Data protection information in accordance with Articles 13, 14 EU General Data Protection Regulation (GDPR)
The following data protection information is intended to explain to you in an understandable, transparent and clear manner how we, PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft (hereinafter: “PwC Legal“), process your personal data in connection with your use of our websites, applications (“apps“) and online services. However, if you have any questions of understanding or other queries about data protection at PwC, you are welcome to contact our Data Protection Officer at DE_Datenschutz@pwc.com or the other contact details provided below.
The controller within the meaning of Art 4 no 7 GDPR for the processing of your personal data is:
PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft
60327 Frankfurt am Main
Tel.: +49 69 695962-79000
Fax: +49 69 695962-79100
Data Protection Officer
PwC Legal has appointed a data protection officer in accordance with Art. 37 GDPR. You can contact PwC’s data protection officer, Dr Tobias Gräber, via the following channels:
Telefon: +49 69 695962-79000
PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft
Dr. Tobias Gräber, Data Protection Officer
60327 Frankfurt am Main
Rights of the data subject/your rights under data protection law
You have the following rights under applicable data protection law with respect to personal data concerning you.
Right of access: You can request information from us at any time about whether and which personal data we store about you. The provision of information is free of charge for you.
The right to information does not exist or is subject to limitations if and to the extent that confidential information, such as information that is subject to professional secrecy, would be disclosed.
Right to rectification: If your personal data stored by us is inaccurate or incomplete, you have the right to obtain rectification of this data from us at any time.
Right to erasure: You have the right to request that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the processing is based on your consent, you have withdrawn your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases.
A right to erasure does not exist insofar as
- the data may not be deleted due to a legal obligation or must be processed due to a legal obligation;
- the data processing is necessary for the assertion, exercise or defence of legal claims.
Right to restrict processing: You have the right to request that we restrict the processing of your personal data.
Right to data portability: You have the right to receive from us the data you have provided in a structured, common and machine-readable format, as well as the right to have this data transferred to another controller. This right only exists if
- you have provided us with the data on the basis of consent or on the basis of a contract concluded with you;
- the processing is carried out by automated means.
Right to object to processing: If the processing of your data is based on Art 6 para 1 lit f) GDPR, you may object to the processing at any time.
You may assert all of the data subject rights described above against PwC Legal by addressing your specific request to the following contact details:
By email: DE_Datenschutz@pwc.com
PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft
Dr Tobias Gräber, Data Protection Officer
60327 Frankfurt am Main
Right to lodge a complaint with a supervisory authority
In accordance with Art 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.
Provision of data
Even if partial automatic transmission of data takes place when you call up our website, you are not legally or contractually obliged to provide data in connection with the use of our homepage.
In connection with the contact form and contacting us by email, you are free to send us data via these channels, but without providing us your personal data in the context of contacting us in this way we cannot process and answer any enquiries from you in this respect.
In connection with the order of high-quality publications (e.g. studies, whitepapers), high-quality customized demo versions of software, high-quality presentation of study results, or high-quality presentation by a specialist, data are required for the conclusion of a contract with us; the provision of this data is also free in this respect, but without the data we cannot conclude a contract with you or provide you the high-quality publications (e.g. studies, whitepapers), high-quality customized demo versions of software or high-quality presentation of study results.
Description of the data processing on the website/app and legal basis for the processing
Recipient of the data
In order to fulfil the processing purposes listed below, data is also transferred to third parties. This may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU or the European Economic Area (EEA).
Recipients bound by instructions
We share your data with service providers bound by instructions, both within the PwC network and with other third parties, such as IT service providers, who support us in our activities, e.g. as part of the administration and maintenance of the websites and the related systems and/or for other internal or administrative purposes.
PwC Legal is a member of the global PwC network, which consists of the individual legally independent PwC firms. In the course of our activities, we use other German or foreign PwC network companies as network-internal IT service providers bound by instructions, which provide services for the operation, maintenance and care of the IT systems and applications used by the PwC network companies. This is in particular PwC IT Services Ltd. based in the United Kingdom (UK).
If we pass on data to service providers bound by instructions, we do not require a separate legal basis for this.
In addition, we share your data in individual cases both within the PwC network and with other third parties who use your data under their own responsibility. For example, in individual cases we also transfer personal data to other companies in the PwC network to support and improve the effectiveness of our business processes (including coordinated marketing activities), specifically to PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft.
In addition, in individual cases, we also pass on your data to other third parties, such as public authorities, courts or other bodies, if we are required by law or by official or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.
