Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The use of cookies is now standard for most websites. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site.

Types of cookies:

• Session' cookies remain in your browser during your browser session only, i.e. until you leave the website.
• 'Persistent' cookies remain in your browser after the session, unless you delete them.
• 'Performance' cookies collect information about your use of the website, such as webpages visited and any error messages; they do not collect personally identifiable information, and the information collected is aggregated such that it is anonymous. Performance cookies are used to improve how a website works.
• 'Functionality' cookies allow the website to remember any choices you make about the website (such as changes to text size, customized pages) or enable services such as commenting on a blog.

Use of cookies by PwC:

The following table explains the way in which we use cookies on this website.

Cookies	Name	Purpose	Type	Duration
Application	.AspNetCore.Antiforgery.7QbaV4wKyzE	ASP.NET Core generates an antiforgery token for each user session. This token is typically included in a cookie and a hidden form field or request header.	Necessary Cookies	Entire Session
Application	.AspNetCore.Session	General purpose platform session cookie, used by sites written with Microsoft .NET based technologies. Usually used to maintain an anonymised user session by the server.	Necessary Cookies	Entire Session
Application	__PwCPillarSolutionToken	This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.	Necessary Cookies	Entire Session
Firewall	incap_ses_*	Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking HTTP requests to a certain session (AKA visit). Re-opening the browser and accessing same site are registered as different visits. In order to maintain existing sessions (ie, session cookie)	Necessary Cookies	Entire Session
Firewall	incap_ses_740_3112386	Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking HTTP requests to a certain session (AKA visit). Re-opening the browser and accessing same site are registered as different visits. In order to maintain existing sessions (ie, session cookie)	Necessary Cookies	Entire Session
Loadbalancer	nlbi_3112386	The "nlbi_*" cookie is used for maintaining sessions on investor relations pages.	Necessary Cookies	Entire Session
WAF	visid_incap_3112386	Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula. The only cookie that is persistent for the duration of 12 months	Necessary Cookies	1 Year

This privacy statement was last updated on 12 September 2024.

Introduction

PwC is strongly committed to protecting personal data. This privacy statement describes why and how we collect, process and use personal data and provides information about individual’s rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves and by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

You have been given access to this Application solely in connection with your role at your organization (your organization). You may be a partner, member or employee of your organization or you may be a contractor engaged by your organization to provide it with services. Your employment or other agreement with your organization regarding your role applies to your use of this Application.

By using this Application and providing personal information to us, you acknowledge you have read this privacy statement.

Definitions

In this privacy statement we use the following terms:

Application refers to the Navigate Pillar Two Data.

Personal data or personal information is how we refer to information about you or information that identifies you as “personal data” or “personal information”.

Processing is how we sometimes refer to the handling, sharing, processing, protecting or storing of your personal data. We process personal data in this Application for numerous purposes, as set out below.

Definition of “us”, “we” and “our”

As used in this privacy statement, “us”, “we” and “our” refers to the PwC network and/or one or more of its Member Firms that may process your personal information. Each Member Firm in the PwC network is a separate legal entity. See http:https://www.pwc.com/gx/en/about/office-locations.html for a list of countries and regions in which PwC Member Firms operate.

Processing of personal data

Our policy is to process only the personal data that we need and be transparent about why and how we process personal data.

The categories of personal data processed by us in relation to this Application are generally:

• Name
• Email Address

PwC may also process information about you when you use this Application, for example, logs of your activities on (for example, when you signed in and signed out, when upload or view a document, or when you post comments); logs and text you post in a comment, or logs showing what information you shared, etc.

You may choose to provide additional information when you use this Application, including any content you contribute.

We do not intend to process special categories of personal information through this Application and no special categories personal information is required for this Application to operate. Special categories of personal information include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records. We ask that you not provide information of this nature about yourself or anyone else via this Application.

