1. Who we are
“KPMG”, “we” and “our” refer to the firms that are part of the KPMG network in Angola, which include KPMG Angola – Audit, Tax, Advisory, S.A. and KPMG Angola, S.A.
KPMG is an independent affiliate of KPMG International Limited, an English private company limited by guarantee. KPMG International Limited does not provide services to clients.
In the context of the professional services it provides, KPMG collects and processes your personal data, and determines which data are collected, the means of processing and the purposes for which the data are processed.
2. Our commitment
This Privacy Policy reflects our commitment to (i) communicate transparently about the personal data we process and under what conditions; (ii) protect the security and privacy of personal data; and (iii) provide appropriate mechanisms for the exercise of data subject rights.
If you are our client, potential client, or your representative or employee; a data subject whose personal data are obtained in connection with the provision of services to our clients; a job applicant; Alumni; a participant in meetings, conferences, events or training sessions promoted by KPMG; a user of our premises; a supplier; a partner; or a user of our websites (“sites”) or mobile applications, we recommend that you read this document and the Terms and Conditions of our services.
KPMG promotes the protection of the confidentiality and privacy of the information entrusted to it. As part of this fundamental obligation, KPMG also promotes the protection and appropriate use of personal data (referred to as “personal data”, “personally identifiable information” or “IPIs”) that are collected through its online sites.
3. What personal data we collect and process
When you register and/or submit personal data to KPMG, we will use them in the manner described in this Privacy Policy. Your personal information will not be used for other purposes unless we obtain your authorization or such use is required or permitted by law or by professional rules.
Essentially, personal data are any information that, directly or in combination with other data, can identify a natural person.
The following table presents the main categories of personal data we process:
Category of personal data | Examples (non-exhaustive) |
Identification and contact details | Name, identification document number, tax identification number (NIF), photograph, sound, image, signature, address, telephone contact or email address. |
Biographical data | Date of birth, gender, nationality, place of birth, marital status, household, academic qualifications, professional experience, curriculum vitae (CV), LinkedIn profile, details of previous employment and training. |
Financial data | Financial and asset information, tax residence, bank account number (NIB). |
Relationship with KPMG | Data relating to participation in KPMG events or events promoted by KPMG, or business interactions between the data subject and KPMG. |
Opinions and preferences | Data subject preferences and interests relating to the sending of KPMG invitations and publications, data subject comments on KPMG's social media presence, or data subject responses to satisfaction questionnaires. |
Content | Information contained in written communications between the data subject and KPMG, or video surveillance images. |
Use of sites and applications | Pages visited, application access and authentication, or information about the devices used (e.g., IP address, geographic location, browser used). |
KPMG processes other personal data, including sensitive data (e.g., health data), in the course of its activities.
KPMG obtains the personal data listed above through the following collection methods:
Collection method | Examples (non-exhaustive) |
Data provided directly by data subjects | Data or content provided directly by data subjects (i) in interactions with KPMG professionals, (ii) in letters or email messages sent to KPMG, (iii) in setting preferences relating to KPMG communications, (iv) when participating in events, (v) when submitting job or internship applications to KPMG, (vi) when submitting requests for proposals to KPMG or other information, (vii) when responding to satisfaction surveys, (viii) when accessing our websites; (ix) when accessing and using the various applications managed by KPMG. |
Data collected from social media or other public sources | Data relating to data subject interaction on KPMG's social media presence or data subject public profiles on social media (e.g., LinkedIn; CV to apply online for a job at KPMG; we will use the information you provide to check employment opportunities available at KPMG). Data obtained by KPMG from public sources for screening and checks for legal, regulatory or business reasons. |
Data collected from third parties | Data obtained by KPMG from its clients in the context of providing professional services, from its suppliers or service providers, or from other third parties (e.g., National Bank of Angola, public authorities, insurance companies), or from other member firms of the KPMG network. |
Persistent cookies | Data relating to the use of KPMG sites and applications (e.g., pages visited; user preferences), obtained through KPMG cookies or third-party cookies. |
Where we receive your personal data through one of our clients, we take care to obtain confirmation that they have authority to provide us with those data relating to the performance of the services, or to include clauses in the client contract to ensure that the client complies with applicable privacy laws and regulations.
