Individuals whose personal data PwC Turkey obtains in connection with providing services to the clients

Individuals whose personal data PwC Turkey obtains in connection with providing services to the clients (e.g., client personnel, customers, real persons etc.)

Collection of personal data

Policy of PwC Turkey is to collect only the personal data necessary for agreed purposes and  ask  clients only to share personal data with PwC Turkey where it is strictly needed for those purposes.

Where PwC Turkey needs to process personal data to provide its services, PwC Turkey ask our clients to provide the necessary information to the data subjects concerned regarding its use.  Collecting personal data

 When the Client provides personal data (including the special categories of data) to PwC Turkey about its employees, contractors, clients and other individuals, the Client confirms that it has fulfilled any and all necessary legal requirements, including without limitation notifying the purposes and scope of and obtaining the consents of such employees, contractors, clients or other individuals for the concerned data disclosure to PwC Turkey and the continuing data processing by PwC Turkey.

To manage and maintain PwC Turkey’s relationship with these persons, contact information is collected and used on behalf of clients. For more information about processing such data, see the potential and existing clients and those related to them (CRM) part of this privacy statement.

Considering the variety of services (please refer to this link for information on our services) provided to clients many personal data categories  are processed, including special categories of personal data:


Employee personal informatin

location risk management Transaction security legal affairs
finance customer transactions physical location security marketing work experience association membership
foundation membership union membership medical information visual or auditory recordings convictions other

PwC Turkey  processes special categories of personal information; religion, membership of association, foundations or syndicates, health, convictions.

PwC Turkey gathers personal data from clients or third parties. When performing some of its services PwC Turkey might collects data, e.g., from the management or employees of a company during tax review, which is intended to be acquired on behalf of a client or third parties who act on the instructions of that company.

Usage of  personal data

PwC Turkey is continuously looking for new methods to develop its operations and services and to support its clients. Information collected while providing a service shall be processed for matters agreed upon with the client and for other legal purposes, and these matters and purposes include understanding an issue or a sector better, providing foresight to the client, developing operations and the provision of services and analysis aimed at developing new PwC technologies and services. PwC Turkey anonymises personal data collected during execution of the services to the extent possible within the scope of this purpose before using the data for said purposes.

PwC Turkey has a legitimate interest in anonymising data to support clients, improving service provision and proposals and developing PwC Turkey’s technologies and proposals by carrying out benchmark studies and analyses.

PwC Turkey processes personal data for the purposes below.

1. Providing professional services

PwC Turkey provides a wide variety of professional services (please refer to this link for information on our services). To provide services and prepare outputs it may be necessary to process personal data. For instance, we examine payroll data as a part of the audit process, and we use personal data to provide global mobility services under people management and organisation consultancy and to carry out tax and payroll services.

Mentioned personal data shall be processed under a below legal reasons;

  • Legitimate interests,
  • carrying out the contract,
  • legal obligation,
  • stipulation in laws,
  • explicit consent

The data processing we do is necessary to the legitimate interests of PwC Turkey when we provide professional services and to the legitimate interests of the clients of PwC Turkey when they receive professional services as they manage their company. In addition, in some cases there is a legal obligation to provide services (e.g. audit) in a certain way. The processing of special categories of personal data is based on explicit stipulations in relevant laws or the explicit consent of the relevant person.

2. Administration, management and development of operations and services

PwC Turkey processes personal data to carry out its operations and for the following purposes:

  • planning and executing customer relations management processes, planning and/or tracking customer satisfaction processes, tracking customer demands and/or complaints;
  • to develop operations and services (define customer needs and improvements to service delivery and have more information about the opportunity of a relationship where a client, PwC Turkey or another PwC Member Firm have interest);
  • analysing and assessing the strength of interactions between parties (CRM uses an algorithm that helps with this analysis, and ranking is based on interaction regularity, duration, proximity and response time);
  • planning and executing market research activities for purchasing and marketing and/or promotion of work activities and services;
  • planning and executing data access authorisations of partners and/or suppliers, managing relationships with partners and/or suppliers;
  • ensuring that data is accurate and up-to-date;
  • analysing trends including those related to PwC management, generating criteria concerning services provided, relationship maps, sales intelligence and processes responding to commercial account targets;
  • using and updating IT systems, account management, internal financial reporting and provision of IT services (including storing, hosting, maintenance and support activities);
  • executing processes and operations, finance operations, communications, market research and social responsibility activities and  purchasing operations (requests, proposals, evaluations, orders, budgeting, contracts) that aim to determine and apply trade and business strategies;
  • informing authorities as required by legislation;
  • hosting events;
  • to manage the website, systems and applications;
  • finance and/or accounting and tracking legal matters including lawsuits and enforcement proceedings.

Mentioned personal data shall be processed under a below legal reasons;

  • Legitimate interests,
  • carrying out the contract,
  • legal obligation,
  • stipulation in laws
  • explicit consent

PwC Turkey processes personal data to carry out the obligations laid out by relevant legislation, to manage and develop operations and services and to protect its legitimate interests, on the condition that the basic rights and freedoms of the relevant person are not harmed.

3. Security, quality and risk management activities

PwC Turkey has taken security measures to protect its information and client information (including personal data). These measures include detecting, investigating and resolving security threats. Personal data might be processed in the course of security monitoring, and automatic scans etc. might be carried out to detect harmful e-mails. Services provided to customers to improve service quality are monitored in such a way that personal information in the related client file is also processed (client acceptance and engagement procedures). There are policies and procedures in place to manage risks related to client contracts and to monitor service quality. PwC Turkey processes personal information as part of the client engagement and acceptance procedure. The procedures we execute in the scope of legislation related to the prevention of laundering crime revenue includes carrying out searches using publicly available sources to identify high-risk individuals and companies and to determine whether there is any obstacle related to a certain client (e.g., sanctions, issues related to company leaders such as legal, official or other problems, etc.)

Processing personal data is necessary to ensure network and information security, to manage risks and monitor the quality of service and to protect legitimate interests.

4. Complying with legal regulations and regulations of occupational organisations PwC Turkey is a member of

Like every professional service provider, PwC Turkey is subject to administrative and occupational obligations. To ensure compliance of services with said obligations, certain records need to be retained and these records might include personal data.

Legal basis: Legal obligations or legitimate interests

Processing personal data is mandatory to carry out legal obligations, e.g., when carrying out a client audit to comply with money laundering regulations. PwC Turkey has a legitimate interest in processing personal data to meet regulatory or professional obligations when there are no legal obligations.

Data retention

PwC Turkey stores the personal data it processes for the necessary period for data processing defined by law.

Unless legal, regulatory and binding terms state otherwise, the retention period for records and other evidence that may be accepted as legal documents unveiled during provision of services is 10+1 years. This period is determined in line with the PwC Turkey Policy for Retention and Disposal of Personal Data.

When and how does PwC Turkey share personal data, and where does it process the data?

For more information about data processors used by PwC Turkey (e.g., IT service providers) and the locations where data processing is carried out, visit to this link.

In line with the contract with the client, we obtain support from other entities and institutions on a project basis when providing services.

Follow us