Privacy Notice

We are committed to protecting the secrecy and confidentiality of the information entrusted to us. We act in accordance with applicable data protection law, in particular the Swiss Federal Act on Data Protection (FADP). Please read this privacy notice to find out more about your rights and what data we collect and how we use and protect it.

This website is operated by KPMG AG. KPMG AG is a group company of KPMG Holding LLP. KPMG Holding LLP is a member of the global KPMG organisation of independent firms affiliated with KPMG International Limited ("KPMG International"), a limited liability company incorporated under the laws of England and Wales. KPMG International does not provide services to clients.

The following privacy notice informs our clients, our clients' employees, suppliers, participants in KPMG events and visitors to our website about the processing of personal data.

For information on the processing of personal data in the application process, the Talent Community, career events and job mailings, please refer to the separate privacy notice at this link.

Contents

1. Who is responsible for data processing and who can I contact?
2. How do we collect personal data?
3. What types of personal data do we process and for what purposes?
   3.1 Customers and employees of our customers
   3.2 Suppliers
   3.3 Participants in KPMG events
   3.4 Visitors to our office buildings
   3.5 Visitors to our websites
   3.6 KPMG alumni network
   3.7 Benefactors of the KPMG Foundation and employees of beneficiary institutions
   3.8 Other persons in contact with KPMG
4. On what legal basis do we process personal data?
5. Do we pass on personal data to third parties?
6. Do we transfer your personal data to recipients outside Switzerland or Liechtenstein?
7. What data protection rights do you have?
8. How is personal data protected?
9. How long do we store personal data?
10. Have you read the further information on the use of cookies on our website and on the use of links to other websites?
11. Do we make changes to this privacy notice?

1. Who is responsible for data processing and who can I contact?

This privacy notice applies to KPMG AG, KPMG (Liechtenstein) AG, KPMG Tax & Legal Services AG as well as KPMG Foundation (collectively ‘KPMG’, ‘we’ or ‘us’).

If you have any questions or comments about this privacy notice or our handling of personal data, please address your request to:

KPMG AG
Data Protection Officer
Badenerstrasse 172
P.O. Box
8036 Zurich
Switzerland
DPO@kpmg.ch

2. How do we collect personal data?

• Directly: We receive personal data directly from individuals in various ways, including by providing a business card, completing our online forms, subscribing to our newsletters and making entries in our newsletter preferences, registering for webinars, attending our meetings, events or premises. In addition, we receive personal data directly, for example through the establishment of business relationships, the provision of contractually agreed services or the provision of hosted software applications.
• Indirectly: We receive personal data indirectly from individuals in various ways, including via recruitment service providers or our customers. We may store personal data as part of our customer relationship management in order to better understand customers, interested parties, readers and other persons and to optimise our services accordingly, to comply with a legal obligation or to pursue our legitimate interests.
  
  • Public sources – Personal data can be taken from public directories (e.g. commercial registers), newspaper articles, sanctions lists and online searches.
  • Online social or professional networks – If you use a social media account (e.g. LinkedIn, Google or Twitter) to register or log in to our websites to confirm your identity and provide us with your social media login details, we collect any information or content necessary for registration or login, which the social media provider may share with us with your permission. This information includes, for example, your name and email address. Depending on your privacy settings, further personal data about you may be transmitted to us. Please therefore check your privacy settings with the relevant social media provider and determine what information you wish to share with us.
  • Customers – Our customers may commission us to provide services in which personal data held by these customers is passed on to us. For example, we review payroll data as part of an audit and have to process personal data for our services in the areas of global mobility and pension schemes. As part of our services, we may also process personal data in software applications hosted by us. These may be subject to different data protection provisions and declarations if this is indicated accordingly in the software application.
  • Recruitment agencies / suppliers / agents / former employers / credit reference agencies – We may receive personal data from recruitment agencies and other third parties, such as suppliers, agents, former employers and credit reference agencies.
  • Visitors to our websites – We may receive personal data when you visit our website. Please read our section 10 below.
  • Visitors to events – We may receive personal data if you attend events (co-)organised by us.

