1. Introduction

PwC (hereafter referred to as “we”) is strongly committed to protecting your personal information. This Statement relates only to Mobile Office Platform. It does not relate to other technologies, products, services or sites of PwC Network Member Firms or any other party.

This Statement describes why and how we collect and process your personal information through this Site/Application and provide information about your rights in relation to your personal information. This Statement also applies to personal information (including other individuals’) you provide to us through this Site/Application.

We only collect what we need and is transparent about why and how we process personal information. We may use the personal information provided in connection with this Site/Application for any of the purposes described in this Statement or as otherwise stated at the point of collection.

You are visiting this Site/Application as you are one of the following:

Event registrants, administrators and participants

Event speakers/instructors

Individuals having Employment, and / or had a contractual relationship with PwC

PwC client’s employees or authorized users

2. Personal Information Handler

“Personal information handler”, "PwC", or "we" mentioned in this Privacy Statement refers to one of the PwC Member Firms (see definition below) operating in Chinese Mainland China, Hong Kong Special Administrative Region, and Macau Special Administrative Region which may determines the purposes and means of processing your personal information. For a detailed list and contact information of such firms, please refer to: https://www.pwccn.com/en/about-us/office-locations.html

Please contact us using the details below if you have any questions about this Statement before providing us any personal information.

Mobile Office Platform Team: mobile.office.platform@cn.pwc.com

3. Definitions

In this Statement, we use the following terms:

“This Site / Application” refers to Mobile Office Platform that serves as a centralized solution enabling Sign-in functions, My check-in records and My Events. Users can also access other authorised features (including miniapps/workspace) via this Platform. Data in this Platform are hosted in the encrypted hosting environment within Mainland China provided by third-party cloud service.

“Personal information” or “personal data” refers to various information related to an identified or identifiable natural person recorded electronically or by other means but does not include anonymized information. “Anonymization" refers to irreversible technical process that makes personal information subjects unidentifiable or unassociated.

“Personal information subjects” refers to natural person identified by or associated with personal information.

“Personal information handler” refers to an organization or individual that autonomously determines the purposes and means of personal information processing. This is equivalent to the definition of “Data User” under Personal Data (Privacy) Ordinance (Cap, 486) applicable to HKSAR and “Data Controller” under EU General Data Protection Regulation (“GDPR”).

“Processing of personal information” refers to processing of personal information includes, without limitation, the collection, storage, use, processing, transmission, provision, disclosure, and deletion of personal information. Processing under GDPR means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, transferring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“PwC Member Firms” means an entity or partnership within the worldwide PwC network, each of which is a separate and independent legal entity. For a list of PwC Member Firms, please see details at https://www.pwc.com/gx/en/about/corporate-governance/legal-entities.html

“Sensitive personal information” refers to personal information that once leaked or illegally used, may easily lead to the infringement of the personal dignity of a natural person or may endanger his personal safety or property, including information such as biometrics, religious belief, specific identity, medical health status, financial accounts, and the person’s whereabouts, as well as the personal information of a minor under the age of 14 years.

4. Collection of personal information

We may process your personal information for use of this Site / Application. We may collect your personal information either directly from you or the organization contracted with PwC (e.g., your employer or authorized organization) authorizing you the use of this Site/Application.

The personal information we collect includes:

(a) Necessary personal information

For you to use this Site/Application, you will need to provide us or allow us to collect the following information:

Basic Business Function(s) and Purpose(s) of Processing	Means of Processing	Necessary Personal Information
Recording the identity of the user and login date and time of users to this Site/Application	Internal user inputs personal name or work email address and Windows password to log in External user inputs personal name or email address, and a pre-set password to log in	User personal name Email Password Login date & time
Avoid fraudulent sign-in records	When user interacts with the system	Clicking history IP address Device identification number

(b) Additional personal information

In order for you to use or for us to deliver the extended business function(s), the following additional personal information will need to be collected:

