Privacy Policy

Data protection information in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)

The following data protection information is intended to explain to you in an understandable, transparent and clear manner how we, PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft (hereinafter: "PwC"), process your personal data in connection with your use of our websites, applications ("apps") and online services. However, if you have any questions of understanding or other queries about data protection at PwC, you are welcome to contact our Data Protection Officer at DE_Datenschutz@pwc.com or the other contact details provided below.

1. Controller

The controller within the meaning of Art 4 no 7 GDPR for the processing of your personal data is:

PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main
Email: DE_Kontakt@pwc.com
Telefonzentrale +49 69 9585-0
Fax: +49 69 9585-1000

2. Data Protection Officer

PwC has appointed a data protection officer in accordance with Art 37 GDPR. You can reach the data protection officer of PwC, Dr Tobias Gräber, at the following contact details:

Email contact: DE_Datenschutz@pwc.com
Telephone: +49 69 9585-0

Address for postal contact:

PricewaterhouseCoopers GmbH WPG
Dr Tobias Gräber, Data Protection Officer
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main

3. Rights of data subject/your rights under data protection law

You have the following rights under applicable data protection law with respect to personal data concerning you.

Right of access: You can request information from us at any time about whether and which personal data we store about you. The provision of information is free of charge for you.

The right to information does not exist or is subject to limitations if and to the extent that confidential information, such as information that is subject to professional secrecy, would be disclosed.

Right to rectification: If your personal data stored by us is inaccurate or incomplete, you have the right to obtain rectification of this data from us at any time.

Right to erasure: You have the right to request that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the processing is based on your consent, you have withdrawn your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases.

A right to erasure does not exist insofar as

• the data may not be deleted due to a legal obligation or must be processed due to a legal obligation;
• the data processing is necessary for the assertion, exercise or defence of legal claims.

Right to restrict processing: You have the right to request that we restrict the processing of your personal data.

Right to data portability: You have the right to receive from us the data you have provided in a structured, common and machine-readable format, as well as the right to have this data transferred to another controller. This right only exists if

• you have provided us with the data on the basis of consent or on the basis of a contract concluded with you;
• the processing is carried out by automated means.

Right to object to processing: If the processing of your data is based on Art 6 para 1 lit f) GDPR, you may object to the processing at any time.

You may assert all of the data subject rights described above against PwC by addressing your specific request to the following contact details:

By email: DE_Datenschutz@pwc.com

By mail:

PricewaterhouseCoopers GmbH WPG
Dr Tobias Gräber, Data Protection Officer
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main

4. Right to lodge a complaint with a supervisory authority

In accordance with Art 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.

5. Provision of data

Even if partial automatic transmission of data takes place when you call up our website, you are not legally or contractually obliged to provide data in connection with the use of our homepage.

In connection with the contact form and contacting us by email, you are free to send us data via these channels, but without providing us your personal data in the context of contacting us in this way we cannot process and answer any enquiries from you in this respect.

6. Description of the data processing on the website/app and legal basis for the processing

6.1 Recipient of the data

In order to fulfil the processing purposes listed below, data is also transferred to third parties. This may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU or the European Economic Area (EEA).

Recipients bound by instructions

We share your data with service providers bound by instructions, both within the PwC network and with other third parties, such as IT service providers, who support us in our activities, e.g. as part of the administration and maintenance of the websites and the related systems and/or for other internal or administrative purposes.

PwC is a member of the global PwC network, which consists of the individual legally independent PwC firms. In the course of our activities, we use other German or foreign PwC network companies as network-internal IT service providers bound by instructions, which provide services for the operation, maintenance and care of the IT systems and applications used by the PwC network companies. This is in particular PwC IT Services Ltd. based in the United Kingdom (UK).

If we pass on data to service providers bound by instructions, we do not require a separate legal basis for this.

Independent recipients

In addition, we share your data in individual cases both within the PwC network and with other third parties who use your data under their own responsibility. For example, in individual cases we also transfer personal data to other companies in the PwC network to support and improve the effectiveness of our business processes (including coordinated marketing activities).

In addition, in individual cases, we also pass on your data to other third parties, such as public authorities, courts or other bodies, if we are required by law or by official or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.

