Data protection information in accordance with Articles 13, 14 EU General Data Protection Regulation (GDPR)
The following data protection information is intended to explain to you in an understandable, transparent and clear manner how we, PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft (hereinafter: “PwC Legal“), process your personal data in connection with your use of our websites, applications (“apps“) and online services. However, if you have any questions of understanding or other queries about data protection at PwC, you are welcome to contact our Data Protection Officer at or the other contact details provided below.
The controller within the meaning of Art 4 no 7 GDPR for the processing of your personal data is:
PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft
60327 Frankfurt am Main
Tel.: + 49 69 695962-79000
Fax: + 49 69 695962-79100
Data Protection Officer
PwC Legal has appointed a data protection officer in accordance with Art. 37 GDPR. You can contact PwC’s data protection officer, Dr Tobias Gräber, via the following channels:
PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft
Dr. Tobias Gräber, Data Protection Officer
60327 Frankfurt am Main
Rights of the data subject/your rights under data protection law
You have the following rights under applicable data protection law with respect to personal data concerning you.
Right of access: You can request information from us at any time about whether and which personal data we store about you. The provision of information is free of charge for you.
The right to information does not exist or is subject to limitations if and to the extent that confidential information, such as information that is subject to professional secrecy, would be disclosed.
Right to rectification: If your personal data stored by us is inaccurate or incomplete, you have the right to obtain rectification of this data from us at any time.
Right to erasure: You have the right to request that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the processing is based on your consent, you have withdrawn your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases.
A right to erasure does not exist insofar as
- the data may not be deleted due to a legal obligation or must be processed due to a legal obligation;
- the data processing is necessary for the assertion, exercise or defence of legal claims.
Right to restrict processing: You have the right to request that we restrict the processing of your personal data.
Right to data portability: You have the right to receive from us the data you have provided in a structured, common and machine-readable format, as well as the right to have this data transferred to another controller. This right only exists if
- you have provided us with the data on the basis of consent or on the basis of a contract concluded with you;
- the processing is carried out by automated means.
Right to object to processing: If the processing of your data is based on Art 6 para 1 lit f) GDPR, you may object to the processing at any time.
You may assert all of the data subject rights described above against PwC Legal by addressing your specific request to the following contact details:
PricewaterhouseCoopers Legal Aktiengesellschaft Rechtsanwaltsgesellschaft
Dr Tobias Gräber, Data Protection Officer
60327 Frankfurt am Main
Right to lodge a complaint with a supervisory authority
In accordance with Art 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.
Provision of data
Even if partial automatic transmission of data takes place when you call up our website, you are not legally or contractually obliged to provide data in connection with the use of our homepage.
In connection with the contact form and contacting us by email, you are free to send us data via these channels, but without providing us your personal data in the context of contacting us in this way we cannot process and answer any enquiries from you in this respect.
In connection with the provision of high-quality publications (e.g. study, whitepaper), however, data is necessary for the conclusion of a contract with us; you are free to send us data in this respect, but without providing us your personal data we cannot conclude a contract with you or send you the publications.
Description of the data processing on the website/app and legal basis for the processing
Recipient of the data
In order to fulfil the processing purposes listed below, data is also transferred to third parties. This may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU or the European Economic Area (EEA).
Recipients bound by instructions
We share your data with service providers bound by instructions, both within the PwC network and with other third parties, such as IT service providers, who support us in our activities, e.g. as part of the administration and maintenance of the websites and the related systems and/or for other internal or administrative purposes.
PwC Legal is a member of the global PwC network, which consists of the individual legally independent PwC firms. In the course of our activities, we use other German or foreign PwC network companies as network-internal IT service providers bound by instructions, which provide services for the operation, maintenance and care of the IT systems and applications used by the PwC network companies. This is in particular PwC IT Services Ltd. based in the United Kingdom (UK).
If we pass on data to service providers bound by instructions, we do not require a separate legal basis for this.
In addition, we share your data in individual cases both within the PwC network and with other third parties who use your data under their own responsibility. For example, in individual cases we also transfer personal data to other companies in the PwC network to support and improve the effectiveness of our business processes (including coordinated marketing activities), specifically to PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft.
In addition, in individual cases, we also pass on your data to other third parties, such as public authorities, courts or other bodies, if we are required by law or by official or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.
Insofar as you have explicitly consented, Art 6 para 1 lit a) GDPR is the legal basis for the data transfer. If there is a legal obligation to disclose the data, the legal basis for the data transfer is Art 6 para 1 lit c) GDPR. If, on the other hand, the disclosure is necessary for the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis. Otherwise, the transfer is based on our legitimate interests and the legal basis is Art 6 para 1 lit f) GDPR. We and the other companies in the PwC network have an interest in making our work processes efficient and in sharing business processes within the PwC network for this purpose.
