PwC StorePwC Store
Register
Home
Privacy Statement

Privacy Statement

Introduction

PwC NL is strongly committed to protecting personal data. This Privacy Statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others such as companies and institutions that we provide services to and in that context, provide us with information about their employees or business relationships. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

The following definitions apply in this Privacy Statement:

'PwC NL' (and 'we', 'us', or 'our') refers to PricewaterhouseCoopers B.V. based in Amsterdam, and also to PricewaterhouseCoopers Accountants B.V., PricewaterhouseCoopers Belastingadviseurs B.V., PricewaterhouseCoopers Advisory B.V., PricewaterhouseCoopers Deelnemingen B.V., PricewaterhouseCoopers Compliance Services B.V., PricewaterhouseCoopers Pensions, Actuarial & Insurance Services B.V. PricewaterhouseCoopers IT Services (NL) B.V. and PricewaterhouseCoopers Certification B.V. as far as they: (1) are a contracting party for the purpose of providing or receiving services, (2) posted a position for which you are applying, or (3) have a role or relationship with u.

Applicable laws and regulations: all international, European, national, regional or local laws, regulations, treaties, decisions, statutes, sentences, court orders, codes of conduct, guidelines or any other requirements of any relevant government institution or supervisory authority, to the extent relevant and applicable in the Netherlands.

Terms in this Privacy Statement (such as 'personal data' and 'processing') have, in whatever conjugation, the meaning referred to in the Applicable laws and regulations. In addition, the above words have the meaning described in this Privacy Statement.

This Privacy Statement applicable to following PwC website(s):

store.pwc.nl

Our international network:

The PwC network is a worldwide network of independent member firms that operate locally in countries throughout the world. PwC NL, as each member firm in the PwC network, is a separate legal entity and a separate controller for personal data. For further details, please see https://www.pwc.nl/en/onze-organisatie.html.

We would like to note that the international and regional or practice-related websites that fall within PwC.com are provided by other entities within the PwC network and not by PwC NL. This Privacy Statement does not apply to these websites or to other websites that may be linked to this website. We recommend that visitors carefully read the privacy statements of each of these other websites before they provide any personal data.

Personal data is any information relating to an identified or identifiable living person. When “you” or “your” is used in this Statement, we are referring to the relevant individual who is the subject of the personal data. PwC NL processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. We do not store your personal data for longer than necessary for the purposes for which we process your personal data, unless we are required to retain your personal data for longer under applicable laws and regulations.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this Statement.

Business Contacts

Collection​ ​of​ ​personal​ data

PwC NL processes personal data about contacts (existing and potential PwC NL clients and/or individuals associated with them) using a customer relationship management system (the “PwC CRM”).

The collection of personal data about contacts and the addition of that personal data to the PwC CRM is initiated by a PwC user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the PwC CRM may collect data from PwC email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between PwC users and contacts or third parties.

Use​ ​of​ ​personal​ data

Personal data relating to business contacts may be used for legitimate interests of PwC NL and the legitimate interests of other PwC-member firms for the following purposes:

  • Administering, managing and developing our businesses and services. We may process personal data in order to run our business, including:
    • managing our relationship with clients
    • developing our businesses and services (such as identifying client needs and improvements in service delivery and learning more about a client, relationship opportunity we or other PwC member firms have an interest in)
    • analysing and evaluating the strength of interactions between us and a contact. The PwC CRM uses an algorithm to help with this analysis and the ranking is primarily based on interaction frequency, duration, recency and response time
    • performing analytics, including producing metrics for PwC NL leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals
    • maintaining and using IT systems
    • hosting or facilitating the hosting of events
    • and administering and managing our website and systems and applications
  • Providing information about us and our range of services
  • Unless we are asked not to, we use client business contact details to provide information that we think will be of interest about us and our services. For example, industry updates and insights, other services that may be relevant and invites to events.

