Industries

See all industries

Aerospace, defence & security

Automotive

Capital projects & infrastructure

Consumer markets

Energy, utilities & resources

Engineering & construction

Financial services

Forest, paper & packaging

Government & public services

Healthcare

Hospitality & leisure

Industrial manufacturing

Insurance

Pharmaceuticals & life sciences

Private equity

Technology, media & Telecommunications

Transportation & logistics

Featured

Global Consumer Insights Pulse Survey - June 2023

Achieving net zero infrastructure

Manufacturing COO Pulse Survey

Services

See all services

Alliances and Ecosystems

Audit and assurance services

Consulting

Crisis management

Deals

Entrepreneurial and private business

Family business

Forensics

Legal Business Solutions

Managed Services

Workforce

Strategy

Sustainability and climate change

Tax

Featured

Ukraine: Tax, Legal and People considerations

PwC Global Internal Audit Study 2023

M&A industry trends report

Issues

See all issues

C-suite insights

Cybersecurity

Climate and sustainability

Megatrends

Risk and regulation

Technology

Transformation

Trust

Upskilling

Value creation

Workforce

Featured

The Leadership Agenda

PwC’s Global Investor Survey 2023

strategy+business — a PwC publication

About us

See more About Us

Alumni

Analyst relations

Client case studies

Ethics and compliance

Committing to Net Zero by 2030

Corporate sustainability

Diversity and inclusion

Global Annual Review

Global regulatory affairs

Human rights statement

Leadership team

Network governance and structure

New Ventures and Innovation

News room

Our purpose and values

PwC office locations

PwC's Code of Conduct

Strategy Council

Strategy&

Tax Code of Conduct

Third party code of conduct

Transparency Report

Featured

The New Equation

PwC's Global Annual Review

Committing to Net Zero by 2030

Careers

Find out more about careers

Search for a job

Featured

The New Equation

PwC's Global Annual Review

Loading Results

No Match Found

PwC IT Services US - Data Privacy Framework Policy

What is the PwC network?

PwC is the brand under which the member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and provide professional services. Together these firms form the PwC network. The PwC network consists of firms which are separate legal entities which work together to provide quality service offerings for clients throughout the world. Further information about the PwC network’s structure is available here (Note that these firms are collectively referred to as the ‘PwC network’ for the purposes of this Policy and individual firms are referred to as a ‘PwC member firm’)

Overview of PricewaterhouseCoopers IT Services (US) LLC

The PricewaterhouseCoopers IT Services group of entities aims to provide shared technology services to PwC firms in a secure, compliant, efficient and transparent manner. PricewaterhouseCoopers IT Services Limited (“PwC IT Services”) is a UK incorporated company with its registered office in London. PwC IT Services is a separate legal entity owned and sponsored by several PwC firms on behalf of the PwC network, with subsidiaries or legal branches in the countries where it has operations. Those subsidiaries include PricewaterhouseCoopers IT Services (US) LLC (“PwC IT Services US”, “we”, “us” or “our”), a company with its principal place of business located at 4040 W Boy Scout Boulevard, Tampa FL, 33607.

What does PwC IT Services US do?

Commonly with all entities in the PwC IT Services group, PwC IT Services US operates shared technology services for the benefit of the PwC network. Those services include hosting services (both on-premise and provisioning of cloud hosting platforms), information security services and application support services. PwC IT Services US does not provide those services directly to PwC clients but only to other members of the PwC network.

PwC IT Services US is a separate legal entity to PricewaterhouseCoopers LLP, the PwC firm (together with its affiliates) based in the United States that provides services to clients. PricewaterhouseCoopers LLP maintains its own separate certification under the Data Privacy Framework, details of which can be found here. Further information regarding PricewaterhouseCoopers LLP, including its privacy policy and Data Privacy Framework policy, can be found via its website.

DPF Policy

1. Introduction

1.1 Overview

As set forth in PwC's Global Code of Conduct: "We respect the confidentiality and privacy of our clients, our people and others with whom we do business." As a provider of shared IT services to the PwC network, we support the network in this aim through our operation of those services.

PwC IT Services US complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF and the Swiss-US Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. PwC IT Services US has certified to the U.S. Department of Commerce that it adheres to the EU-U.S Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PwC IT Services US has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this DPF Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively referred to in this DPF Policy as the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

1.2 Categories of Information

This DPF Policy applies to personal information within the scope of PwC IT Services US’s DPF certification, which covers the following categories of information:

Personal information regarding current, former and prospective partners, principals, employees and contractors of members of the PwC network (including PwC IT Services, its subsidiaries and branches, including PwC IT Services US) (together referred to as “PwC Personnel”) for the purposes of operating and managing the PwC network, performing human resource administration and maintaining contact with individuals.
Personal information regarding current, former and prospective PwC network clients and their personnel or others for the purposes of delivering PwC network services, maintaining ongoing relationships and performing business development activities.
Personal information regarding third parties (e.g., vendors, service providers, etc.) and their personnel for the purposes of managing and administering the PwC network’s business relationships with such third parties.

For the purposes of this DPF Policy, “personal information” means information that is about, or pertains to a specific individual and can be linked either directly or indirectly to that individual. In addition, certain personal information covered by PwC IT Services US’s DPF certification may be subject to more specific privacy policies of PwC member firms, which are also consistent with the requirements of the DPF Principles, and in the case of any conflict between these policies and the DPF Principles, the DPF Principles will control.

