Privacy Statement

Processing of personal data

PwC processes business contact details of existing and potential PwC clients and/or individuals associated with them for the purposes, based on the legal grounds and using the methods set out below.

Business contact details are collected and stored in the Salesforce customer relationship management system (“PwC CRM”). The collection of personal data about contacts and the inclusion of that personal data in the PwC CRM is in some cases carried out manually (e.g. by a PwC employee receiving a business card with contact details from a client) or such data are automatically uploaded from forms completed by the data subject, from email correspondence, or from calendaring systems used by PwC.

The data collected include

• the data subject’s name,
•  the name of the employer of the data subject or the name of the organisation on whose behalf the data subject is acting;
•  the position held by the data subject with his or her employer or with the organisation on whose behalf he or she is acting;
• the data subject’s contact details, in particular his/her telephone number and organisational email address.

Use of personal data

We use the personal data listed in this section for the following purposes:

• proposals for specific professional services;
• provision of professional services;
• maintaining business relations;
• confirmation of performance, exercising of any legal claims arising from the professional service.

Legal grounds

• If we are bound by a contract to provide professional services, in the case of our natural person clients the legal ground of the data processing is the performance of our contractual obligations to the data subject client, while in the case of non-natural clients, the legal ground is our legitimate interest related to performing our contractual obligations.
• If a contractual legal relationship has not yet been established with the data subject or the organisation on whose behalf the data subject is acting, the legal basis for our data processing is our legitimate interest related to pre-contractual consultation and communication.
• The legal basis of data processing in connection with the confirmation of performance and the exercising of potential legal claims arising from the professional service is our legitimate interest related to the defense of our legal position.

Data retention

We retain the personal data processed for as long as strictly necessary for the purpose for which it was collected.

As part of that process:

• Personal data will be retained for as long as the business relationship between PwC and the client exists or as long as it is strictly necessary for the data to be retained for any of the above purposes;
• If a mandatory retention period is prescribed by law for a given activity, personal data will be retained until the expiry of the statutory retention period, e.g. data required to fulfil accounting obligations will be retained for 8 years.
• In the absence of other specific legal, regulatory or contractual requirements, where the processing of personal data is necessary for the purposes of asserting a claim or defending our legal position, our retention period for personal data follows the related statutory limitation period prescribed by law (e.g. tax statute of limitations). If no other limitation period is applicable, the retention period will follow the general statutory limitation period under civil law (five years).

Processing of personal data

In the interest of providing our professional services we may process the personal data of individuals associated with our corporate clients (e.g. employees or representatives of such clients).

In all cases, we limit the data processed to the necessary minimum. In accordance with the principle of purpose limitation, we kindly ask data subjects to share personal data with us only where it is relevant and strictly necessary for the purpose of communication or managing our legal relationship with the client we provide the services to. We also kindly ask our corporate clients to bring this notice to the attention of the relevant individuals associated with them.

In view of the diversity of the services provided by PwC, the scope of the personal data processed cannot be defined exhaustively, but depending on the type of service, we collect, in particular, the following personal data:

• name,
• position,
•  corporate phone number.email address,
• corporate phone number.

We note that corporate clients that provide personal data to us for the purposes of rendering our professional services (e.g. personal data of contact persons) qualify as independent data controllers with regard to their own data processing (i.e. before they provide the personal data to us), for which PwC cannot be held liable. PwC is solely responsible for its own data processing, from the date on which the personal data are provided to PwC.

Use of personal data

The personal data listed in this section may be used for the following purposes:

• making offers for specific professional services;
• provision of professional services;
• confirmation of performance, exercising of any legal claims arising from the professional service.maintaining business relations;
• confirmation of performance, exercising of any legal claims arising from the professional service.

Legal grounds

The processing takes place based on the following legal grounds:

• our legitimate interest related to the performance of a contract with our corporate clients;
• the legal basis for data processing in connection with the confirmation of performance and the exercising of our potential legal claims arising from the professional service is our legitimate interest related to the defense of our legal position.

Data retention

We retain the personal data processed by us for as long as strictly necessary for the purpose for which it was collected.

As part of that process:

• If a mandatory retention period is prescribed by law for a given activity, personal data will be retained until the expiry of the statutory retention period, e.g. data required to fulfil accounting obligations will be retained for 8 years.
• In the absence of other specific legal, regulatory or contractual requirements, where the processing of personal data is necessary for the purposes of asserting a claim or defending our legal position, our retention period for personal data follows the related statutory limitation period prescribed by law (e.g. tax statute of limitations). If no other limitation period is applicable, the retention period will follow the general statutory limitation period under civil law (five years).

