the Partner Office processes your personal data, then please contact:

Data Protection Officer
PricewaterhouseCoopers LLP
1 Embankment Place
London
WC2N 6RH

Email: UK_privacy_information_management@pwc.com
Phone: 020 7803 3700

Complaints:  we hope that you will not ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your issue to the UK_privacy_information_management@pwc.com so that we can look into and respond to any complaints we receive.  You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU.  The Information Commissioner's Office (“ICO”) is the UK data protection regulator/supervisory authority.  For further information on your rights and how to complain to the ICO, please refer to the ICO website (https://ico.org.uk/for-the-public/raising-concerns/).

*Last reviewed and updated in August 2020*