Business relationship
3. Business relationship
While your specific contractual relationship is with a particular PwC firm, the firm cooperates with the other PwC firms in certain areas as a joint manager in the provision of its services. If you have any questions regarding this joint responsibility, please send them to at_datenschutz@pwc.com.
To learn more about the processing, please click on the relevant purpose.
- Inquiries for consultation purposes (learn more)
- Provision of services to corporate clients (learn more)
- Provision of services to private customers (learn more)
- Customer Relations Management (learn more)
- Prevention of money laundering and measures against terrorist financing (learn more)
3.1 Inquiries for consultation purposes
On our website, we offer you the opportunity to leave your contact details on specific topics in order to be contacted directly by our experts. We process the data provided here on the basis of pre-contractual measures requested by you.
Legal basis: fulfillment of pre-contractual measures based on your request in accordance with Art 6(1)(b) GDPR.
Categories of data: Name, e-mail address, company, interests, other information provided by you
Storage period: Until completion of the pre-contractual measures or a resulting assignment
3.2 Provision of services to corporate clients
In the course of our business relationship with corporate clients, it is essential that we process personal data of contact persons, managing directors, employees or, if applicable, customers or other third parties. The respective scope of data processing depends on the specific services to be provided, which is defined in the Engagement Letter.
In our work for you, we also make use of innovative cloud solutions, which enable video conferences, data rooms or joint work on a document. We only process personal data here if this is necessary for the fulfilment of our contractual obligations or if there is an overriding interest on our part in the processing. This is particularly the case when we process personal data of your employees and/or suppliers, customers for the purpose of providing you with services (eg in connection with pension provisions calculations).
If you do not provide us with this data or not to the extent required, we may not be able to provide the services you request. Please note that this would not be considered a contractual non-fulfilment on our part. If we receive personal data from you, we assume that you are entitled to transmit them to us.
Legal basis: Performance of contract according to Art 6(1)(b) and legitimate interest according to Art 6(1)(f) GDPR
Categories of data: The data varies according to the service provided, but generally includes at least the following categories of data: first name, last name, e-mail, telephone number, academic title, company affiliation and function, employee salary data, employee social insurance data, contract data with third parties.
Storage period: Until the end of service provision. After completion of the service provision, we are subject to different professional and tax retention regulations.
Recipients: Cloud service provider, IT service provider, PwC network firms
Transfer to third countries: Some of our service providers are located in non-EEA countries. For some countries, there is an adequacy decision of the European Commission in place. In other cases, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where applicable, additional guarantees.
3.3 Provision of services to private customers
In the course of our business relationship with you it is essential that we process your personal data. The respective scope of data processing depends on the specific services to be provided, which is defined in the Engagement Letter. In our work for you, we also make use of innovative cloud solutions which, among other things, enable video conferences, data rooms or joint work on a document.
We only process personal data here if this is necessary for the fulfilment of our contractual obligations or if there is an overriding interest on our part in the processing. This is particularly the case if we process personal data of your family members, possible employees and/or suppliers, customers in order to provide you with a service (e.g., to determine shareholding relationships, tax information, etc).
If you do not provide us with this data or not to the extent required, we may not be able to provide the services you requested. Please note that this would not be regarded as a contractual non-fulfilment on our part. If we receive personal data from you which are not your own, we assume that you are entitled to transfer them to us.
Legal basis: Performance of contract according to Art 6(1)(b) and legitimate interests as per Art 6(1)(f) GDPR
Categories of data: The data varies according to the service provided, but usually includes at least the following categories of data: contact details, business activity, family members, income and other tax-related information, investments and other financial information.
Duration of storage: Until the end of the service provision. After completion of the service provision, we are subject to different professional and tax retention regulations.
Recipients: Cloud service provider, IT service provider, PwC network firms
Transfer to third countries: Some of our service providers are located in non-EEA countries. For some countries, there is an adequacy decision of the European Commission in place. In other cases, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where applicable, additional guarantees.
3.4 Customer Relations Management
PwC processes personal data about contacts (existing and potential clients and/or people associated with them) using a customer relationship management tool and a marketing tool. The collection of personal data from contacts and the completion of this personal data in these systems is carried out by our staff. As a matter of principle, your personal data will not be disclosed to third parties. Firms in the PwC network are excluded from this. You can revoke the consent you have given us at any time with effect for the future. To do so, please send an appropriate request to at_datenschutz@pwc.com.
The systems are provided by Salesforce and hosted in Salesforce’s European data centers.
Legal basis: Consent in accordance with Art 6(1)(a) GDPR and Section 174 TKG 2021
Categories of data: First name, last name, e-mail, telephone number, academic title, company affiliation and function.
Storage period: Until you withdraw your consent.
Recipients: Cloud service provider, PwC network firms, IT service providers, external service providers
Transfer to third countries: Some of our service providers are located in non-EEA countries. For some countries, there is an adequacy decision of the European Commission in place. In other cases, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where applicable, additional guarantees.
3.5 Prevention of money laundering and measures against terrorist financing
PwC is legally obliged to process personal data of its clients and, in the case of corporate clients, of the beneficial owners and other corporate representatives on the basis of national laws arising from EU money laundering and anti-terrorist financing regulations. After carrying out these checks with a compliance tool, the underlying documents must be retained for at least 5 years in accordance with professional regulations.
In order not to prevent effective measures from being taken, it may be that at certain points in time the rights of data subjects (in particular the right to information, correction, deletion or data transferability) cannot be implemented. This is always the case if the response to requests from data subjects results in the measures being thwarted or jeopardised.
Legal basis: Compliance with a legal obligation in accordance with Art 6(1)(c) GDPR (Section 87 WTBG, Austrian Public Accountants and Auditors Act)
Categories of data: core data, tax information, company investments, account information
Storage period: at least 5 years after completion of the checks
Recipients: Cloud service providers, PwC network firms, IT service providers
Transfer to third countries: Some of our service providers are located in non-EEA countries. For some countries, there is an adequacy decision of the European Commission in place. In other cases, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where applicable, additional guarantees.