This privacy policy was last updated on 1 December 2021.
PwC is strongly committed to protecting personal information. This privacy policy describes why and how we collect and use personal information and provides information about individuals’ rights. It applies to personal information provided to us, both by individuals themselves or by others. We may use personal information provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.
This privacy policy applies to PricewaterhouseCoopers (NZBN 9429044819965), PwC Legal (NZBN 9429042425953), PricewaterhouseCoopers Consulting (New Zealand) LP (NZBN 9429043294114), PwC Advisory Services (NZBN942903042165) and PwC Foundation (NZBN 9429050409716), of Level 26 PwC Tower, 15 Customs Street West, Auckland 1010, New Zealand, and any entity owned or controlled by these entities’ operations in New Zealand (together "PwC”, “we”, or “our”). This policy explains how PwC handles personal information and complies with the requirements of the Privacy Act 2020 ("Privacy Act"). If you have any further questions in relation to this policy, please contact our Privacy Officer at nz_privacy_officer@pwc.com.
Personal information or personal data is information about an identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal information.
Processing is how we sometimes refer to the handling, collecting, protecting or storing of your personal information.
When collecting and using personal information, our policy is to be transparent about why and how we do that.
This policy relates to PwC’s collection and handling of personal information that is covered by the Privacy Act. It is not intended to cover categories of personal information that are not covered by the Privacy Act unless otherwise specified.
PwC collects, holds and processes personal information from clients, suppliers, employees, job applicants, contractors and other individuals. We collect and hold this information for our necessary business purposes.
The types of personal information we collect, hold and process include:
We generally do not intend to collect, and we ask you not to submit, any special categories of personal information. Special categories of personal information includes information about an individual’s race or ethnic origin; political opinions or political affiliations; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data that uniquely identifies someone; sexual life or sexual orientation; and criminal records.
If you choose to provide special categories of personal information about yourself to us for any reason, the act of doing so constitutes your explicit consent, (where such consent is necessary), for us to collect and use that information as necessary in the ways described in this privacy policy or as described at the point you choose to disclose this information.
We collect most information directly from individuals when we deal with them. The personal information we collect may be provided in forms filled out by individuals, face to face meetings, email messages, telephone conversations, when you use our websites or our social media, or by third parties. If you contact us, we may keep a record of that contact.
We may also collect information from third parties, such as, other people or agencies. In certain instances, where permitted, PwC may seek person information from the Motor Vehicle Register (view our related privacy notice here).
Because of the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or through the use of a pseudonym, although sometimes this is possible (for example, when seeking staff or client feedback generally).
We rely on one or more of the following conditions to justify processing your personal information:
The primary purposes for which we collect, hold and process personal information are:
- managing our relationship with clients and prospective clients;
- managing our business and services (such as identifying client needs and improvements in service delivery);
- analysing and evaluating the strength of interactions between PwC and a contact;
- performing analytics, including producing metrics for PwC leadership, such as trends, relationship maps, sales intelligence and progress against account business goals;
- administering and managing IT systems, websites and applications; and
- hosting or facilitating the hosting of events.
- automated scans to identify harmful emails;
- monitoring the services provided to clients for risk and quality purposes, which may involve processing personal information stored on the relevant client file.
- carrying out conflict and risk searches to ensure there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputation issues);
If you choose not to provide us with personal information which we have requested from you, we may be unable to fulfil any of the above purposes, including providing professional services to you, responding to your requests, paying your invoices or processing your application for employment..
We may collect, hold and use personal information about individuals to market our services, including by email. However, individuals always have the opportunity to elect not to receive further marketing information from us by writing to the Privacy Officer at nz_privacy_officer@pwc.com. Please allow 20 working days for your request to be processed.
Alternatively, if we have contacted you by email, you may use the unsubscribe function in that email to notify us that you do not want to receive further marketing information from us by email.
If we collect, hold or use personal information in ways other than as stated in this policy, we will ensure we do so pursuant to the requirements of the Privacy Act.
PwC does not disclose personal information unless:
We may also disclose personal information under the following circumstances:
We may also share non-personal, de-identified and aggregated information for research or promotional purposes. Except as set out in this policy, we do not sell to or trade personal information with third parties.
Please note, in accordance with the above, sometimes individuals and organisations outside of PwC will have access to personal information held by PwC and may collect or use it from or on behalf of PwC. Some of these third party providers may use their own third party subcontractors that have access to personal information (sub-processors). It is our policy to use only service providers and third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC and in accordance with our privacy guidelines and not to keep, use or disclose personal information we provide to them for any unauthorised purposes. We also require the flow of those same obligations down to their sub-processors.
We will only share personal information with others when we are legally permitted to do so.
