Privacy Statement

This privacy statement was last updated on 17 August 2020

This privacy statement describes our reasons for collecting personal data through the IFRS 17 Solved Core Solution and provides information about individuals’ rights in relation to personal data. We may use the personal data provided through the IFRS 17 Solved Core Solution for any of the reasons set out in this privacy statement.

This privacy statement relates only to the IFRS 17 Solved Core Solution. It does not relate to other products, services or sites of PwC or any other party.

Data controller information

The data controller is the entity with primary responsibility for the protection of personal data and for ensuring compliance with applicable data protection laws.

The data controller of the personal information collected in connection with this application is the PwC firm responsible for delivering professional services to you or your organisation.

If you are not receiving professional services from any PwC firm and you are a PwC professional or act in a professional capacity for PwC then the data controller of your personal information is the PwC firm in the location from which you access this application.

To understand the structure of the PwC network, see: https://www.pwc.com/gx/en/about/corporate-governance/network-structure.html

Each firm in the PwC Network is a separate legal entity. For a list of PwC firms see https://www.pwc.com/gx/en/about/corporate-governance/legal-entities.html.

For countries and regions in which PwC firms operate see http://www.pwc.com/gx/en/about/office-locations.html.

In this privacy statement, “PwC”, “us”, and “we” means the PwC firm that is the data controller of your personal information.

In this privacy statement, we refer to information about you or information that identifies you as “personal data” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information.

Your acknowledgement/consent

By using this application and providing personal information to us, you acknowledge you have read this privacy statement, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such personal information by PwC and any third party recipients in accordance with this privacy statement.

The purpose of the IFRS 17 Solved Core Solution

The tool is a solution which accepts data from clients through a web interface, stores the data in databases, performs calculations and mappings of the data, and produces results (journal entries, financial statement line items and disclosure tables) for IFRS 17.

We do not collect sensitive personal data through this application (and please do not provide any).

We do not need or collect, and we ask you not to provide, sensitive personal data through this application. Sensitive personal data, also known as special category personal data, covers information relating to, among other things, race, ethnicity, political opinions, religious or philosophical beliefs, biometric or genetic data when used to uniquely identify you, information about health or sexual life and criminal acts. If you provide sensitive personal data the act of doing so constitutes your explicit consent for us to collect and use that information for the purposes described in this privacy statement.

We do not pass personal information to third parties for direct marketing purposes

We will not pass your information to third parties outside the PwC Network for direct marketing purposes.

Personal information we collect

Providing personal data is not a statutory or contractual requirement but failure to provide certain personal data may affect our ability to provide the services you have requested.

We collect the following personal information.

Personal data provided directly by you
- We ask you to provide us with personal data (e.g. as part of registering to use the services) so that we can provide the services. The personal data we ask for includes: Username, first name, last name, business email address and contact number.
Personal data captured, created, inferred or derived from your use of the application
- IP address
- The application does not use small text files called ‘cookies’, other than an essential identification cookie when you log in which is placed on your computer for the duration of the session while you are connected to the application. It is an essential cookie as it confirms your identity for the session. If you are uncomfortable with the use of cookies, most browsers permit users to opt out of receiving them. This can be done via the tools menu of your internet browser. If you do opt out, please note that you will not be able to use the application as your identity cannot be verified for the session.
Personal data obtained from third party sources
- We do not collect personal data from third party sources.

Use of personal data

We use personal data for the following purposes.

To provide the services requested by you or your organisation
To maintain the security of the services
- Authenticating the identity of users, authorising access to the application (including preventing unauthorised access) and for other security-related purposes, including system monitoring.
To operate, administer, manage and improve the application
- Administering the application, troubleshooting issues and identifying areas of improvement.
To maintain our administrative or client relationship management systems
- Where you are a business contact of ours, we will include your business contact details on our administrative or client relationship management systems, contact you in relation to the services and we may send you other material relevant to your interests (provided we have appropriate permission from you to do this, as required by law).
To analyse how the application and associated services perform
- We may analyse how the application and associated services perform by reviewing the user data we capture.

