PwC processes personal data about visitors for security purposes.
Categories of personal data
PwC processes non-sensitive personal data, including names, job titles, company names and the names of the PwC hosts. In addition, PwC processes data obtained from video surveillance.
Legal basis for processing
The processing of personal data is necessary in order to pursue our legitimate interest in ensuring a high level of security, see Article 6(1)(f) of the General Data Protection Regulation.
PwC’s processing of personal data is carried out in accordance with s. 3(1) of the Danish Act on Television Surveillance (tv-overvågningsloven). There are signs in our office showing that CCTV is in operation.
Period of retention
Recordings of visitors by the reception are stored for up to one year.
Both recordings and CCTV footage are securely stored and reviewed only on a need to know basis (e.g. to look into an incident) and only by selected persons. CCTV footage is typically overwritten automatically after 30 days unless an issue that requires investigation (such as a theft) has been identified.
Personal data will be disclosed to the police only where an issue requiring investigation (e.g. theft) has been identified. PwC engages data processors, including IT suppliers, to whom we make personal data available. PwC enters into data processing agreements with all data processors to ensure appropriate security.