Processing of personal data

During the provision or in relation to the provision of our professional services to private individual clients we process certain personal data of such clients.

In accordance with the principle of purpose limitation, we kindly ask data subjects who may come into contact with us to share personal data with us only where it is relevant and strictly necessary for the purposes of communicating or managing our relationship with them. Please also provide your explicit consent to the processing of any special categories of personal data that you consider necessary to share with us, otherwise we will not be able to process such data.

If applicable, we kindly ask our clients to provide the necessary information regarding our data processing to other data subjects concerned whose personal data we need in order to render our services (such as family members in the case of preparing personal income tax returns), and, where applicable, provide us with their explicit consent to the processing of any special categories of their personal data.

Given the diversity of the services we provide to private individual clients (click here for information on our services) we process various categories of personal data, including, in particular the following, as appropriate for the services we are providing:

• name, contact details;
• business activities, positions held in certain organisations, membership in companies;
• family information, where relevant to the provision of our services;
• income, taxation and other financial-related details;
• investments and other financial interests.

Use of personal data

We use personal data for the following purposes:

• making offers for specific professional services;
• provision of professional services;
• maintaining business relations;
• confirmation of performance, exercising of any legal claims arising from the service.

Legal grounds

The legal grounds for our data processing are as follows:

• in the case of data processing in our contractual relationship with private individual clients, the preparation of the contract and the performance of our contractual obligations to the client, and in the phase preceding the conclusion of the contract, our legitimate interest related to negotiation and communication;
• the legal basis for data processing in connection with the confirmation of performance and the exercising of our potential legal claims arising from the service is our legitimate interest related to the defense of our legal position.

Data retention

We retain the personal data processed by us for as long as strictly necessary for the purpose for which it was collected.

As part of that process:

• If a mandatory retention period is prescribed by law for a given activity, personal data will be retained until the expiry of the statutory retention period, e.g. data required to fulfil accounting obligations will be retained for 8 years.
• In the absence of other specific legal, regulatory or contractual requirements, where the processing of personal data is necessary for the purposes of asserting a claim or defending our legal position, our retention period for personal data follows the related statutory limitation period prescribed by law (e.g. tax statute of limitations). If no other limitation period is applicable, the retention period will follow the general statutory limitation period under civil law (five years).

In some cases, we may provide external users access to various applications and systems managed by us.

Such applications will contain their own, integrated privacy statements explaining why and how personal data is collected and processed in their context. We encourage the users of our applications to refer to said privacy statements and use the application only if they have read and accepted the contents of the privacy statement.

If there is no privacy statement in the relevant application, the data protection provisions of this statement relating to the provision of services shall apply accordingly.

Processing of personal data

For certain services or activities, we may process information and documents (e.g. as part of an audit of an organisation) that contain the personal data of individuals not directly associated with our corporate clients. We may obtain personal data from our clients or from a third party acting on the instructions of the relevant client.

We note that corporate clients that share personal data with us for the purposes of providing our services qualify as independent data controllers with regard to their own data processing (i.e. before they provide personal data to us), for which we will not be held liable. PwC is solely responsible for its own data processing, from the date on which the personal data are provided to PwC.

For the above purposes, we process many categories of personal data, including:

• name, contact details, position held;
• business activities of individuals;
• information about representatives and employees;
• payroll and other financial details relating to individuals;
• investments and other financial interests relating to individuals.

Use of personal data

We use personal data for the following purposes:

• provision of professional services;
• maintaining business relations;
• confirmation of performance, exercising of any legal claims arising from the professional service.

Legal grounds

The legal grounds for our processing comprise

• for personal data obtained by us in connection with fulfilling our contractual obligations to a client, our legitimate interests related to fulfilling such obligations;
• in connection with the confirmation of performance and the exercising of our potential legal claims arising from the professional service, our legitimate interest related to the defense of our legal position.

Data retention

We retain the personal data processed by us for as long as strictly necessary for the purpose for which it was collected. As part of that process:

• If a mandatory retention period is prescribed by law for a given activity, personal data will be retained until the expiry of the statutory retention period;
• In the absence of other specific legal, regulatory or contractual requirements, where the processing of personal data is necessary for the purposes of asserting a claim or defending our legal position, our retention period for personal data follows the related statutory limitation period prescribed by law (e.g. tax statute of limitations). If no other limitation period is applicable, the retention period will follow the general limitation period under civil law (five years).

