General Data Protection Policy for PwC Digital Valuation

General data protection information in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)

1. Data protection information in accordance with Art. 13, 14 EU Basic Data Protection Regulation GDPR

The following data protection information is intended to explain to you in a comprehensible, transparent and clear manner how we process your personal data. If you still have questions about data protection at PwC, you are welcome to contact our data protection officer and contact him at DE_Datenschutz@pwc.com or the other contact details given below.

2. Responsible Person

The responsible Person within the meaning of Article 4 (7) EU General Data Protection Regulation (GDPR) which is responsible for the processing of your personal data is:

PricewaterhouseCoopers Corporate Finance Beratung GmbH
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main
E-Mail: DE_Kontakt@pwc.com
Telefonzentrale: +49 69 9585-0
Fax: +49 69 9585-1000

3. Data Protection Officer

PwC has appointed a data protection officer accordance with Article 37 GDPR. You can contact PwC's data protection officer, Dr Tobias Gräber, via the following channels:

e-mail: DE_Datenschutz@pwc.com

Phone: +49 69 9585-0

Address for postal contact:

PricewaterhouseCoopers Corporate Finance Beratung GmbH
Dr. Tobias Gräber, Data Protection Officer
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main

4. Rights of data subjects/your rights under data protection law

You have the following rights in relation to PwC under applicable data protection law with regard to personal data relating to you.

Right to information: You may request information from PwC at any time as to whether PwC has stored your personal data and which personal data it has stored. PwC provides this information to you free of charge. The right to information does not apply or is subject to limitations if and to the extent that confidential information would be disclosed, e.g.  information that is subject to professional secrecy.

Right to rectification: If your personal data which is stored by PwC is incorrect or incomplete, you have the right to request that PwC correct this data at any time. 

Right to deletion: You have the right to request that PwC delete your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the data is processed on the basis of your consent, and you have withdrawn your consent. In such cases, PwC must cease processing your personal data and remove that data from its IT systems and databases.

You do not have a right of deletion if

  • the data may not be deleted due to a legal obligation or must be processed due to a legal obligation
  • the data processing is necessary for the establishment, exercise or defense of legal claims.

Right to restriction of processing: You have the right to request that PwC restrict the processing of your personal data.

Right to data portability: You have the right to request from PwC the data provided by you in a structured, commonly used, machine-readable format as well as the right to have these data transmitted to a different party. This right exists only if

  • you have made this data available to us on the basis of consent or an agreement entered into with you;
  • the processing is carried out by automated means.

Right to object to processing: If your data is processed by PwC on the basis of Article 6 (1) (f) GDPR, you may object at any time to processing by PwC.

You may assert any and all the rights of data subjects described above against PwC by addressing your specific requests via email: DE_Datenschutz@pwc.com

5. Complaint to a data protection authority

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.

Information on specific data processing on websites and apps pursuant to Art. 13, 14 GDPR.

6. Description of the data processing on the website/application and legal basis for processing 

When you visit our website, we collect the data that is technically necessary to display that website to you. This involves personal data, which is transmitted automatically by your browser to our server, including:

  • IP address
  • Website requesting access
  • Browser (information about the browser you use)
  • Operating system and its interface (operating system of the computer you used to access the website or the application)
  • Language and version of the browser software
  • Date and time of your request/website (application) access

Processing of such personal data is carried out on the basis of Article 6 (1) (f) GDPR. The website cannot be accessed and offered to users without using such data; there is a legitimate interest in making it technically possible to access and use the website. The log file information is stored for 90 days and is then deleted.

7. Contact forms and contact details via e-mail

7.1 Website Contact Form

We offer a contact form on our website so that you can contact us with any queries you may have about PwC, our website or other matters. You can also contact us by e-mail.

When you contact us using the contact form or by e-mail, the information you provide (in particular your e-mail address, your first and last name and the text of your inquiry, as well as any other information you may have provided in the contact form or by e-mail) will be stored by us in order to process your inquiry and answer your questions.

The data processing is acc. Article 6 (1) (f) GDPR justified. We have an interest in contacting you via the website upon your request. If your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Article 6 (1) (b) GDPR is legal basis for data processing.

We will delete the data generated by your inquiry / contact as soon as it is no longer required for processing your inquiry. Insofar as there are statutory retention requirements, the data will be stored for the duration of the legally prescribed retention requirements.

The use of the contact form is completely voluntary and is not a prerequisite for using the website.