3. What types of personal data do we process and for what purposes?

The following types of personal data about individuals may be collected by us, whether through direct interaction with us or through information we receive through customer orders, from suppliers or through other circumstances.

We are dependent on the use of personal data for the provision of certain services. In such cases, this will be indicated on our website, in the disclaimers or as part of a contractual agreement. In addition, we may be legally obliged to collect certain personal data. If you do not provide us with this personal data, we may not be able to provide our services or may be forced to discontinue the provision of a product or service to you.

3.1 Customers and employees of our customers

In connection with the provision of our contractually agreed services to our customers, we process the personal data that we need to provide the services and to protect our interests and that we require due to legal or other binding regulations.

• The personal data of our customers or employees of our customers includes in particular the following personal data. The type of personal data may vary depending on the agreed service.
  • Contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information);
  • Personal information (e.g. age and date of birth, marital status, passport/ID details, AHV number, family circumstances and details of (spouse) partner, children, other dependants);
  • Professional data (e.g. professional career, employer, educational background and memberships in professional organisations, publications);
  • Data of relatives and beneficiaries of services in the areas of mobility, official licences and permits, insurance and pensions (e.g. names and dates of birth);
  • Financial data (e.g. taxes, payroll, investment interests, pensions, investments, bank information, insolvency documents);
  • Data relating to risk management and conflict of interest checks by KPMG ( e.g. credit rating information, commercial register data, data from sanctions lists, the KPMG network or online sources).
• Particularly sensitive personal data (also known as "special categories of personal data"): Personal data that we receive that is particularly worthy of protection is
  • Personal identification documents that may also provide information on racial or ethnic origin, religious beliefs, health status and biometric data of private individuals or beneficial owners of legal entities;
  • Expense vouchers submitted for the purpose of individual advice on tax or accounting issues and which provide information on trade union membership or political views;
  • Information about potential or existing customers and applicants that provides information about criminal offences or criminal convictions;
  • Other particularly sensitive data that our customers provide to us as part of a business relationship.
• Personal data of children: Although our services are not deliberately tailored to or directed at children, we occasionally receive information about children, for example as part of a service order.

Below we list the purposes for which we process the personal data listed:

• For the execution and fulfilment of a contract: The contractually agreed services may relate to the following areas: Professional advice and provision of reports and services relating to taxes, business consulting, auditing, insurance, pension schemes, legal advice, restructuring, mergers and acquisitions and other professional services and products;
• To safeguard our legitimate interests:
  • Promoting our professional services, products and offers to existing and potential customers;
  • Managing, maintaining, developing and ensuring the security and functionality of our information systems, applications and websites;
  • Processing online enquiries, including responding to messages from individuals as well as project and quotation requests;
  • Preventing fraud or criminal activity, securing our IT systems and processing claims;
  • Quality assurance, avoidance of conflicts of interest, safeguarding independence and justified claims (e.g. collection measures) as well as defence against unjustified claims.
• Fulfilment of legal or regulatory obligations regarding sanctions, the assessment of embargoes, combating money laundering, terrorist financing, fraud and other financial offences.

3.2 Suppliers

If you provide services for us, we process the personal data that we need to process the business relationship.

In particular, we process the following personal data:

• Contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information);
  

Below we list the purposes for which we process the personal data listed:

• Contract: Processing and fulfilment of the business relationship and communication;
• Safeguarding our legitimate interests, such as avoiding conflicts of interest, maintaining independence, quality assurance, administration, maintenance, development and ensuring the security and functionality of our information systems, applications and websites;
• Fulfilment of legal or regulatory obligations regarding sanctions, the assessment of embargoes, combating money laundering, terrorist financing, fraud and other financial offences.

3.3 Participants in KPMG events

If you participate in a KPMG event, we process the following personal data in particular.

• The personal data may vary depending on the type of event:
  • Contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information);
  • Professional data (e.g. professional career, employer, educational background and memberships in professional organisations, publications).
• Examples of particularly sensitive data that we receive include Food preferences when registering for events, which provide information about religious beliefs or health status.
  
• Personal data of children: Although our services are not intentionally tailored to or directed at children, we occasionally receive information about children, for example through the participation of children - accompanied by their parents or guardians - in our events.

