The purpose is to perform statutory audits and other assurance engagements.
The client and its employees.
Categories of personal data
PwC processes non-sensitive personal data, including names, addresses, financial information and civil registration numbers of the client.
In addition, PwC may process data on criminal convictions and offences, including information on pending or potential legal proceedings against the client.
Furthermore, PwC processes non-sensitive personal data such as names, addresses, telephone numbers, employee and payroll numbers, financial and bank account information as well as civil registration numbers of the clients’ employees.
Legal basis for processing
PwC processes personal data for the purpose of providing an audit opinion or other assurance reports. Processing is necessary to comply with a legal obligation under section 23(1), see section 1(2) of the Danish Act on Approved Auditors and Audit Firms (revisorloven), and generally accepted auditing principles in accordance with section 16(1) of the said Act in connection with the provision of assurance reports.
The client or its employees.
Period of retention
PwC retains personal data for five to ten years, depending on the storage obligations applicable to PwC in connection with an audit, counted from the end of the calendar year in which the assurance report is made, unless special circumstances require shorter or longer periods of storage.
PwC will solely disclose personal data to foreign audit firms to enable the provision of services by such firms to affiliates of the client.
In addition, we engage data processors, including IT suppliers, to whom we make personal data available. PwC enters into data processing agreements with all data processors to ensure appropriate security.