Date: 21. June 2023

KPMG Austria GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft (subsequently referred to as "KPMG") takes the protection of your personal data very seriously. We therefore process your data exclusively on the basis of the statutory provisions in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Datenschutzgesetz - DSG). The following data protection information contains the most important aspects of data processing within our company.


Information on the collection of personal data

As we provide you with a website we hereby want to inform you about the collection of personal data when using it. Personal data is comprised of any data that can be related to you personally, e.g. name, address, e-mail, etc.

The person responsible pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is

KPMG Austria GmbH
Wirtschaftsprüfungs- und
Porzellangasse 51
A - 1090 Vienna


Data Protection Officer of KPMG Austria Group

You can reach our data protection officer via:


Our privacy information includes:



Privacy Information KPMG Website

I. Collection of personal data when using our website
II. Purpose and legal basis of data processing
III. Data collection and use of data to provide and use the KPMG website or to contact you
IV. Data deletion and storage duration
V. Use of cookies
VI. Use of JavaScript and counting pixels (web beacons)
VII. Localisation service
VIII. Evaluation of App Usage
IX. Hyperlinks to third party sites
X. KPMG website, privacy policy and consents
XI. Your rights
XII. Update of the privacy policy



I. Collection of personal data when using our website

When using the website, we collect the personal data described below to enable convenient use of the website’s functions. If you wish to use our website, we collect the following data, which is technically necessary for us to offer you the functions of our website and to ensure stability and security:

  • IP address
  • Location (place of the inquirer)
  • Date and time of request
  • Content of the request
  • Browser
  • Operating system and its interface and processor (user agent)
  • Version of the browser software.

II. Purpose and legal basis of data processing

We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Article 6 (1) lit f GDPR, the purposes mentioned also represent our legitimate interests.

The processing of protocol data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is article 6 paragraph 1 lit f GDPR).

  • Initiation and fulfilment of contracts in accordance with Article 6 (1) lit b GDPR.
  • Legitimate interest in accordance with Article 6 para. 1 lit f GDPR (ensuring the security of our information technology systems and the detection and prevention of criminal threats and acts)
  • Consent under Article 6 (1) lit a of the GDPR

III. Collection and usage of data the KPMG website utilizes as well as when contacting you

KPMG uses the personal data collected for the provision of the websites for other purposes only to the extent permitted by the Data Protection Act or another legal provision or with the user's consent.

When you contact us by e-mail or via our contact form, the data you provide (your e-mail address, name and location) will be stored by us in order to be able to answer your questions. In order to be able to answer your request for quotation, we collect the following data: First name, surname, e-mail address, telephone number, company, role, industry and location in order to comply with our legal obligations.


IV. Data deletion and storage duration

The data is only stored as long as it is necessary for the fulfilment of the contract. Afterwards the data will be deleted. In addition, there may be legal storage obligations, e.g. according to the Austrian Commercial Code (UGB) and Federal Fiscal Code (BAO). After the legal retention periods have expired, we will immediately delete your personal data from our databases (both digital and physical).


V. Use of cookies

KPMG uses cookies to improve the website’s appearance and navigation. A cookie is a text file that is sent from the web server to the browser. This file contains the URL that was visited, the date of the visit and an expiration date that determines the period of cookie activity. KPMG uses cookies on the one hand to determine the preferred areas of KPMG's websites visited and on the other hand to enable the user to save his or her personal settings so that they will be available the next time the page is accessed. Aggregated statistics on website visits are compiled to determine the preferred areas of KPMG's website visited.

When opening our website, you have the possibility to declare your consent to the use of cookies on our website by clicking a button in the "cookie banner". If you have given your consent to the storage and use of individual cookies when visiting our website, it uses these cookies in several places. They serve the purpose of making our offer more user-friendly, effective and attractive, as well as improving our website and carrying out analyses of your user behaviour.

You can also set your browser settings to inform you when cookies are used and decide whether or not cookies should be collected. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

Below is a summary of the categories of cookies used on our websites and how your consent may affect the use of our website:


Strictly necessary cookies
These are essential for navigating the website, using basic functions and ensuring the security of the website; they do not collect information about you for marketing purposes nor do they record which websites you have visited.