PwC-member firms do not sell or otherwise release personal data contained in the PwC CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

Data retention

Personal data will be retained on the PwC CRM for as long as we have, or need to keep a record of, a relationship with a business contact.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

When and how we share personal data and locations of processing

PwC CRM tooling is provided by Salesforce and is hosted on Microsoft Azure datacenters in the European Union. The information in the PwC CRM may be accessed by PwC-member firms for the purposes described above. For details of our member firm locations, please click here. Further details about the processors (such as IT service providers) used by PwC NL and locations of processing are provided here.

Corporate clients (and persons associated with our corporate clients)

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data with us where it is strictly needed for those purposes.

Where we need to process personal data to provide professional services, we ask our clients to provide the necessary information to the data subjects regarding its use. Our clients may use relevant sections of this Privacy Statement or refer data subjects to this Privacy Statement if they consider it appropriate to do so.

The categories of personal data processed by us in relation to the services we provide are generally:

  • Personal details (e.g. name, age/date of birth, gender, marital status, country of residence)
  • Contact details (e.g. email address, contact number, postal address)
  • Financial details (e.g. salary and other income and investments, benefis, tax status)
  • and Job details (e.g. role, grade, experience and performance information)

For certain services or activities, we may process special categories of personal data (such as in performing ‘know your client’ checks and providing immigration and tax services, which involve us processing government identification documents that may contain biometric data or data revealing racial or ethnic origin or as part of an audit of an organisation in the health sector).

In general we only collect personal data from our clients or from third parties when providing services to the relevant client.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services
    We provide a diverse range of professional services (click here for information on our services) [https://www.pwc.nl/en/services.html]. Some of our services require us to process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility, tax and pensions services.
    Legal grounds: Legitimate interests, legal obligation, public interest or consent
    This processing of personal data by us is necessary for the purposes of the legitimate interests pursued by us in providing professional services and our client in receiving professional services as part of running their organisation and, in some cases, we have a legal obligation to provide the services in a certain way (e.g. statutory audit). Where we process special categories of personal data, we rely on a relevant public interest condition or consent.

  • Administering, managing and developing our businesses and services
    We may process personal data in order to run our business, including:
    • managing our relationship with clients and prospective clients
    • developing our businesses and services (such as identifying client needs and improvements in service delivery)
    • maintaining and using IT systems
    • hosting or facilitating the hosting of events
    • and administering and managing our website and systems and applications

    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.

  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to ensure network and information security, manage risks to our business and check the quality of our services.

  • Providing our clients and prospective clients with information about us and our range of services
    Unless we are asked not to, we use client and prospective client business contact details to provide information that we think will be of interest about us and our services. For example, industry updates and insights, other services that may be relevant and invites to events.
    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to promote our business and services.

  • Complying with any requirement of law, regulation or a professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
    Legal grounds: Legal obligation or legitimate interests
    This processing is necessary for us to comply with a legal obligation; for example, when conducting customer due diligence checks to comply with anti-money laundering regulations and, where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory or professional obligations.

  • Monitoring / Analyzing / Benchmarking / Analyzing our services
    We are constantly looking for ways to help our customers and improve our activities and services. To the extent that we have agreed with our customers, we may also use information that we receive in the course of providing professional services for other legitimate purposes, such as conducting analyzes to gain more insight into certain issues, industries or sectors, the feedback of those insights to our customers, the improvement of our activities, services and range of services and the development of new PwC NL technologies and services. To the extent that the information we receive in the course of providing professional services contains personal information, we will anonymize that information before using the information for these purposes.
    Legal grounds: legitimate interest
    We have a legitimate interest in anonymizing data to help our customers, to improve our business, services and services, and to develop new PwC NL technologies and services, including by performing benchmarks and analyzes.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal data will be retained about our contacts at our suppliers for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation) and then deleted in line with our deletion and retention policies.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

When and how we share personal data and locations of processing

Further details about the processors (such as IT service providers) used by PwC NL and locations of processing are provided here. We may use other organisations to help us deliver our services as agreed with our client on an engagement-specific basis.