Data transfer to recipients in third countries outside the EU/EEA
Insofar as any of the above-mentioned data transfers are made to a recipient outside the EEA (to so-called “third countries”), an appropriate level of data protection for the foreign transfer is ensured by means of suitable security measures.
For data transfers within the PwC network, the PwC network companies have, among other things, concluded an internal data protection agreement which provides for compliance with the EU standard contractual clauses of the EU Commission within the meaning of Art 46 para 2 lit c) GDPR for the transfer of personal data from EU/EEA countries to PwC network companies outside the EU/EEA.
If you have any questions about such data protection contracts based on the EU standard contractual clauses or if you would like more information about further security mechanisms and security measures for the transfer of data to third countries, please feel free to contact our data protection officer, e.g. at .
Processing of personal data when accessing the website
When you visit our website, we collect the data that is technically necessary to display this website to you. This involves the following personal data which is automatically transmitted to our server by your browser:
- IP address
- Date and time of your request/call to the website (the app)
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (information about which specific webpage you have visited)
- Access status/http status code
- Transferred data volume
- Website requesting the access
- Browser (information about the browser you use)
- Operating system and its interface (operating system of the computer you use to access the website or app)
- Language and version of the browser software
The processing of this personal data is based on Art 6 para 1 lit f) GDPR. The website cannot be accessed and offered to users without using such data; there is a legitimate interest in making the call-up and use of the website technically possible.
The aforementioned data will be stored for 7 days and then deleted.
This website is hosted by a service provider [Host Europe GmbH, Hansestr. 111, 51149 Cologne], the data collected on our website is therefore stored on the service provider’s servers. The server locations are located in Germany and Europe.
A data transfer to countries outside the EU/EEA is not carried out.
Contact form and contact by e-mail
We provide a contact form on our website so that you can contact us with questions about PwC, our website and other enquiries. You can also contact us by email.
When you contact us via the contact form or by email, the data you provide (in particular your email address, your first and last name and the text of your enquiry as well as any other information you have provided in the contact form or by email) will be stored by us in order to process your enquiry and answer your questions.
The data processing is justified according to Art 6 para 1 lit f) GDPR. We have an interest in contacting you via the website in response to your enquiry. If your request is aimed at the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis for the data processing.
We will delete the data generated in the course of your enquiry/contact as soon as it is no longer required for processing your enquiry. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period. The use of the contact form is voluntary for you and is not a prerequisite for the use of the website.
Processing operations in marketing and partly joint controllers
PwC Legal determines the means and purposes of some of the marketing data processing operations described in more detail below, either alone or together with other companies of the German-speaking PwC network named herein (all named companies hereinafter jointly: “PwC DE“). PwC Legal and these other named PwC DE firms of the PwC network therefore process your data as joint controllers within the meaning of Art 4 no 7, 26 GDPR.
Individualised electronic approach by PwC DE
PwC DE companies process your personal data and will contact you by email for marketing purposes if you have provided consent to direct marketing activities. For this purpose, we process the data provided by you in connection with the consent (in particular your first name and surname, your email address, the name and address of your company, if applicable, and any other information you provided when providing your consent).
This direct marketing by PwC DE firms includes PwC DE information on latest consultancy advice and service information, news from your industry, notifications about upcoming events, information on PwC studies (including those of other PwC network firms) and other marketing information.
Based on your consent, PwC DE may tailor and individualise marketing communications to your interests. PwC DE does this by analysing your interests, which you have explicitly communicated (e.g. via a preference centre on a PwC DE website), and your usage behaviour (e.g. content accessed, opening, clicks and reading time) both with regard to newsletters and similar communications and via linked PwC DE websites using cookies, web beacons and similar technologies and storing this information in a personal profile.
Based on your consent, PwC DE may also add your personal contact details (e.g. name, title, company and role/position) that you have provided yourself on a PwC DE website and/or that are already stored in the customer relationship management systems operated by PwC DE. Based on your consent, PwC DE may also add public information about the company you work for to this profile.
The processing is carried out on the basis of your consent, which is a legal permission according to Art 6 para 1 lit a) GDPR. You can withdraw your consent at any time with effect for the future at no additional cost, e.g. by email to .
Your data will be stored for this purpose as long as it is required for direct advertising and you have not revoked your consent. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.