Insofar as you have explicitly consented, Art 6 para 1 lit a) GDPR is the legal basis for the data transfer. If there is a legal obligation to disclose the data, the legal basis for the data transfer is Art 6 para 1 lit c) GDPR. If, on the other hand, the disclosure is necessary for the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis. Otherwise, the transfer is based on our legitimate interests and the legal basis is Art 6 para 1 lit f GDPR. We and the other companies in the PwC network have an interest in making our work processes efficient and in sharing business processes within the PwC network for this purpose.

Data transfer to recipients in third countries outside the EU/EEA

Insofar as any of the above-mentioned data transfers are made to a recipient outside the EEA (to so-called “third countries”), an appropriate level of data protection for the foreign transfer is ensured by means of suitable security measures.

For data transfers within the PwC network, the PwC network companies have, among other things, concluded an internal data protection agreement which provides for compliance with the EU standard contractual clauses of the EU Commission within the meaning of Art 46 para 2 lit c) GDPR for the transfer of personal data from EU/EEA countries to PwC network companies outside the EU/EEA.

If you have any questions about such data protection contracts based on the EU standard contractual clauses or if you would like more information about further security mechanisms and security measures for the transfer of data to third countries, please feel free to contact our data protection officer, e.g. at DE_Datenschutz@pwc.com.

6.2 Processing of personal data when visiting the website

a) When you visit our website, we collect the data that is technically necessary to display this website to you. This involves the following personal data, which is automatically transmitted to our server by your browser:

• IP address
• Date and time of your request/call to the website (the app)
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (information about which specific webpage you have visited)
• Access status/http status code
• Transferred data volume
• Website requesting the access
• Browser (information about the browser you use)
• Operating system and its interface (operating system of the computer you use to access the website or app)
• Language and version of the browser software

The processing of this personal data is based on Art 6 para 1 lit f) GDPR. The website cannot be accessed and offered to users without using such data; there is a legitimate interest in making the call-up and use of the website technically possible.

The aforementioned data will be stored for 14 days and then deleted.

This website is hosted by a service provider [Microsoft US / Hosting Locations: Amsterdam / Dublin], the data collected on our website is therefore stored on the service provider's servers. The server locations are located in Germany and other EU countries.

Data is transferred abroad, including to countries outside the European Union or the European Economic Area. An adequate level of data protection is ensured by the use of standard contractual clauses of the EU Commission within the meaning of Art 46 para 2 lit c) GDPR. The EU standard contractual clauses can be found at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF.

b) When registering for PwC Plus (as a member of the PwC network):

When you access our website pwcplus.de via the PwC network, client certificates issued by PwC are used for registration. This information is only transmitted to the website for authentication and is not stored. The following information is transmitted (in addition to a) after you enter your PwC email address, but is not stored:

• PwC email address

Processing of such personal data is carried out on the basis of Article 6 (1) (f) GDPR. The website cannot be accessed and offered to users without using such data; there is a legitimate interest in making it technically possible to access and use the website.

Your data will be stored for this purpose as long as it is required for direct advertising and you have not revoked your consent. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.

c) When registered on PwC Plus (as external user)

During registration, PwC Plus collects and stores personal data solely for the purpose of registering the user and providing and administering PwC Plus. The user may revoke withdraw his/her consent to this storage and use of his/her data at any time by sending an email to de_knowledgetransfer@pwc.com to PwC.

Data processing for the purpose of registration with PwC Plus is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent.

Your data will be stored for this purpose as long as it is required for direct advertising and you have not revoked your consent. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.

6.3 Contact form and contact by email

We provide a contact form on our website so that you can contact us with questions about PwC Plus. You can also contact us by email.

When you contact us via the contact form or by email, the data you provide (in particular your email address, your first and last name and the text of your enquiry as well as any other information you may have provided in the contact form or by email) will be stored by us in order to process your enquiry and answer your questions.

The data processing is justified according to Art 6 para 1 lit f) GDPR. We have an interest in contacting you via the website in response to your enquiry. If your request is aimed at the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis for the data processing.

We will delete the data generated in the course of your enquiry/contact as soon as it is no longer required for processing your enquiry. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period. The use of the contact form is voluntary for you and is not a prerequisite for the use of the website.

