Privacy
Privacy
Date: June 26, 2025
The protection of your personal data is of particular concern to KPMG Group Austria (hereinafter referred to as "KPMG"). We therefore process your data exclusively on the basis of the legal provisions in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Datenschutzgesetz - DSG). In this privacy notice, we inform you about the most important aspects of data processing in the context of our company.
Information on the collection of personal data
We provide you with a website. In the following, we provide information about the collection of personal data when using our website (available at: kpmg.at and parts of it under the sub-domain kpmg.com/at/de/). Personal data is any data that relates to you personally, e.g. name, address, e-mail addresses, etc.
Who is responsible for data processing and who can you contact?
The companies of the KPMG Group Austria are jointly responsible for the processing of your personal data in the context of your use of our websites within the meaning of Article 26 GDPR. Click here to view the individual companies.
Central contact:
KPMG Austria GmbH
Porzellangasse 51
1090 Vienna
T. +43 (1) 313 32
Data Protection Officer of KPMG Group Austria
KPMG Group Austria has appointed a joint data protection officer in accordance with Article 37 (2) GDPR. The contact details are:
KPMG Austria GmbH
for the attention of the Data Protection Officer
Porzellangasse 51
1090 Vienna
E-mail: datenschutz@kpmg.at
Our privacy information includes:
- General data protection information of the KPMG Austria Group
- Data protection information on the career page
- Privacy information about the website (hereinafter)
***
Privacy Information KPMG Website
I. Purposes and legal basis
1. Collection and processing of personal data when using our website
a. Displaying the website
b. Logfiles
c. Links to third-party websites
d. Cookies
e. Tracking and analytics tools
2. Data processing when contacting us
3. Data processing for newsletter registration
4. Data processing when ordering publications
5. Data processing for registrations for events ("event and webinar registration")
II. Data deletion and storage period
III. Automated decision-making
IV. Transfer of data to processors
V. Transmission of data to recipients
VI. Security of data processing
VII. Your rights
VIII. Updates to the Privacy Notice
***
I. Purposes and legal basis
1. Collection and processing of personal data when using our website
a. Displaying the website
When using the website, we collect the personal data described below in order to display the website to you and thus provide you with an expressly requested information society service (Section 163 (3) of the AustrianTelecommunications Act, hereinafter referred to as TKG):
- IP address
- Location – to display the website content intended for the respective region
- Date and time of the request
- Content of the request
- Browser
- Browser software version
- Internet-Service-Provider
You do not have to provide this data as required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide this data. However, we will not be able to show you the website if you do not provide us with the relevant data.
b. Logfiles
We create log files in which we store the above data. The log files are used to detect and trace cyberattacks or other unauthorized access (to ensure the security of our information technology systems as well as to detect and prevent criminal threats and actions). We process this data on the basis of our legitimate interest in the security of our website (Article 6 (1) (f) GDPR). The data from the log files will be deleted as soon as they are no longer required for the specified purposes.
c. Links to third-party websites
Our website contains links that refer to third-party sites on the Internet. This also applies to links to the websites of other KPMG companies. We would like to point out that the privacy statements of third parties may contain information that differs from our privacy statement. Our website also allows you to share content through various social media channels. The purpose of social media applications is to make it easier to spread and share knowledge and content. By using these tools, your personal data will be collected, processed and used by the social media providers. In this case, the collection, processing and use of personal data is governed exclusively by the data protection regulations of the respective social media provider.
d. Cookies
We use cookies and similar technologies to continuously improve your experience with our website. A cookie is a text file that is sent from the web server to the browser and processes information about the website visitor (e.g. IP address), their settings and the devices used. Some cookies are optional and will only be used if you agree to them. You can agree to the storage of all cookies under "Accept optional cookies" or define your preferences via "Cookie settings" (“Manage Choices”). You also have the option of rejecting all non-essential cookies under "Reject optional cookies". If you select the cookie categories "performance cookies", "functional cookies" or "targeting cookies", you also consent to the processing of cookies from providers from third countries (such as the USA), which may have a lower level of data protection.
