KPMG carries out various activities in the field of marketing, sales and relationship management. For example, we maintain a CRM (customer relationship management) system with contact profiles, we send newsletters and other mailings (direct messaging), we conduct market research and marketing campaigns, we organise (web) events and conferences, and we have an alumni network and alumni programme.
These activities are aimed at achieving KPMG’s own business objectives. When carrying out marketing activities, we always comply with the law and the rules that apply to the protection of personal data. We will never sell your personal data to data traders or provide it to third parties for their direct marketing activities.
In this privacy statement you can read more about our use of personal data for our activities in the field of marketing, sales and relationship management (hereinafter collectively referred to as ‘marketing’ or ‘marketing activities’).
This privacy statement should be read in conjunction with our general KPMG Online Privacy Statement, which contains additional information about our use of personal data, such as in relation to your rights and the sharing of personal data with third parties.
Why do we use personal data?
In the context of our marketing activities and activities which support our marketing activities, we use personal data of various people, such as people who register for our (web) events, alumni, people who work for (prospective) clients or suppliers, students and professionals. We i.a. use this personal data for the following purposes and activities:
- Drawing up, recording, completing and maintaining contact profiles of our (business) contacts in our CRM system.
- Managing our relationships and maintaining personal contact with (prospective) clients and other business contacts.
- Automatically sending personalised direct messages (direct messaging) about various topics (chosen by you), such as white papers, newsletters, articles and other KPMG publications, information about our services and invitations to (web) events.
- Running marketing campaigns, for example via business-to-business telemarketing, (online) advertising campaigns or social media campaigns, to promote and sell our services, products or other matters such as recruiting new colleagues.
- Organising events for (prospective) clients and other (business) contacts such as KPMG alumni or partners with whom we work, and all associated activities, such as sending invitations, information, course materials registering attendance and/or providing participation certificates and evaluation forms.
- The KPMG Alumni programme for which former KPMG employees can register and for which several activities are organised, such as events and network meetings.
- Conducting (market) research to measure, analyse and improve (the effectiveness of) our marketing activities and interactions.
- Analysing website use and website visits and personalising website content.
- Internal reporting on our marketing activities so that various departments involved have more insight into the effectiveness and options for improvement of our marketing activities.
- Preparation of internal information reports of (prospective) clients for (future) marketing activities.
- Developing our products and services, such as identifying client needs and exploring potentially interesting prospective clients.
- Publishing and reporting on marketing activities, such as sharing articles and videos of marketing activities on our website or through social media.
- Maintaining, securing, managing and using (IT) systems, websites and applications that we use for our marketing activities.
What types of personal data do we process?
In connection with our marketing activities, various types of personal data may be used, including:
- (Business) contact details such as name, gender, title, (business) address, (business) email address and telephone number and social media names and accounts;
- Professional data such as job (title), educational background and data about the organisation where you work or have worked;
- Data concerning the use of our websites and direct messages such as information about clicking on a link or advertisement, visits to our website, logging in or filling in a digital form and opening our direct messages or links or advertisements incorporated in them. Such (behavioural) data is generally collected using techniques such as cookies and pixels;
- Technical data such as IP address, device type and device identification numbers, web browser and operating system used, and automatically assigned codes such as unique identifiers, Barcodes and/or QR-codes and time codes (time stamps). We collect data such as this i.a. by using techniques such as cookies, pixels and similar techniques;
- Account data (login data) such as user name, email address and password for e.g. KPMG tools, KPMG portals or protected web environments. Examples include the portal where you can choose and customise your preferences for direct messages and the webinar tool (OnlineSeminar) that we use to organise digital events such as webinars;
- Visual and audio materials such as photos, video or audio recordings we make during physical events or during digital events such as a webinar;
- Preferences, interests, consent and/or objections such as consents for direct messages, telemarketing or the use of certain cookies, selected language preferences and preferences for direct messages, your geographical location (based on IP address) and (derived) information on interests, based on, for example, your use of our websites, direct messages or your registrations for certain events. We also keep records of whether you have objected to or withdrawn your consent to certain marketing activities to ensure that your personal data is not used improperly;
- Other (personal) data you provide us with, depending on the marketing activity and related activities, we use other personal data, such as your responses to surveys, studies, assessments or evaluations, questions you ask us and evaluation forms you complete in connection with an event.
