Personal clients

Collecting personal data

Since “PwC Turkey Personal Data Protection and Processing Policy” stipulates that only the personal data required for the purposes agreed upon with the client will be collected, PwC Turkey requests that clients share only the personal data required in the scope of these purposes.

When data about other real persons (e.g. family members) is required in order for PwC Turkey to perform the service it has undertaken as per the contract between PwC Turkey and its real person client,

the real person client who is a party to the contract is expected to inform these other real persons whose data they provide and to carry out the required legal obligations.

Considering the variety of services provided to real person clients (please refer to this link for information on our services) personal data in many categories as the following, including special categories of personal data, in line with the qualities of these services, is processed:




risk management

transaction security

legal transaction


customer transactions

physical location safety


work experience

association membership

foundation membership

union membership

medical information




visual or auditory recordings






During the provision of certain services and businesses, special categories of personal data may be processed as per the laws in effect or the explicit consent of the relevant person. Special categories of personal data includes religious beliefs, physical and mental health, association or union memberships, criminal convictions, data on safety measures and criminal records.

Using personal data

PwC Turkey is continuously looking for new methods to develop its businesses and services and to support its clients. Information collected while providing a service might be processed for matters agreed upon with the client, and these matters and purposes include understanding an issue or a sector better, providing foresight to the client, developing businesses and the provision of services and analysis aimed at developing new PwC technologies and services. PwC Turkey anonymises personal data collected during execution of the services to the extent possible within the scope of this purpose before using the data for said purposes.

PwC Turkey has a legitimate interest in processing data to support clients, improve service provision and proposals and develop PwC Turkey’s technologies and proposals to the extent possible by carrying out benchmark studies and analyses.

PwC Turkey may process personal data for the purposes below.

1. Providing professional services

PwC Turkey provides a wide variety of professional services (please refer to this link for information on our services). Personal data may need to be processed in order to provide advisory services and prepare deliverables. For instance, we examine payroll data as a part of the audit process, and we use personal data to provide global mobility services under people management and organisation advisory and to carry out tax and payroll services.

The personal data processed within the each legal grounds stated below:

  • Execution of the contract,
  • legitimate interests,
  • compliance with legal obligations,
  • stipulations in relevant laws,
  • explicit consent.

Personal data should be processed to carry out contracts PwC Turkey signs with its clients. In addition, the personal data shall be processed to provide services, in line with relevant legitimate interests, provided the rights of the person receiving and benefiting from the professional services are not harmed. In some cases, there might be legal obligations that dictate services must be provided in a certain way. The processing of special categories of personal data is based on stipulations in laws or the explicit consent of the relevant persons.

2. Administration, management and development of businesses and services

PwC Turkey processes personal data to provide its services and for the following purposes:

  • planning and executing customer relations management processes, planning and/or tracking customer satisfaction processes, tracking customer demands and/or complaints;
  • to develop businesses and services (define customer needs and improvements to service delivery and have more information about the opportunity of a relationship where a client, PwC Turkey or another PwC Member Firm have interest);
  • when analysing and assessing the strength of interactions between parties (CRM uses an algorithm that helps with this analysis, and ranking is based on interaction regularity, duration, proximity and response time);
  • planning and executing market research activities for purchasing and marketing and/or promotion of work activities and services;
  • planning and executing data access authorisations of partners and/or suppliers, managing relationships with partners and/or suppliers;
  • ensuring that data is accurate and up-to-date;
  • analysing trends including those related to PwC management, generating criteria concerning services provided, relationship maps, sales intelligence and processes responding to commercial account targets;
  • using and updating IT systems, account management, internal financial reporting and provision of IT services (including storing, hosting, maintenance and support activities);
  • executing processes and operations, finance operations, communications, market research and social responsibility activities and purchasing operations (requests, proposals, evaluations, orders, budgeting, contracts) that aim to determine and apply trade and business strategies;
  • informing authorities as required by legislation;
  • hosting events;
  • to manage the website, systems and applications;
  • finance and/or accounting and tracking legal matters including lawsuits and enforcement proceedings.

The personal data processed within the each legal grounds stated below:

  • Execution of the contract,
  • Compliance with legal obligations
  • legitimate interests.

PwC Turkey may process personal data to carry out the obligations laid out by relevant legislation, to manage and develop businesses and services and to protect its legitimate interests, on the condition that the basic rights and freedoms of the relevant person are not harmed.

3. Security, quality and risk management activities

PwC Turkey has taken security measures to protect its information and client information (including personal data). These measures include detecting, investigating and resolving security threats. Personal data shall be processed in the course of security monitoring, and automatic scans etc. shall be carried out to detect harmful e-mails. Services provided to customers to improve service quality are monitored in such a way that personal information in the related client file is also processed (client acceptance and engagement). There are policies and procedures in place to manage risks related to client contracts and to monitor service quality. PwC Turkey processes personal information as part of the client engagement and acceptance procedure. The procedures we execute in the scope of legislation related to the prevention of laundering crime revenue includes carrying out searches using publicly available sources to identify high-risk individuals and companies and to determine whether there is any obstacle related to a certain client (e.g. sanctions, issues related to company executives such as legal, official or other problems).

The personal data processed within the each legal grounds stated below:

  • legitimate interests,
  • stipulations in relevant laws,
  • compliance with legal obligations.

To ensure network and information security, manage risks, monitor service quality and protect PwC Turkey’s legitimate interests, as long as the rights and freedoms of relevant persons are not harmed,

in cases where it is explicitly stipulated in relevant laws, or where data processing is obligatory to establish, use or protect a right, personal data should be processed.

4. Providing information to clients and potential clients about PwC Turkey and its lines of service

Unless it states otherwise, PwC Turkey processes client and potential client contact information to gather information it deems to be relevant to it and its services, e.g., sector updates and predictions, operations and communications related to events and invitations to events.

PwC Turkey is required to process personal data to promote business operations and services, and to protect its legitimate interests.

5. Complying with legal regulations and regulations of occupational organisations PwC Turkey is a member of

Like every professional service provider, PwC Turkey is subject to administrative and occupational obligations. To ensure compliance of services with said obligations, certain records need to be retained and these records might include personal data.

The personal data processed within the each legal grounds stated below:

  • compliance with legal obligations,
  • legitimate interests,

PwC Turkey might be legally obliged to process personal data. PwC Turkey has a legitimate interest in processing personal data to meet regulatory or professional obligations when there are no legal obligations.

Data retention

PwC Turkey retain the personal data it processes for the necessary legal period for the purpose for which it was collected.

Unless legal, regulatory and binding terms state otherwise, the retention period for records and other proof that may be accepted as legal documents unveiled during provision of services is 10+1 years.

When and how does PwC Turkey share personal data, and where does it process the data?

For further details about the processors (such as IT service providers) used by PwC Turkey and locations of processing please refer to this link. In line with the contract with the client, we might obtain support from other entities and institutions on a project basis when providing services.

Follow us