Performance cookies
They collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and to find out what interests our users have.


Functionality cookies
Functional cookies enable the website to store information such as the user name or language selection and to offer the user improved and personalised functions based on this information. You have the ability to refuse these cookies, but this will affect your experience on the website. In addition, you may have to repeat certain selections each time you visit the site.


These serve the purpose of offering user demand-oriented advertising on the website or offers from third parties and to measure the effectiveness of these offers.

Although most browsers automatically accept cookies, you can give your consent via the cookie banner or the settings of your browser (often found under "Tools" or "Settings"). If you wish to revoke your choice, you can do so by deleting the cookies from your browser or by updating your settings in the cookie banner.

You can find further information on the handling of cookies in the help pages of your browser as well as on the website of:

In the following table we have listed the different types of cookies we use on our site:


Purpose Description Storage period
Performance (i.e., User’s Browser) Our websites are built using common internet platforms. These have built-in cookies which help compatibility issues (e.g. to identify your browser type) and improve performance (e.g. quicker loading of content).


Deleted upon closing the browser

Security cookies (e.g. If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.


Deleted upon closing the browser

Site Preferences

Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). 


Deleted upon closing the browser

Analytical Cookies

We use several third-party analytics tools to help us understand how site visitors use our website. This allows us to improve the quality and content on for our visitors. The aggregated statistical data cover items such as total visits, for more information see points II.2. and II.3.

Persistent, but will delete automatically after two years if the KPMG site is no longer visited.

Site visitor feedback

We use a survey tool from an external provider to ask some of the visitors to our website for feedback. Cookies are used to ensure that visitors are not repeatedly invited to take part in the survey.

First cookie is set when the visitor is not invited to the survey to ensure that the visitor is not invited while visiting the pages.

Second cookie is set when the visitor is invited to the survey. This is to ensure that the visitor will not receive an invitation again for 90 days.

1. Cookie
Deleted upon closing the browser

2. Cookie
Deleted automatically after 90 days or presenting survey invitation.

Social Media Widgets

We use social media widgets to enable content sharing in social media channels or via e-mail. When using these social media widgets, cookies may also be stored on your devices. However, the storage of these cookies is exclusively governed by the privacy policy of the respective social media provider.

Persistent, but will be deleted automatically after two years if you no longer visit


About the special cookies:


1. Social media widgets and applications

Our website allows content to be shared via various social media channels. The purpose of social media applications is to spread and share knowledge and content more easily. By using these tools, your personal data can be collected, processed and used by the social media applications. In this case, the collection, processing and use of personal data is governed exclusively by the data protection regulations of the respective social media provider.


2. Pages that use Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. ("Google").

If you have consented to the setting of marketing cookies, Google Analytics will use "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The storage of event data at user level is 2 months. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.

Google Analytics
Further information on terms of use and data protection can be found at or


Google Remarketing

This website uses the Google Remarketing technology of Google Inc. ("Google").

If you have consented to the setting of cookies for this purpose, cookies are placed on your computer, with the help of which third parties, including Google, record which of our web pages were visited with your browser. This information can then be used to show you our ads on other websites, such as Google Search or websites on the Google Network, at a later date. For more information about Google's privacy policy and how remarketing works, please see the Google Privacy Notice.


3. Pages that use Adobe Analytics

This website also uses Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited ("Adobe").

Adobe Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. If the information generated by the cookie about your use of the website is transmitted to an Adobe server, the settings ensure that the IP address is anonymized before geolocation and replaced by a generic IP address before being saved. On behalf of the operator of this website, Adobe will use this information to evaluate the use of the website by users, to compile reports on website activities and to provide further services to the website operator in connection with website and internet use.

The IP address transmitted by your browser as part of Adobe Analytics is not aggregated with any other data held by Adobe.


