Last revised: 25 October 2024
At PwC, we are committed to protecting your privacy and safeguarding your personal, business and financial information. This Privacy Statement applies to the network of PwC firms operating in the Caribbean (PwC Bahamas, PwC Bermuda, PwC British Virgin Islands, PwC Cayman Islands, PwC East Caribbean, PwC Guyana, PwC Jamaica, and PwC Trinidad & Tobago) and their respective affiliates ("PwC", "we", “us” or "our").
The purpose of this Privacy Statement is to inform you about the types of Personal Information, as defined below, that PwC collects, uses and discloses. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may correct that information.
This Privacy Statement is designed to meet the standards prescribed by territory specific legislation and best practice. In addition to any territory specific laws, we continue to be subject to the confidentiality rules of territory specific professional accountancy bodies.
From time to time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the “last revised" date which appears at the top of this page.
We will treat Personal Information in a manner consistent with the Privacy Statement under which it was collected and our Privacy Policy, unless we have your consent to treat it differently. This Privacy Statement applies to any information we collect or receive about you, from any source.
"Personal Information" is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information may include, but is not limited to, your mailing address, telephone number, email address, Internet Protocol (“IP”) address, age, gender, marital status, health information, financial status, credit card information and credit history. Personal Information, however, does not include your business title, business address or business telephone number in your capacity as an employee of an organisation.
We will always collect your Personal Information by fair and lawful means (for example, when you engage us to provide services, use the PwC website or speak to a PwC representative). We collect Personal Information directly from you, or indirectly from third party sources as otherwise permitted by applicable law.
From time to time, you may voluntarily provide PwC with unsolicited Personal information (e.g. by providing information through the PwC websites). If you provide such information for any reason, you consent to PwC using that information in the ways described in this Privacy Statement or as described at the point where you choose to disclose this information. When providing PwC with unsolicited information, we ask that you do not provide any sensitive information (e.g. Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information) unless you provide us with explicit consent to collect this information from you.
With respect to our websites, PwC may use cookies, log files and web beacons to collect information regarding the use of the websites. Generally, this information is non-identifiable and would likely not be considered Personal Information.
Cookies: Cookies are small text files placed on your hard drive that assist us in providing a more customised website experience. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area. It is PwC’s policy to use cookies to make navigation of our websites easier for visitors and to facilitate efficient registration procedures. If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites. See Cookie policy at: https://www.pwc.com/cb/en/cookie-information.html
Log files: In order to properly manage our websites, we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters and are generally non-identifiable.
Web beacons: To gather visitor statistics and manage cookies, we use electronic images called a "single-pixel GIF" or "web beacon." Web beacons allow our third-party tracking tools, Adobe Analytics, Google Analytics and Oracle Marketing Cloud to gather information such as the IP address of your computer, the time the material was viewed and the type of Internet browser used to access the page. This information is tracked on the third party tracking tools' servers and reported in aggregate to our webmasters. If you are concerned about the use of Web beacons you can turn off your browsers' cookies. This action will prevent Web beacons from tracking your specific activity; however, the Web beacon may still record a visit from your IP address.
Marketing Automation: In order to provide you with the most personalised experience and give you access to products and services that are most relevant to you, PwC may use marketing automation tools to deliver targeted marketing campaigns across multiple PwC platforms (e.g. via web, email, mobile, etc.) and create customer profiles by tracking your behavior and preferences while using PwC platforms. All of PwC’s electronic marketing activities are done in accordance with applicable legislation.
Finally, PwC understands the importance of protecting children's privacy online. The PwC websites covered by this Privacy Statement are not intentionally designed for or directed at children 13 years of age or younger. It is PwC's policy never to knowingly collect or maintain information about anyone under the age of 13.
Personal Information provided to us by our clients is primarily stored on servers maintained by PwC network firms. However, except where restricted by contractual arrangements or legal requirements applicable to specific clients, PwC may also leverage the services of select third party service providers. Personal Information that is "in the cloud" may be stored on multiple servers in a number of locations around the world. PwC has taken appropriate steps for the protection of Personal Information handled by our service providers. However, information transmitted to other countries may be subject to the laws and lawful disclosure requirements of the jurisdiction(s) where the information is stored.
We generally use your Personal Information for the following purposes (the "Purposes"):
We identify the purposes for which we use your Personal Information at the time we collect such information from you, and obtain your informed, freely given and unambiguous consent prior to each specific use. When you provide us with consent to use your Personal Information, your consent covers all processing activities carried out for the same purpose or purposes. When the use of your Personal Information has multiple purposes, PwC will seek your consent for each separate purpose for which the Personal Information will be used.