Processing of personal data

In order for any individual to contact us with a question, comment or complaint, it is essential that they provide us with the personal information necessary to respond.

These data are as follows:

• name;
• contact details;
• contents of the communication (which may also include information qualifying as personal data);
• the information contained in the electronic signature of the person contacting us (e.g. the name of his/her employer, the position held there);
• the content of the record of the consumer complaint.

In these cases, the individual is in control of the personal data shared with us.

We kindly ask you to share personal data with us only where in your view it is strictly necessary for the purposes of responding to the question or comment, or investigating the complaint concerned. Please also provide us with your explicit consent to the processing of any special categories of personal data that you deem absolutely necessary to share with us, otherwise we will not be able to process such data.

Use of personal data

We use personal data for the following purposes:

• answering questions;
• handling complaints;
• ensuring the exercise of the data subject’s rights under the GDPR;
• fulfilling our obligations under the Consumer Protection Act.

Legal grounds

• In cases where we are legally obliged to handle a complaint received or to ensure the exercise of the rights of the data subject - pursuant to Article 17/A of Act CLV of 1997 on Consumer Protection ("Consumer Protection Act") and Articles 12-21 of the GDPR - the legal basis for our processing is the fulfilment of said legal obligations.
• In the absence of a specific legal obligation, the legal basis for our data processing is our legitimate interest related to providing an informative and substantive response to the persons contacting us within a reasonable time.

Data retention

We retain the personal data processed by us for as long as strictly necessary for the purpose for which it was collected.

As part of that process:

• We process personal data in relation to questions or complaints received until the complaint is finally resolved or the question is successfully answered.
• If a written record of the complaint is made, we are obliged to keep it for three years pursuant to Section 17/A (7) of the Consumer Protection Act.
• If, in our view, the communications conducted in response to a complaint or question contain information that may subsequently be required in pursuing a legal claim, the retention period will follow the general statutory limitation period under civil law (five years), which starts from the date of the conclusion of the communication regarding the complaint.

When applying online for a position at PwC via the PwC careers website, applicants will be provided with a separate privacy statement.

For more details about our recruitment processes, please visit our career page.

PwC Hungary has created an Alumni Programme for former employees who now pursue their careers at other organisations and companies. Applicants to the Alumni Programme become members of our Alumni Club, and will receive the latest information on PwC’s initiatives, networking activities and events. The purpose of providing this information is to maintain relationships with former colleagues.

Processing of personal data

In order to register for the Alumni Programme, the following personal data is needed:

• name;
• email address;
• details of former employment at PwC (line of service, industry);
• current business details (position, company name, industry, office email address);
• portrait photo (optional).

Use of personal data

Personal data provided in connection with the Alumni Programme will be used for the following purposes:

• publishing news in the Alumni newsletter about our firm and former employees;
• providing information about our latest initiatives and current 
• discussing possible ways of cooperation with our Alumni Club members.

Legal grounds

The legal grounds for data processing is the applicant’s fully informed, voluntary and explicit consent.

Changes in personal details, termination of membership

You can update your personal information related to your club membership at any time by visiting the registration page at http://www.pwc.com/hu/alumni or by sending an email to alumni.hungary@hu.pwc.com. To cancel your membership, please use the same email address.

Data retention

We will retain the data you have provided as long as you are an Alumni Club member.

We inform our Club members that they may withdraw their consent to the data processing at any time in which case their processed data will be deleted immediately. However, in this case we will no longer be able to communicate with the given Club member.

Processing of personal data

We process personal data about our suppliers, subonctractors and the individuals associated with them, in order to establish and manage the business relationship, conclude contracts, enlist services and provide services to our clients.

For example, where a supplier is providing us with facilities management or other outsourced services, we will process personal data about the individuals appointed as contact persons or involved in the provision of the services. Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to manage our relationship with the supplier and provide such services to our clients.

Data processed by us for such purposes include in particular the following:

• name;
• title or position at the supplier or subcontractor;
• email address;
• organisational phone number;
• other contact details;
• image - in the form of a photo or video recording - and voice of individuals involved in the provision of the services when we organize presentations, courses, trainings or other events to our clients or colleagues with the contribution of our suppliers, subcontractors, and photos or video recordings are taken during such events.