6.4 Processing operations in marketing and partly joint controllers

PwC determines the means and purposes of some of the marketing data processing operations described in more detail below, either alone or together with other companies of the German-speaking PwC network named herein (all named companies hereinafter jointly: "PwC DE"). PwC and these other named PwC DE firms of the PwC network therefore process your data as joint controllers within the meaning of Art 4 no 7, 26 GDPR.

6.4.1 Individualised electronic approach by PwC DE

PwC DE companies process your personal data and will contact you by email for marketing purposes if you have provided consent to direct marketing activities. For this purpose, we process the data provided by you in connection with the consent (in particular your first name and surname, your email address, the name and address of your company, if applicable, and any other information you provided when providing your consent).

This direct marketing by PwC DE firms includes PwC DE information on latest consultancy advice and service information, news from your industry, notifications about upcoming events, information on PwC studies (including those of other PwC network firms) and other marketing information.

Based on your consent, PwC DE may tailor and individualise marketing communications to your interests. PwC DE does this by analysing your interests, which you have explicitly communicated (e.g. via a preference centre on a PwC DE website), and your usage behaviour (e.g. content accessed, opening, clicks and reading time) both with regard to newsletters and similar communications and via linked PwC DE websites using cookies, web beacons and similar technologies and storing this information in a personal profile.

Based on your consent, PwC DE may also add your personal contact details (e.g. name, title, company and role/position) that you have provided yourself on a PwC DE website and/or that are already stored in the customer relationship management systems operated by PwC DE. Based on your consent, PwC DE may also add public information about the company you work for to this profile.

The processing is carried out on the basis of your consent, which is a legal permission according to Art 6 para 1 lit a) GDPR. You can withdraw your consent at any time with effect for the future at no additional cost, e.g. by email to de_knowledgetransfer@pwc.com.

Your data will be stored for this purpose as long as it is required for direct advertising and you have not revoked your consent. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.

6.4.2 Organisational management of your consent

PwC DE also processes your personal data to meet organisational requirements with regard to your marketing consent. This includes, for example, the validation of the email address you provided through a so-called double opt-in process and documenting the status (granting or revoking your consent and validating your email address) in a list jointly maintained by PwC DE for this purpose. The data processed for this purpose includes the contact details you provided when granting consent, your IP address, the individual identifier assigned by our IT systems, as well as the status and time of the granting of your consent.

If you withdraw your consent and/or object to the data processing, PwC DE will no longer use your data for marketing purposes. PwC DE will store the data required for the organisational management of your consent beyond the time of your revocation and/or objection in order to fulfil documentation and verification requirements and to ensure that your data is not processed by PwC DE for marketing purposes in the future (so-called blocking list), unless you provide new consent. PwC DE will delete your data when these organisational purposes cease to apply, which will generally be after a period of three years at the end of the year following the cessation of marketing activity by PwC DE.

6.4.3 Postal address and existing customer marketing

PwC DE will also use the information you provide (in particular your name and address) to send you marketing information by post about other offers or events.

PwC will use your contact details received in connection with the sale of a service (in particular your first and last name, your email address, if applicable the name and address of your company as well as any other details you may have provided) for the purpose of direct marketing of similar goods and services by electronic mail, unless you have objected to such use. You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.

This processing is based on our legitimate interests within the meaning of Art 6 para 1 lit f) GDPR. There is a legitimate economic interest in informing interested parties, customers and clients about further offers and events of our own in order to establish and maintain a long-term customer relationship.

Your data will be stored for this purpose as long as this is necessary for the postal marketing approach and existing customer marketing and you have not effectively objected to the data processing. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.

6.5 Registration and login by setting up a user account

You can only use the PwC Plus offer beyond browsing the title and abstract of the content if you have previously registered as a user. You can set up a user account at pwcplus.de for this purpose.

The creation of the user account and the use of the services for which registration is required are possible using a pseudonym. So the name for the registration can be freely chosen and does not have to contain your actual name.

The processing of the data within the scope of the registration and the establishment of a user account by you takes place on the basis of your consent. The registration and the setting up of a user account are voluntary. If you register yourself or set up a user account, you consent to the processing of the data collected in this context.

The data collected during the registration and creation of the user account will be stored for the duration of the registration and the existence of the user account.