Extended Business Function(s) and Purpose(s) of Processing	Means of Processing	Additional Personal Information
System security monitoring	When user interacts with the system	IP address Device identification number
Business functions: check-in function and my check-in records Purpose of processing: Support check-in management of activities participated by users	When users use this Site / Application to check in, this Site / Application will generate check-in records in other event management platforms through encrypted APIs When users can view previous records in "My Check-in Records", the record data is instantly retrieved from other event management platforms and displayed on this Site / Application interface This Site / Application does not generate or store personal information related to check-ins	The operation command related to event check-in
Business functions: Messaging between users Purpose of processing: Facilitate user communication	Users can leave messages to other participants (only in the same event) if the business function is enabled	Communication record
Business functions: Comments for internal posts Purpose of processing: Facilitate user communication	Internal users can leave comments under internal posts, only accessible by internal authorized users	Comments
Business functions: Activity feeds Purpose of processing: Facilitate user communication	Users can share activity feeds and leave comments with other participants (only for the same event) only if the business function is enabled	Photo or comments
Business function: User login authentication using biometric recognition Purpose of processing: To enhance the security and convenience of user login	Occurs only when the user actively enables biometric permissions The collection, storage, and comparison of user biometric information are performed within the mobile device and its system. This application only accepts operation commands issued by the mobile device. As the biometric information is managed by your device, the accuracy, security, and availability of this data are the responsibility of relevant operator of your device	The recognition results issued by the mobile device (excluding personal biometric information) Note: Please enable the biometric function only on your own device. If there are biometric details of others already stored on the device, please disable or remove them promptly; otherwise, others may log in or operate your account. If you have any concerns, you can disable this function at any time in this application (Profile -> Biometric Setting. Disabling biometric recognition will not affect your ability to continue logging in and using this application

Failure to provide us with such additional personal information will not negatively affect your use of the basic business function of this Site/ Application.

By using this Site/Application and providing the above personal information to us, you confirm that you have read this Privacy Statement, and explicitly consent to the processing of personal information by us and any third-party recipients as set out in the Privacy Statement. We may rely on other legal grounds of processing to the extent permitted under applicable law.

(c) Personal information of other individuals

Purpose(s) of Processing	Means of Processing	Personal Information of other individuals
In Activity Feeds, messaging, and internal posts, users can leave messages or upload information to enhance communication between users	Event photos can be accessed by other participants (only for the same event) on the event Activity Feeds (this feature is only available to users when the event requires relevant modules) • Event participants can leave messages to other participants of the same event (this feature is only available to users when the event requires relevant modules) • Internal users can leave messages under internal posts, only accessible by internal authorized users	When users upload event photos, leave messages to participants of the same event, or leave messages under internal posts, they may contain other individuals' personal information (Remarks: the specific types of personal information depend on the content uploaded and left by users. At the same time, users uploading and leaving comments should comply with applicable laws and regulations and the relevant management requirements published/disclosed by this Site / Application under such circumstances.)

If you are providing personal information of other individuals, please make sure that:

(i) the personal information is from a legitimate and lawful source.

(ii) the other individuals are aware of the categories of personal information and purpose(s) for collecting his/her personal information and all other relevant arrangement described in this Statement relating to the processing of personal information, and that he/she has consented to disclosure of personal information for processing by us.

We may contact you to inquire and confirm with you in relation to (i) and (ii) above. If you receive such an enquiry from us, please kindly assist and provide us with prompt response. We may have to discontinue your use of this Site / Application if we are unable to obtain the verification needed.

5. Use of personal information

We use your provided personal information to provide you with our products or services, to communicate with you, to maintain the security of this Site/ Application, and to comply with applicable law. We use your provided personal information only when we have a legal basis to do so, including your prior consent where necessary.

We may also use the personal information collected above for directly or reasonably related to the following purposes:

• To provide the services requested by you or your organization
• To update users’ event participation status
• To provide you or your organization with use of this Site/Application
• To communicate with you
• To maintain the security of this Site / Application
• Authenticating the identity of users, authorising access to this Site/ Application (including preventing unauthorized access) and for other security-related purposes, including system security monitoring.
• To operate, administer, manage and improve this Site/Application
• Administering this Site/Application, troubleshooting issues and identifying areas of improvement.
• To maintain our administrative or client relationship management systems
• Where you are a business contact of ours, we may include your business contact details on our administrative or client relationship management systems (which may be located in secure data centres around the world), contact you in relation to the products or services and we may send you other material relevant to your interests (provided we have appropriate permission from you to do this, as required by laws).
• To analyse how this Site/Application and associated services perform
• We may analyse how this Site/Application and associated services perform by reviewing the user data we capture.
• To enhance our user experience
• To comply with applicable law and regulation.