For example:

Certain PwC member firm websites maintain their own privacy policies that apply to personal information collected via those sites. These policies may be accessed through those websites. Such information may be processed by PwC IT Services US in order to provide services to the relevant PwC member firm.
Personal information obtained from or relating to clients or former clients of PwC member firms is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client and applicable laws and professional standards.
Personal information obtained from or relating to PwC Personnel is subject to the terms of any applicable personnel privacy statement or policy, any contractual arrangements with those PwC Personnel and applicable laws and professional standards.

2. Individual Notice and Choice

We collect and process personal information from certain individuals and for the purposes described in this DPF Policy. Personal information covered by this DPF Policy is collected and processed only as permitted by the DPF Principles.

Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this DPF Policy, other PwC network website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements. Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means of communication (including opt-in consent where appropriate). The majority of data processing carried out by PwC IT Services US is at the direction of other PwC member firms and often any such notice and/or consent is controlled and handled by the PwC member firm(s) with PwC IT Services US acting as a data processor.

3. Disclosures & Accountability for Onward Transfers

Consistent with the DPF Principles, PwC IT Services US may transfer personal information to third parties, including transfers from one country to another. We will only disclose an individual’s personal information to third parties under one or more of the following conditions:

The disclosure is to:

a third party providing services to the PwC network in connection with the operation of the PwC network’s business; and/or
a PwC member firm in connection with PwC IT Services US’s provision of services to the PwC network

as consistent with the purpose for which the personal information was collected. The PwC network maintains written contracts with these third parties and as between all PwC member firms. Those contracts include requirements to provide at least the same level of privacy protection and security as required by the DPF Principles. To the extent provided by the DPF Principles, PwC IT Services US remains responsible and liable under the DPF Principles if a third-party (including a PwC member firm) that it engages to process personal information on its behalf as its agent does so in a manner inconsistent with the DPF Principles, unless PwC IT Services US proves that it is not responsible for the matter giving rise to the damage.

Other than as set out above, PwC IT Services US will disclose personal information only:

With the individual’s permission to make the disclosure;
Where required to the extent necessary to meet a legal obligation to which PwC IT Services US is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.
Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.

4. Access

Individuals whose personal information is covered by this DPF Policy have the right to access the personal information that PwC IT Services US maintains about them as specified in the DPF Principles. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Individuals may also have the right to restrict or object to the processing or disclosure of personal data, subject to applicable law.

Requests for access, correction, amendment, deletion, restriction or objection to the processing of data should be sent to the PwC IT Services US Data Protection Officer via email (please refer to the Internal Complaints Mechanism below for further details regarding how to contact us to exercise individuals’ data processing rights).

Alternatively, individuals may contact the PwC member firm with which they have a relationship. Where a request is made in this way, PwC IT Services US will action the request once notified by that member firm and will cooperate with that member firm to fulfill the request.

5. Security

PwC IT Services US takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.

6. Data Integrity and Purpose Limitation

PwC IT Services US collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the data subject. PwC IT Services US does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized. PwC IT Services US takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

Note that the majority of data processing carried out by PwC IT Services US is at the direction of other PwC member firms. Therefore the collection and purposes of that data processing is controlled and handled by the PwC member firm(s) with PwC IT Services US acting as a data processor.

7. Enforcement

7.1 Internal Complaints Mechanism

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PwC IT Services US commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact PwC IT Services US at:

Nancy Dickie - Data Protection Officer, PwC IT Services US

Email: gbl_itsco_dpo@pwc.com

Mail: PricewaterhouseCoopers IT Services (US) LLC

4040 W Boy Scout Blvd

Tampa FL, 33607

U.S.A.

Alternatively, you can contact us via PricewaterhouseCoopers IT Services B.V., PwC IT Services’ subsidiary in the Netherlands:

Email: gbl_itsco_dpo@pwc.com

Mail: PricewaterhouseCoopers IT Services B.V.

Thomas R. Malthusstraat 5

1066 JR

PO Box 90351

1006 BJ

Amsterdam

The Netherlands

PwC IT Services US has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint.

Individuals may also contact us via the means outlined above regarding their data rights (i.e. access, correction, deletion, restriction or objection to the processing of data) and we will respond within forty-five (45) days of any such request.

7.2 Independent Recourse Mechanism

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PwC IT Services US commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution/American Arbitration Association ("ICDR-AAA"), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the ICDR-AAA are provided at no cost to you.

7.3 Binding Arbitration

You may have the option to select binding arbitration for the resolution of your complaint regarding DPF compliance under certain circumstances, where your complaint is not resolved by any of the other DPF mechanisms. For further information, please refer to DPF ANNEX I (introduction) - Binding Arbitration

7.4 Federal Trade Commission

The Federal Trade Commission has jurisdiction over PwC IT Services US’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

8. Modifications

PwC IT Services US may update this DPF Policy at any time by publishing an updated version here. We will not update this DPF Policy in contravention of the DPF Principles so long as we remain certified under the DPF program.

Last updated: 20 October 2023

PwC office locations Site map Contact us

© 2017 - 2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.