4. Automatic collection of personal data
In some cases, KPMG and its service providers may use cookies, web beacons and other technologies to automatically collect certain types of data when you visit our sites, as well as through emails we exchange. Collecting this information allows us to optimize your user experience, optimize the performance, handling and effectiveness of KPMG sites, and assess the effectiveness of our marketing activities.
IP addresses
An IP address is a number assigned to your computer each time you access the Internet. It enables computers and servers to recognize and communicate with each other. The IP addresses through which visitors access our sites will be recorded for security purposes and for diagnosing our information systems. This information is also generally used in aggregated form to review site trends and analyze performance.
Cookies
Cookies are usually installed on your computer or device whenever you enter our site and enable the site to remember your computer or device.
On some of our sites, a notification window will appear, allowing you to manage your consent regarding the cookies to be used (cookie banner). Below is a summary of the categories of cookies on our sites and how your consent may affect your experience when browsing our sites:
- Strictly necessary cookies: Strictly necessary cookies are essential to allow users to navigate the Website and use its features, such as accessing secure areas. These cookies must be enabled or the site will not function, and they cannot be blocked.
- Performance cookies: Performance cookies are used to collect data to improve the performance of a Website.
- Functional cookies: Functional cookies are used to remember user selections, which can change how the site behaves or appears. You may disable these cookies (opt-out); however, this will affect your experience on the site and you will need to repeat certain selections each time you visit.
- Targeting cookies or advertising cookies: Targeting cookies are used to deliver content relevant to the user’s interests. They may also be used to limit the number of times a user sees certain marketing materials and help measure the effectiveness of those marketing materials. If you do not consent to these cookies, your Internet-enabled computer or device will not be tracked for marketing-related activities.
You may manage your consent for performance cookies using the cookie banner or by updating your browser settings (usually found in the Tools or Preferences menu) to not accept cookies.
Although most browsers automatically accept cookies, you may choose to accept them via your consent through the cookie banner or through your browser settings (usually under Tools or Preferences). If you wish to remove your selection, you can do so by clearing your browser cookies or by updating your preferences in the cookie banner.
You can find more information on managing cookies through your browser’s help file or through certain sites, such as www.allaboutcookies.org .
Below is a list of cookie types used on our sites:
Purpose | Description | Type & Period |
Performance (e.g., user browser) | Our sites are developed using common Internet platforms. These platforms have built-in cookies that help with compatibility (e.g., identifying the type of browser used) and improve performance (e.g., faster content loading). | Session Deleted after you close the browser |
Security cookies | If you register to access a restricted area, our cookies ensure that your device is recognized during your visit. You will need a username and password to access restricted areas. | Session Persistent, but automatically deleted when you close the browser |
Site preferences | Our cookies may also remember your site preferences (e.g., language) or try to improve your experience (e.g., personalize a greeting or content). This applies to areas where a specific registration was created to access or create an account. | Session Deleted after you close the browser |
Analytics | We use various third-party analytics tools that help us understand how visitors use our site. This enables us to improve quality and content on kpmg.com for our visitors. Aggregated statistical data include total visits or page views and referrals to our sites. For more information on how we use Google Analytics, see below. | Persistent, but automatically deleted after two years without accessing kpmg.co.ao |
Social sharing | We use third-party social network widgets or shortcuts to provide additional functionality to share content from our Internet pages on social networks and via email. Use of these widgets or shortcuts may result in a cookie being installed on your device to facilitate use of those third-party services, ensure your interaction appears on our Internet pages and record information about your Internet activities and on our sites. | Persistent, but automatically deleted after two years without accessing kpmg.co.ao |
Our pages may also periodically use third-party tools and widgets to offer additional features. Depending on how you set your preferences in the browser and/or in the cookie banner, use of these tools and widgets may generally result in a cookie being installed on your device to facilitate use of those services and ensure that your interaction appears properly on our Internet pages.
Cookies do not, by themselves, enable us to identify your email address or identify you personally in any other way. We may obtain other identifiers through our analytics reports, namely IP addresses, but only to help us determine which areas of the Site our visitors prefer and not to identify visitors individually.