Insofar as you have explicitly consented, Art 6 para 1 lit a) GDPR is the legal basis for the data transfer. If there is a legal obligation to disclose the data, the legal basis for the data transfer is Art 6 para 1 lit c) GDPR. If, on the other hand, the disclosure is necessary for the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis. Otherwise, the transfer is based on our legitimate interests and the legal basis is Art 6 para 1 lit f) GDPR. We and the other companies in the PwC network have an interest in making our work processes efficient and in sharing business processes within the PwC network for this purpose.
Data transfer to recipients in third countries outside the EU/EEA
Insofar as any of the above-mentioned data transfers are made to a recipient outside the EEA (to so-called “third countries”), an appropriate level of data protection for the foreign transfer is ensured by means of suitable security measures.
For data transfers within the PwC network, the PwC network companies have, among other things, concluded an internal data protection agreement which provides for compliance with the EU standard contractual clauses of the EU Commission within the meaning of Art 46 para 2 lit c) GDPR for the transfer of personal data from EU/EEA countries to PwC network companies outside the EU/EEA.
If you have any questions about such data protection contracts based on the EU standard contractual clauses or if you would like more information about further security mechanisms and security measures for the transfer of data to third countries, please feel free to contact our data protection officer, e.g. at DE_Datenschutz@pwc.com.
Processing of personal data when accessing the website
When you visit our website, we collect the data that is technically necessary to display this website to you. This involves the following personal data which is automatically transmitted to our server by your browser:
- IP address
- Date and time of your request/call to the website (the app)
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (information about which specific webpage you have visited)
- Access status/http status code
- Transferred data volume
- Website requesting the access
- Browser (information about the browser you use)
- Operating system and its interface (operating system of the computer you use to access the website or app)
- Language and version of the browser software
The processing of this personal data is based on Art 6 para 1 lit f) GDPR. The website cannot be accessed and offered to users without using such data; there is a legitimate interest in making the call-up and use of the website technically possible.
The aforementioned data will be stored for 7 days and then deleted.
This website is hosted by a service provider [T-Systems International GmbH, Open Telekom Cloud, Hahnstraße 43d, D-60528 Frankfurt am Main], the data collected on our website is therefore stored on the service provider’s servers. The server locations are located in Germany and Europe.
A data transfer to countries outside the EU/EEA is not carried out.
Contact form and contact by e-mail
We provide a contact form on our website so that you can contact us with questions about PwC, our website and other enquiries. You can also contact us by email.
When you contact us via the contact form or by email, the data you provide (in particular your email address, your first and last name and the text of your enquiry as well as any other information you have provided in the contact form or by email) will be stored by us in order to process your enquiry and answer your questions.
The data processing is justified according to Art 6 para 1 lit f) GDPR. We have an interest in contacting you via the website in response to your enquiry. If your request is aimed at the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis for the data processing.
We will delete the data generated in the course of your enquiry/contact as soon as it is no longer required for processing your enquiry. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period. The use of the contact form is voluntary for you and is not a prerequisite for the use of the website.
Provision of high-quality publications, high-quality customized demo versions of software, high-quality presentation of study results or high-quality presentation by a specialist
If you would like to receive high-quality publications, high-quality customized demo versions of software, high-quality presentation of study results or high-quality presentation by a specialist, you shall give us marketing consent in return and we will process the data you provided in connection with the consent (in particular your first name and surname, your e-mail address, the name and address of your company, if applicable, and any other information you provided when giving your consent). We will validate the e-mail address you provide by means of the so-called double opt-in process. Further information on this can be found in the section "organisational management of your consent". The data processing for the provision of the respective high-quality publication, high-quality customized demo versions of software, high-quality presentation of study results or high-quality presentation by a specialist is based on a contract with you (Art 6 para 1 lit b) GDPR). The subsequent marketing communication is based on your consent (Art 6 para 1 lit a) GDPR). For further information on the processing of your data in the context of marketing communications, please refer to the section "individualised electronic approach by PwC DE".
Processing operations in marketing and partly joint controllers
PwC Legal determines the means and purposes of some of the marketing data processing operations described in more detail below, either alone or together with other companies of the German-speaking PwC network named herein (all named companies hereinafter jointly: “PwC DE“). PwC Legal and these other named PwC DE firms of the PwC network therefore process your data as joint controllers within the meaning of Art 4 no 7, 26 GDPR.