Strictly necessary cookies
In order to display the website and use our website, technically necessary cookies are set. This is done in order to provide you with an information society service expressly requested (§ 163 para. 3 TKG). You can find an overview of cookies in the cookie banner on our website, under the category "strictly necessary cookies". These cookies are essential to ensure that visitors can navigate and use certain features of the website. Without them, essential parts of the website cannot be used. Accordingly, these cookies are always activated. They are only used when you visit our website. They are also used to retrieve the optimized website display when accessed with a mobile device, so that, for example: your data volume is not consumed unnecessarily. The cookies also make it easier to switch pages from http to https, so that the security of the transmitted data is guaranteed.
Performance cookies
These are cookies that are used to analyse your user behaviour in order to continuously improve our website. On this basis, the website is adapted to the general user behaviour in terms of content and functionality. The information collected is generally processed in aggregated form. The aggregated statistical information includes data such as total number of visitors, sources of origin (including evaluation of utm parameters), internal clicks, downloads of files, interaction with videos and forms, use of internal search or whether errors have occurred. Performance cookies are used exclusively to improve the performance of the website and tailor the online experience to the needs of users.
Functional cookies
Functional cookies enable the website to store information provided, such as the username or language selection, and to offer the visitor improved and personalized functions based on this. The information collected is evaluated exclusively in aggregated form. Because we want to provide you with a website that is designed for optimal user-friendliness, we recommend that you enable these cookies. Functional cookies are also used, for example, to activate functions that you have requested, such as the playback of videos.
Marketing-Cookies
Marketing cookies are used to provide more targeted content that is relevant to the respective visitor and adapted to his/her interests. They are also used to measure and manage the effectiveness of campaigns. They register, for example, whether you have visited a website or not, as well as what content has been used. This information is used to create an interest profile so that only content that interests you is displayed. If you withdraw your consent to marketing cookies, this does not mean that you will see or receive less content as a result. Rather, it means that the content you see and receive is not individually tailored to your needs.
e. Tracking and analytics tools
Google Analytics 4
KPMG uses Google Analytics, a web analysis service provided by Google Inc. ("Google") on its website.
Google Analytics uses "cookies", which are text files that are stored in the browser and enable an analysis of the use of the user's website. The information generated by the cookie about the use of this website will be transmitted to and stored by Google servers in the European Economic Area ("EEA") and the USA. On behalf of the website operator, Google processes this information in order to evaluate the use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage.
The IP address transmitted by the browser used as part of Google Analytics will not be merged with other data held by Google.
More information on Google's terms of service and data protection can be found under Terms of Service | Google Analytics – Google and under Privacy & Terms – Google.
Adobe Analytics
KPMG uses Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited ("Adobe") on its website.
Adobe Analytics uses "cookies", which are text files placed on your computer, to help an analysis of how users use the website. If the information generated by the cookie about the use of the website is transmitted to an Adobe server, then the settings ensure that the IP address is anonymized before geolocation and replaced by a generic IP address before storage. Adobe processes this information on behalf of the website operator to evaluate the use of the website by users, to compile reports on website activity and to provide other services related to website and internet use to the website operator.
The IP address transmitted by your browser as part of Adobe Analytics will not be merged with other Adobe data. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Adobe and the processing of this data by Adobe by downloading and installing the browser plug-in available at the following link: Adobe Privacy Choices | Adobe Privacy.
LinkedIn Insight Tag
Our website uses the LinkedIn Insight Tag conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of data such as: IP address, device and browser properties, and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with KPMG, but offers anonymized reports on the website target group and display performance. KPMG may use this information to display targeted advertising outside of its website without identifying you as a website visitor. You can find more information about data protection at LinkedIn in the LinkedIn Privacy Policy.
LinkedIn members can control the use of their personal information for advertising purposes in their account settings. To opt-out of the Insight tag on our website, click here.
JavaScript and web beacons
KPMG uses JavaScript and tracking pixels ("Adobe Pixel") to evaluate website visits. The JavaScript is integrated into all KPMG websites. The JavaScript collects various information about the visitor's computer (e.g. IP address, the time of the page access, the browser type and the existence of cookies that have been previously set by the same server). This data is transmitted to KPMG via tracking pixels. You have the option of disabling JavaScript calls in your browser. In addition, you can disable web beacons by rejecting or disabling "targeting cookies" (see details on "Cookie settings" above under "Cookies").
