Last Update March 2023
KPMG MU is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information (sometimes referred to as "personally identifiable information" or "PII") that has been collected by or provided to us through any of our websites, web-based and mobile applications, meetings and events (in-person and virtual), marketing materials and content and services that link to, post or otherwise refer to this Privacy Statement (collectively, “Activities”).
Please review this Privacy Statement to learn more about how we collect, use, share and protect the personal information that we have obtained. By engaging in Activities (e.g., using online services or visiting a KPMG office), you consent to the collection and processing of your personal information as set forth in this Privacy Statement.
1. Collection and Use of Personal Information
We and our third-party providers (including service providers, as referred to in Section 6.2) collect the personal information that you provide when you engage in any Activities. For example, when you register for a service or attend an event, we may collect basic information about you such as your name, username, password, email address, mailing address, phone number, date of birth, and other personal and business demographic or contact information. You may also provide us with certain employment information in connection with an application for employment with KPMG. In some cases, you may have previously provided your personal information to KPMG (e.g., if you are a KPMG alum).
We use the personal information we collect (including through the automatic collection of personal information, as described in Section 1.1) to: enable you to engage in Activities; provide you with web-based and mobile applications; communicate with you; provide you with information about KPMG’s products and services; comply with applicable laws, regulations and/or professional standards, including for auditor independence, anti-money laundering and know-your-client checks; operate, maintain and enhance any of our Activities; and fulfill your specific requests. For example, if you send us an email message requesting information about KPMG, we will use your email address and other personal information you supply to respond to your request. If you send us a resume or curriculum vitae to apply online for a position with KPMG, we will use the personal information that you provide to match you with available KPMG job opportunities. Your personal information is used only for the purposes described in this Privacy Statement, unless we (i) obtain your express permission, (ii) provide an additional privacy notice, or (iii) as otherwise required or permitted by law or professional standards.
In some cases where you have registered for certain Activities we may store your personal information temporarily until we receive confirmation of the information you provided via an email (i.e., where we send an email message to the email address provided as part of your registration to confirm a subscription request). Please note that your rights for any particular request, product or service will be determined by the notice provided with such request, product or service, and in the event of a conflict between this notice and that notice, the specific notice provided with the request, product or service shall control.
KPMG only collects sensitive personal information when (i) you voluntarily provide us with this information, (ii) you expressly permit us to use this information, or (iii) such information is required or permitted to be collected by law or professional standards. Sensitive personal information includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual orientation or criminal record. Please use your discretion when providing sensitive personal information to KPMG or permitting KPMG to use such sensitive personal information. Do not provide sensitive personal information to KPMG or permit KPMG to use such sensitive personal information, unless you consent to (i) KPMG's use of that sensitive personal information for its business purposes, and (ii) the transfer and storage of that sensitive personal information to and in KPMG systems.
1.1 Automatic collection of personal information
1.1.1 IP addresses
An Internet Protocol (“IP”) address is a number assigned to your Internet-enabled device (including computers and mobile devices) whenever you access the Internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for KPMG’s IT security and system diagnostic purposes. This information may also be used to maintain and improve our Activities and to generate and analyze statistics about the Activities and your engagement in them.
Cookies may be placed on your Internet-enabled device whenever you engage in our online Activities. This allows our websites, applications or collaboration platforms to remember your device and serves several purposes.
For some of our online Activities, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked using this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your web browser's cookies.
Although most web browsers automatically accept cookies, you may be able to choose whether to accept cookies via your web browser's settings. You may also be able to delete cookies from your device. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features of our online Activities.
Below is a list of the types of cookies used as part of our online Activities:
|Purpose||Description||Type & Expiry|
|Performance (i.e., User's Browser)||Our online Activities are built using common Internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).||
Deleted upon closing the browser
|Security (e.g. Asp .NET) Cookies||If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.||
Deleted upon closing the browser
|Site Preferences||Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.||Persistent, but will delete automatically after one (1) year if you no longer engage in our online Activities.|
|Analytical||We use several third-party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on kpmg.com for our visitors. The aggregated statistical data cover items such as total visits or page views, and referrers to our web sites. Further details on our use of Google Analytics are described in Section 1.1.5.||Persistent, but will delete automatically after two (2) years if you no longer engage in our online Activities.|
|Site visitor feedback||
We use a third-party survey tool to invite a percentage of visitors to provide their feedback. Cookies are used to prevent visitors from being invited multiple times.
The first cookie (1) is set if the visitor is not invited to participate in the survey, and is used to ensure visitors are not invited after their first page view.