You can revoke your registration at any time by terminating your user account.

In this case your user account will be deleted within a maximum of 2 days.

If an account is inactive for a period of 6 months, the account is automatically deleted.

If you are a user of a PwC Plus subscription with costs, which is concluded exclusively on the basis of a written user contract with legal entities (for details, see https://pwcplus.de/en/subscription/services-and-offerings/), please use the contact form or send an email to de_knowledgetransfer@pwc.com.

After notification of your request for deletion, your user account will be deleted by us within the contractually specified period.

7. Use of cookies

In order to make visiting our website attractive and to enable the use of certain functions, we and certain third parties use cookies on our website. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser the next time you visit us (so-called persistent cookies).

The following cookie categories are used:

7.1 Cookies strictly necessary for the operation of our website (hereinafter “required Cookie”):

These cookies are required for the operation and functionality of the website. They make the website technically accessible, secure and usable and provide essential and basic functionalities, such as navigation on the website, correct display of the website in the internet browser or consent management.

• Provider: www.pwcplus.de, Name: PHPSESSID, Cookie category: required cookie, Function: Stores the technical session identification of the user. Duration: Closing the browser.
• Provider: www.pwcplus.de, Name: rex_ycom, Cookie category: required cookie, Function: This cookie is used to support the "stay logged in" function. The cookie is only activated if you explicitly decide to do so when logging in. Duration: 14 days from set/update
• Provider: www.pwcplus.de, Name: ppms_privacy, Cookie category: required cookie, Function: Stores the visitor's consent to data collection and use. Duration: 365 days.

7.2 Analytics cookies

The analytics cookies enable us to store data in an aggregated form about our website visitors and their experiences on our website. We use this data to fix bugs and improve the experience for all visitors.

• Provider: www.pwcplus.de, Name: pk_ses.<websiteID>.<domainHash> , Cookie category: Analytics cookie, Function: Indicates an active session of the visitor. If the cookie is not present, the session ended over 30 minutes ago and was counted in a pk_id cookie. Duration: 30 minutes.
• Provider: www.pwcplus.de, Name: pk_id.<websiteID>.<domainHash> , Cookie category: Analytics cookie, Function: Used to recognise visitors and record their various characteristics. Duration: 13 months.
• Provider: www.pwcplus.de, Name: piwik_auth, Cookie-Category: Analytics cookie, Function: Stores session information for the user interface (UI) of Piwik PRO. As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is considered to be logged in and a PIWIK_SESSID cookie is updated. Duration: 24 minutes.
• Provider: www.pwcplus.de, Name: PIWIK_SESSID, Cookie-Category: Analysis-Cookie, Function: Stores a PHP-Session-ID. Duration: 24 minutes.
• Provider: www.pwcplus.de, Name: stg_traffic_source_priority, Cookie category: Analytics cookie, Function: Stores the type of traffic source that explains how the visitor arrived at the website. Duration: 30 minutes.
• Provider: www.pwcplus.de, Name: stg_last_interaction, Cookie-Category: Analysis-Cookie, Function: Determines whether the session of the last visitor is still running or a new session has started. Duration: 365 days.
• Provider: www.pwcplus.de, Name: stg_returning_visitor, Cookie-Category: Analysis-Cookie, Function: Determines whether the visitor has been on the website before - these are returning visitors. Duration: 365 days.
• Provider: www.pwcplus.de, Name: stg_fired__, Cookie category: Analytics cookie, Function: Determines whether the combination of a tag and a trigger was triggered during the current visitor session. Duration: Closing the browser.
• Provider: www.pwcplus.de, Name: stg_utm_campaign, Cookie category: Analytics cookie, Function: Stores a name of the campaign that directed the visitor to the website. Duration: Closing the browser.
• Provider: www.pwcplus.de, Name: stg_pk_campaign , Cookie category: Analytics cookie, Function: Stores a name of the campaign that directed the visitor to the website. Duration: Closing the browser.
• Provider: www.pwcplus.de, Name: stg_externalReferrer, Cookie category: Analytics cookie, Function: Stores a URL of a web page that referred a visitor to the website. Duration: Closing the browser.
• Provider: www.pwcplus.de, Name: _stg_opt_out_simulate, Cookie-Category: Analytics cookie, Function: Used to simulate the behaviour of the opt-out snippet in the debugger. It turns off all tracking tags in the tested domain. Duration: 365 days.
• Provider: www.pwcplus.de, Name: __stg_optout, Cookie category: Analytics cookie, Function: Used to disable all tracking tags in the tested domain. Duration: 365 days.
• Provider: www.pwcplus.de, Name: stg_global_opt_out (deprecated), Cookie category: Analytics cookie, Function: Used to disable all tracking tags on websites belonging to a Piwik PRO account. Duration: 365 days.
• Provider: www.pwcplus.de, Name: ppms_webstorage, Cookie category: Analytics cookie, Function: A so-called stringified object that contains information about created cookies for each module. It stores data about each cookie created, such as a key, a value, an expiry date, a path, a domain and more. This is the same data that was used to create a cookie. Duration: A ppms_webstorage item is not automatically removed. However, a visitor can delete it manually. Individual entries in the item are removed after a corresponding cookie has expired.