Google Analytics
KPMG uses Google Analytics and Adobe Analytics.
For more information on how KPMG uses Google Analytics, please see: https://www.google.com/analytics/terms/us.html.
To give site visitors more options about how their data are collected by Google Analytics, Google developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the site visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the site itself or to other web analytics services.
Web beacons
A “web beacon” is a small image on a web page that can be used to collect certain information from your computer, such as your IP address, the time the content was viewed, the type of browser and the existence of cookies previously sent by the same server. KPMG uses web beacons only in accordance with applicable law.
KPMG or its service providers will use web beacons to monitor the effectiveness of third-party Sites that provide recruitment or marketing services, or to compile aggregated visitor statistics or manage cookies.
You can render some web beacons unusable by rejecting the cookies associated with them. The web beacon may still record an anonymous visit from your IP address, but the cookie information will not be recorded.
In some of our newsletters and other communications, we confirm the recipient’s email address through links inserted in the messages. We collect this information to assess user interest and to improve future user experiences.
Location-based tools
KPMG will collect and use the geographic location of your computer or device. These location data are collected to provide you with information about services we believe may be of interest to you based on your geographic location and to improve our products and services based on location.
Social media widgets and applications
KPMG Sites generally include features to facilitate sharing through external social media applications, such as the Facebook “Like” button and the Twitter widget. These applications may collect and use information relating to your use of KPMG Sites (see “Social sharing” cookies in the table above). Any personal information you provide through these applications will generally be collected and used by other members of those social networks and such interactions are governed by the privacy policies of the companies that provide the applications. We have no control over those companies or how they use your information and we are not responsible for those companies or their use of your information.
In addition, KPMG Sites may host blogs, forums, crowdsourcing and other applications or services (collectively referred to as social media sources). The purpose of social media sources is to facilitate the sharing of knowledge and content. Any personal information you provide in any of KPMG’s social media resources will generally be shared by other users of those resources (unless otherwise stated at the time of collection), over which we often have no control or only limited control.
Children
KPMG recognizes the importance of protecting children’s privacy, especially in the interactive online world. Our sites are not designed for, or intentionally directed to, children. It is not our policy to knowingly collect or maintain information about any person who is a minor, except as part of a contract to provide professional services.
5. How we process personal data
Data processing is an operation or set of operations performed on personal data by manual or automated means, including collection, storage, use, copying and transfer.
At KPMG, we process personal data lawfully, fairly and transparently and for specific purposes. Any additional secondary processing is carried out only if (i) compatible with the authorized purposes communicated to data subjects or (ii) subject to specific and explicit consent of the data subjects. We may also process your personal data without your knowledge or consent, in accordance with data protection legislation and to the extent required or permitted by law.
The following sections describe and illustrate the main processing purposes at KPMG, within the respective legal bases we rely on to use your personal information.
Performance of a contract
KPMG will carry out the data processing necessary for the conclusion, performance and management of contracts where the data subject is a party or where the controller is a party, or for pre-contractual steps:
Processing purpose | Examples (non-exhaustive) |
Contracting services with clients | Preparation, evaluation and formalization of contracts and confidentiality agreements relating to the products or services to be provided by KPMG. |
Service delivery | Performance of the contracted service. |
Billing and collections from clients | Issuing invoices and managing collections. |
Contracting services | Contracting, renegotiation and termination with various entities that maintain or intend to maintain commercial relationships, partnerships or other collaboration protocols with KPMG. |
Compliance with a legal or regulatory obligation
KPMG will carry out the data processing necessary to ensure compliance with the various legal and regulatory obligations to which it is subject, including, in particular, the Commercial Code, the Civil Code, tax legislation, the regulations of the Angolan Order of Accountants and Accounting Experts, anti-money laundering and counter-terrorism financing law, International Standard on Auditing 230 (ISA 230) and the International Standard on Quality Management (ISQM 1):
Processing purpose | Examples (non-exhaustive) |
Client and engagement acceptance | Client acceptance procedures, acceptance of continuing clients, and engagement acceptance, in accordance with KPMG policies and legal and regulatory rules (e.g., conflict of interest or independence rules). |
Acceptance of other counterparties | Counterparty acceptance procedures in accordance with KPMG policies and legal and regulatory rules for entities that maintain or intend to maintain commercial partnership relationships or other collaboration protocols with KPMG (e.g., conflict of interest or independence rules). |
Providing information and responding to requests from sector regulators and public authorities | Providing mandatory information and responding to various requests from sector regulators (e.g., the Capital Markets Commission, the Angolan Order of Accountants and Accounting Experts) and public authorities (e.g., the National Bank of Angola, Courts, the Angolan General Tax Administration). |
Prevention of money laundering and terrorist financing crimes | Screening of politically exposed persons (PEPs), lists of persons and entities subject to financial or trade sanctions, identification and reporting of suspicious transactions, and adverse media screening. |
Accounting and financial reporting | Accounting records and preparation and disclosure of financial statements and KPMG's transparency report. |
Document archive management | Collection, classification and storage of electronic and physical documents containing personal data in the document archive, which constitute mandatory evidence in the context of KPMG's activities. |
Public interest
KPMG will carry out the data processing necessary in the performance of activities in the public interest, namely in the provision of Audit / Assurance services, depending on the specific characteristics of the client, the International Standards on Auditing (ISAs) and KPMG’s audit methodology.
