Assurance
Statutory audit and other assurance engagements
- Purpose
- Data subject
- Categories of personal data
- Legal basis for processing
- Source
- Period of retention
- Recipients
Purpose
The purpose is to perform statutory audits and other assurance engagements.
Data subject
The client, its employees and client’s customers.
Categories of personal data
PwC processes non-sensitive personal data, including names, addresses, financial information and civil registration numbers of the client.
In addition, PwC may process data on criminal convictions and offences, including information on pending or potential legal proceedings against the client.
PwC also processes non-sensitive personal data such as names, addresses, telephone numbers, employee and payroll numbers, financial and bank account information as well as civil registration numbers of the clients’ employees.
Furthermore, we process non-sensitive personal data, e.g. name, address customer number, specification of exposures, bank specific customer information, including disposable income, information about the customer's credit rating, accounting data and PwC rating on the client's customer
Legal basis for processing
PwC processes personal data for the purpose of providing an audit opinion or other assurance reports. Processing is necessary to comply with a legal obligation under section 23(1), see section 1(2) of the Danish Act on Approved Auditors and Audit Firms (revisorloven), and generally accepted auditing principles in accordance with section 16(1) of the said Act in connection with the provision of assurance reports.
Source
The client or its employees
Period of retention
PwC retains personal data for five to ten years, depending on the storage obligations applicable to PwC in connection with an audit, counted from the end of the calendar year in which the assurance report is made, unless special circumstances require shorter or longer periods of storage.
Recipients
PwC will solely disclose personal data to the client and foreign audit firms to enable the provision of services by such firms to affiliates of the client.
In addition, we engage data processors, including IT suppliers, to whom we make personal data available. PwC enters into data processing agreements with all data processors to ensure appropriate security.
Integrity Due Dilligence
- Purpose
- Data subject
- Categories of personal data
- Legal basis for processing
- Source
- Period of retention
- Recipients
Purpose
The purpose is to carry out background checks on a person or company for the customer, including investigations.
Data subject
The client's employees and applicants, the client’s customers and suppliers
Categories of personal data
We process non-sensitive personal data, including name, picture, company affiliation, private address, nationality, family relationships and financial information.
In addition, we may process information about criminal convictions and offences, including information about pending or potential legal proceedings.
Furthermore, we may process sensitive personal data, including health data and information on political opinions.
Legal basis for processing
The processing of personal data is necessary in order for us to pursue our legitimate interest in being able to provide the customer with a service, see Article 6(1)(b) of the General Data Protection Regulation.
In addition, we process information about criminal convictions and offences that are necessary for us to pursue a legitimate interest in uncovering risks, including uncovering possible criminal violations that may be of importance to the client, see Section 8(3) and (4) section 8(3) of the Danish Act on the Processing of Personal Data
Furthermore, we process sensitive personal information that has been published by the registered person himself, see Article 9(2)(e) of the General Data Protection Regulation.
Source
The client, the registered, open sources and other PwC companies
Period of retention
PwC retains personal data for five years, counted from the end of the engagement, unless special circumstances require shorter or longer periods of storage.
Recipients
PwC discloses personal data to the client in connection with the delivery of the service.
Furthermore, PwC discloses personal data to other PwC companies when these have to deliver parts of the service to the client.
In addition, we engage data processors, including IT suppliers, to whom we make personal data available. PwC enters into data processing agreements with all data processors to ensure appropriate security.
Member control
- Purpose
- Data subject
- Categories of personal data
- Legal basis for processing
- Source
- Period of retention
- Recipients
Purpose
The purpose is to control grants in the form of tips to selected national organizations.
Data subject
The client’s customers
Categories of personal data
We process non-sensitive personal data, including name, contact information, age, date of birth, financial circumstances, and membership of the organization.
Legal basis for processing
The processing of personal data is necessary to comply with a legal obligation under section 37 of the Danish Act on the provision of operating grants to national children's and youth organizations, as well as guidelines for initiative support.
Source
The controlled organization and the registered.
Period of retention
PwC retains personal data for five years, counted from the end of the engagement, unless special circumstances require shorter or longer periods of storage.
Recipients
PwC does not disclose personal data to third parties, but we use data processors, including IT suppliers, to whom we make personal data available. PwC enters into data processing agreements with all data processors to ensure appropriate security.