The legal basis for the use of required cookies is Sec 25 para 2 Nr 2 TTDSG or on the basis of Art 6 para 1 lit f) GDPR to protect our legitimate interests. In particular, our legitimate interests lie in being able to provide you with a technically optimised website that is user-friendly and tailored to your needs, and to ensure the security of our systems. The legal basis for consent with regard to the storage and reading of information is Section 25 (1) TTDSG and, with regard to the processing of personal data, Article 6 (1) lit. a GDPR.

The consent includes all cookies selected by you and the storage of information associated with them on your terminal device, as well as their subsequent reading and subsequent processing of personal data.

Insofar as we use cookies on the basis of your consent, you can revoke your consent at any time with effect for the future, e.g. by adjusting your cookie settings here.

Your revocation does not affect the lawfulness of the processing carried out until revocation

7.3 Disabling the cookie settings

Most browsers are pre-set to accept cookies automatically. You can object to the creation of cookies by disabling cookies in your browser’s system settings. Please note, however, that some of the cookies are technically necessary for the functionality of our website, otherwise the page cannot be requested and displayed. By disabling cookies, you will not be able to use parts of the website (without restrictions).

We will only use cookies that are not technically necessary for the functionality of our website if you have provided us with your prior express consent.

In addition, you can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies.

8. Links to social media

Our website currently contains links to the following social media providers: Twitter, LinkedIn, YouTube, Xing and Instagram by means of corresponding social media buttons. In order to prevent any unwanted transfer of your usage data (e.g. address of the currently visited page) to these services, you only then access the services by clicking on the link. On the service page, these social networks may collect usage data and possibly user data. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

Therefore, we inform you according to our current knowledge:

Only when you click on the links does your browser establish a direct connection with the servers of the aforementioned services. In this way, the information that you have visited our website indirectly (referrer) is forwarded to these services. If you are already logged in to the service with your personal user account while visiting our website, you can usually "share" the document (so-called "sharing") or leave a comment etc. after clicking on the social media buttons. If you do not wish such data transmission, we advise you not to click on the social media buttons.

The purpose and scope of the data collection by the social services, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of these services.

9. Mediasite integration

If you watch a video displayed with a preview image (except for the employee videos labelled 'PwC MediaSpace') on the website (not just a link to another platform with a video), we collect the data required to be able to show you the video. The following personal data is required for this purpose:

• IP address
• Time and duration of use

The processing of this personal data is based on Art. 6 para. 1 lit. f) GDPR. Since the communication runs via the internet/intranet and this communication is established on the basis of the internet protocol (IP), this is necessary. Furthermore, the use of the stream is determined on the basis of the IP communication. The video cannot be called up and offered without the use of this data; there is a legitimate interest in making the call-up and use of the video technically possible.
The above-mentioned data is stored for the duration of the viewing/streaming and then deleted. If there are legal storage obligations, the data will be stored for the duration of the legally prescribed storage obligation.
This data is stored on our servers. Our server location is exclusively in Germany. There is no data transfer abroad.

10. Links

Our website contains hyperlinks to websites/services of other providers. When activating these hyperlinks, you will be redirected from our website directly to the website of the other provider. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.

State: 20.11.2023