Legitimate interest
KPMG will process your information whenever it is in our legitimate interest to promote our lawfully developed activities, provided that this does not override your interests:
Processing purpose | Description |
Client and engagement acceptance | Acceptance and management of client relationships and engagements, in accordance with KPMG policies and legal and regulatory rules. |
Acceptance of counterparties | Acceptance and management of relationships with various entities that maintain or intend to maintain commercial relationships, partnerships or other protocols with KPMG, in accordance with KPMG policies and legal and regulatory rules. |
Account and contact management | Client segmentation, opportunity management and contact management for clients, potential clients, partners and suppliers. |
Website visit | To offer information and/or services to data subjects who visit our site or provide information about employment opportunities. |
Proposal preparation | Preparation and submission of service proposals to clients or potential clients. |
Marketing and business development activities | Sending communications or details of our services that we believe may be of interest to clients, potential clients, other contacts and alumni, including promoting events, disseminating specialized publications, and promoting products/services. |
Event management | Organizing and running KPMG events or events supported by KPMG, including corporate or social responsibility actions. |
Quality control | Quality control of services provided by KPMG to its clients, in accordance with International Standards on Auditing, the guidance of the Angolan Order of Accountants and Accounting Experts, and KPMG international policies. |
Management control | Producing management control information for KPMG. |
Dispute/litigation management | Exercising contractual or legal rights and defense in the event of judicial or extrajudicial disputes. |
Reporting to KPMG International | Preparing various reports to KPMG International, within the obligations associated with the license obtained by KPMG. |
Internal audit | Collection and analysis of data in the context of internal audit of KPMG's processes and operations. |
Management and security of information systems and premises | Management and monitoring of information systems and technological infrastructure; logging access and usage events; detection, analysis and response to potential information security incidents; identity and access management for KPMG information systems; physical access control to premises; and prevention of fraud or criminal activities. |
Video surveillance | Video surveillance of KPMG's physical premises. |
Recruitment | Attraction process and talent identification, including processing and management of applications from potential employees, interns or ambassadors as liaison links between KPMG and Universities. |
Client satisfaction assessment | Assessing client satisfaction through interviews or specific questionnaires. |
Supplier management | Supplier evaluation, evaluation of services provided, and payment to KPMG suppliers and service providers. |
With regard to the processing purpose relating to marketing and business development activities, the data subject may refuse our communications or solicitations at any time by opting out.
Data subject consent
KPMG will occasionally ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree that we may do so. You can withdraw your consent at any time by contacting KPMG at privacidade-ao@kpmg.com.