Person clients

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data where it is strictly needed for those purposes. Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to other data subjects concerned, such as family members, regarding its use.

Given the diversity of the services we provide to personal clients (click here for information on our services), we process many categories of personal data, including as appropriate for the services we are providing:

  • Contact details
  • Business activities
  • Family information
  • Income, taxation and other financial-related details
  • and Investments and other financial interests

For certain services or activities, and when permitted by law (e.g. under a public interest condition) or with an individual's consent, we may also collect special categories of personal data. Examples of special categories include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records.

In general, we only collect personal data from our clients or from a third party acting on the instructions of the relevant client.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services
    We provide a diverse range of professional services (click here for information on our services). Some of our services require us to process personal data in order to provide advice and deliverables. For example, we need to use personal data to provide individual tax advice, immigration services or pensions advice.
    Legal grounds: Performance of a contract, legitimate interests, legal obligation, public interest or consent
    This processing is necessary for the performance of the engagement letter (contract) to which our personal client (the data subject) is a party and, where we process personal data about other individuals (such as family members) in order to provide our services, this processing is necessary for the purposes of the legitimate interests pursued by us in providing professional services and our client in receiving professional services. In some cases we have a legal obligation to perform our services in a certain way, if we process special personal data we do so based on our legitimate interest or consent.

  • Administering, managing and developing our businesses and services
    We may process personal data in order to run our business, including:
    • managing our relationship with clients and prospective clients
    • developing our businesses and services (such as identifying client needs and improvements in service delivery)
    • maintaining and using IT systems
    • hosting or facilitating the hosting of events
    • and administering and managing our website and systems and applications

    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.

  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involves detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to ensure network and information security, manage risks to our business and check the quality of our services.

  • Providing our clients and prospective clients with information about us and our range of services
    With consent or otherwise in accordance with applicable law, we use client and prospective client contact details to provide information that we think will be of interest about us and our services. For example, industry updates and insights, other services that may be relevant and invites to events.
    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to promote our business and services.

  • Complying with any requirement of law, regulation or a professional body of which we are a member
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
    Legal grounds: Legal obligation or legitimate interests
    This processing is necessary for us to comply with a legal obligation; for example, when conducting customer due diligence checks to comply with anti-money laundering regulations and, where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory or professional obligations.

  • We are continually looking for ways to help our clients and improve our business and services.
    Where agreed with our clients, we may use the information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new PwC NL technologies and offerings. To the extent that the information that we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.
    Legal grounds: Legitimate interests
    We have a legitimate interest in de-identifying data to help our clients, to improve our business, service delivery and offerings and to develop new PwC NL technologies and offerings, including by performing benchmarking and analysis.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

However, personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

When and how we share personal data and locations of processing

Further details about the processors (such as IT service providers) used by PwC NL and locations of processing are provided here. We may use other organisations to help us deliver our services as agreed with our client on an engagement-specific basis.

Individuals who use our applications

We provide external users access to various applications managed by us. Such applications will contain their own privacy statement explaining why and how personal data is collected and processed by those applications. We encourage individuals using our applications to refer to the privacy statement available on those applications.

Details about the processors (such as IT service providers) used by PwC NL and locations of processing are provided here.

Individuals whose personal data we obtain in connection with providing professional services to our clients

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data with us where it is strictly needed for those purposes

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to the data subjects concerned regarding its use.

We collect and use contact details for our clients in order to manage and maintain our relationship with those individuals.

Given the diversity of the services we provide to clients (click here for information on our services), we process many categories of personal data, including:

  • Personal details (e.g. name, age/date of birth, gender, marital status, country of residence)
  • Contact details (e.g. email address, contact number, postal address)
  • Financial details (e.g. salary, payroll details and other financial-related details such as income, investments and other financial interests, benefits, tax status)
  • and Job details (e.g. role, grade, experience, performance information and other information about management and employees).