We have no intention of collecting or using special categories of personal data, such as information about race or ethnic origin, political opinions, religious and other beliefs, trade union membership, information about sexual orientation or health data. In the course of our marketing activities, however, we may obtain information from which sensitive personal data may be derived, such as information about dietary requirements or a request to reserve a disabled parking space for an event. We will only use this information for its intended purpose and delete it once we no longer need it.
On what basis does KPMG process my personal data?
We will only use personal data if we have a basis for doing so as required by law. The basis on which we process your personal data may vary and depends on the marketing activity and related activities. The following legal bases may apply:
- Your consent: In some cases, we will ask you for your specific consent to process certain personal data, such as for sending direct messages or storing marketing cookies. You may withdraw your consent at any time in the manner indicated when you gave your consent, or by contacting KPMG at firstname.lastname@example.org.
- Legitimate interest: We will process your personal data if this is necessary for our legitimate interest in relation to our business operations, their optimisation, and the achievement of our commercial objectives, provided that these interests are not overridden by yours. In a number of cases, we have a legitimate interest in processing your personal data for the purposes described in this statement under ‘Why do we use personal data?’ We may also use this basis besides or in addition to your consent.
- Fulfilment of an agreement with you: Sometimes the processing of your personal data is necessary to fulfil our obligations based on an existing or future agreement with you. This agreement may be form-free. For example, in certain cases, registering for a marketing activity (e.g. an event) may be considered an agreement that requires us to process certain personal data about you in order to effect your participation.
- Statutory obligation: It may be necessary to process your personal data in order to comply with a statutory obligation, for example if we have to disclose certain personal data at the request of a regulatory authority. In order to comply with our statutory duties, we also need to record that someone has objected to the processing of their personal data or has withdrawn their consent to do so.
How do we obtain your personal data?
We obtain personal data from you or from other sources. We only collect personal data in manners permitted by law.
In most cases we obtain your personal data direct from you, for example if you register for newsletters, direct messages or an event, or if you fill in a digital (evaluation) form or if you contact us yourself, for example by email.
Through other sources
We may also obtain your personal data from other sources and in other ways, such as in the following cases:
- Your personal data is in our systems and databases, for example if you are the contact of a current or (former) client or supplier, or if you are an alumnus or otherwise have a relationship with KPMG. If you provide us with additional personal data, we will link it to the data we already have on you in our CRM system.
- We receive personal data from third parties with which we cooperate in marketing, such as a marketing agency or a party with which we jointly organise an event.
- We obtain personal data from public (online) sources, such as social media, business platforms and the trade register of the Dutch Chamber of Commerce (Kamer van Koophandel).
With whom may your personal data be shared?
Personal data may first of all be shared (internally) with KPMG staff or departments involved in the performance of our marketing activities. In addition, we may share personal data with other parties for our marketing activities. For example, other KPMG Member Firms, suppliers that provide (technical) support services in the context of marketing activities, such as IT services or postal and parcel delivery, marketing and advertising agencies or other partners with whom we cooperate, for example when we organise an event together. In such cases, where necessary, we will make appropriate arrangements for the protection of personal data before sharing it. Personal data will only be disclosed internally or externally for marketing purposes if this is necessary for our marketing activities. Our general KPMG Online Privacy Statement contains more information about sharing personal data with third parties and potential transfers of personal data to countries outside the EEA.
How long do we keep personal data?
Personal data is kept for as long as necessary for the purpose for which it was collected. The exact period for which personal data is retained depends on the nature of the data and the specific context in which the personal data has been collected. Generally, a retention period of one year applies to personal data that we collect and record in our CRM system in relation to our marketing activities, unless your personal data is removed sooner, for example because you withdraw your consent, or if your personal data is no longer necessary for our marketing activities. Your personal data will be removed from the CRM system if it has not been actively updated or used by you or by KPMG for one year.