Processing purpose | Examples (non-exhaustive) |
Market studies | Collection and analysis of personal data in the context of studies or market analysis. |
Personalize the experience on sites | Use of persistent cookies to record activity and user preferences on KPMG sites. |
Recruitment programs | Collection and analysis of personal data in the context of job or internship applications or other programs (e.g., ambassadors) promoted by KPMG. |
Alumni communications | Collection and analysis of personal data in the context of interactions with alumni. |
Access to applications | Access to various applications managed by KPMG, for application authentication purposes or for processing other types of personal data. |
6. Data retention periods
KPMG retains and processes personal data for the time necessary and while the legitimate purposes for which the data are processed remain in place, to comply with contractual, legal and regulatory obligations, or to protect KPMG’s legitimate interests:
Reason for retention | Retention period |
Legal, tax or regulatory obligation, or performance of a contract | Up to 10 years after contract termination or the document date, as applicable. KPMG will retain personal data for longer periods based on legitimate interest, namely KPMG's defense in judicial proceedings. |
Retention of video surveillance images | 30 days. |
Maintaining preferences of clients or potential clients | Indefinite, namely for data on data subject preferences regarding event communications or the sharing of KPMG publications. |
7. Your rights as a data subject
KPMG ensures that data subjects can exercise their rights in relation to processing. If KPMG processes information about you, you will have the following rights:
Data subject right | Description |
Access | Data subjects have the right to access the personal data they provided to KPMG or that result from the use of KPMG services, and the respective processing conditions. |
Rectification | Data subjects have the right to request rectification of personal data that are inaccurate or incomplete (e.g., address, email address, telephone contacts). |
Objection or withdrawal of consent | Data subjects have the right to object to processing based on KPMG's legitimate interest or to withdraw consent given for processing based on consent. |
Right to be forgotten | Data subjects have the right to request deletion of their personal data held by KPMG, provided there are no valid grounds for retention (e.g., compliance with a legal obligation, KPMG's defense in judicial proceedings). |
Restriction | Data subjects have the right to request restriction of processing, namely when they have contested the accuracy of the personal data or objected to processing and during the period in which KPMG assesses the request. |
Portability | Data subjects have the right to receive the personal data they provided to KPMG or that result from the use of KPMG services. |
Not to be subject to solely automated decisions | The data subject has the right to request human intervention or to contest decisions based on fully automated processing of personal data. |
Lodge a complaint with the APD (Data Protection Agency) | The data subject has the right to file a complaint with the Data Protection Agency regarding matters related to exercising their rights and protecting their personal data. |
Data subjects may exercise their data protection rights by letter to our headquarters address: Edifício Moncada Prestige – Rua Assalto ao Quartel de Moncada, 15, 2º, Luanda, or by email to privacidade-ao@kpmg.com, and we will make all reasonable efforts to address your request, provided that it complies with applicable legislation and professional rules.
8. What personal data we share and transfer
KPMG may transfer personal data to third parties in the context of its legitimate business activities.
8.1. Transfers between firms in the KPMG network
As part of international engagements, and always in compliance with the applicable legal framework, we may share your information with KPMG International and other member firms whenever necessary or desirable to comply with our legal and regulatory obligations worldwide. Other parties within the KPMG network are also used to provide services to us/you, namely for hosting and IT application support, risk coverage through insurance, among others.
8.2. Transfers to third parties
KPMG does not share personal information with third parties that are not part of the KPMG International network, except when necessary for our legitimate professional and business needs, to execute your requests, and/or as required or permitted by law or professional rules. This includes:
Third parties | Examples (non-exhaustive) |
Service providers | We may provide your personal information to our external service providers, such as our IT system suppliers, hosting providers, payroll processing providers, consultants (such as legal consultants) and other providers of goods and services. KPMG works with these providers so they can process your personal information on behalf of KPMG. KPMG will only allow the transfer of personal information to these providers when they meet our strict data processing and security standards. We share only the personal information necessary to provide the services. |
Public or supervisory authorities | KPMG may disclose personal information to respond to requests from courts, governmental authorities or supervisory authorities, or when necessary or appropriate to comply with applicable laws and regulations or court decisions, such as the Capital Markets Commission, the National Bank of Angola, the Angolan General Tax Administration or the Angolan Order of Accountants and Accounting Experts. |
Audits | Disclosures of personal information may also be necessary to conduct data protection or security audits and/or to investigate or respond to a complaint or a security threat. |
Insurers | Our professional standards and business requirements mean that we maintain significant insurance coverage for business activities (our "insurance program"). This helps each member firm of the KPMG network cover costs associated with disputes that may arise if it is alleged that something did not go as it should during service delivery. |
If there is a restructuring or sale to another organization | KPMG will also disclose personal information in connection with a sale, assignment or other transfer of any part of KPMG's business to which the personal information relates. |
Locations where KPMG routinely processes Personal Data
KPMG may send, store and process your personal information in the locations listed at the following link, due to: (i) the existence of a KPMG Member Firm; (ii) the location of our Global Data Centers; (iii) the location of our IT suppliers; and (iv) the location of our other service providers: https://home.kpmg/xx/en/home/misc/locations-where-kpmg-routinely-processes-personal-information.html
In addition, in specific contexts, KPMG may transfer personal information outside Angolan territory to external companies that work with us or on our behalf for the purposes described in this Privacy Policy. KPMG may also store personal information outside Angolan territory.