We retain personal information for as long as is necessary for the purpose for which it was collected and in accordance with our Retention Policies. Personal information may be held for longer periods where extended retention periods are required by law or regulation and as necessary in order to defend our legal rights.
In addition to disclosures permitted under this policy, we may disclose your personal information to other PwC firms within the PwC global network (PwC Network Firms).
For a list of where the PwC Network Firms are located, see PwC office locations.
We may share personal information with other PwC member firms where necessary, for example for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from PwC member firms in different territories) or for any of the purposes set out above.
PwC and other PwC Network Firms with which we exchange information may also use overseas facilities or contractors to process or back-up our information or to provide certain services to us (e.g. offshore cloud service providers). These PwC Network Firms, service providers and contractors may not be New Zealand entities or regulated by the Privacy Act, and may not be subject to privacy laws that provide the same level of protection as New Zealand’s Privacy Act. By providing personal information to us, you consent to the disclosure of your personal information to such PwC Network Firms, service providers and contractors on this basis.
We will take all steps that are reasonably necessary to ensure your personal information is treated securely and in accordance with this privacy policy as well as applicable data protection laws.
Any such transfer of personal information does not change any of our commitments to safeguard your privacy and the information will remain subject to any existing confidentiality obligations.
This policy also applies to any personal information we collect via our websites, including pwc.co.nz, and applications including mobile applications. In addition to personal information you provide to us directly (such as where you make a direct request to us or complete a registration form).
In order to properly manage our websites and applications, we may log certain statistics about the users of these facilities, for example the users' domains and browser types. None of this information specifically identifies an individual and it is used solely to ensure that our websites and applications provide the best possible navigational experience for users.
Cookies and web beacons are used on some PwC websites.
Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. In most cases, you can refuse a cookie and still fully navigate the PwC websites. If you require more information on the type and use of cookies by PwC, see our Cookies Information page.
A web beacon is a clear picture file used to keep track of your navigation through a website. Along with cookies, web beacons help us gain an understanding of how users of PwC websites navigate through and process the content contained in those websites. On occasion PwC will advertise on third party websites. As part of the tracking process for advertising campaigns we may at times use web beacons to count visitors who have come to the PwC websites after being exposed to PwC advertising on a third party site.
We do not use this technology to access your personal information.
If you have registered an account with us, you will be identified by a user name and password when you log into our website or applications. The information we collect about members' use of our websites may be used for measuring use and performance and in assisting to resolve any technical difficulties.
Because PwC wants your user experience to be as informative and resourceful as possible, we provide a number of links to websites and embedded content operated by third parties that may also set cookies and web beacons. PwC is not responsible for the privacy practices or policies of those sites. We encourage you to review each website's privacy policy, especially if you intend to disclose any personal information via that site. A link to another non-PwC website is not an express or implied endorsement, promotion or warranty of the products or services offered by or accessible through that site or advertised on that site.
PwC will endeavour to take all reasonable steps to keep secure any information which we hold about you, whether electronically or in hard-copy, and to keep this information accurate and up to date. We also require our employees and data processors to respect the confidentiality of any personal information held by PwC.
PwC aims to achieve industry best practice in the security of personal information which it holds. We adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will provide access to personal information upon request by an individual, except in the limited circumstances in which it is permitted for us to withhold this information.
When you make a request to access personal information, we will require you to provide some form of identification (such as driver’s licence or passport) so we can verify that you are the person to whom the information relates. In some cases we may also request an administrative fee to cover the cost of access.
If at any time you want to know what personal information we hold about you, you may contact us by emailing us at nz_privacy_officer@pwc.com.
If you are a resident in the European Economic Area, you have the following rights in relation to your personal information (where applicable):
To make a request to exercise any of these rights in relation to your personal information, please email, call or write to us using the contact information listed below in the “Introduction” and “Correction and Concerns” sections.
Where we process or hold personal information solely on behalf of another organisation, we do so as an “agent” under the Privacy Act. Where we process, use or disclose personal information for our own purposes, or for purposes related to our business, we will be an agency governed by the Privacy Act. If you have any questions about this privacy policy or how and why we process personal information, please contact us at:
Privacy Officer: email at nz_privacy_officer@pwc.com.
If you believe that information we hold about you is incorrect or out of date, or if you have concerns about how we are handling your personal information, please contact us and we will try to resolve those concerns. You can direct any requests for correction or concerns to our Privacy Officer via email to nz_privacy_officer@pwc.com.
If PwC becomes aware of any ongoing concerns or problems concerning our privacy practices, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our privacy policy, or you have a problem or complaint, please contact our Privacy Officer. If you are not satisfied with our handling of your problem or complaint you may make a complaint to the Office of the Privacy Commissioner (https://www.privacy.org.nz/about-us/contact/).