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
For example, we may transfer your Personal Information to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes — such as service providers that provide data storage or processing.
Generally, we will only make disclosures of Personal Information to such persons for which you provide your consent. Notwithstanding the foregoing, we may also make disclosures of Personal Information to a potential acquirer in connection with a transaction involving the sale of some or all of the business of PwC or as otherwise permitted or required by law, in which case the use of your Personal Information by the new entity would continue to be limited by applicable law.
In addition, we may send Personal Information outside of the country for the purposes set out above, including for process and storage by service providers in connection with such purposes. These other jurisdictions may include the United States, India, United Kingdom or the jurisdiction of any other PwC network firm (as per our engagement letters which allow us to draw on the resources of other firms), which latter jurisdiction(s) may be identified upon request.
To the extent that any Personal Information is out of the jurisdiction of the PwC firm that you are dealing with, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
With respect to the PwC websites, this Privacy Statement applies to the websites located within www.pwc.com/cb. Other PwC websites are not covered under this policy. These sites have their own privacy statements. In addition, there are several places throughout the websites that may link to other websites that do not operate under this Privacy Statement. When you link to other websites, PwC's privacy practices no longer apply. For this reason, we encourage visitors to review each site's privacy policy before disclosing any Personal Information.
We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. You may provide your express consent to us either orally, electronically or in writing. You may also consent to PwC’s collection, use and disclosure of Personal Information by voluntarily providing us with Personal Information through a clear, affirmative action (e.g. by submitting an information request, participating in a survey, etc.). PwC may also rely on your implied consent to the collection, use and disclosure of your Personal Information where implied consent is permitted under applicable law.
We will not, as a condition of the supply of our professional services or products, require you to consent to the collection, use, disclosure or protection of information beyond that which is required to fulfill the specified and legitimate purposes for which the information is being collected.
With respect to our websites, should visitors subsequently choose to unsubscribe from mailing lists or any registrations, visitors may send us an email using the Contact us page.
We ensure that all affiliates and other third parties, including PwC member firms, which are retained to perform services on our behalf and are therefore provided with Personal Information are contractually required to observe the intent of this Privacy Statement and PwC’s privacy and data security policies and practices. When providing information to affiliates and/or third parties, PwC complies with the requirements of Article 28 of the EU General Data Protection Regulation 2016/679 (“the GDPR”) and practices.
We may keep a record of your Personal Information, correspondence or comments in a file specific to you. We will use, disclose or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected, or as permitted or required by law.
If you make a written request to review any Personal Information about you that we have collected, utilised or disclosed, we will provide you with any such Personal Information as permitted or required by law. We will make such Personal Information available to you in a form that is generally understandable, and will explain any abbreviations or codes. To submit a written access request, or to obtain further information with respect to your access rights, you may contact our Data Protection team, as indicated below.
We will ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We may request, from time to time, that you supply us with written updates to your Personal Information, as required.
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
Unless we advise you to the contrary, we will respond to each of your written requests not later than one month after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. As prescribed in any relevant territory specific regulations, you have the right to make a complaint to the appropriate authority in respect of this time limit.
In many circumstances we will be able to provide you with the requested information free of charge. However, in certain jurisdictions there are some circumstances in which we may lawfully charge a fee covering the cost or providing the requested data and information or even may lawfully refuse to act on the request. If a fee is payable then we will generally need to receive it before we can disclose the requested information. However, we will not charge any costs for you to access your Personal Information in our records or to access our Privacy Policy or practices without first providing you with an estimate of the approximate costs (if applicable and as permitted under relevant law). You may withdraw your requests for access to information by notifying us within the notice period disclosed on the estimate.
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
We have implemented physical, organisational, contractual and technological security measures to protect your Personal Information from loss or theft, unauthorised access, disclosure, copying, use or modification. The only employees who are granted access to your Personal Information are those with a business 'need-to-know' or whose duties reasonably require such information. On the PwC websites, we use secure socket layer technology.
Personal information may also be processed as part of the security monitoring that we undertake to detect, investigate and resolve security threats — for example, automated scans to identify harmful emails (e.g., phishing attempts).
All comments, questions, concerns or complaints regarding your Personal Information or our Privacy Policy and practices, should be forwarded to our Data Protection team as follows:
Email: gbl_crb_dpo@pwc.com