Skip to main content

      Last updated: June 20, 2025

      PRIVACY POLICY

      We are committed to protecting the confidentiality and privacy of the information entrusted to us. We comply with applicable Data Protection Legislation, including primarily the Law No. 6698 on the Protection of Personal Data. To learn about your rights, what information we collect, and how we use and protect it, please read this Privacy Policy.

      This website is operated by KPMG Türkiye, a member firm of the KPMG International organization of independent member firms affiliated with KPMG International Limited (“KPMG International”).

      Contents

      1. Who are we?
      2. Who can you contact with privacy-related questions or concerns?
      3. How do we collect personal data?
      4. What categories of personal data do we collect?
      5. What legal bases do we rely on to process personal data?
      6. Why do we need personal data?
      7. Do we share personal data with third parties?
      8. Do we transfer your personal data outside Türkiye?
      9. Do we use cookies? Do we collect personal data automatically?
      10. What are your data protection rights?
      11. How do we ensure personal data security?
      12. How long do we retain personal data?
      13. Do we provide links to other websites?
      14. Will we update this Privacy Policy?

      You may also access our Cookie Policy and Privacy Notice below.

      • Cookie Policy (A.2)
      • Privacy Notice

      1. Who are we?

      This Privacy Policy applies to KPMG Türkiye* (collectively referred to as “KPMG”, “we”, “us”, or “our”).

      2. Who can you contact with privacy-related questions or concerns?

      If you have any questions or comments regarding this Privacy Policy or how we process personal data, you may contact us at:

      KPMG Türkiye
      Levent, İş Kuleleri, Tower 3, Floors 2–9
      34330 Beşiktaş / Istanbul
      tr-dldpo@kpmg.com

      You may also contact the Personal Data Protection Authority to raise any concerns regarding our data processing practices.

      3. How do we collect personal data?

      Directly:
      We collect personal data directly from individuals through various means such as receiving business cards, completing online forms, subscribing to newsletters or preference centers, registering for webinars, or attending meetings and events organized by us. We may also obtain personal data directly in the course of establishing a business relationship, delivering professional services under a contract, or via our hosted software applications.

      Indirectly:
      We may obtain personal data about individuals from various sources, including recruitment services and our clients. We may add personal data to our customer relationship management systems to better understand and serve our commercial clients, prospective clients, subscribers, and individuals, to fulfill legal obligations, or to pursue our legitimate interests. These sources may include:

      • Public sources
      • Social and professional networking sites
      • Commercial clients
      • Recruitment service providers

      4. What categories of personal data do we collect?

      We may collect the following categories of personal data through direct interactions, client engagements, applicants, suppliers, and other circumstances described in this Privacy Policy:

      Personal Data:

      • Contact information
      • Professional details
      • Family and beneficiary information (for mobility, official approvals, permits, insurance, and pension planning services)
      • Financial information
      • Video surveillance recordings at our premises (automatically deleted within 20 days)

      Special Categories of Personal Data:

      • Identity documents revealing race, ethnicity, religious beliefs, or health information; biometric data of individuals or applicants
      • Expense receipts that may reveal union affiliations or political opinions
      • Information relating to criminal convictions or offenses
      • Information provided by clients during professional engagements
      • Dietary requirements that may indicate religious beliefs or health conditions

      5. What legal bases do we rely on?

      • Contract: To fulfill contractual obligations
      • Consent: Based on your freely given consent
      • Legitimate Interests: Where processing is fair, reasonable, and balanced, including:
        • Delivering services and products
        • Marketing insights, offers, and invitations
        • Recruitment activities
      • Legal Obligations and Public Interest: To comply with legal requirements

      6. Why do we need personal data?

      We process personal data for purposes including:

      • Providing professional services (tax, consulting, audit, legal, restructuring, M&A, etc.)
      • Marketing our services and capabilities
      • Managing event invitations and participation
      • Personalizing communications and user experiences
      • Maintaining IT systems and website functionality
      • Conducting surveys
      • Authenticating users
      • Responding to inquiries and requests
      • Engaging with media and journalists
      • Travel arrangement support
      • Compliance with legal and regulatory obligations (e.g., anti-money laundering, sanctions)
      • Fraud prevention and IT security
      • HR processes and recruitment

      In some cases, providing personal data is mandatory to deliver services or comply with legal obligations.

      7. Do we share personal data with third parties?

      We may share personal data with trusted third parties, including:

      • KPMG member firms for administrative and service delivery purposes
      • Service providers (IT, telecommunications, cloud, archiving, document processing)
      • Professional advisors (lawyers, auditors, insurers)
      • Parties involved in mergers, acquisitions, or business transfers
      • Payment, marketing, research, and recruitment service providers
      • Authorities and regulators where required by law

      8. Do we transfer personal data outside Türkiye?

      Personal data is stored on servers located in Türkiye. However, it may be transferred to KPMG International, member firms, and third parties inside or outside Türkiye where necessary. All recipients are required to protect personal data in accordance with applicable laws and contractual safeguards.

      9. Do we use cookies?

      We use cookies, web beacons, and similar technologies to:

      • Enhance user experience
      • Improve website performance
      • Measure marketing effectiveness

      For more information, please refer to our Cookie Policy.

      10. What are your data protection rights?

      You have the right to:

      • Learn whether your personal data is processed
      • Request information about processing
      • Learn the purpose of processing
      • Know third parties to whom data is transferred
      • Request correction of inaccurate or incomplete data
      • Request deletion or destruction of data
      • Request notification of such actions to third parties
      • Object to automated decision-making
      • Request compensation for damages

      Requests can be submitted to:

      KPMG Türkiye
      Levent, İş Kuleleri, Tower 3, Floors 2–9
      34330 Beşiktaş / Istanbul
      tr-dldpo@kpmg.com

      We aim to respond within 30 days.

      11. How do we ensure data security?

      We implement appropriate technical and organizational measures to protect personal data. Our systems are ISO 27001 certified. Access to personal data is restricted, and additional techniques such as anonymization and pseudonymization may be applied.

      12. How long do we retain personal data?

      We retain personal data as long as necessary to:

      • Provide services
      • Maintain communication
      • Comply with legal and professional obligations

      Data is securely disposed of when no longer required.

      13. Links to other websites

      Our websites may include links to external sites. We are not responsible for their privacy practices and recommend reviewing their policies.

      14. Policy updates

      We regularly review this Privacy Policy and publish updates on this page.
      Last updated: March 17, 2023.

      COOKIE POLICY

      A. Automatic Collection of Personal Data

      We may automatically collect certain information using cookies and similar technologies to enhance user experience and improve our services.

      A.1 IP Addresses

      An IP address is assigned to your device when accessing the internet and may be used for security and analytics purposes.

      A.2 Cookies

      Cookies are small files placed on your device to improve website functionality and user experience. You may manage cookie preferences via your browser settings.

      A.3 Analytics

      We use Google Analytics to analyze website usage and improve performance.

      A.4 Web Beacons

      Used to track website activity and measure engagement.

      A.5 Location-Based Tools

      We may collect location data to provide relevant services.

      B. Social Media Tools

      Our websites may include social media features that collect and share information in accordance with third-party privacy policies.

      C. Policy Updates

      This Cookie Policy was last updated on June 20, 2025.

      KPMG Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik A.Ş.
      KPMG Yeminli Mali Müşavirlik A.Ş.
      KPMG Yönetim Danışmanlığı A.Ş.