The second cookie (2) is set if the visitor is invited to participate in the survey, and is used to ensure the visitor is not invited again to participate for a period of 90 days.
|Social sharing||We use third party social media widgets or buttons to provide you with additional functionality to share content from our online Activities to social media platforms and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed webpages (e.g. the social share count cache is updated) and log information about your activities across the Internet and on our online Activities. We encourage you to review each provider's privacy information before using any such service. Further details on our use of social media widgets and applications are described in Section 1.2.||Persistent, but will be deleted automatically after two years if you no longer engage in our online Activities.|
Other third-party tools and widgets may be used on our individual websites or portions of certain online Activities to provide additional functionality. Depending on how you set your preferences in your browser and/or the cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use and ensure your interaction is displayed properly.
Cookies by themselves do not tell us your personal information or otherwise identify you personally.
BY ACCESSING, USING, OR ENGAGING IN OUR ONLINE ACTIVITIES, OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR INTERNET-ENABLED DEVICE
1.1.3 Interest-Based Advertising
To learn more about this type of advertising and how to opt-out of this form of advertising, you may either visit www.aboutads.info to opt-out of sites and services participating in the Digital Advertising Alliance (“DAA”) self-regulatory program, or visit www.networkadvertising.org/choices to opt-out of this form of advertising by members of the Network Advertising Initiative (“NAI”). Note that electing to opt out will not stop advertising from appearing in your browser or applications, although it may make the ads you see less relevant to your interests. This opt-out works through cookies set on a particular browser, so if you delete cookies from a web browser, or use a different browser, you will need to opt out again.
Your choice to opt out on a particular browser or device will apply only to the collection and use of information from that particular browser or device. Opting out on a particular device will not opt you out of information collection on other devices, nor will it limit cross-device sharing on those other devices. If you use different browsers on a device or multiple devices, for each browser and device you wish to opt out, please opt out each device and browser separately at www.aboutads.info/choices.
1.1.4 Do Not Track
Our online Activities may not recognize web browser based “Do Not Track” signals. However, as discussed in Section 1.1.2, you may be able to modify your Internet-enabled device’s web browser settings to block all cookies, or to block “third-party” cookies. Cookies that we set on our online Activities are considered “first-party” cookies. Details on your ability to restrict or change the personal information that we may collect about you are listed below under the following sections of this Privacy Statement: Choice (Section 3), Access (Section 4),
1.1.5 Usage Analytics
KPMG uses third-party usage analytics tools as part of our online Activities, including Google Analytics, which may be subject to separate privacy policies. More information about how Google Analytics is used by KPMG can be found here: https://policies.google.com/technologies/partner-sites.
1.1.6 Web beacons
A web beacon is a small image file on a web page that can be used to collect certain information from your Internet-enabled device, such as an IP address, the time the content was viewed, a web browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.
KPMG or its third-party providers may use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded.
In some of our online Activities (e.g., newsletters and other communications), we and third-party providers operating on our behalf, may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to maintain and improve our online Activities and such third-parties’ services.
Please be aware that if you opt to render some web beacons unusable, you may not be able to fully experience some of the features of our online Activities.
1.1.7 Location-based tools
KPMG and its service providers may collect and use the geographical location of your Internet-enabled device (e.g., via tracking beacons, Bluetooth or GPS) in connection with certain Activities, but only with your express permission. With respect to the collection of precise information about the location of your device, once you have consented to the collection you may adjust or withdraw this permission at any time by managing your “Location Services” preferences through your device’s settings. This location data is collected for the purpose of providing you with information regarding our Activities, products and services which we believe may be of interest to you based on your geographic location, and to improve our location-based Activities, responses to requests, products and services.
Please be aware that if you opt to exercise your right to alter, or altogether turn off, location-based services on your device, you may not be able to fully experience some of the features of our Activities.
1.2 Social media widgets and applications
In addition, our online Activities may feature blogs, forums, crowd-sourcing and other applications or services (collectively, “Social Media Features”). The purpose of Social Media Features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG Social Media Feature may be shared with other users of that Social Media Feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.
KPMG understands the importance of protecting children's privacy, especially in an online environment. Our Activities are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain personal information about anyone under the age of 13, except as part of an engagement to provide professional services.
2. Sharing and transfer of Personal Information
We do not share personal information with unaffiliated third parties, except as stated in this Privacy Statement, including as necessary for our legitimate professional and business needs, to carry out your requests, to allow you to engage in our Activities, and to market our products or services, including in coordination with other service providers for joint-marketing purposes, as required or permitted by law or professional standards, or otherwise with your permission.
In some instances, KPMG may share personal information about you with various third-party providers working on our behalf. KPMG requires these entities to safeguard personal information in the same manner as KPMG.
KPMG may also disclose personal information in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, government regulations, or professional rules. In the event, that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information may also be shared in connection with the consideration, negotiation or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
KPMG does not sell personal information to third parties. KPMG and our third-party providers may use personal information in an anonymized form for research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. In addition, we may share de-identified reports on user demographics and traffic patterns, as well as de-identified information, with third parties.