Below we list the purposes for which we process the personal data listed:

• Our legitimate interests:
  • In promoting our professional services, products and offers to existing and potential customers;
  • Sending invitations and admitting guests to our events and webinars or to events sponsored by us.
• To register your registration for an event and process it further for participation in the event.

3.4 Visitors to our office buildings

When you visit our offices, we process the following personal data in particular:

• Visitors may be recorded by the video surveillance systems on our company premises. This video material is automatically deleted after 5 days.
• Visitors may have to register at reception and enter their contact details, such as name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information or the reason for the visit.
• Children's data: Although our services are not deliberately tailored to or directed at children, we occasionally receive information about children, for example through the participation of children - accompanied by their parents or guardians - in our events.
  

Below we list the purpose for which we process the listed personal data:

• Safeguarding our legitimate interests, e.g. security in our buildings, traceability, identification, processing and administration of guests in our buildings.

3.5 Visitors to our websites

When you visit our website, we process the following personal data in particular:

• Personal Preference Center: Contact details (e.g. name, job title, business and private telephone numbers, business and private email addresses, other contact information you provide to us)
  
• Newsletter registration: Contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information you provide us with)
• Request for Proposal (RfP): Contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information you provide us with)
• Document downloads (gated content): Contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information you provide to us)
• Location-related data: We may process location-related data, for example if you use the location search function on our website.

Below we list the purposes for which we process the personal data listed:

• Personalisation of online landing pages and communications that we consider relevant due to the possibility of interaction with us or a KPMG member firm;
• Authentication of registered users for certain areas of our websites (Personal Preference Centre);
  
• Processing online enquiries, including responding to messages from individuals as well as project and quotation requests
• Sending newsletters to which you have subscribed.

3.6 KPMG Alumni Network

When you register as an alumnus, we process the following personal data in particular:

• Data about our alumni: contact details (e.g. surname, first name, job title, business and private telephone numbers, business and private e-mail addresses, language, former job title within KPMG, period of employment at KPMG, other contact information you provide us with).
• Sending newsletters: contact details (e.g. name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information that you provide to us).

Below we list the purposes for which we process the personal data listed:

• Pursuing the purpose of the alumni programme, in particular for the communication of target group-specific information about KPMG;
• Dispatch of newsletters;
• Invitations to events;
• To be contacted for business opportunities;
• Safeguarding our legitimate interests, e.g. traceability, identification, as well as processing, administration, planning, addressing.

3.7 Benefactors of the KPMG Foundation and employees of beneficiary institutions 

When you contact us, we process the following personal data in particular:

• Contact details (e.g. surname, first name, job title, business and private telephone numbers, business and private e-mail addresses, other contact information that you provide to us).
• Financial data (e.g. financial institution, account details, etc.).

Below we list the purposes for which we process the personal data listed:

• Pursuit of the foundation's purpose, in particular the organisation of donations for innovative projects in the areas of culture, education and social affairs (socially excluded persons, the disabled and people in need).
• Safeguarding our legitimate interests, e.g. traceability, identification, processing and administration.
• Fulfilment of the KPMG Foundation's donation commitment to the beneficiary institutions.

3.8 Other persons in contact with KPMG

KPMG may process personal data of employees of public authorities or other persons who are or come into contact with KPMG. This includes, for example, contacts from and to journalists in connection with market insights, company announcements, invitations to press conferences or information on announcements that may be of interest with regard to specific industry topics.

The type of personal data may vary depending on how you contact us.

4. On what legal basis do we process personal data?

The collection and use of personal data in the context of our business activities and for the provision of our products and services may be legally justified as follows:

• Contract: We may process personal data if this is necessary for the processing and fulfilment of our contractual obligations.
• Consent: Personal data may be processed by us if you have voluntarily consented to the processing at the time of providing your personal data.
• Legitimate interests: We may process personal data if this serves our legitimate interests and we have previously determined the processing to be appropriate, reasonable and balanced. These interests include
  • Provision of services and products – To provide the services and products ordered by our customers;
  • Marketing – To provide timely market insights, expertise, offers and invitations that we believe will be of interest to our customers, prospects, readers and others.
• Legal obligations and public interest: We may process personal data if this serves to fulfil legal obligations or duties or mandates of public interest.

