This Privacy Notice was last updated* on 19 July 2022.
1. Who is responsible for processing of your personal data?
KPMG Central Services ESV/GIE, having its office at Luchthaven Brussel Nationaal 1K, 1930 Zaventem, Belgium and registered under company number 0473.719.789, RPR/RPM Brussels (hereafter referred to as “KPMG”) processes your personal data, in its capacity as data controller or as data processor of another Belgian KPMG entity, in accordance with the applicable European privacy legislation (including the General Data Protection Regulation 2016/679 - hereafter referred to as “GDPR”), the national privacy legislation (including but not limited to the Belgian Law of 30 July 2018 concerning the protection of natural persons with regard to the processing of personal data) and all applicable related jurisprudence and guidelines.
2. What personal data do we process?
KPMG may process the following personal data:
- Contact details (such as first name, last name, address, e-mail address, phone number)
- Personal information (such as date of birth, license plate)
- Dietary requirements (such as a food intolerance or allergy)
- Professional information (such as the enterprise/organization you work for, your title/function)
- Marketing & communication preferences
- Images of you (photos and/or videos)
- Any other information that you may provide
3. How do we collect your personal data?
KPMG may collect the personal data that:
- You provide through one of KPMG’s website, online platform, application or survey (such as for event registration or contact form)
- You provide directly to a person working at KPMG or a Belgian KPMG entity (such as business cards)
And for which you shall remain solely responsible.
4. For which purposes do we process your personal data?
KPMG only processes your personal data for specified, explicit and legitimate purposes and will not process your personal data further in a way that is incompatible with those purposes. Thus, KPMG processes your personal data in order to:
- Communicate with you
- Organize and facilitate (online) events (including managing invitation and registration, giving you practical information about the event, controlling access to the event, asking you to complete a satisfaction survey, communicating your contact details to the speakers and/or the other attendees of the event…)
- Invite you to other (online) events
- Organize and facilitate surveys (including providing you with documents)
- Keep you updated about the activities and the services of KPMG and/or its network (such as newsletters, event information…)
- Add your contact details to KPMG’s Customer Relationship Management system
- Carry out marketing activities (including providing you with tailored marketing information)
- Store, reproduce and/or publish images of you on KPMG’s (online) communication media (including but not limited to KPMG’s event websites and social media pages)
5. On which legal grounds do we rely for processing your personal data?
Depending on the purpose of the processing, KPMG may rely on the following legal grounds in order to process your personal data:
- A processing can be based on your consent as provided for in article 6.1 a) of GDPR: for example, KPMG will ask your consent for the processing of your personal data in order to process your registration to an event, keep you updated about KPMG’s activities and services, invite you to an event or publish images of you on KPMG’s communication media.
- A processing can be based on your explicit consent as provided for in article 9.2 a) of GDPR: for example, KPMG will ask your explicit consent for the processing your personal data related to dietary requirements.
- A processing can be necessary for the purposes of the legitimate interests pursued by KPMG as provided for in article 6.1 f) of GDPR: for example, KPMG may have a legitimate business interests in carrying out prospective client-relationship management or direct marketing activities.
6. Who has access to your personal data?
Your personal data may be shared with the Belgian KPMG entities in the framework of the abovementioned purposes.
In the context of these processing activities, KPMG may call on several (sub)processors for:
- Providing and operating KPMG’s online platforms and applications (such as event management platform)
- Providing and operating KPMG’s Customer Relationship Management system and Marketing Automation platforms
- Supporting the organization of events (including but not limited to distribution of packages to the attendees)
- Supporting the organization of surveys
- Making images (photos and/or videos) during events
In case of joint event, KPMG may also share your personal data with third parties, who will act as joint controllers, in order to organize and facilitate the joint event. These third parties may also process your personal data for their own purposes. In this regard, please consult the privacy notice available on their website.
KPMG may also share your personal data with third parties, who will act as independent controllers for the preparation of your order(s) and the delivery of the product(s) that you may have ordered. For more information about the processing of your personal data by these third parties, please consult their privacy notice.
KPMG may also publish images of you (photos and/or videos) on its communication media (including but not limited to its social media pages) and making them accessible to other users of these supports in digital and printed form. In the context of these processing activities, KPMG may process your personal data by publishing them on its social media pages. In this respect, KPMG and the respective social media act as “joint controller” and have undertaken the necessary action to be compliant with the requirements of article 26 GDPR.
7. Where do we process your personal data?
Your personal data will be processed in the European Economic Area (hereafter referred to as the “EEA”).
In addition, KPMG may transfer certain personal data outside of the EEA to outside companies working with us or on our behalf for the purposes described in this Privacy Notice. KPMG may also store personal data outside of the EEA. If we do so your personal data will continue to be protected by an appropriate safeguard provided for in the GDPR (such as the standard contractual clauses issued by the European Commission).
KPMG will not transfer the personal data you provide to any third parties for their own direct marketing use.
8. How long do we keep your personal data?
KPMG will not keep your personal data longer than necessary for the purposes for which they have been collected or otherwise processed. The precise retention time will depend on the purposes for which KPMG processes your personal data. For example, your personal data may be kept for the following periods:
- Organization and facilitation of events: maximum thirty (30) days following the end of the event, unless you give your consent for an additional period
- Survey activities: maximum thirty (30) days following the end of the survey, unless you give your consent for an additional period
- Storage and publication of your images: maximum (3) years following the end of the event, unless another period is indicated on the consent form concerned
- Relationship management: maximum (3) years after last contact with you
- Marketing activities: maximum three (3) years after last contact with you (unless, where applicable, you withdraw your consent)
- Providing you with information about the activities and services of KPMG and/or KPMG network (newsletters, event invitations…): as long as you do not withdraw your consent
- Answering to your questions, queries and/or complaints (including but not limited to the sending of documents): as long as needed to process your request
9. What rights do you have as data subject and how can you exercise them?
You have the right to access, rectify and erase your personal data as well as to restrict or object the processing of your personal data. Besides that, you have the right to data portability. You also have the right to withdraw your consent at any moment. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal. Furthermore, you have the right to object at any time to processing of your personal data for direct marketing purposes.
You can exercise these rights by filling out this form and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
You also have the right to lodge a complaint with the Belgian Data Protection Authority should any of your rights be violated.
For the sake of completeness, your personal data will be processed in accordance with KPMG’s Privacy Statement.
* KPMG may modify this Privacy Notice from time to time to reflect its current privacy practices. When KPMG makes changes to this statement, KPMG will revise the "updated" date at the top of this page. KPMG encourages you to periodically review this Privacy Notice to be informed about how KPMG is protecting your personal data.