Cross-Border Collection and Transfer. We may directly collect personal information from or about you if you are in a jurisdiction other than the U.S. to provide you with services associated with the Activities. Similarly, if you are in the U.S., we may transfer outside of the U.S. the information we collect from or about you outside of the U.S. Regardless of where you are, we may transfer certain personal information across geographical borders to other member firms affiliated with KPMG International or to various third party providers working on our behalf, or we may receive personal information in the U.S. or elsewhere transferred from another member firm affiliated with KPMG International or an unaffiliated third party. KPMG may also store personal information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your personal information as your home country. By providing your personal information to KPMG, you understand that your personal information may be collected, transferred and/or stored in a jurisdiction other than your home country. Each member firm affiliated with KPMG International is required to safeguard personal information in accordance with its contractual obligations and data protection legislation applicable to its provision of services. Your personal information will only be transferred if appropriate or suitable safeguards are in place. If you are located outside of the U.S., you may have additional rights as described in Section 7.
We may require you to provide certain personal information in order to receive additional information about our Activities. KPMG may also ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular Activities (e.g., an online newsletter), you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from an Activity, we will try to remove your personal information promptly, although we may require additional information or confirmation before we can process your request.
4. Data Privacy Requests
If you have submitted your personal information to KPMG, you may have the right to request, under applicable law, that KPMG provide you with reasonable access to your personal information, update or correct any inaccuracies in your personal information, or delete your personal information, and, in any such event, KPMG will make all reasonable and practical efforts to comply with your request, so long as our doing so would be consistent with applicable law, KPMG’s contractual requirements, and/or the professional standards applicable to KPMG.
To make a Data Privacy Request, please contact us at email@example.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
5. Data security and integrity
KPMG has and requires its service providers to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration or destruction. Despite KPMG’s efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know and require those individuals to maintain the confidentiality of such information. We also make efforts to retain personal information only for so long as the information is needed for our professional, marketing or analytic purposes or to comply with legal requirements, professional standards or an individual’s request, or until that person asks that the information be deleted.
6. Additional Disclosures for California Residents
This section applies to any California residents about whom we have collected personal information as part of engaging in our Activities.
For purposes of this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household; “household” means a person or group of people who: (i) reside at the same address, (ii) share a common device or the same service provided by a business, and (iii) are identified by the business as sharing the same group account or unique identifier. Personal information does not include publicly available information or information that has been de-identified.
6.1 Information We Collect
The types of personal information we collect about you will depend on your relationship with KPMG. For example, in many cases, we may collect personal information from our business clients during an engagement to provide products and services to our clients; our collection and use of such personal information is governed by our contract with that entity. In other cases, we may collect personal information directly from consumers or households that engage in Activities.
We may collect the following categories of personal information about you or members of your household:
- Identifiers, which may include real name and alias; postal address; unique personal identifier; online identifiers as detailed below; IP address; email address; telephone number; account number, name and password; Social Security number; driver’s license number, passport number, state or other government-issued identification card number; and/or other similar identifiers;
- Commercial information, which may include records of personal property; products or services purchased, obtained, or considered; account balances, payment history, or account activity; bank account information and other information relating to your financial institution; credit application, credit checks, and information from credit reporting agencies; and/or other purchasing or consumer histories or tendencies;
- Biometric information, which may include fingerprints; facial scans; voice recognition information; genetic information; and/or other similar biometric identifiers;
- Information relating to Internet activity or other electronic network activity, which may include cookie identifiers, clear gifs, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version and/or other device characteristics including your choice of settings such as Wi-Fi, Bluetooth and GPS data;
- Geolocation data, which may include GPS data; locational information based upon your IP address; cell network data; and/or other similar locational data;
- Audio, electronic, or visual information, which may include records of calls to or from our customer service centers; and/or video surveillance information;
- Professional or employment-related information, which may include information regarding your current and previous employers; job title and responsibilities; assets; income; and/or other information related to your work history and/or prospective employment;
- Education information, which may include academic record, degrees and educational history;
- Inferences about you, which may include preferences and characteristics and other information we may infer from other personal information we have collected;
- Information not listed above and related to characteristics protected under Data Protection Act; which may include gender; race and ethnicity; nationality; marital status; military service or veteran status; and/or date of birth; and
6.2 Purposes and Sources of Collection
We may collect or use personal information for the following purposes:
- Administer, maintain and improve our Activities;
- Assessing third-party providers and service providers;
- Auditing and compliance with policies, procedures, laws, regulations and/or professional standards, including for auditor independence checks;
- Billing, payment and fulfillment;
- Customer and client communications;
- Customer and client relationship management;
- Financial reporting and accounting;
- General business administration;
- Health, safety, and wellness of our workplace, facilities and workforce;
- Internal analytics and benchmarking;
- Marketing our Activities;
- Marketing the products and services of KPMG International, other member firms affiliated with KPMG International or other third parties;
- Protect against fraud and other malicious or illegal activity, including for anti-money laundering and know-your-client checks;
- Provision and performance of the services; and
- systems and data security.