5. Do we pass on personal data to third parties?

In certain cases, we pass on personal data to trustworthy third parties if this serves to provide efficient and high-quality services and products. The data recipients are contractually obliged to protect the personal data entrusted to them. This may involve some or all of the following categories of recipients:

• Member firms of the KPMG network, where necessary for administrative purposes (e.g. hosting and supporting IT applications, conducting client dispute reviews, HR support functions), as well as to provide professional services to our clients (e.g. advisory services by KPMG member firms in different regions);
• Third parties who support us in the provision of services and products (e.g. providers of telecommunications systems, mailroom management, IT system support, document creation services, cloud-based software services and scanning services);
  
• Our professional advisors, including lawyers, auditors and insurers;
• Potential buyers, acquirers, merger partners or sellers and their advisors in connection with an actual or potential merger/acquisition of some or all of our business or assets or any related rights or interests;
• Provider of payment services;
• Provider of marketing services;
• Enforcement authorities or other governmental and supervisory authorities (e.g. FAOA, FINMA) as well as other third parties if this serves to fulfil applicable laws and regulations;
• Provider of personnel services.

6. Do we transfer your personal data to recipients outside Switzerland or Liechtenstein?

We store personal data on servers located primarily in Switzerland, in the European Union and occasionally also in Liechtenstein.

We may transfer personal data to KPMG International, KPMG member firms (a list of all KPMG member firms can be found at this link) and carefully selected third party companies within or outside Switzerland and Liechtenstein , wherever we consider such cooperation reasonably necessary to support our business activities.

KPMG engages with KPMG Delivery Centers located in Romania, Poland, Hungary and India to provide service delivery support.

Furthermore, KPMG works with service providers within and outside Switzerland (India, Romania, Poland and Hungary) who supply products or services to KPMG, including IT providers who have no direct connection to the provision of services, but who occasionally receive access to personal data in order to process it on behalf of KPMG.

Each of these companies is obliged to protect personal data in accordance with the agreed contractual obligations and the applicable data protection law. Possible protective measures include the transfer to countries in which an adequate level of protection is given according to Annex I to the Data Protection Ordinance of 31 August 2022, the application of data protection model clauses/contracts or other measures that ensure adequate protection of personal data.

7. What data protection rights do you have?

If KPMG processes personal data about you, you have the rights listed below. Before we respond to your enquiry, we may ask you for proof of identity. This enables us to ensure that personal data is not disclosed to unauthorised persons. We may also ask you for sufficient information about your interactions with us so that we can locate your personal data.

• Information: You have the right to information about whether we process personal data about you and, if so, to more detailed information about the use of your personal data.
• Rectification: You have the right to have your personal data rectified by us if you believe that it contains incorrect or incomplete information about you.
• Erasure: You have the right to have your personal data erased by us if you withdraw your consent to its processing or if we no longer need the personal data for the original purpose of its use and are not obliged to retain it.
• Restrictions on processing: You have the right to temporarily restrict the processing of your personal data by us if you doubt the accuracy of the personal data or wish to restrict the use of the personal data instead of having it deleted.
• Data portability: If you have provided us with personal data, you may have the right to have us transfer this personal data to you electronically, provided this is technically possible.
• Automated individual decision-making: You have the right to review decisions about you that were made solely by automated processing, including profiling, and that had legal consequences relating to you or other significant effects on you.
• Right to object to marketing, including profiling: You have the right to object to the use of your personal data by us for marketing purposes, including profiling. We may need to retain some basic information in order to fulfil your request not to engage in marketing activities.
• Right to object to active sourcing: You have the right to object to the use of your personal data by us for active sourcing purposes. We may need to retain some basic information in order to fulfil your request to cease recruitment activities.
• Right to withdraw consent: You have the right to withdraw your previously granted consent to the processing of your personal data for one or more specific purpose(s). This does not affect the lawfulness of processing that took place prior to the withdrawal. In the event of revocation, we may no longer be able to provide you with certain services or products, which we will point out.
  