7.2 Venture Deals Investor & Startup Matching

Via our website, we offer the opportunity to express interest in networking with startups or with investors (matchmaking contact form). For this purpose, we collect the data requested in the registration process in order to be able to determine the matching partner for you. If we find a suitable matching partner (startup or investor) based on your input, we will contact you by email and discuss the next steps and possible contractual cooperation with you. The data collected will only be used internally by PwC and will not be passed on to third parties.

The data processing for the matchmaking request takes place based on your consent, which according to Article 6 (1) (a) GDPR constitutes permission. You can revoke your consent at any time without additional costs with effect for the future by sending an informal email to de_evaluation_support@pwc.com with the subject: Revocation of Venture Deals Matchmaking.

The data arising from your matchmaking request will be deleted by us as soon as it is no longer required to process your request but will not be stored for longer than two years. Insofar as there are statutory retention requirements, the data will be stored for the duration of the legally prescribed retention requirements.

The use of the matchmaking form is completely voluntary for you and is not a prerequisite for using the website.

8. Digital Valuation Registration and Login  

The access and use of our website are generally possible without registration or logging in. However, some functions of the website can only be used after registration, in particular the use of the online platform Digital Valuation which you use calculate the value of a company according to various valuation methods, as well as the calculation of selected financial indicators for a limited benchmark analysis as well as a PDF download function.

In order to ensure the security of your user account and your data, we use a so-called two-factor authentication, in which a confirmation code is sent to a trusted telephone number to be named by you by means of a text message or an automatic call each time you log in to your user account. 

During the registration process, the following data is collected for the creation of a user account. 

  1. E-mail address
  2. Telephone (required due to two-factor authentication)
  3. First name, last name
  4. Additional contact telephone number (optional)
  5. Company, commercial register number
  6. Address

The processing of the data in the fields marked as mandatory is permitted to us according to Art. 6 para. 1 lit. b) DSGVO, because we need this information to enable you to use the tool. All other information that you can provide voluntarily serves to facilitate the initiation and processing of the contract. The legal basis for this is our legitimate interest, Art 6 (1) f) DSGVO. Your data will be deleted three months after the last use of the tool or two years after the expiration of a Digital Valuation subscription. Insofar as legal retention obligations exist, the data will be stored for the duration of the legally prescribed retention obligation. 

9. Use of cookies

We use so-called cookies on our website. Cookies are small text files with configuration information that are sent from our web servers to your browser when you visit our website and are held by your browser for later retrieval.

With the help of cookies, our website can retrieve or save information from your browser. This can be information about you, your settings, or your device. They are mostly used to ensure that the website functions as expected. Usually this information does not identify you directly. But they can give you a more personalized web experience.

We use so-called session cookies (also called temporary or transient cookies) on our website. These session cookies are only saved for the duration of your use of our website. The session cookies we use are used exclusively to identify you as long as you are logged in to our website. The session cookies are deleted after each session has ended. The session cookies are not used beyond this.

These cookies are absolutely necessary for our website to function and cannot be deactivated in our systems. As a rule, these cookies are only set in response to actions you have taken that correspond to a service request, such as setting your data protection settings, logging in or the Filling in forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website may not work.

These session cookies are used on the basis of Article 6 (1) (f) GDPR. Without the use of these cookies, it is technically impossible for us to offer the website or for you to access and use the website.

Information on cookies with a validity period of “browser session” can be found in the following cookie information. 

Microsoft Azure Active Directory B2C authentication cookies:

- x-ms-cpim-sso: Used for maintaining the single sign on (SSO) session.

- x-ms-gateway-slice: Login gateway.

- x-ms-cpim-csrf: Cross-site request forgery (CSRF) token used for security protection.

- stsservicecookie: Security token server (STS) cookie.

 Also check the authentication provider's documentation here:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory-b2c/cookie-definitions

Digital Valuation application cookies:

- .AspNet.Cookies: Persist the user's identity, expires after 20 minutes.

- ARRAffinity: Stick to a certain instance of web app in Azure.

- __RequestVerificationToken: Anti forgery security token to help prevent cross-site request forgery attacks.

- loggedIn: Transient authentication status.

Persistent cookies (persistent cookies)

We also use cookies on our website that enable us to recognize your browser the next time you visit and to offer you an improved user experience.

These cookies are automatically deleted after a specified period, which can differ depending on the cookie. The cookies remain stored on your device until the period of validity of the cookies has expired or you delete them.

We use the following persistent cookies:

- language: use the last selected language when revisiting the website