2. Data processing when contacting us
If you contact us via the contact details provided on the website or via our contact form, we will process your data for the purpose of contacting us. When you contact us by e-mail or via our contact form, the data you provide (your e-mail address, your name and location as well as your message) will be stored by us in order to be able to answer your questions. If you also fill in the optional fields, we will also store the following data: city, telephone, company and role or job title.
For interested parties and (potential) business partners, we process the data for the purpose of initiating, concluding and executing contracts (Article 6 (1) (b) GDPR). To be able to respond to a request for quotation, we collect the following data: first name, last name, email address, telephone number, company, role, industry and location.
If you contact us as an employee or other associated person of a legal entity with which we have a contractual relationship or with which such a relationship is to be initiated, we process your data in order to safeguard our legitimate interest in initiating, concluding and processing contractual relationships with the legal entity which you are acting for (Article 6 (1) (f) GDPR).
The provision of data is not required by law. However, it is necessary for the conclusion of a contract or the execution of the contract. In the case of a valid contract with us, the legal entity for which you act is obliged to provide us with this data so that we can process the contractual relationship. We cannot process business requests if we do not have the personal data required for this purpose (contact details and correspondence data).
For other enquiries, we process your data to safeguard our legitimate interest in answering enquiries and maintaining our contacts (Art. 6 para. 1 lit. f GDPR). Your data is neither legally nor contractually obligatory to provide, nor is it necessary for the conclusion of a contract. You are not obliged to provide any data to contact us. However, we will not be able to respond to your request if you do not provide us with the contact details necessary to respond.
3. Data processing for newsletter registration
In addition to the purely informative use of our website, we offer subscriptions to our newsletters, with which we inform you about current developments in the field of accounting, audit, tax, law and advisory as well as general industry news, news on systemic consulting and events. If you register for our newsletter, the following "newsletter data" will be collected, stored and processed by us for the purpose of subscribing to the newsletter and sending electronic mail (newsletter and event invitations):
- the website from which the newsletter website was requested (so-called referrer URL)
- the date and time of the call
- the description of the type of web browser used
- the IP address of the requesting computer
- the e-mail address, salutation, first name, last name, company and position (and optionally the telephone number)
- the date and time of registration and confirmation
- the selected newsletter(s)
If you give us your consent, we will process your data for the purpose of sending our newsletters, depending on the newsletter(s) you have chosen (Article 6 (1) (a) GDPR). As part of this processing, KPMG Group Austria is also able to evaluate whether and when you have opened the newsletters you have sent, as well as which articles and/or links contained therein have been clicked on by you.
This data is neither legally nor contractually obligatory to provide, nor is it necessary for the conclusion of a contract. You are not obliged to provide this data. We will not be able to send you our newsletter(s) if you do not provide us with the relevant data. If you do not wish to provide this information, please do not sign up for the newsletter(s). You can unsubscribe from the newsletter at any time, for example by clicking on the link therein or by sending an e-mail to marketing@kpmg.at, and thus revoke your consent with regard to individual newsletters with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before the revocation.
4. Data processing when ordering publications
If you order a publication on our website, we process the following data for the purpose of delivering the publication on a contractual basis (Article 6 (1) (b) GDPR): title, your name, your e-mail address, the company to which you are assigned, your position.
If you contact us as an employee or other associated person of a legal entity, we process your data in order to safeguard our legitimate interest in making the publication available to the legal entity which you are acting for (Art. 6 para. 1 lit. f GDPR). The provision of the data is not contractually or legally required. We cannot process publication orders if we do not have the personal data required for this purpose.
At the same time as ordering publications, you can receive current job offers. If you select this option, you agree to receive corresponding offers (newsletters and/or event invitations). You can unsubscribe from the mailings at any time, for example by clicking on the link therein or by sending an e-mail to marketing@kpmg.at, and thus revoke your consent with regard to individual mailings with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before the revocation.