Organisational management of your consent
PwC DE also processes your personal data to meet organisational requirements with regard to your marketing consent. This includes, for example, the validation of the email address you provided through a so-called double opt-in process and documenting the status (granting or revoking your consent and validating your email address) in a list jointly maintained by PwC DE for this purpose. The data processed for this purpose includes the contact details you provided when granting consent, your IP address, the individual identifier assigned by our IT systems, as well as the status and time of the granting of your consent.
If you withdraw your consent and/or object to the data processing, PwC DE will no longer use your data for marketing purposes. PwC DE will store the data required for the organisational management of your consent beyond the time of your revocation and/or objection in order to fulfil documentation and verification requirements and to ensure that your data is not processed by PwC DE for marketing purposes in the future (so-called blocking list), unless you provide new consent. PwC DE will delete your data when these organisational purposes cease to apply, which will generally be after a period of three years at the end of the year following the cessation of marketing activity by PwC DE.
Postal address and existing customer marketing
PwC DE will also use the information you provide (in particular your name and address) to send you marketing information by post about other offers or events.
PwC Legal will use your contact details received in connection with the sale of a service (in particular your first and last name, your email address, if applicable the name and address of your company as well as any other details you may have provided) for the purpose of direct marketing of similar services by electronic mail, unless you have objected to such use. You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.
This processing is based on our legitimate interests within the meaning of Art 6 para 1 lit f) GDPR. There is a legitimate economic interest in informing interested parties, customers and clients about further offers and events of our own in order to establish and maintain a long-term customer relationship.
Your data will be stored for this purpose as long as this is necessary for the postal marketing approach and existing customer marketing and you have not effectively objected to the data processing. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.
The following cookie categories are used:
Cookies strictly necessary for the operation of our website (hereinafter “required Cookie”):
These cookies are required for the operation and functionality of the website. They make the website technically accessible, secure and usable and provide essential and basic functionalities, such as navigation on the website, correct display of the website in the internet browser or consent management.
- Provider: www.pwc.de, Name: ppms_privacy, Cookie category: required cookie, Function: Stores the visitor’s consent to data collection and use. Duration: 365 days.
- Provider: www.pwc.de, Name: Salesforce__s9744cdb192d044faa1bf201d29fafd1e, Cookie category: required cookie, Function: Store user preferences (if any). Duration: Closing the browser.
- Provider: www.pwc.de, Name: Salesforcext_0d95e, Cookie category: required cookie, Function: Store user preferences (if any). Duration: Closing the browser.
The analytics cookies enable us to store data in an aggregated form about our website visitors and their experiences on our website. We use this data to fix bugs and improve the experience for all visitors.
- Provider: www.pwc.de, Name: pk_ses.<websiteID>.<domainHash> , Cookie category: Analytics cookie, Function: Indicates an active session of the visitor. If the cookie is not present, the session ended over 30 minutes ago and was counted in a pk_id cookie. Duration: 30 minutes.
- Provider: www.pwc.de, Name: pk_id.<websiteID>.<domainHash> , Cookie category: Analytics cookie, Function: Used to recognise visitors and record their various characteristics. Duration: 13 months.
- Provider: www.pwc.de, Name: piwik_auth, Cookie-Category: Analytics cookie, Function: Stores session information for the user interface (UI) of Piwik PRO. As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is considered to be logged in and a PIWIK_SESSID cookie is updated. Duration: 24 minutes.
- Provider: www.pwc.de, Name: PIWIK_SESSID, Cookie-Category: Analytics cookie, Function: Stores a PHP-Session-ID. Duration: 24 minutes.
- Provider: www.pwc.de, Name: stg_traffic_source_priority, Cookie category: Analytics cookie, Function: Stores the type of traffic source that explains how the visitor arrived at your website. Duration: 30 minutes.
- Provider: www.pwc.de, Name: stg_last_interaction, Cookie-Category: Analytics cookie, Function: Determines whether the session of the last visitor is still running or a new session has started. Duration: 365 days.
- Provider: www.pwc.de, Name: stg_returning_visitor, Cookie-Category: Analytics cookie, Function: Determines whether the visitor has been on your website before – these are returning visitors. Duration: 365 days.
- Provider: www.pwc.de, Name: stg_fired__, Cookie category: Analytics cookie, Function: Determines whether the combination of a tag and a trigger was triggered during the current visitor session. Duration: Closing the browser.
- Provider: www.pwc.de, Name: stg_utm_campaign, Cookie category: Analytics cookie, Function: Stores a name of the campaign that directed the visitor to your website. Duration: Closing the browser.
- Provider: www.pwc.de, Name: stg_pk_campaign , Cookie category: Analytics cookie, Function: Stores a name of the campaign that directed the visitor to your website. Duration: Closing the browser.
