Introduction

This privacy statement was last updated on April 2026.

We are strongly committed to protecting personal data. This privacy statement describes why and how we collect, process and use personal data and provides information about individual’s rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

You have been given access to this Application solely in connection with your role at your organisation (your organisation). You may be a partner, member or employee of your organisation or you may be a contractor engaged by your organisation to provide it with services. Your employment or other agreement with your organisation regarding your role applies to your use of this Application.

Definitions

In this privacy statement we use the following terms:

Application refers to the Social Responsibility Hub.

Personal data or personal information is how we refer to information about you or information that identifies you as “personal data” or “personal information”.

Processing is how we refer to the handling, sharing, processing, protecting or storing of your personal data. We process personal data in this Application for numerous purposes, as set out below.

Definition of “us”, “we” and “our”

As used in this privacy statement, “us”, “we” and “our” refers to the PwC network and/or one or more of its Member Firms that may process your personal information. Each Member Firm in the PwC network is a separate legal entity. See https://www.pwc.com/gx/en/about/office-locations.html for a list of countries and regions in which PwC Member Firms operate.

Processing of personal data

Our policy is to process only the personal data that we need and be transparent about why and how we process personal data.

The personal data processed by us in relation to this Application are:

1. PwC GUID
2. PwC staff member email
3. Client contact/staff name
4. Client contact/staff email ID
5. Information about you when you use this Application, for example, logs of your activities (for example, when you signed in and signed out, when you upload or view a document, or when you post comments); logs and text you post in a comment, or logs showing what information you shared, etc.

You may choose to provide additional information when you use this Application, including any content you contribute.

We do not intend to process special categories of personal information through this Application and no special categories of personal information are required for this Application to operate. Special categories of personal information include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records. We ask that you not provide information of this nature about yourself or anyone else via this Application.

Our legal grounds for processing your personal data

We rely on one or more of the following processing grounds (to the extent permitted by applicable law), or other grounds permitted by applicable law:

1. your free, specific, informed, unconditional and unambiguous consent communicated with a clear affirmative action for identifying, authorising and authenticating users, including for access control purposes;
2. our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);
3. our legitimate interests in developing and improving our businesses, services and offerings and in developing our new technologies and offerings (provided these do not interfere with your rights);
4. our legitimate interests in maintaining the security of our and our client’s data, the quality of our services and maintaining our reputation;
5. to satisfy any requirement of law; or,
6. to perform our obligations under a contractual arrangement with you.

Use of personal data

When you provide personally identifiable information to us, we use it for the purposes for which it was provided to us as stated at the point where the personal data is ingested into the Application. We may also use your data in order to administer and manage the Application or to communicate with you in relation to the Application and get notifications or updates. The Application does not store personally identifiable information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings.

We may use your personal information for any of the purposes described in this privacy statement, as stated at the point of where the personal data is ingested into the Application, including complying with any requirements of law, regulation or a professional body of which we are a member.

As with any provider of professional services, we are subject to legal and regulatory obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Security

We have implemented a generally accepted standard of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Cookies

This Application does not store any cookies.

Transfer of personal data — Cross-border transfers

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located, to the extent permitted by law, including countries outside the European Economic Area (EEA), where applicable.

Other PwC Member Firms

For details of PwC Member Firm locations, please see http://www.pwc.com/gx/en/about/office-locations.html. All PwC member firms are separate legal entities.

We may share personal data with other PwC Member Firms where necessary in connection with the purposes described in this privacy statement, to the extent permitted by law. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing advice to that client.

Third Party Providers

We may transfer or disclose the personal data shared with us, to third party contractors, subcontractors, and/or their subsidiaries and affiliates, to the extent permitted by law. Third parties support the PwC Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

Other disclosures

We may also disclose personal information under the following circumstances:

1. with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
2. when explicitly requested by you;
3. when required to deliver publications or reference materials requested by you;
4. when required to facilitate conferences or events hosted by a third party;
5. to law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. We may also review and use your personal information to determine whether disclosure is required or permitted;
6. when such disclosure or transfer is otherwise permitted by applicable law.

Retention of personal data

To the extent that we process your personal data as a data fiduciary, we shall, unless retention is necessary for compliance with any law for the time being in force, erase personal data upon you withdrawing your consent, or as soon as it is reasonable to assume that the specified purpose is no longer being served, whichever is earlier. Furthermore, you also have the corresponding right to ask for such erasure, unless retention of the same is necessary for the specified purpose or for compliance with any law for the time being in force.

Individuals’ rights and how to exercise them

You may have certain rights under laws of India in relation to the personal information we hold about you. In particular, you may have:

1. The right to access information about your personal data, including a summary of personal data which is being processed and the processing activities undertaken with respect to such personal data;
2. The right to correction, completion, updating and erasure of your personal data for the processing of which you has previously given consent;
3. The right to have your personal data erased by us, in accordance with law;
4. The right to nominate any other individual who shall in the event of your death or incapacity exercise your rights in accordance with law;
5. The right to withdraw consent where we process personal data based on consent, individuals have a right to withdraw consent at any time by application users by clicking here.
6. The right to a readily available means of grievance redressal, please submit your request at in_privacy.in@pwc.com.

Complaints

In the event you have any grievance in relation to the processing of your personal data or your rights, you may reach out to in_privacy.in@pwc.com.

Changes to this privacy statement

This privacy statement was last updated on April 2026.

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

BY CHECKING THE “I HAVE READ AND AGREE TO THE PRIVACY STATEMENT” BOX BELOW, YOU HEREBY PROVIDE YOUR FREE, SPECIFIC, INFORMED, UNCONDITIONAL AND UNAMBIGUOUS CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA AS SET OUT ABOVE.