KPMG will only transfer Personal Data to other jurisdictions if the transfer is made (i) to a State classified as offering an appropriate level of protection by the competent data protection authorities, or (ii) by other data transfer mechanisms or safeguards approved and accepted by the applicable Personal Data Protection legislation.
KPMG will not transfer personal information you have provided to other third parties for those parties’ use of such information for their direct marketing purposes.
9. How we protect personal data
Protecting the confidentiality and integrity of data is (i) a legal and regulatory obligation and (ii) one of the pillars for building trust relationships between KPMG and its clients, employees, regulatory entities and business partners.
KPMG has implemented appropriate organizational measures, processes and security systems to protect your personal data against destruction, alteration and unauthorized access, including: (i) access control mechanisms for information systems and data; (ii) specialized security systems (e.g., firewalls, antivirus, vulnerability management); (iii) mechanisms for logging actions performed by employees and other users of information systems; (iv) encryption, pseudonymization and anonymization mechanisms; (v) device encryption measures for equipment and mobile devices; (vi) physical security measures to protect premises (e.g., physical access controls, video surveillance); and (vii) an awareness and training program for KPMG employees and partners on information security and personal data protection.
10. Choices
In general, you are not required to provide any personal data when you visit our sites, but KPMG may ask you to provide certain personal data so that you can receive additional information about our services and events. KPMG may also ask for your permission to use your personal data for certain purposes, and you may accept or refuse. If you choose to subscribe to certain services or communications, such as an electronic newsletter, you can cancel at any time by following the instructions included in each communication. If you decide to cancel a service or communication, we will try to remove your data immediately, although we may request additional information before we can process your request.
As described above, if you want to prevent cookies from identifying you while you browse our Sites, you can reset your browser to refuse all cookies or to notify you when a cookie is being sent. However, please note that some areas of our Sites may not function properly if you choose to refuse cookies.
11. Links to other sites
Please note that KPMG sites may contain links to other sites, including sites maintained by other KPMG member firms that are not subject to this Privacy Policy, but to other privacy policies that may differ in some respects. We recommend that users read the privacy policy of each site visited before providing any personal data.
By registering on any KPMG site and navigating to other sites with your login, you agree to the use of your personal data under the Privacy Policy of the KPMG site you are visiting.
12. Changes to this Privacy Policy
KPMG may periodically change this Privacy Policy to reflect our current privacy practices. When we make changes to this Privacy Policy, we revise the “updated” date at the top of this page. Any changes that may affect you will be communicated to you through an appropriate channel, in line with how we usually communicate with you.
We advise that you periodically read this Privacy Policy so that you are aware of how KPMG protects your information. The updated version will always be available for consultation on our site at www.kpmg.co.ao.
13. Questions about the policy and its application
KPMG is committed to protecting the privacy of your personal information. If you have questions or comments about our management of your personally identifiable information, please contact us at privacidade-ao@kpmg.com. You may also use this email address to raise any concerns you may have regarding compliance with this Privacy Policy.
We will confirm receipt of your email within 14 days, and we will seek to resolve your matter within one month of receipt. When the matter is complex or we have a high volume of requests to review, we may extend the response period by an additional 3 months. We will accept the request and, in that case, implement one of the measures set out in Section 7 – Your rights as a data subject, or we may reject it for legitimate reasons.
In any case, you always have the right to lodge a complaint with the Data Protection Agency in Angola.