- Provider: www.pwc.de, Name: stg_externalReferrer, Cookie category: Analytics cookie, Function: Stores a URL of a web page that referred a visitor to your website. Duration: Closing the browser.
- Provider: www.pwc.de, Name: _stg_opt_out_simulate, Cookie-Category: Analytics cookie, Function: Used to simulate the behaviour of the opt-out snippet in the debugger. It turns off all tracking tags in the tested domain. Duration: 365 days.
- Provider: www.pwc.de, Name: __stg_optout, Cookie category: Analytics cookie, Function: Used to disable all tracking tags in the tested domain. Duration: 365 days.
- Provider: www.pwc.de, Name: stg_global_opt_out (deprecated), Cookie category: Analytics cookie, Function: Used to disable all tracking tags on websites belonging to a Piwik PRO account. Duration: 365 days.
- Provider: www.pwc.de, Name: ppms_webstorage, Cookie category: Analytics cookie, Function: A so-called stringified object that contains information about created cookies for each module. It stores data about each cookie created, such as a key, a value, an expiry date, a path, a domain and more. This is the same data that was used to create a cookie. Duration: A ppms_webstorage item is not automatically removed. However, a visitor can delete it manually. Individual entries in the item are removed after a corresponding cookie has expired.
Your revocation does not affect the lawfulness of the processing carried out until revocation.
Disabling the cookie settings
Most browsers are pre-set to accept cookies automatically. You can object to the creation of cookies by disabling cookies in your browser’s system settings. Please note, however, that some of the cookies are strictly necessary for the operation of our website, otherwise the page cannot be requested and displayed. By disabling cookies, you will not be able to use parts of the website (without restrictions).
In addition, you can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies.
The cookie borlabsCookie stores your chosen preference that you selected when you entered the website. The cookie borlabsCookieUnblockContent stores which (external) media/content you always want to have automatically unblocked. If you want to revoke these settings, simply delete the cookies in your browser. When you re-enter/reload the website, you will be asked again for your cookie preference.
Your current cookie settings:
Links to social media
Our website currently contains links to the following social media providers: Facebook, Twitter, LinkedIn, YouTube, Pinterest and Instagram by means of corresponding social media buttons. In order to prevent any unwanted transfer of your usage data (e.g. address of the currently visited page) to these services, you only then access the services by clicking on the link of these services. On the service page, these social networks may collect usage data and possibly user data. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
Therefore, we inform you according to our current knowledge:
Only when you klick on the links does your browser establish a direct connection with the servers of the aforementioned services. In this way, the information that you have visited our website indirectly (referrer) is forwarded to these services. If you are already logged in to the service with your personal user account while visiting our website, you can usually “share” the document (so-called “sharing”) or leave a comment etc. after clicking on the social media buttons. If you do not wish such data transmission, we advise you not to click on the social media buttons.
The purpose and scope of the data collection by the social services, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of these services.
We have integrated YouTube videos into our online offer, which are stored on https://www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data listed in the passage “Description of the data processing on the website/app and legal basis for the processing” is transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
Integration of SmartMaps
On this website we use the “SmartMaps” service of YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe.
This allows us to show you maps directly on the website and enables you to use the map function conveniently.
In order to be able to show you the maps, SmartMaps uses your IP address when the SmartMaps components are called up by the browser. This is held in the memory of the web server for approx. 5 minutes to prevent DoS attacks, after which it expires and is neither processed nor stored in any other way.
YellowMap AG is therefore a recipient of data. However, YellowMap AG does not process the data for its own purposes, but exclusively on behalf of and on the instructions of PwC. PwC has concluded a data processing agreement with YellowMap AG in accordance with Art 28 GDPR.
Provision of high-quality publications
If you would like to receive high-quality publications available on our website (e.g. study, whitepaper), you shall give us marketing consent in return and we will process the data you provided in connection with the consent (in particular your first name and surname, your e-mail address, the name and address of your company, if applicable, and any other information you provided when giving your consent). We will validate the e-mail address you provide by means of the so-called double opt-in process. Further information on this can be found in the section “organisational management of your consent”.
The data processing for the provision of the respective high-quality publication is based on a contract with you (Art 6 para 1 lit b) GDPR). The subsequent marketing communication is based on your consent (Art 6 para 1 lit a) GDPR). For further information on the processing of your data in the context of marketing communications, please refer to the section “individualised electronic approach by PwC DE”.
Our website contains hyperlinks to websites/services of other providers. When activating these hyperlinks, you will be redirected from our website directly to the website of the other provider. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.