We may collect personal information from the following sources, including, but not limited to via applications and forms, collaboration platforms, communications and interactions with us and through our in-person events or meetings and online Activities such as websites and mobile applications:
- Our clients and customers and prospective clients and customers, or their authorized representatives;
- Our subsidiaries, affiliates, joint ventures, and other companies under our common control (collectively, "Affiliates");
- KPMG International;
- Other member firms affiliated with KPMG International;
- Our service providers, such as customer relationship management providers, analytics providers, website hosting providers, systems administrators and communications delivery services;
- Unaffiliated third parties with which we have a business relationship and/or promotional and joint-marketing partners;
- Social media platforms providers, online communities and forums and online advertising providers and partners;
- Employees, contractors, KPMG alumni and job applicants;
- Government entities and databases, such as anti-fraud databases, sanctions list and court judgments; and
- Publicly available sources.
6.3 Disclosures of Personal Information
6.3.1 Categories of Third Parties with Whom We Share Personal Information
We may share personal information as described in this Privacy Statement, including with the following categories of third parties:
- Affiliates. We may share personal information with our Affiliates.
- KPMG International. We may share personal information with KPMG International.
- Member Firms. We may share personal information with other KPMG member firms affiliated with KPMG International.
- Technical and Operational Service Providers and Business Partners. We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal information to our third-party business partners and service providers in order to maintain and operate the websites and provide, improve, and personalize the services, including to fulfill requests for the services and for other technical and processing functions, such as sending e-mails on our behalf, fulfilling orders, and technical support. We may also share personal information to service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats.
- Marketing, Advertising and Analytics Providers. We may share personal information with third-party providers for marketing, advertising and analytics purposes.
- Government Entities. We may share personal information with government entities and agencies, regulators, law enforcement, and other third parties, including to provide the services, comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process and to establish or exercise our legal rights or for fraud- or crime-prevention purposes.
- Professional Service Firms. We may share personal information with other professional service firms in connection with our legal, regulatory and professional obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, insurers and consultants.
- Corporate Transactions. Subject to applicable law, we reserve the right to transfer some or all personal information in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal information collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal information as described in this Privacy Statement.
6.3.2 Disclosures of Personal Information for Business or Commercial Purposes
We may have disclosed the following types of personal information to third parties or service providers for a business or commercial purpose in the previous twelve (12) months:
- Commercial information;
- Biometric information;
- Information relating to Internet activity or another electronic network activity;
- Geolocation data;
- Audio, electronic, or visual information;
- Professional or employment-related information;
- Education information;
- Inferences about you; and
- Information not listed above and related to characteristics protected under Data Protection Act .
6.3.3 Sales of Personal Information
We do not sell personal information and did not sell personal information in the previous twelve (12) months.
6.4 Your Privacy Rights
You may be entitled by applicable law to exercise the following rights with respect to your personal information:
- Right to Know. You have the right to request what personal information we collect, use, disclose and/or sell, as applicable.
- Right to Delete. You have the right to request that we delete the personal information that we have collected about you.
- Right to Opt-out of the Sale of Personal Information. You have the right to request to be opted-out from the sale of your personal information. However, as described in Section 6.3.3, we do not sell personal information.
- Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
You may also authorize someone to exercise the above rights on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.
To exercise any of your rights, please contact us at firstname.lastname@example.org and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a service provider, we may refer you to the business with whom you have a direct relationship in order to implement your request, pursuant to applicable law.
In addition, the above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances, we may be unable to implement your request.
9. Links to Other Sites
Please be aware that our Activities may contain links or refer you to other websites, applications, social media platforms, collaboration platforms, products and services maintained by KPMG International, other member firms affiliated with KPMG International, or by unaffiliated third parties (collectively, “Other Sites”). Other Sites are not governed by this Privacy Statement, but by other privacy statements that may differ. KPMG is not responsible for the content or practices of these Other Sites. We encourage users to review the applicable privacy policies of these Other Sites visited before disclosing any personal information.
10. Changes to This Privacy Statement
KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy Statement to be informed about how KPMG is protecting your personal information. Your continued use after each such update is your consent to such updated terms.
11. Questions and Comments
KPMG is committed to protecting the privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us by email at email@example.com. You may also contact us to communicate any concerns you may have regarding compliance with this Privacy Statement.
1 “KPMG,” “we,” “our,” and “us” refers to KPMG, a Mauritian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee.”