Data Use Principles

In a world where big data offers unprecedented opportunities for information exploitation, it is crucial to set rules for ethical and responsible data use.

This notice describes the governance framework that PricewaterhouseCoopers, Société cooperative - PricewaterhouseCoopers Assurance, Société cooperative - PricewaterhouseCoopers Tax and Advisory, Société cooperative - PwC Regulated Solutions - PricewaterhouseCoopers Academy S.à r.l. - PricewaterhouseCoopers Training Administration Service Centre S.à r.l. - PwC Services Portugal, LDA (indifferently referred to as “PwC Luxembourg”) have implemented for the purposes of protecting the data of their clients (the “Data”), while developing their services offering or enhancing the performance of their methodologies, systems and service quality.

PwC Luxembourg has adopted an internal Client Data Use policy (the “Policy”) to ensure a trustworthy stewardship of the Data and protect them from an unethical secondary use, i.e. a use that is unrelated to the provision of the service for which the Data has been provided to PwC Luxembourg. The Policy protects our clients and prospects alike.

The Policy is based on 6 core principles:

A secondary use of Data in accordance with the Policy can only be performed with the client’s consent. This consent is usually collected through the engagement letter entered into with the client or through the data collection tool or project’s documentation.

The client can withdraw its consent after providing them with respect to future secondary uses of the data (excluding past or on-going reuse performed in accordance with PwC data use policy).

Please address withdrawn requests to : lu-data-use-consent@pwc.lu

PwC Luxembourg does not authorise the secondary use of Data in violation of the law (especially GDPR), the policy or the contracts entered into with the concerned client. In addition, some Data that PwC Luxembourg assesses as highly sensitive are excluded from secondary use.

As a general rule, PwC Luxembourg does not sell or provide Data to third parties. PwC Luxembourg Risk Management Team may grant exceptions to this general rule subject to specific safeguards.

Cases of secondary use of Data currently authorised within our firm are limited to:

Performance of a new service for the same client;
Benchmarking or statistics;
Development, testing and maintenance of our systems or services.

Data secondary use cases are subject to an assessment and are monitored by the PwC Luxembourg Data Governance Unit and subject to the final approval of PwC Luxembourg Risk Management Team.

The purpose of the secondary use case and its legitimacy are assessed during the governance process.

In case of authorised secondary use, confidentiality of Data is protected. Only teams that are rendering a service to a client or work on a project may access the raw Data of said client. In other cases of authorised secondary use of Data, Data are de-identified and/or aggregated.

The Policy defines a Data Owner, who is accountable for the use of the Data. He/she is accountable for safeguarding the confidentiality, integrity, availability, reliability, traceability and ultimately the disposal of Data.

Contact us

Philippe Delcambre

Data Strategy & Governance Expert, PwC Luxembourg

Tel: +352 621 334 451

David Buisson

Chief Data Officer - Managing Director, PwC Luxembourg

Tel: +352 621 336 150

Olivier Carré

Deputy Managing Partner, Technology & Transformation Leader, PwC Luxembourg

Tel: +352 49 48 48 4174

© 2018 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.