VI. Use of JavaScript and counting pixels (web beacons)

KPMG uses JavaScript and counting pixels to evaluate website visits. The JavaScript is integrated into all KPMG websites. The JavaScript collects various information about the visitor's computer (e.g. IP address, time of page view, browser type and the existence of cookies previously set by the same server). This data is transmitted to KPMG via tracking pixels.

You have the possibility to deactivate JavaScript calls in your browser. You can also deactivate tracking pixels by rejecting or deactivating the cookies associated with them.


VII. Localisation service

Our website can determine the geographical location of your device. The collection of this information is used solely to provide you with information that may be of interest to you based on your geographic location.


VIII. Evaluation of App Usage

The use of applications for smart phones and tablet computers (so-called apps) provided by KPMG is evaluated using transmitted device identification features (device ID). The evaluation is carried out anonymously; KPMG is not able to draw conclusions about the device user.


IX. Hyperlinks to third party sites

Our website also contains links that refer to third party sites on the Internet. This also applies to links to the websites of other KPMG companies. We would like to point out that the data protection declarations of the third parties may contain provisions that differ from our data protection declaration.


X. KPMG website, privacy policy and consents

When using the KPMG website, specific data protection notices (e.g. KPMG Austria Group Data Protection Information) apply in addition to this data protection notice. If necessary, users will be asked for declarations of consent in order to separately legitimize KPMG's handling of the personal data that is generated in the process.


Newsletter and invitations to events

In addition to the purely informative use of our website, we offer a subscription to our newsletter, which will keep you informed about current developments in the areas of Audit, Tax and Advisory as well as events. If you subscribe to our newsletter, the following "newsletter data" is collected, stored and processed by us for the purpose of sending you electronic mail (newsletter and event invitations):

  • the page from which the page was requested (so-called referrer URL)
  • the date and time of the call
  • the description of the type of web browser used
  • the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
  • the e-mail address, first name, surname, company, position and telephone number
  • the date and time of registration and confirmation

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can do this by clicking on the link provided in each newsletter e-mail or by sending an e-mail to


Automated decision making

As a responsible company, we expressly point out that no automated decision making takes place on the basis of the personal data collected.


Transmission of data to processors

KPMG uses auxiliary persons for processing, especially in the IT area. They process the data as so-called processors, i.e. on the basis of a written contract pursuant to Article 28 GDPR, which sets out the details of the data processing on behalf of KPMG and in which the processor undertakes to handle the data with care. Such commissioned processing exists, for example, if KPMG stores data in an external computer center. KPMG uses such processors in the following areas, for example:

  • IT Services
  • Telecommunications
  • Cloud Service Provider zB Office 365, Microsoft Azure, etc.

The processors are carefully selected by KPMG with particular regard to the suitability of the technical and organisational measures they have taken and are checked for compliance with these measures. KPMG generally processes the data in Austria and in the European Union. However, it is possible that the data may be transferred to processors in a country outside the European Union or the European Economic Area (so-called "third country"). KPMG provides suitable guarantees to ensure that the respective processors protect the data appropriately and in accordance with the provisions of the GDPR.

For this transmission there are:

  • The Adequacy Decision of the European Commission
  • The following suitable or appropriate guarantees (as defined in Articles 46, 47 or 49 (1) GDPR).


Transfer of data to third parties

We do not disclose personal information to third parties unless required to do so for our legitimate professional and business needs and/or if required or permitted by law or professional standards.


Security of data processing

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including the probability and consequences thereof) for the person concerned. Our security measures are continuously improved in line with technological developments.


XI. Your rights

You have the following rights in relation to the personal data concerning you:

  • Right to information,
  • Right of correction or deletion,
  • Right to restrict processing,
  • Right to object to the processing,
  • Right to data portability.

Furthermore, you also have the right to file a complaint with the competent supervisory authority (in Austria the data protection authority based in Vienna). The data protection authority can be reached at the following address:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
phone: +43 1 52 152-0


XII. Update of the privacy policy
We reserve the right to make changes to this privacy policy at any time. The Privacy Policy will be updated regularly and any changes will be published automatically.