Policy of PwC Turkey is to collect only the personal data necessary for agreed purposes and ask clients only to share personal data with PwC Turkey where it is strictly needed for those purposes.
Where PwC Turkey needs to process personal data to provide its services, PwC Turkey ask our clients to provide the necessary information to the data subjects concerned regarding its use. Collecting personal data
When the Client provides personal data (including the special categories of data) to PwC Turkey about its employees, contractors, clients and other individuals, the Client confirms that it has fulfilled any and all necessary legal requirements, including without limitation notifying the purposes and scope of and obtaining the consents of such employees, contractors, clients or other individuals for the concerned data disclosure to PwC Turkey and the continuing data processing by PwC Turkey.
To manage and maintain PwC Turkey’s relationship with these persons, contact information is collected and used on behalf of clients. For more information about processing such data, see the potential and existing clients and those related to them (CRM) part of this privacy statement.
Considering the variety of services (please refer to this link for information on our services) provided to clients many personal data categories are processed, including special categories of personal data:
Employee personal informatin
|location||risk management||Transaction security||legal affairs|
|finance||customer transactions||physical location security||marketing||work experience||association membership|
|foundation membership||union membership||medical information||visual or auditory recordings||convictions||other|
PwC Turkey processes special categories of personal information; religion, membership of association, foundations or syndicates, health, convictions.
PwC Turkey gathers personal data from clients or third parties. When performing some of its services PwC Turkey might collects data, e.g., from the management or employees of a company during tax review, which is intended to be acquired on behalf of a client or third parties who act on the instructions of that company.
PwC Turkey is continuously looking for new methods to develop its operations and services and to support its clients. Information collected while providing a service shall be processed for matters agreed upon with the client and for other legal purposes, and these matters and purposes include understanding an issue or a sector better, providing foresight to the client, developing operations and the provision of services and analysis aimed at developing new PwC technologies and services. PwC Turkey anonymises personal data collected during execution of the services to the extent possible within the scope of this purpose before using the data for said purposes.
PwC Turkey has a legitimate interest in anonymising data to support clients, improving service provision and proposals and developing PwC Turkey’s technologies and proposals by carrying out benchmark studies and analyses.
PwC Turkey processes personal data for the purposes below.
1. Providing professional services
PwC Turkey provides a wide variety of professional services (please refer to this link for information on our services). To provide services and prepare outputs it may be necessary to process personal data. For instance, we examine payroll data as a part of the audit process, and we use personal data to provide global mobility services under people management and organisation consultancy and to carry out tax and payroll services.
Mentioned personal data shall be processed under a below legal reasons;
The data processing we do is necessary to the legitimate interests of PwC Turkey when we provide professional services and to the legitimate interests of the clients of PwC Turkey when they receive professional services as they manage their company. In addition, in some cases there is a legal obligation to provide services (e.g. audit) in a certain way. The processing of special categories of personal data is based on explicit stipulations in relevant laws or the explicit consent of the relevant person.
2. Administration, management and development of operations and services
PwC Turkey processes personal data to carry out its operations and for the following purposes:
Mentioned personal data shall be processed under a below legal reasons;
PwC Turkey processes personal data to carry out the obligations laid out by relevant legislation, to manage and develop operations and services and to protect its legitimate interests, on the condition that the basic rights and freedoms of the relevant person are not harmed.
3. Security, quality and risk management activities
PwC Turkey has taken security measures to protect its information and client information (including personal data). These measures include detecting, investigating and resolving security threats. Personal data might be processed in the course of security monitoring, and automatic scans etc. might be carried out to detect harmful e-mails. Services provided to customers to improve service quality are monitored in such a way that personal information in the related client file is also processed (client acceptance and engagement procedures). There are policies and procedures in place to manage risks related to client contracts and to monitor service quality. PwC Turkey processes personal information as part of the client engagement and acceptance procedure. The procedures we execute in the scope of legislation related to the prevention of laundering crime revenue includes carrying out searches using publicly available sources to identify high-risk individuals and companies and to determine whether there is any obstacle related to a certain client (e.g., sanctions, issues related to company leaders such as legal, official or other problems, etc.)
Processing personal data is necessary to ensure network and information security, to manage risks and monitor the quality of service and to protect legitimate interests.
4. Complying with legal regulations and regulations of occupational organisations PwC Turkey is a member of
Like every professional service provider, PwC Turkey is subject to administrative and occupational obligations. To ensure compliance of services with said obligations, certain records need to be retained and these records might include personal data.
Legal basis: Legal obligations or legitimate interests
Processing personal data is mandatory to carry out legal obligations, e.g., when carrying out a client audit to comply with money laundering regulations. PwC Turkey has a legitimate interest in processing personal data to meet regulatory or professional obligations when there are no legal obligations.
PwC Turkey stores the personal data it processes for the necessary period for data processing defined by law.
Unless legal, regulatory and binding terms state otherwise, the retention period for records and other evidence that may be accepted as legal documents unveiled during provision of services is 10+1 years. This period is determined in line with the PwC Turkey Policy for Retention and Disposal of Personal Data.
For more information about data processors used by PwC Turkey (e.g., IT service providers) and the locations where data processing is carried out, visit to this link.
In line with the contract with the client, we obtain support from other entities and institutions on a project basis when providing services.