Individualised electronic approach by PwC DE
PwC DE companies process your personal data and will contact you by email for marketing purposes if you have provided consent to direct marketing activities. For this purpose, we process the data provided by you in connection with the consent (in particular your first name and surname, your email address, the name and address of your company, if applicable, and any other information you provided when providing your consent).
This direct marketing by PwC DE firms includes PwC DE information on latest consultancy advice and service information, news from your industry, notifications about upcoming events, information on PwC studies (including those of other PwC network firms) and other marketing information.
Based on your consent, PwC DE may tailor and individualise marketing communications to your interests. PwC DE does this by analysing your interests, which you have explicitly communicated (e.g. via a preference centre on a PwC DE website), and your usage behaviour (e.g. content accessed, opening, clicks and reading time) both with regard to newsletters and similar communications and via linked PwC DE websites using cookies, web beacons and similar technologies and storing this information in a personal profile.
Based on your consent, PwC DE may also add your personal contact details (e.g. name, title, company and role/position) that you have provided yourself on a PwC DE website and/or that are already stored in the customer relationship management systems operated by PwC DE. Based on your consent, PwC DE may also add public information about the company you work for to this profile.
The processing is carried out on the basis of your consent, which is a legal permission according to Art 6 para 1 lit a) GDPR. You can withdraw your consent at any time with effect for the future at no additional cost, e.g. by email to DE_Datenschutz@pwc.com.
Your data will be stored for this purpose as long as it is required for direct advertising and you have not revoked your consent. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.
Organisational management of your consent
PwC DE also processes your personal data to meet organisational requirements with regard to your marketing consent. This includes, for example, the validation of the email address you provided through a so-called double opt-in process and documenting the status (granting or revoking your consent and validating your email address) in a list jointly maintained by PwC DE for this purpose. The data processed for this purpose includes the contact details you provided when granting consent, your IP address, the individual identifier assigned by our IT systems, as well as the status and time of the granting of your consent.
If you withdraw your consent and/or object to the data processing, PwC DE will no longer use your data for marketing purposes. PwC DE will store the data required for the organisational management of your consent beyond the time of your revocation and/or objection in order to fulfil documentation and verification requirements and to ensure that your data is not processed by PwC DE for marketing purposes in the future (so-called blocking list), unless you provide new consent. PwC DE will delete your data when these organisational purposes cease to apply, which will generally be after a period of three years at the end of the year following the cessation of marketing activity by PwC DE.
Postal address and existing customer marketing
PwC DE will also use the information you provide (in particular your name and address) to send you marketing information by post about other offers or events.
PwC Legal will use your contact details received in connection with the sale of a service (in particular your first and last name, your email address, if applicable the name and address of your company as well as any other details you may have provided) for the purpose of direct marketing of similar goods and services by electronic mail, unless you have objected to such use. You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.
This processing is based on our legitimate interests within the meaning of Art 6 para 1 lit f) GDPR. There is a legitimate economic interest in informing interested parties, customers and clients about further offers and events of our own in order to establish and maintain a long-term customer relationship.
Your data will be stored for this purpose as long as this is necessary for the postal marketing approach and existing customer marketing and you have not effectively objected to the data processing. . Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.
The following cookie categories are used:
Cookies strictly necessary for the operation of our website (hereinafter “required Cookie”):
These cookies are required for the operation and functionality of the website. They make the website technically accessible, secure and usable and provide essential and basic functionalities, such as navigation on the website, correct display of the website in the internet browser or consent management.
- Provider: www.pwc.de, Name: JSESSIONID, Cookie category: required cookie, Function: general purpose platform session cookie, used by pages written in JSP. Normally used to maintain an anonymous user session by the server. Duration: Closing the browser.
- Provider: apps.pwc-host.de, Name: PHPSESSID, Cookie category: required cookie, Function: Serves the proper display of surveys. Duration: Closing the browser.
- Provider: pwcdeapps.pwc.de, Name: NLSessionSpwcdeapps, Cookie category: required cookie, Function: Serves the proper display of the event search. Duration: Closing the browser.
- Provider: pwcdeapps.pwc.de, Name: WhlWFLB, Cookie category: required cookie, Function: Serves the proper display of the event search. Duration: Closing the browser.
- Provider: app.powerbi.com, Name: ai_session, Cookie category: required cookie, Function: Used to properly display Microsoft Power BI interfaces. Duration: Closing the browser.
- Provider: www.pwc.de, Name: ppms_privacy, Cookie category: required cookie, Function: Stores the visitor's consent to data collection and use. Duration: 365 days.
