Date last modified: November 21, 2023

This privacy statement provides information about the processing of personal data by KPMG in the context of video surveillance at KPMG offices and surrounding premises in the Netherlands. This privacy statement should be read in addition to and in conjunction with the general KPMG Online Privacy Statement, which statement provides information about our processing of personal data, such as with regard to the sharing of personal data and the rights that you have. 

What (types of) personal data do we process?

In the context of video surveillance, we process the following types of personal data from individuals entering KPMG’s premises or those within the video’s coverage:

  • Video images.
  • Date and time of recording.
  • Location of recording.

The processing of special categories of personal data through video surveillance is not intended and the video images will not be used to deduce such special categories of personal data or to make distinctions based on such personal data. Therefore, generally our video surveillance is not considered to be processing special categories of personal data, unless this is necessary and permitted by law. If there is a suspicion of unlawful behavior, video footage may be shared with authorities, in which case the personal data could potentially qualify as personal data related to alleged or proven criminal offenses. This will only occur if necessary and permitted by law. 

For what purposes do we use these personal data?

Video surveillance and the associated processing of personal data serves a.o. the following purposes:

  • Ensuring the safety and well-being of individuals.
  • Protecting KPMG’s premises from break-ins, theft and vandalism.
  • Monitoring assets and information.
  • Recording, investigating and handling of (potential) incidents.
  • Handling requests, complaints and disputes.
  • Establishing, exercising or defending our rights.
  • Meeting legal obligations and complying with government requests.

What are the legal bases for our processing of personal data?

The processing of personal data in the context of video surveillance is based on the legal basis ‘legitimate interest’. It is in the (legitimate) interest of KPMG and the persons visiting KPMG’s offices to process personal data for the purposes as described above under “For what purpose do we use these personal data”. To ensure that this interest is not outweighed by the interest of the individuals involved, KPMG has taken the necessary measures, such as only using video surveillance if necessary, camera placement is as privacy friendly and less intrusive as possible and access to the video images is restricted on a need-to-know basis. 

How long do we retain personal data?

Personal data collected through video surveillance is retained as long as necessary for the purpose they are collected for. Video images are usually retained for a period of 28 days after which term the images will be destroyed automatically. It might be necessary to retain personal data for a longer period for the handling of an incident, in order to comply with legal, regulatory, internal company- or policy requirements or if this is necessary with regard to (preparations for) legal procedures or disputes. In such case, personal data will be manually retained and destroyed as soon as retention is no longer necessary.