MFT2GO Privacy Statement

This privacy statement was last updated on 10th February 2023

This privacy statement describes our reasons for collecting personal data through MFT2GO and provides information about individuals’ legal rights in relation to their own personal data. We may use the personal data provided through MFT2GO for any of the reasons set out in this privacy statement.

This privacy statement relates only to MFT2GO. It does not relate to other products, services or sites of PwC or any other party.

Data controller information

The data controller is the entity with primary responsibility for making sure your personal data is handled and processed in accordance with applicable data protection laws.

The data controller of the personal information collected in connection with this application is the PwC member firm responsible for delivering professional services to you or your organization.

If you are not receiving professional services from any PwC firm then the data controller of your personal information is the PwC member firm in the location from which you normally access this application.

Each member firm in the PwC Network is a separate legal entity. For information, see https://www.pwc.com/gx/en/about/corporate-governance/network-structure.html.

For a list of PwC member firms, see https://www.pwc.com/gx/en/about/corporate-governance/legal-entities.html.

For countries and regions in which PwC member firms operate, see https://www.pwc.com/gx/en/about/office-locations.html.

In this privacy statement, “PwC”, “us”, and “we” means the PwC member firm that is the data controller of your personal information.

In this privacy statement, we refer to information about you or information that identifies you as “personal data” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting, transferring, or storing your personal information as “processing” such personal information.

Your acknowledgement/consent for processing

By using this application and providing personal information to us, you acknowledge you have read this privacy statement, and, to the extent your consent is necessary and valid under applicable laws, you consent to the collection, use and disclosure of such personal information by PwC and any third party recipients in accordance with this privacy statement.

The purpose of MFT2GO

The purpose of MFT2GO is to transfer electronic files to and from PwC. The electronic files are encrypted in transit and at rest, and are automatically purged from the application after 14 days.

We do not collect sensitive personal data through MFT2GO (and please do not provide any when using this application)

We do not require or collect from you, and we ask you not to provide, sensitive personal data through this application. Sensitive personal data, also known as special category personal data, covers information relating to, among other things, race, ethnicity, political opinions, religious, philosophical or similar beliefs, biometric or genetic data when used to uniquely identify you, information about health, sexual life, and criminal acts. If you provide sensitive personal data the act of providing it constitutes your explicit consent for us to collect and use that information for the purposes described in this privacy statement.

We do not pass personal information to third parties for direct marketing purposes

We do not sell personal information and we will not pass your information to third parties outside the PwC Network for consumer marketing purposes.

Personal Information We Collect

Providing personal data to us is not a statutory or contractual requirement. However, failing to provide personal data may mean we are unable to properly deliver the services requested by you or your organization.

We collect the following personal information in connection with MFT2GO.

• Personal data provided directly by you
  • We ask you to provide us with personal data (e.g. as part of registering to use the services) so we can provide the services. The personal data we ask for includes your business email address and user name.
• Personal data captured, created, inferred or derived from your use of the application
  • IP address
  • The application uses small text files called ‘cookies’ which are placed on your computer to assist in providing you with a more customized website experience and to analyze your use of the website in order to help us determine how the website is used and experienced. The cookies used are explained here. The use of cookies is now standard operating procedure for most websites. However, if you are uncomfortable with the use of cookies, most browsers permit users to opt out of receiving them. This can be done via the tools menu of your internet browser. If you do opt out, please note that you may be unable to use the registration process and some other application features.
• Personal data obtained from third party sources
  • We do not collect personal data from third party sources in connection with MFT2GO.

Use of Personal Data

We use personal data provided in connection with MFT2GO for the following purposes.

• To provide the services requested by you or your organisation.
• To maintain the security of the services, by authenticating the identity of users, authorising access to the application (including preventing unauthorised access) and for other security-related purposes, including system monitoring.

Third Party Links

The application may link to third party sites not controlled by PwC and which do not operate under PwC privacy practices. When you link to third party sites, PwC privacy practices no longer apply. We encourage you to review each third party site's privacy policy before disclosing any personal information.

Our legal grounds for processing personal data

Applicable laws may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In connection with MFT2GO, we rely on the following processing conditions:

• our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organization (provided these do not interfere with your rights);
• our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights); and
• to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way).

International transfers of personal data

Cross-border transfers

If we process your personal information, your personal information may be transmitted and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

Where we collect your personal information within the European Economic Area, transfer outside the European Economic Area will be only:

• to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
• under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

Recipients of personal data

Recipients of personal data: other PwC Member Firms

For PwC Member Firm locations, see https://www.pwc.com/gx/en/about/office-locations.html

We may share personal data with other PwC member firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client, we may share personal information with PwC Member Firms in different territories that are involved in providing those services to that client.

Recipients of personal data: Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other recipients of personal data

We may also disclose personal information under the following circumstances:

• with professional advisers, for example, auditors and law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our businesses. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
• when explicitly requested by you;
• when required to deliver publications or reference materials requested by you;
• when required to facilitate conferences or events hosted by a third party;
• to a third party as necessary in connection with a corporate reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital; and
• with law enforcement or other government and regulatory agencies or with other third parties as required by, and in accordance with, applicable law and regulation. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law and regulation.

Security

We adhere to internationally recognized standards of technology and operational security in order to protect personal information from loss, misuse, alteration and destruction. Only authorized persons are provided access to personal information. These individuals have agreed to maintain the confidentiality of this information. We have a framework of policies and procedures in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the Internet (including by email) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted electronically over the Internet.

Retention

We will retain your personal information only for as long as we need it for the purposes described in this privacy statement unless we are required by law, regulation or our professional obligations to retain it for a longer period.

Children

Our applications are not intentionally designed for or directed at children, and our terms and conditions of use require all users to be above the age of majority in their local country. We never knowingly collect or maintain personal information about individuals under the age of 18 years.

Changes to this privacy statement

We may update this privacy statement at any time by publishing an updated version on this page. So you know when we make changes, we will amend the last revision date at the top of this page. The new modified privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

How to Deactivate Your Account

Users of this application may request their account be deactivated at any time by sending their request to their PwC contact.

Your legal rights in relation to your personal data

You may have certain rights under your local law in relation to the personal information we hold about you.

You may have the rights listed below.

• Obtain confirmation as to whether we process personal data about you, access a copy of your personal data and obtain certain other information, including why we process it and recipients of personal data.
• Request rectification of personal data if it is inaccurate (for example, if you change your address) and to have incomplete personal data completed.
• Delete/erase your personal data in the following cases:
  • the personal data is no longer necessary in relation to the purposes for which it was collected and processed;
  • our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
  • you object to processing for direct marketing purposes;
  • your personal data has been unlawfully processed; or
  • your personal data must be erased to comply with a legal obligation to which we are subject.
• Restrict personal data processing in the following cases:
  • for a period enabling us to verify the accuracy of personal data where you have contested the accuracy of the personal data;
  • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
  • your personal data is no longer necessary in relation to the purposes for which it was collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
  • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
• Object to the processing of your personal data in the following cases:
  • our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
  • our processing is for direct marketing purposes.
• If you believe that the processing of your personal data infringes the law, you may have the right to lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside, normally work, or in the place where the alleged infringement occurred.

Contact Us

Please submit a request to exercise a legal right in relation to your personal data, or an enquiry if you have a question or complaint about handling of your personal data.