Our legal grounds for processing your personal data

We rely on one or more of the following processing conditions:

• our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organization (provided these do not interfere with your rights);
• our legitimate interests in developing and improving our businesses, services and offerings and in developing new PwC technologies and offerings (provided these do not interfere with your rights);
• our legitimate interests in maintaining the security of our and our client’s personal data, the quality of our services and maintaining our reputation.
• to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
• to perform our obligations under a contractual arrangement with you; or
• where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose.

Use of personal data

When you provide personally identifiable information to us, we use it for the purposes for which it was provided to us as stated at the point where the personal data is ingested into the Application (or as obvious from the context provided at such point). We may also use your data in order to administer and manage the Application or to communicate with you in relation to the Application and get notifications or updates. The Application does not store personally identifiable information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings.

We may use your personal information for any of the purposes described in this privacy statement, as stated at the point of where the personal data is ingested into the Application, or as obvious from the context of provided at such point, including complying with any requirements of law, regulation, or a professional body of which we are a member.

As with any provider of professional services, we are subject to legal, regulatory, and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Security

We have implemented generally accepted standard of technology and operational security in order to protect personal information from loss, misuse, alteration, or destruction. Only authorized persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information. Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Cookies

This Application store certain cookies and the information is given in cookie statement.

Transfer of personal data

Cross-border transfers

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located.

Other PwC Member Firms

For details of PwC Member Firm locations, please see http://www.pwc.com/gx/en/about/office-locations.html.

We may share personal data with other PwC Member Firms where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with PwC Member Firms in different territories that are involved in providing advice to that client.

Third Party Providers

We may transfer or disclose the personal data shared with us, to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support PwC in providing its services and help provide, run, and manage IT systems. Examples of third-party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security, and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them.

The third-party providers may use their own third-party subcontractors that have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by PwC, and to flow those same obligations down to their sub-processors.

Other disclosures

We may share personal data with other PwC member firms (each being separate and distinct legal entity) where necessary in connection with the purposes described in this privacy statement.

We may also disclose personal information under the following circumstances:

• with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide.
• when explicitly requested by you.
• when required to deliver publications or reference materials requested by you.
• when required to facilitate conferences or events hosted by a third party.
• To law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. PwC may also review and use your personal information to determine whether disclosure is required or permitted.

Retention of personal data

We retain personal data processed by us for as long as is necessary for the purpose for which it was shared with us. Personal data may be held longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Individuals’ rights and how to exercise them

You may have certain rights under laws of India in relation to the personal information we hold about you. In particular, you may have a legal right to:

• obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data
• the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
• The right to delete your personal data in the following cases:
  • the personal data is no longer necessary in relation to the purposes for which they were shared with us and processed.
  • our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing.
  • our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing, and we do not have overriding legitimate grounds.
  • you object to processing for direct marketing purposes.
  • your personal data has been unlawfully processed; or
  • your personal data must be erased to comply with a legal obligation to which we are subject.
• The right to restrict personal data processing in the following cases:
  • for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data.
  • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
  • your personal data are no longer necessary in relation to the purposes for which they were shared with us and processed but the personal data is required by you to establish, exercise or defend legal claims; or
  • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
• The right to object to the processing of your personal data in the following cases:
  • our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
  • our processing is for direct marketing purposes.
• The right to data portability
  • The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
• The right to withdraw consent
  • Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).

Complaints

If you have any questions or complaints about this privacy statement or the way your personal information is processed, or would like to exercise one of your rights set out above, please get in touch with us by clicking on the below link and submitting a request in this regard:

https://privacyportal-eu.onetrust.com/webform/f13f2198-97ab-4c25-a5cd-0fca8ada2e21/b4e47c5a-ca49-419b-85de-0e1f7f6457eb

You may also have the right under applicable law to lodge a complaint with your local data protection regulator.

Changes to this privacy statement

This privacy statement was last updated on 12 September 2024

We may update this privacy statement at any times by publishing an updated version here. So, you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be information about how we are protecting your information.