Use of personal data

We use personal data for the following purposes:

• Enlisting the services of our suppliers and subcontractors and maintaining contact with them;
• Providing professional services to clients through our suppliers and subcontractors;
• in relation to videos and photos taken at our events, making the content of the event available after the event and providing information about our events and activities (in certain cases we send the photos or video recordings to the individuals who participated in the event or upload them to one of our online surfaces).

Legal grounds

The legal grounds of our data processing are as follows:

• in the case of our individual (natural person) subcontractors and suppliers, performing the contracts concluded with them;
• in relation to persons acting on behalf of our corporate (non-natural person) subcontractors or suppliers, our legitimate interests in performing the contracts concluded with our subcontractor or supplier;
• in connection with the confirmation of performance and the exercise of our potential legal claims arising from the professional service, our legitimate interest related to the defense of our legal position;
• in relation to photos or videos, our legitimate interest related to recording the content of the event and making such content available later on, further, to providing information about our events.

Data retention

We retain the personal data processed by us for as long as strictly necessary for the purpose for which it was collected.

As part of that process:

• If a mandatory retention period is prescribed by law for a given activity, personal data will be retained until the expiry of the statutory retention period.
• In the absence of other specific legal, regulatory or contractual requirements, where the processing of personal data is necessary for the purposes of asserting a claim or defending our legal position, our retention period for personal data follows the related statutory limitation period prescribed by law (e.g. tax statute of limitations). If no other limitation period is applicable, the retention period will follow the general limitation period under civil law (five years).

We have security measures in place at our office building, including CCTV and building access controls operated by the facility manager of the building. Please note that the data controller for these processes is not PwC, but the manager of the office building, thus, the manager can provide more information in this regard.

When you arrive at PwC's reception, located on the 3rd floor of the office building, we will ask you to provide us with the information necessary to identify you and the member of our staff who will be receiving you, including primarily

• your name;
• which organisation you are representing (if relevant) and
• and to whom you have come.

In addition, if you have also requested a parking space in our underground parking lot, we will process your name and the license plate number of your vehicle in order to reserve a parking space specifically assigned to you.

Please note that, due to the COVID pandemic, additional data processing may take place at the time of entry, the details of which will be made available to you separately.

The data will be processed until the end of your visit, unless we need to retain the data in order to exercise our claims. In this case, the retention period is subject to the limitation period under civil law (5 years).

Processing of personal data

To ensure the successful organisation of our events, we process, in particular, the following personal data:

• name;
• title, if relevant;
• email address;
• phone number;
• other contact details;
• the license plate number of your vehicle if you have previously requested a parking space in the office building;
• your image in the form of a photo or video recording (if you do not wish your image to be recorded, please take a seat in one of the last two rows at our events);
• personal data related to the measures required due to the COVID-19 pandemic, including the content of a statement on the detection of certain symptoms and contact with potentially infected persons, as well as the result of any measurement of body temperature (the latter data will not be recorded or retained in any form). We will provide you with a separate, detailed privacy statement about the processing related to COVID before your visit (by e-mail or at the reception before entry).

Use of personal data

Personal data may be used for the following purposes:

• organising and managing the event;
• in relation to photos and videos, developing and promoting our business, providing information about our events and activities;
•  ensuring the health and safety of our colleagues and visitors during the COVID-19 pandemic;
• for our paid events, fulfilling our legal obligations in relation to invoicing.

Legal grounds

The legal grounds for our processing comprise

• for our paid events:
  • for natural person participants, the performance of the contractual obligation to host the event;
  • for participants registered by non-natural persons, our legitimate interest related to the performance of the contractual obligation to host the event;
• for our free events
  • the explicit and voluntary, informed consent of the data subject;
• our legitimate interest related to developing our business;
• in relation to invoicing, our relevant legal obligations;
• as for COVID, see the relevant privacy statement.

Data retention

Personal data that are strictly needed for organising an event will be retained until the event has successfully taken place.

We will keep the data necessary to fulfil our accounting obligations (e.g. invoicing in the case of paid events) for 8 years.

Where data is necessary for the enforcement of potential legal claims or to defend our legal position, the retention period is subject to the general civil law limitation period (5 years).

Processing of personal data

Visitors are not required to provide any personal data or to register in order to access the public content on our website.

Access to premium content (e.g. studies, whitepapers, analyses) available on our website requires prior registration.