  

Please direct any enquiries regarding your personal data to:

KPMG AG
Data Protection Officer
Badenerstrasse 172
P.O. Box
8036 Zurich
Switzerland
DPO@kpmg.ch

We endeavour to respond to data protection requests within 30 days of receipt. We will not charge a fee for processing your request unless the request is clearly unfounded or excessive. In certain circumstances, we may not be able to comply with your request for other legal reasons.

If you have any concerns regarding our handling of personal data, you can also contact the relevant data protection supervisory authority:

• Switzerland: Federal Data Protection and Information Commissioner
• Liechtenstein: Data protection authority in Liechtenstein

8. How is personal data protected?

We have implemented appropriate technical and organisational security policies and procedures to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. KPMG's protection of client data in the provision of professional services, including people, processes and technology for the development, provision and support of the data processing infrastructure, is certified to ISO 27001:2013. We generally restrict access to personal data. Persons who have access to personal data are obliged to keep this information confidential. In order to protect personal data even better, we make use of procedures such as pseudonymisation, de-identification or anonymisation where necessary.

If you access any part of our website or use our services, you are responsible for maintaining the confidentiality of your login information. Please remember that the transmission of personal data via the Internet is never completely secure. Although we will do our best to protect your personal data, we cannot ensure or warrant the security of any personal data you transmit via our website. Any transmission is at your own risk.

9. How long do we store personal data?

We retain personal data in order to provide our services, make offers, stay in contact with you and comply with applicable laws and regulations and professional obligations to which we are subject. We retain personal data for as long as it is needed for the purpose for which it was collected, or for a period of time to which we are obliged under applicable laws and regulations or contractual agreements. The statutory retention period is generally ten years from the end of the business relationship. We delete personal data that we no longer require.

10. Have you taken note of the further information on the use of cookies on our website and on the use of links to other websites?

In some cases, KPMG and third-party vendors use cookies, web beacons and other technologies to automatically collect certain types of information when you visit our website and email with us. The collection of this data enables us to personalise your user experience, improve the performance, usability and effectiveness of KPMG's online presence and measure the effectiveness of our marketing activities. As a rule, this data is not personal data. On pages where cookies are used, a cookie usage notice will be displayed in your browser. For further information, please refer to our detailed information in our cookie banner, which you can view and customise at any time at "Cookie- Preferences".

We use the following third-party tools to track and analyse your use of our website and other digital services:

• Adobe Analytics
  The provider is Adobe Systems Software Ireland Limited, based in Ireland.
  Further data protection information can be found at: Adobe Data Protection Centre.
• Google Analytics
  The provider is Google Ireland Limited, based in Ireland.
  Further data protection information can be found at: Privacy Policy - Google. You can find an opt-out option at: Download page for the browser add-on to deactivate Google Analytics.
• Google Tag Manager
  The provider is Google Ireland Limited, based in Ireland.
  Further data protection information can be found at: Privacy Policy - Google.
• Google Ads
  The provider is Google Ireland Limited, based in Ireland.
  Further data protection information can be found at: Privacy Policy - Google.
• Microsoft Ads
  The provider is MMicrosoft Ireland Operations Limited, based in Irland. Further data protection information can be found: Microsoft-Privacy Statement.
• Microsoft Customer Insights
  The provider is Microsoft Ireland Operations Limited, based in Irland. Further data protection information can be found: Microsoft-Privacy Statement.
• Meta Pixel (Facebook and Instagram)
  The provider is Meta Platforms Ireland Limited, based in Ireland. Further data protection information can be found at Meta Privacy Policy.
• LinkedIn
  The provider is LinkedIn Ireland Unlimited Company, based in Ireland. Further data protection information can be found at: LinkedIn Privacy Policy.

Our websites generally contain links to other websites, including websites operated by KPMG member firms, which are not subject to this privacy notice. Please check the privacy statements of the linked websites carefully before you disclose any personal data to them. Although we endeavour to link only to sites that have the same high standards and respect for privacy as we do, we are not responsible for the content, security or privacy practices of other websites.

11. Do we make changes to this privacy notice?

We revise this privacy notice at regular intervals and publish any changes on this website. This privacy notice was last updated on April 20, 2026.