- Provider: www.pwc.de, Name: Salesforce__s9744cdb192d044faa1bf201d29fafd1e, Cookie category: required cookie, Function: Store user preferences (if any). Duration: Closing the browser.
- Provider: www.pwc.de, Name: Salesforcext_0d95e, Cookie category: required cookie, Function: Store user preferences (if any). Duration: Closing the browser.
- Provider: www.pwc.de, Name: AKA_A2, Cookie category: required cookie, Function: This cookie is set by Akamai. This cookie is used for DNS Prefetch and HTTP2 Push. It helps in improving the performance. Duration: 1 hour.
The analytics cookies enable us to store data in an aggregated form about our website visitors and their experiences on our website. We use this data to fix bugs and improve the experience for all visitors.
- Provider: www.pwc.de, Name: pk_ses.<websiteID>.<domainHash> , Cookie category: Analysis cookie, Function: Indicates an active session of the visitor. If the cookie is not present, the session ended over 30 minutes ago and was counted in a pk_id cookie. Duration: 30 minutes.
- Provider: www.pwc.de, Name: pk_id.<websiteID>.<domainHash> , Cookie category: Analytics cookie, Function: Used to recognise visitors and record their various characteristics. Duration: 13 months.
- Provider: www.pwc.de, Name: piwik_auth, Cookie-Category: Analytics-Cookie, Function: Stores session information for the user interface (UI) of Piwik PRO. As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is considered to be logged in and a PIWIK_SESSID cookie is updated. Duration: 24 minutes.
- Provider: www.pwc.de, Name: PIWIK_SESSID, Cookie-Category: Analysis-Cookie, Function: Stores a PHP-Session-ID. Duration: 24 minutes.
- Provider: www.pwc.de, Name: stg_traffic_source_priority, Cookie category: Analytics cookie, Function: Stores the type of traffic source that explains how the visitor arrived at your website. Duration: 30 minutes.
- Provider: www.pwc.de, Name: stg_last_interaction, Cookie-Category: Analysis-Cookie, Function: Determines whether the session of the last visitor is still running or a new session has started. Duration: 365 days.
- Provider: www.pwc.de, Name: stg_returning_visitor, Cookie-Category: Analysis-Cookie, Function: Determines whether the visitor has been on your website before - these are returning visitors. Duration: 365 days.
- Provider: www.pwc.de, Name: stg_fired__, Cookie category: Analytics cookie, Function: Determines whether the combination of a tag and a trigger was triggered during the current visitor session. Duration: Closing the browser.
- Provider: www.pwc.de, Name: stg_utm_campaign, Cookie category: Analytics cookie, Function: Stores a name of the campaign that directed the visitor to your website. Duration: Closing the browser.
- Provider: www.pwc.de, Name: stg_pk_campaign , Cookie category: Analytics cookie, Function: Stores a name of the campaign that directed the visitor to your website. Duration: Closing the browser.
- Provider: www.pwc.de, Name: stg_externalReferrer, Cookie category: Analytics cookie, Function: Stores a URL of a web page that referred a visitor to your website.... Duration: Closing the browser.
- Provider: www.pwc.de, Name: _stg_opt_out_simulate, Cookie-Category: Analytics-Cookie, Function: Used to simulate the behaviour of the opt-out snippet in the debugger. It turns off all tracking tags in the tested domain. Duration: 365 days.
- Provider: www.pwc.de, Name: __stg_optout, Cookie category: Analysis cookie, Function: Used to disable all tracking tags in the tested domain. Duration: 365 days.
- Provider: www.pwc.de, Name: stg_global_opt_out (deprecated), Cookie category: Analytics cookie, Function: Used to disable all tracking tags on websites belonging to a Piwik PRO account. Duration: 365 days.
- Provider: www.pwc.de, Name: ppms_webstorage, Cookie category: Analysis cookie, Function: A so-called stringified object that contains information about created cookies for each module. It stores data about each cookie created, such as a key, a value, an expiry date, a path, a domain and more. This is the same data that was used to create a cookie. Duration: A ppms_webstorage item is not automatically removed. However, a visitor can delete it manually. Individual entries in the item are removed after a corresponding cookie has expired.
These cookies enable us to alert you to relevant PwC advertising campaigns and to show you personalised PwC content based on your interests, including on third-party websites. In addition, we can use so-called targeting to limit the frequency of appearance of an advertisement and reduce the display of the advertisement for you.
- Provider: www.saleswingsapp.com, Name: sw, Cookie-Category: Marketing cookies, Function: Used to identify visitors on the website and determine their interaction with the site and their interests. Duration: 365 days.