6. Third-party links/SDK

This application may link to third-party sites via Links/SDK which are not controlled by us and which do not operate under our privacy practices. When you access to third-party sites, our privacy practices no longer apply, and the third-party site provider is responsible for the personal information collected from you. We encourage you to review each third-party site's privacy policy before disclosing any personal information.

Third party company name and contact	Third party product/services name	Third party processing scenario	Personal information types shared to the third party	Purpose to share personal information to the third party	Method to share personal information to the third party	Third party privacy statement link
数字天堂（北京）网络技术有限公司 bd@dcloud.io	UniSDK	One-Click Login	Network identity information: personal information subject account (username, email address)	Implement the ability to run mini-programs within the Mobile Office application.	SDK Native Data Collection	https://dcloud.io/license/DCloud.html
Rocket.Chat, Inc. support@rocket.chat	Rocket.chat	Push Messaging	Network identity information: personal information subject account (user ID/staff ID, email address)	Implement the ability to send messages to a specific user's Mobile Office application.	Backend Interface Transmission (Encrypted)	https://docs.rocket.chat/docs/privacy-policy
Google LLC https://firebase.google.cn	Firebase Notification	Push Notification	Personal device information: Unique Device Identifier (Registration Token)	Implement the ability to push messages to a specific user's registered device.	Backend Interface Transmission (Encrypted)	https://policies.google.com/privacy
Apple Inc. https://idmsa.apple.com/	Apple Push Notification	Push Notification	Personal device information: Unique Device Identifier (Registration Token)	Implement the ability to push messages to a specific user's registered device.	Backend Interface Transmission (Encrypted)	https://www.apple.com/privacy/
Countly Ltd. https://countly.com	Countly	Statistical Analysis and Application Security	Personal browsing records: Records of user activities within the Mobile Office app (excluding those within mini-programs), which are software usage and click records. The personal browsing records are collected as statistical data and do not contain personal identifiers.	By analyzing users' aggregated behavior records, we can gain insights into user business module needs, identify which modules need optimization, and ensure the application's security.	Backend Interface Transmission (Encrypted)	https://countly.com/legal/privacy-policy

7. Our legal grounds for processing personal information

Applicable laws may require us to set out in this Statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

(i) With your prior consent;

(ii) It is necessary for us to conclude or perform a contract with you;

(iii) It is necessary for us to perform the statutory duties or statutory obligations;

(iv) It is necessary for us to respond to a public health emergency or to protect the life, health and property safety of any individual;

(v) Such acts as news reporting and supervision by public opinions are carried out for the public interest, and the processing of personal information is within a reasonable scope;

(vi) it is necessary to process the personal information disclosed by you or other personal information that has been legally disclosed within a reasonable scope in accordance with the laws;

(vii) Other circumstances prescribed by laws and administrative regulations.

The processing of personal information should be subject to your consent in accordance with relevant laws, however, your consent is not required under the circumstances set forth in Items (ii) to (vii) of the preceding paragraph.

8. Sharing of personal information

Your personal information may be transferred to, shared with, processed by and stored with other organizations or individuals. In regard of the sharing of your personal information, we will seek your separate consent to the extent required by law.

We will share your personal information with the following classes of transferees/categories of recipients for the purposes as described in this Statement:

(a) Recipients of personal information: other PwC Network Member Firms

We may share your personal information with other PwC Network Member Firms where necessary in connection with the purposes described in this Statement. For example, when providing products or services to a client we may share personal information with PwC Network Member Firms in different territories that are involved in providing products or services to that client.

(b) Recipients of personal information: third-party providers

We may share or disclose the personal information we collect to third-party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the PwC Network in providing its products or services and help provide, run and manage IT systems. Examples of third-party contractors we use include providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure may be located in secure data centres around the world, and personal information may be stored in any one of them.