Third Party Links

The application may link to third party sites not controlled by PwC and which do not operate under PwC privacy practices. When you link to third party sites, PwC privacy practices no longer apply. We encourage you to review each third party site's privacy policy before disclosing any personal information.

Our legal grounds for processing personal data

Applicable laws may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organization (provided these do not interfere with your rights);
our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights);
to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
to perform our obligations under a contractual arrangement with you; or
where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose (please note we do not generally process personal data based on consent as we can usually rely on another legal basis).

Transfers of personal data

Cross-border transfers

If we process your personal information, your personal information may be transmitted and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

Where we collect your personal information within the European Economic Area, transfer outside the European Economic Area will be only:

to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

The US member firm of PwC, PricewaterhouseCoopers LLP and its affiliated US subsidiaries (together, “PwC US”), adheres to the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information that is transferred from Switzerland to the United States. PwC US has certified that it adheres to the Privacy Shield Principles within the scope of PwC US’s Privacy Shield certification. To learn more, see https://www.pwc.com/us/en/site/privacy-shield.html

Recipients of personal data

Recipients of personal data: other PwC Member Firms

For PwC Member Firm locations, see https://www.pwc.com/gx/en/about/office-locations.html

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing services to that client.

Recipients of personal data: Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other recipients of personal data

We may also disclose personal information under the following circumstances:

with professional advisers, for example, auditors and law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our businesses. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
when explicitly requested by you;
when required to deliver publications or reference materials requested by you; and
with law enforcement or other government and regulatory agencies or with other third parties as required by, and in accordance with, applicable law and regulation. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law and regulation.

Security

We adhere to internationally recognised standards of technology and operational security in order to protect personal information from loss, misuse, alteration and destruction. Only authorised persons are provided access to personal information. These individuals have agreed to maintain the confidentiality of this information. We have a framework of policies and procedures in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the Internet (including by email) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted electronically over the Internet.

Retention

We will retain your personal information only for as long as we need it for the purposes described in this privacy statement unless we are required by law, regulation or our professional obligations to retain it for a longer period.

Children

Our applications are not intentionally designed for or directed at children, and our terms and conditions of use require all users to be above the age of majority in their local country. We never knowingly collect or maintain personal information about individuals under the age of 18.

Changes to this privacy statement

This privacy statement was last updated on 17 August 2020

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes, we will amend the last revision date at the top of this page. The new modified privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

How to Deactivate Your Account

Users of this application may request their account be deactivated at any time by sending their request to their PwC contact.

Your legal rights in relation to your personal data

You may have certain rights under your local law in relation to the personal information we hold about you.

In particular, you may have the legal rights listed below:

Obtain confirmation as to whether we process personal data about you, access a copy of your personal data and obtain certain other information, including why we process it and recipients of personal data
Request rectification of personal data if it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
Delete/erase your personal data in the following cases:
- the personal data is no longer necessary in relation to the purposes for which it was collected and processed;
- our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
- our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
- you object to processing for direct marketing purposes;
- your personal data has been unlawfully processed; or
- your personal data must be erased to comply with a legal obligation to which we are subject.
Restrict personal data processing in the following cases:
- for a period enabling us to verify the accuracy of personal data where you have contested the accuracy of the personal data;
- your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
- your personal data is no longer necessary in relation to the purposes for which it was collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
- for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
Object to the processing of your personal data in the following cases:
- our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
- our processing is for direct marketing purposes.
Data portability
- The right to receive your personal data provided by you to us and the right to transmit the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contractual relationship with you and the processing is carried out by automated means.
Withdraw your consent
- Where we process personal data based on consent, you have the right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). Please note that withdrawing consent does not affect the lawfulness of processing done before the withdrawal. Please also note that if you withdraw consent this may affect our ability to provide the services you have requested.
If you believe the processing of your personal data violates applicable laws, you may have the right to lodge a complaint with the data protection supervisory authority in the location where you normally reside or normally work, or the location where the alleged infringement occurred.

Contact Us

Please submit a request to exercise a legal right in relation to your personal data, or an enquiry if you have a question or complaint about handling of your personal data.