Privacy Policy (as of 07/2023)

The following Privacy Notice is intended to explain to you in a comprehensible, transparent and clear manner how your personal data is processed by us. Personal data are all data which directly or indirectly allow an inference to your person ("data"). Should you nevertheless have questions or other queries about data protection at PwC, please feel free to contact us at

You can find more information on the use of cookies in our Cookie Notice.

Controller of your data

The below listed PwC network firms in Austria ("PwC", hereinafter also referred to as "us", "we") are controller of your data in accordance with Art 4(7) of the General Data Protection Regulation ("GDPR"). Unless otherwise stated, they act as joint controllers in the sense of Art 26 GDPR for the purposes stated here. Further information on the individual firms and their cooperation in the PwC network as well as physical addresses can be found in our Imprint.

  1. PwC Österreich GmbH Wirtschaftsprüfungsgesellschaft
  2. PwC Advisory Services GmbH
  3. PwC PricewaterhouseCoopers Wirtschaftsprüfung und Steuerberatung GmbH (
  4. PwC Transaction Services Wirtschaftsprüfung GmbH
  5. PwC Wirtschaftsprüfung GmbH
  6. PwC Tax & Audit Services Wirtschaftsprüfung und Steuerberatung GmbH
  7. PwC Wirtschaftsprüfungs- und Steuerberatungsgesellschaft mbH
  8. oehner & partner rechtsanwaelte gmbh (PwC Legal

Data Protection Officer

We voluntarily appointed an external Data Protection Officer (“DPO”), who will assist you in any enquiries.

oehner & partner rechtsanwaelte gmbh („PwC Legal“)
Donau-City-Straße 7, 1220 Wien
+43 1 501 88 0550

Your rights as a data subject

You have the following rights vis-à-vis PwC in respect of personal data concerning you. In order to exercise these rights against us, please send us a letter containing a specific request.

Right to information: You can request information from us at any time about whether and which personal data we store about you. The provision of information by us is free of charge for you.

The right to information does not exist or exists only to a limited extent if and to the extent that the information would reveal information requiring secrecy, eg information subject to professional secrecy.

Right to rectification: If your personal data processed by PwC is incorrect or incomplete, you have the right to demand that we correct it at any time. Until they are corrected, you may also request that processing be restricted.

Right to erasure: You have the right to demand that we delete your personal data if and to the extent that the data are no longer needed for the purposes for which they were collected or, if processing is based on your consent, you have revoked your consent. In this case we must stop processing your personal data and remove it from our IT systems and databases.

A right to deletion does not exist, as far as

  1. the data may not be deleted due to a legal obligation or must be processed due to a legal obligation or
  2. the data processing is necessary for the assertion, exercise or defence of legal claims.

Right to limit processing: You have the right to request that we limit the processing of your personal data.

Right to data transferability: You have the right to obtain from us your personal data in a common and machine-readable format and the right to have such data transferred directly to another controller.

This right exists only if

  1. you have provided us with the data on the basis of a consent or on the basis of a contract concluded with you;
  2. the processing is carried out by means of automated procedures.

Right to object to processing: If the processing of your data by PwC is based on Art 6(1)(f)GDPR (our legitimate interest), you can object to the processing at any time.

Right to withdraw consent: You have the right to withdraw your consent for the processing of your personal data at any time. However, this does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority

According to Art 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection law.  The supervisory authority in Austria is

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna

Data security

Even if trade- and business secrets are not directly covered by the term personal data, we nevertheless give such information the same protection and we expect the same from our service providers.

As a legally obliged professional secrecy holder, the security of your data is of particular concern to us. It goes without saying that all data traffic within the PwC network is encrypted. We also have encryption options for external data traffic, provided that you, as the recipient of our communications, have the technical requirements for decryption.

Please note that electronic communication using standard mail programs (such as MS Exchange) does not offer absolute protection against unauthorized access by third parties and that non-European servers may also be switched on for this form of communication.

It is also a matter of course for us to ensure that our PwC network's own data centers meet all ISO/IEC 27001 security standards. Our understanding of security also extends to the service providers we use, whom we have obliged to comply with similar or equivalent security measures.

If data is stored on servers outside Europe within the framework of the cloud services we use, we ensure that this data is stored exclusively in fragmented and encrypted form using the highest encryption technologies. The storage of client files and client documents always remains in PwC's internal data centers.

If you have any questions about our data security measures specifically relating to your business case, please contact