It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality and process personal information only as instructed by PwC pursuant to the contract between PwC and such third-party providers. Subject to the foregoing, third party providers may also use their respective subsidiaries and affiliates, and their own third-party subcontractors that have access to personal information (sub-processors) to meet purposes of disclosure and/or transfer.

(c) Other recipients of personal information

We may also share your personal information under the following circumstances to the extent permitted under applicable laws:

• with professional advisers, for example, auditors and law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our businesses. Personal information may be shared with these advisers as necessary in connection with the products or services they have been engaged to provide;
• when explicitly requested by you;
• when required to deliver publications or reference materials requested by you;
• when PwC is involved in a merger, acquisition, or sale of all or a portion of its assets (provided the recipient agrees to be bound by the terms of this Statement);
• with law enforcement or other government and regulatory agencies or with other third parties as required by, and in accordance with, applicable law and regulation; and/or occasionally, we may receive requests from third parties with authority to obtain disclosure of personal information, such as to check that we are complying with applicable laws and regulations, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal information where we are permitted to do so in accordance with applicable laws and regulations. This includes disclosures outside the country or region where you are located.

9. International transfers of personal information

As PwC is a global network with member firms and third-party service providers located around the world. Your personal information may be transmitted and/or stored outside the country or region where you are located when we (as a PwC Network Member Firm) provide products or services to you. PwC Network Member Firms, our service providers and sub-processors they engage may use servers and other resources in various countries and territories to process your information.

Since we provide products or services through resources and servers all over the world, this means that after obtaining your separate authorized consent, your personal information may be transferred outside of the country where you use the Site/ Application to the extent permitted by laws.

For personal information collected from Chinese Mainland:

In principle, the personal information we collect and generate in Chinese Mainland will be stored within the Chinese Mainland. With your consent, your personal information might be transmitted to or accessed from a jurisdiction outside of where you are located. Under such circumstances, we will ensure that your personal information will enjoy the same level of protection as it does in Chinese Mainland.

We will satisfy the applicable condition(s) for cross border transfer (if any) required by applicable law.

We will enter contract or other legally effective documents with the recipients of personal information or implement other measures as required by laws of the People’s Republic of China to ensure that your personal information is adequately protected. For example, we will ask for your separate consent to transfer personal information across borders, implement appropriate security measures before cross-border data transfer, conduct personal information protection impact assessment and obtain the approval of competent authorities, where applicable.

10. Security of personal information

We adhere to internationally recognised standards of technology and operational security to protect personal information from loss, misuse, alteration and destruction. Only authorised persons are provided access to personal information collected via this Site/Application. These individuals have agreed to maintain the confidentiality of such information. We have a framework of policies and procedures in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the personal information we hold secure.

Although we use appropriate security measures once we have received your personal information, the transmission of personal information over the Internet (including by email) is never completely secure. We endeavor to protect personal information, but we cannot guarantee the security of information transmitted electronically over the Internet.

Where a personal information security incident arises, we shall respond to the incident, assess the likely impact of the incident, and take necessary actions to bring the incident under control. Where necessary, we will report to the appropriate authority and notify you of the incident as may be required under applicable laws and regulations.

11. Cookies

When you use this Site/Application, we may collect information about you and your use of the relevant Site/Application, including through cookies and analytics tools. Cookies may be placed on your computer or device whenever you visit the Site/Application. Cookies are small text placed on your device that assist us in providing a more customized experience by analyzing your use of this Site/Application.

If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, you can refuse cookies, however some functionality may be impaired.

You can always delete cookies if you wish via your application setting.

12. Retention of personal information

It is our policy not to retain personal information longer than is necessary for the fulfilment of the purposes for which the information is to be used. We will retain personal information on our systems for as long as we need it, given the purposes for which it was collected, or as required to do so by applicable laws. Personal information may be held for longer periods where extended retention is agreed or are required by laws, regulations or professional standards and to establish, exercise or defend our legal rights. If the period necessary for the fulfilment of the purposes for which the information is to be used, agreed retention period, or legal retention period expires, we will erase the relevant personal information according to law; if it is difficult to erase personal information technically, we will cease the processing of personal information other than storing and taking necessary security protection measures for such information.