For certain services or activities, we may process special categories of personal data (such as in performing know your client checks and providing immigration and tax services, which involve us processing government identification documents that may contain biometric data or data revealing racial or ethnic origin or as part of an audit of an organisation in the health sector).

Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client. For some of our services, for example, when undertaking a due diligence review of an acquisition target on behalf of a client, we may obtain personal data from that target’s management and employees or from a third party acting on the instructions of the target.

Certain services we provide require us to process personal data related to criminal convictions and offences, for example when we perform mandatory anti-corruption checks for clients, or when we perform background checks for clients

Use of personal data

We use personal data for the following purposes:

  • Providing professional services
    We provide a diverse range of professional services (click here for information on our services). Some of our services require us to process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility and pensions services.
    Legal grounds: Legitimate interests, legal obligation, public interest or consent
    This processing of personal data by us is necessary for the purposes of the legitimate interests pursued by us in providing professional services and our client in receiving professional services as part of running their organisation and, in some cases, we have a legal obligation to provide the services in a certain way (e.g. statutory audit). Where we process special categories of personal data, we rely on a relevant public interest condition or consent.

  • Administering, managing and developing our businesses and services
    We may process personal data in order to run our business, including:
    • managing our relationship with clients
    • developing our businesses and services (such as identifying client needs and improvements in service delivery)
    • maintaining and using IT systems
    • hosting or facilitating the hosting of events
    • and administering and managing our website and systems and applications

    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.

  • Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
    Legal grounds: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to ensure network and information security, manage risks to our business and check the quality of our services.

  • Complying with any requirement of law, regulation or a professional body of which we are a member
    ZAs with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
    Legal grounds: Legal obligation or legitimate interests
    This processing is necessary for us to comply with a legal obligation; for example, when conducting customer due diligence checks to comply with anti-money laundering regulations and, where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory or professional obligations.

  • We are continually looking for ways to help our clients and improve our business and services.
    Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new PwC NL technologies and offerings. To the extent that the information that we receive in the course of providing professional services contains personal data, we will remove the personal data prior to using the information for these purposes.
    Legal grounds: Legitimate interests
    We have a legitimate interest in de-identifying data to help our clients, to improve our business, service delivery and offerings and to develop new PwC NL technologies and offerings, including by performing benchmarking and analysis.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 7 years. However personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

When and how we share personal data and locations of processing

Further details about the processors (such as IT service providers) used by PwC NL are provided here. We may use other organisations to help us deliver our services as agreed with our client on an engagement-specific basis.

Personnel (partners, staff and contractors)

We collect personal data concerning our own personnel (partners, staff and contractors) as part of the administration, management and promotion of our business activities.

Please refer to our “Privacybeleid medewerkers” available on Spark for information on why and how personal data is collected and processed in relation to your role with PwC NL.

Visitors to our website

Collection of personal data

Visitors to our websites are generally in control of the personal data shared with us. We may capture limited personal data automatically via the use of cookies and analytics tools on our website. Please see the section on Cookies below for more information.

We receive personal data, such as name, title, company address, email address, and telephone and fax numbers from website visitors; for example when an individual registers updates from us.

Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.

We ask that you do not provide special categories of personal data (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) to us when using our website.

Use of personal data

When you provide personal data to us, we may use it for any of the purposes described in this Privacy Statement or as stated at the point of collection (or as obvious from the context of collection), including:

  • where you submit your contact details, unless we are asked not to, we may contact you with information about PwC NL’s business, services and events, and other information which may be of interest to you. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email to nl_dataprotection@pwc.com
  • to administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site or premium content
  • to communicate with you in order to distribute requested materials or ask for further information
  • to personalise and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you
  • to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites)
  • to determine the company, organisation, institution, or agency that you work for or with which you are otherwise associated
  • to develop our businesses and services, including aggregating data for website analytics and improvements
  • aggregating data to conduct benchmarking and data analysis including, for example, regarding usage of our websites
  • to conduct quality and risk management reviews
  • to understand how people use the features and functions of our websites in order to improve the user experience
  • to monitor and enforce compliance with our terms, including acceptable use policies
  • and any other purposes for which you provided the information to PwC NL (such as to subscribe you to the updates you request).