The registration requires the acceptance of the related general terms and conditions, as well as providing the following personal data:

• username;
• name;
• email address;
• country and chosen language;
• if the data subject registers on behalf of a company or other organization, the name of the company or other organization and the title of the data subject therein;
• type of relationship with PwC (choosing from the following categories: client, media, other)

Use of personal data

Personal data processed in the context of our website is processed for the following purposes:

•  enabling the ordering of publications and professional materials.providing access to premium content;
• enabling the ordering of publications and professional materials.

Legal grounds

The legal grounds for our processing are as follows:

• in relation to ordering publications and other professional materials, the data subject’s explicit, voluntary and informed consent.
• in the case of data processing related to registration prior to accessing premium content, the legal basis depends on whether the data subject registers as a private individual or on behalf of a company or other organization. If the data subject registers as a private individual, the legal basis is the performance of our contractual obligations as the registration and the acceptance of the related general terms and conditions creates a contractual legal relationship between the individual and PwC. If the data subject registers on behalf of a company or other organization, the legal basis for data processing is PwC’s legitimate interest related to fulfilling its obligations derived from the legal relationship between the company or other organization registering by way of its representative and PwC by providing access to the premium content.

Data retention

Personal data collected via our websites will be retained by us for as long as strictly necessary for the purpose it was collected (e.g. as long as we have an active relationship with the relevant individual), or as long as required by law.

As part of that process:

• contact information about visitors (such as personal data provided through registration for access to certain areas of the site) will be retained as long as the information is required to completely service the contact request or until the user requests that we erase the information prior to this. Mailing list emails and data are retained only for the period necessary to carry out the visitor’s requests.
• If, in our view, the personal data we hold for the purposes of a specific data processing may be required in relation to exercising a legal claim, the retention period will follow the general civil law statutory limitation period (five years).

Data collection for marketing purposes, profiling, remarketing

Our websites do not collect personal data for the dissemination or sale to third parties for consumer marketing purposes or host mailings on behalf of third parties.

However, PwC uses cookies from its external partners for marketing purposes, including the Google Ads tracking cookie. These cookies only work if the user explicitly allows it in the cookie setting of the website and consents to their use.

Besides blocking it in the cookie settings, you can opt out of Google’s use of cookies by visiting Google’s Ads Settings. Alternatively, you can opt out of a specific cookie by visiting the Network Advertising Initiative opt-out page.

Using DoubleClick’s remarketing pixels – PwC may use DoubleClick’s remarketing pixels. You can opt out of DoubleClick’s use of cookies by visiting the DoubleClick opt-out page or the Network Advertising Initiative opt-out page.

Links to other websites

There are surfaces at our website that may link or redirect to websites that do not operate in line with our privacy practices or those of www.pwc.com. When you click on such surfaces while browsing and are redirected accordingly, PwC’s privacy principles and rules no longer apply. We have no control over any third-party websites, and it is the operator of such websites that will be regarded as the controller.

We encourage visitors to review each website’s privacy statement before disclosing any personally identifiable information.

Website analytics

Although it does not involve the processing of personal data, we note that we use Google Analytics and Adobe Analytics systems for the statistical analysis of visitor data relating to our website and the corresponding development of our website.

Such data cannot be used to individually identify each user.

However, in order to allow users to have complete control over the collected data, both systems offer the possibility to unsubscribe from data collection using the following links:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Adobe Analytics: http://www.adobe.com/privacy/opt-out.html

In some cases, the IP address of the device used to visit our website may be recorded, however, this information does not allow PwC to identify you directly.

For more detailed information on the processing of IP addresses and cookies used on our website, please see our cookie policy.

The prerequisite for any direct marketing communication, including newsletters, is that the recipient gives prior and explicit consent to PwC sending them marketing content in accordance with the provisions of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities. You may withdraw your consent at any time. Each newsletter will contain an unsubscribe link, or you can withdraw your consent using the contact details provided in this notice.

The scope of the data we process in connection with direct marketing is limited to the email address in case of the newsletter registrants. In other cases, when providing prior consent, in addition to the email address, the name and job title of the recipient (e.g. managing director) at the given organization (employer) may be provided, in which case we will also process this personal data.

Use of personal data

Your personal data may be used for the following purposes:

• providing you with the newsletter you have subscribed to or other direct marketing communication;
• providing information to you about our company, our range of services and events.

Legal grounds

• the data subject’s explicit, voluntary and informed consent.

Data retention

We retain your personal data as part of the data processing detailed in this section until you withdraw your consent.

We note that consent is voluntary, and refusal to give consent will not put you at a disadvantage. However, newsletter or other direct marketing content can only be sent subject to valid consent.