The legal basis for the use of required cookies is Sec 25 para 2 Nr 2 of the German Telecommunication-Telemedia-Act (“TTDSG”) or on the basis of Art 6 para 1 lit f) GDPR to protect our legitimate interests. In particular, our legitimate interests lie in being able to provide you with a technically optimised website that is user-friendly and tailored to your needs, and to ensure the security of our systems. The legal basis for consent with regard to the storage and reading of information is Section 25 (1) TTDSG and, with regard to the processing of personal data, Article 6 (1) lit. a GDPR.
The consent includes all cookies selected by you and the storage of information associated with them on your terminal device, as well as their subsequent reading and subsequent processing of personal data.
Your revocation does not affect the lawfulness of the processing carried out until revocation.
Disabling the cookie settings
Most browsers are pre-set to accept cookies automatically. You can object to the creation of cookies by disabling cookies in your browser’s system settings. Please note, however, that some of the cookies are technically necessary for the functionality of our website, otherwise the page cannot be requested and displayed. By disabling cookies, you will not be able to use parts of the website (without restrictions).
In addition, you can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies.
Links to social media
Our website currently contains links to the following social media providers: Facebook, Twitter, LinkedIn, YouTube and Instagram by means of corresponding social media buttons. In order to prevent any unwanted transfer of your usage data (e.g. address of the currently visited page) to these services, you only then access the services by clicking on the link of these services. On the service page, these social networks may collect usage data and possibly user data. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
Therefore, we inform you according to our current knowledge:
Only when you klick on the links does your browser establish a direct connection with the servers of the aforementioned services. In this way, the information that you have visited our website indirectly (referrer) is forwarded to these services. If you are already logged in to the service with your personal user account while visiting our website, you can usually “share” the document (so-called “sharing”) or leave a comment etc. after clicking on the social media buttons. If you do not wish such data transmission, we advise you not to click on the social media buttons.
The purpose and scope of the data collection by the social services, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of these services.
Integration of Mediasite
When you view a video that is displayed with a thumbnail on the website (not just a link to another platform with a video), we collect the necessary data to show you the video. The following personal data is required for this purpose:
IP address, time and duration of use. The processing of this personal data is based on Art. 6 para. 1 lit. f) DSGVO. This is necessary, since the communication runs via internet/intranet and is established on the basis of the Internet Protocol (IP). Furthermore, the use of the stream is determined on the basis of the IP communication. The video cannot be called up and provided without the use of this data; there is a legitimate interest in making the call-up and making the use of the video technically possible.
The data stated above is stored for the duration of viewing/streaming and then deleted. If there are legal storage obligations, the data will be stored for the duration of the legally prescribed storage obligation.
Integration of SmartMaps
On this website we use the “SmartMaps” service of YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe.
This allows us to show you maps directly on the website and enables you to use the map function conveniently.
In order to be able to show you the maps, SmartMaps uses your IP address when the SmartMaps components are called up by the browser. This is held in the memory of the web server for approx. 5 minutes to prevent DoS attacks, after which it expires and is neither processed nor stored in any other way.
YellowMap AG is therefore a recipient of data. However, YellowMap AG does not process the data for its own purposes, but exclusively on behalf of and on the instructions of PwC. PwC has concluded a data processing agreement with YellowMap AG in accordance with Art 28 GDPR.
Use of Friendly Captcha
For certain online services on our website we use the “Friendly Captcha” solution provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha blocks non-human and automated entries and protects our website against spam-bots and abuse. The following personal data is transmitted in the process:
- HTTP request header data, in particular user agent, origin and referer
- Date/time of request
- Version of widget used
- Customer account ID of the client’s website
- Hash value (one-way encryption) of the incoming IP address (the IP address is discarded, only the hash value is stored)
- Number of requests from the (hashed) IP address per period
- Answer of the calculation task solved by the visitor’s computer
Processing of such personal data is carried out on the basis of Article 6(1)(f) GDPR. There is a legitimate interest in the functioning and secure operation of our website.
To the extent personal data is processed, it is stored for 30 days and then deleted.
Friendly Captcha GmbH is thus the recipient of data. However, it does not process the data for its own purposes, but solely on behalf of and on the instructions of PwC. PwC has entered into a commissioned data processing agreement with Friendly Captcha GmbH in accordance with Article 28 GDPR.
Our website contains hyperlinks to websites/services of other providers. When activating these hyperlinks, you will be redirected from our website directly to the website of the other provider. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.