Our websites do not collect or compile personally identifying information for sale to non-PwC NL parties for their marketing purposes. If there is an instance where your personal data may be shared with a party that is not a PwC member firm, you will be asked for their consent beforehand.

Cookies

We use small text files called ‘cookies’ which are placed on your hard drives to assist in personalising and enriching your browsing experience by displaying content that is more likely to be relevant and of interest to you. The use of cookies is now standard operating procedure for most websites. However if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. You need to accept cookies in order register on our website. You may find other functionality in the website impaired if you disable cookies. After termination of the visit to our site, you can always delete the cookie from your system if you wish.

You can find out more details regarding our use of cookies on the Cookies page.

Third party links

Our website may link to third party sites not controlled by PwC NL and which do not operate under PwC NL's privacy practices. When you link to third party sites, PwC NL's privacy practices no longer apply. We encourage you to review each third party site's privacy policy before disclosing any personally identifiable information.

Data retention

Personal data collected via our websites will be retained by us for as long as it is necessary and allowed by relevant law and regulation(s).

Others who get in touch with us

We collect personal data when an individual gets in touch with us with a question, complaint, comment or feedback (such as name, contact details and contents of the communication). In these cases, the individual is in control of the personal data shared with us and we will only use the data for the purpose of responding to the communication.

Label

Your right of access to personal data

You have the right to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data held by us as a controller and obtain certain other information about how and why we process your personal data (similar to the information provided in this Privacy Statement).

This right may be exercised by submitting the following request form. We aim to respond to any requests for information promptly, and in any event within the legally required time limits.

Your right to rectification / amendment of personal data

You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.

To update personal data submitted to us, please submit your request the following form or, where appropriate, contact us via the relevant website registration page or directly amend the personal details held on relevant websites or applications with which you registered.

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates as appropriate based on your updated information.

Your right to erasure / right to be forgotten

You have the right to obtain deletion of your personal data in the following cases:

  • the personal data are no longer necessary in relation to the purposes for which they were collected and processed
  • our legal grounds for processing is consent, you withdraw consent and we have no other lawful basis for the processing
  • our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds
  • you object to our processing for direct marketing purposes
  • your personal data have been unlawfully processed
  • your personal data must be erased to comply with a legal obligation to which we are subject

To request deletion of your personal data, please send us a request via the following form.

Your right to restrict processing

You have the right to restrict our processing of your personal data in the following cases:

  • for a period enabling us to verify the accuracy of your personal data where you have contested the accuracy of the personal data
  • your personal data have been unlawfully processed and you request restriction of processing instead of deletion
  • your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims
  • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us

To restrict our processing of your personal data, please send us a request using the following form.

Your right to object to processing

You have the right to object to our processing of your personal data in the following cases:

  • our legal grounds for processing is that the processing is necessary for a legitimate interest pursued by us or a third party
  • our processing is for direct marketing purposes

To object to our processing of your personal data, please submit the following ,a href='https://www.pwc.nl/en/onze-organisatie/contact/gdpr-related-request.html'>form.

Your right to data portability

You have a right to receive your personal data provided by you to us and have the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means..

To exercise your right to data portability, please submit the following form.

Your right to withdraw consent (where processing is based on consent)

Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).

Where we rely on your consent for our processing of your personal data, to withdraw your consent please send us your request using the following form or, to stop receiving an email from a PwC NL marketing list, please click on the unsubscribe link in the relevant email.

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to nl_dataprotection@pwc.com or sent a letter to Data Protection Office (per gewone post: PricewaterhouseCoopers B.V., t.a.v. Data Protection Office (Westgate II 10G), Postbus 90351, 1066 JR Amsterdam). We will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. The Autoriteit Persoonsgegevens (“AP”) is the NL data protection regulator/supervisory authority. For further information on your rights and how to complain to the AP, please refer to the website of the AP.