We process personal data from suppliers, service providers, consultants, government representatives and other external business partners, as well as their contact persons, for the purpose of initiating, concluding and executing contracts, including communication, order and service processing, quality assurance, efficient and consistent support, payment processing, management of the business relationship, sanctions list checks where necessary, enforcement and defence of legal claims, and fulfilment of statutory retention, compliance and documentation obligations.
Legal basis: Contract fulfilment in accordance with Art. 6(1)(b) GDPR, Legitimate interest in accordance with Art. 6(1)(f) GDPR in efficient contract processing, security of business processes, avoidance of payment defaults, preservation and enforcement of rights and compliance with internal network guidelines, as well as knowledge management for more efficient and consistent support of operational audits.
Source: If the data does not originate from you, it comes from the organisation where you are currently employed, from a PwC network company with which your organisation cooperates, or from authorities and other public bodies.
Data categories: in particular contact details, function, company affiliation, comments and factual experience values relating to previous cooperation and audits, contract data, performance records, transaction data, data on economic circumstances, history of assignments, billing and performance data, tax data.
Storage period: Duration of the business relationship. Beyond this, we only store personal data within the scope of the legally prescribed retention period (in particular § 132 BAO, § 1486 ABGB, § 11 (2) SubSec 3 UStG).
Categories of recipients: Cloud service providers, IT service providers, PwC network companies, and, where necessary, payment service providers and authorities.
Transfer to third countries: Some of our service providers are based in third countries. For some of these countries, an adequacy decision has been issued by the European Commission. If this is not the case, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where necessary, additional safeguards.
We process personal data to ensure the integrity, confidentiality and availability of our IT systems, applications and collaboration platforms (e.g. SharePoint), to enable secure data exchange with external partners, and to detect, analyse and handle security incidents (incident management).
Legal basis: Contract performance pursuant to Art. 6(1)(b) GDPR, legal obligation pursuant to Art. 6(1)(c) GDPR (in particular Implementing Regulation (EU) 2024/2690 including Annex No. 11), Legitimate interest pursuant to Art. 6(1)(f) GDPR in maintaining a secure, functional and legally compliant IT environment, protecting information, preventing and investigating security incidents, and providing evidence.
Data categories: in particular contact details, user ID, company affiliation, role/authorisations, authentication and authorisation data, communication and content data, insofar as they are processed or exchanged on the platforms (documents, file metadata, comments, support tickets).
Storage period: Duration of the business relationship. Beyond this, we only store personal data within the scope of the legally required retention period (in particular § 132 BAO, § 1486 ABGB, § 212 UGB, Implementing Regulation (EU) 2024/2690 including Annex No. 11 in conjunction with § 31 VStG).
Categories of recipients: Cloud service providers, IT service providers, PwC network companies.
Transfer to third countries: Some of our service providers are based in third countries. For some of these countries, an adequacy decision has been issued by the European Commission. Where this is not the case, an adequate level of data protection has been achieved through the conclusion of standard contractual clauses and, where necessary, additional safeguards.