5. Data processing for registrations for events ("event and webinar registration")
If you register for an event on our website, we process the following data for the purpose of registering on a contractual basis (Article 6 (1) (b) GDPR): acceptance or rejection, salutation, your name, your e-mail address, the company to which you are assigned, your position and any comments.
If you contact us as an employee or other associated person of a legal entity, we process your data in order to safeguard our legitimate interest in registering for the legal entity which you are acting for (Art. 6 para. 1 lit. f GDPR). The provision of the data is not contractually or legally required. We cannot process the registration if we do not have the personal data required for this purpose.
At the same time as registering for events, you can receive our newsletter. If you select this option, you agree to receive corresponding offers (newsletters and/or event invitations). You can unsubscribe from the mailings at any time, for example by clicking on the link therein or by sending an e-mail to marketing@kpmg.at, and thus revoke your consent with regard to individual mailings with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before the revocation.
II. Data deletion and storage period
The data will only be stored for as long as is necessary for the respective purpose. After that, the data will be deleted. In addition, there may be legal retention obligations, e.g. according to the Commercial Code (UGB) and the Federal Fiscal Code (BAO). After the expiry of the statutory retention periods, we will immediately delete your personal data from our databases (both digital and physical).
If you subscribe to one of our newsletters and consent to the data processing for the purpose of sending the newsletter, we will process your data for this purpose until your consent is revoked.
The storage period of the individual cookies can be found under "Manage Choices" on our website: Select the cookie category on the left -> "Cookies details" -> "Cookies details" for the desired cookie type -> "Duration".
III. Automated decision-making
As a responsible company, we expressly point out that no automated decision-making takes place based on the personal data collected.
IV. Transfer of data to processors
KPMG uses the support of data processors for processing, especially in the IT sector. They process the data on the basis of a written contract in accordance with Article 28 GDPR, which regulates the details of data processing on behalf of KPMG and in which the processor undertakes to handle the data carefully. KPMG uses such processors in the following areas:
- IT-Services (e.g. Hosting)
- Telecommunications
- Cloud service providers (e.g. Office 365, Microsoft Azure)
- Public Relations (e.g. sending of newsletters)
The processors are carefully selected by KPMG, with particular regard to the suitability of the technical and organizational measures they have taken and checked for compliance with them.
A transfer of personal data to countries outside the European Economic Area (EEA) only takes place if an adequate level of data protection within the meaning of Art. 44 et seq. GDPR is guaranteed (usually by agreeing on the EU standard contractual clauses within the meaning of Art. 46 para. 2 lit. c) GDPR).
V. Transmission of data to recipients
In order to fulfil the purposes set out in this Statement, personal data may be disclosed to the following recipients:
- Member firms of the worldwide KPMG network ("KPMG International").
- If necessary, authorities, courts or other public bodies in Germany and abroad.
A transfer of personal data to countries outside the European Economic Area (EEA) only takes place if an adequate level of data protection within the meaning of Art. 44 et seq. GDPR is guaranteed (usually by agreeing on the EU standard contractual clauses within the meaning of Art. 46 para. 2 lit. c) GDPR).
VI. Security of data processing
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including their probability and effects) for the person concerned. Our security measures are continuously improved in line with technological developments.
VII. Your rights
You have the following rights vis-à-vis us in relation to personal data concerning you:
- Right to information in accordance with Article 15 GDPR,
- Right to rectification or deletion in accordance with Articles 16 and 17 GDPR,
- Right to restriction of processing in accordance with Article 18 GDPR,
- Right to object to processing in accordance with Article 21 of the GDPR,
- Right to data portability in accordance with Article 20 GDPR.
You can revoke your consent at any time informally and without cause, with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent given before the revocation.
Furthermore, you also have the right to lodge a complaint with the competent supervisory authority (in Austria the data protection authority is based in Vienna) or another data protection supervisory authority, in particular with the one where you are staying and working. The Austrian Data Protection Authority can be reached at the following address:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
VIII. Updates to the Privacy Notice
The privacy notice is regularly updated and always published in the latest version.