13. Children

We are committed to protecting children’s privacy. This Site/Application is not intentionally designed for or directed at children (i.e., minor under age of 14; “children” refers to the same group hereinafter), and we do not knowingly collect or store personal information about children. In the case of collecting personal information of a children in Chinese Mainland, we will only use or publicly disclose such information if we have obtained explicit consent of their parent or guardian. We will protect the confidentiality and security of their personal information in accordance with relevant applicable laws and regulations.

14. Your rights in relation to your personal information

You may have certain rights under applicable laws and regulations in relation to the personal information we hold about you, including:

(a) Right to know and the right to decide on the processing of their personal information

(b) Right to restrict or refuse the processing of their personal information by others (except as otherwise provided by any law or administrative regulation)

(c) Right to access your personal information

You have the right to consult and duplicate their personal information from us and request us to provide to you:

(i) a description of the type of personal information we hold about you, including a general account of its use;

(ii) the source of the above-mentioned personal information, as well as the purpose for which it is used;

(iii) what personal information has been made available to third parties, and the identity or type of any third party who has obtained the above mentioned personal information; and

(iv) you may also request a copy of certain categories of personal information

(d) Right to data portability

Where you request the transfer of your personal information which we have obtained to your designated personal information processor, we or third parties instructed by us would provide channels for such transfer if the conditions specified by the national cyberspace administration are met.

(e) Right not to subject automated decision making

Where a decision that has a major impact on your rights and interests is made by means of automated decision-making (if any), you have the right to request us to make explanations and to refuse to accept that we make decisions solely by means of automated decision-making.

(f) Right to request personal information processors to explain their personal information processing rules

(g) Right to request deletion of your personal information

Your right to request us to erase your personal information if:

(i) the processing purpose has been achieved or cannot be achieved, or it is no longer necessary to achieve the processing purpose;

(ii) the retention period described in Section 12 of this Statement has expired;

(iii) you withdraw consent; or

(iv) we collect or process personal information in violation of any law or administrative regulation or the agreement.

In such circumstances, if we receive your request to delete your personal information, we will also notify third parties whom we have transferred your personal information to delete personal information they hold about you. However, where the retention period provided by any law or administrative regulation has not expired, or it is difficult to realize the deletion of personal information technically, we would just cease the processing of personal information other than storing and taking necessary security protection measures for such information.

(h) Right to update/correct your personal information which is inaccurate or incomplete

Under certain circumstances permitted by applicable laws and regulations, we may refuse to accede to your requests above. In such circumstances, we will promptly notify you of the reasons for refusing to accede to your requests. We may charge a fee for your request to access your information, if permitted by applicable laws and regulations.

For security purposes, you may be required to provide written requests or prove your identification in other ways.

When requested, and provided that it is practical and commercially feasible to comply with the request, we will respond to your request after we have verified your identity:

within 15 working days for personal information collected from Chinese Mainland; or such a time frame as prescribed under other applicable laws.

15. Deactivation of your account

Users of this Site/Application may request their account be deactivated at any time by sending their request to mobile.office.platform@cn.pwc.com. We will respond to your request within the time required under applicable laws.

16. Our Contacts

If you wish to submit a request to exercise your rights, under applicable privacy law, or have questions about how your information is handled at any time, or to make complaints, please send your request to our Privacy Team https://www.pwccn.com/en/privacy-team-contact-form.html
or https://www.pwchk.com/en/privacy-team-contact-form.html

Should you have any concerns with any matter in respect of this Statement, you may also approach members of the PwC team who is providing you or your organization with access to this Site/Application to discuss.

Any unresolved dispute arising from or in connection with this Statement shall be resolved in accordance with the agreement (if applicable) between you/your organization and the PwC firm responsible for providing you with access to this Site/Application.

17.Transfer of business

We reserve the right to transfer all data in its possession to a successor-in-interest to its business or assets in accordance with applicable law and regulation.

18. Changes to this Statement

We may update this Statement from time to time to comply with applicable laws and regulations or other legitimate purposes. We may also separately advise you about the changes. Subject to obtaining your explicit consent as may be required by applicable laws, the new modified Privacy Statement will apply from that revision date. Therefore, we encourage you to review this Statement periodically to be informed about how we are protecting your information.