Privacy

Last updated March 17, 2023

KPMG LLP (U.S.) (“KPMG,” “we,” “our” or “us”) is committed to protecting the confidentiality and privacy of the personal information we obtain via our websites, web-based and mobile applications, meetings and events (in-person and virtual), marketing materials and content, and other services, in each case that link to, post or otherwise refer to this Privacy Statement (collectively, “Activities”). The following explains our practices regarding the collection, use, disclosure and protection of personal information. By engaging in such Activities, you acknowledge our personal information practice.

1. What We Collect

1.1 Personal Information You Provide

1.1.1 Sensitive Personal Information

1.2 Information We Gather

1.2.1 What We Gather

1.2.2 How We Gather Personal Information

1.3 Do Not Track and Opt-Out Preference Signals

1.4 Children

2. How We Use Personal Information

2.1 Participate in Activities and Further Our Business Purposes

2.2 Advertising

2.3 Data Retention

3. Disclosure of Personal Information

3.1 Business Purposes

3.2 Sale or Sharing of Personal Information

3.3 Legal Reasons

3.4 Corporate Transactions

3.5 Social Media

3.6 Cross-Border Collection and Transfer

4. Choices

5. Data Security

6. Additional Data Subject Notices

6.1 California Residents

6.2 Virginia Residents

6.3 Non-U.S. Residents

6.4 Firm Personnel

7. Privacy Shield

8. Links to Other Sites

9. Cookie Policy

10. Changes to This Privacy Statement

11. Questions and Comments

1. WHAT WE COLLECT

We, and third-party providers engaged by us, collect personal information when you engage in Activities. The personal information we collect will depend on your relationship with KPMG. For example, we may collect personal information from our business clients during an engagement to provide products and services to our clients; our collection and use of such personal information is governed by our contract or engagement letter with that entity. In other cases, we may collect personal information directly from individuals that engage in our Activities. Please also review the Additional Data Subject Notices in Section 6, applicable to any Firm Personnel, California residents, Virginia residents, and individuals outside of the U.S.

Categories of Personal Information Collected

We may collect the following categories of personal information about you:

Identifiers, which may include real name and alias; postal address; unique personal identifier; online identifiers as detailed below; Internet Protocol (“IP”) address; email address; telephone number; account number, name and password; Social Security number; driver’s license number, passport number, state or other government-issued identification card number; and/or other similar identifiers;
Commercial information, which may include records of personal property; products or services purchased, obtained, or considered; account balances, payment history, or account activity; bank account information and other information relating to your financial institution; credit application, credit checks, and information from credit reporting agencies; and/or other purchasing or consumer histories or tendencies;
Information relating to Internet activity, which may include cookie identifiers, clear gifs, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version and/or other device characteristics including your choice of settings;
Geolocation data based upon your IP address, cell network data, and/or other similar location data;
Audio, electronic, or visual information, which may include records of calls to or from our customer service centers, and/or video surveillance information;
Professional or employment-related information, which may include information regarding your professional licenses, current and previous employers, job titles and responsibilities, assets and income, and/or other information related to your work history and/or prospective employment or contract with the firm;
Education information, which may include academic records, degrees, and educational history;
Biometric information, which may include fingerprints; facial scans; voice recognition information; genetic information; and/or other similar biometric identifiers;
Inferences about you, which may include preferences and characteristics and other information we may infer from other personal information we have collected;
Information not listed above and related to characteristics protected under federal or state law, which may include gender; race and ethnicity; nationality; marital status; military service or veteran status; and/or date of birth; and
Other personal information not listed above, including signature, physical characteristics or description, insurance information, and/or any other financial, medical or health insurance information.

1.1 Personal Information You Provide

We collect the personal information that you provide voluntarily (e.g., subscribing to a newsletter or participating in a survey). For example, when you register attend a firm-sponsored event, we may collect business contact information about you such as your name, title, employer, work email address, mailing address, and phone number.

1.1.1 Sensitive Personal Information

We only collect sensitive personal information when you voluntarily provide us with this information What constitutes "sensitive personal information" may vary by law, and generally includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, biometrics, precise geolocation, sexual orientation or criminal record. Please use your discretion when providing sensitive personal information to KPMG or permitting KPMG to use such sensitive personal information. Do not provide sensitive personal information to KPMG or permit KPMG to use such sensitive personal information, unless you consent to KPMG's use of that sensitive personal information for its business purposes.

1.2 Information We Gather

In some instances, we and our third-party providers use cookies, web beacons, wayfinding technology, and other tracking technologies to collect certain types of personal information when you engage in Activities (e.g., web-based or mobile applications), as well as through messages that we may exchange or through collaboration platforms.

1.2.1 What We Gather

IP Addresses. We collect an IP address when you conduct an Activity online. An IP address is a number assigned to your Internet-enabled device (including computers and mobile devices) whenever you access the Internet. It allows computers and servers to recognize and communicate with one another.

Cookie Data. We gather various information via cookies or similar web tracking technologies. Please see our Cookie Policy in Section 9 for further information.

Location Information. We may collect geographical location from your Internet-enabled device (e.g., via tracking beacons, Bluetooth, or Global Positioning System technology) in connection with certain Activities, but only if you have not disabled sharing of such information via your device. Typically, you may disable or enable sharing of such information by managing the location services preferences on your device. If you disable location services, some features of our Activities may not be available.

1.2.2 How We Gather Personal Information

Cookies. We use cookies to identify you online and gather certain information. Please see our Cookie Policy in Section 9 for further information.

Web Beacons. We may use web beacons to gather certain information. A web beacon is a small image file on a web page that can be used to collect certain information from your Internet-enabled device, such as an IP address, the time the content was viewed, web browser type, and the existence of cookies previously set by the same server. You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded. If you opt to render some web beacons unusable, some features of our Activities may not be available.

Social Media Applications. Our online Activities may permit the sharing of information between third party social media platforms (e.g., Facebook and LinkedIn), or allow you to use your social media platform credentials to log into and access our online Activities. These social media platforms may collect and use personal information regarding your use of our online Activities. Information you provide via a social media platform may be collected and used by the provider of that social media platform and subject to their privacy practices. We do not have control over, or responsibility for, those providers, or their use of your information.

Analytics Tools. As detailed in our Cookie Policy, we use third-party usage analytics tools as part of online Activities, including Google Analytics, which may be subject to Google’s privacy policies. More information about how Google Analytics is used by KPMG can be found here: https://policies.google.com/technologies/partner-sites.

To provide website visitors with more choice on how their data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The Add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Add-on does not prevent information from being sent to us or to other web analytics services.

In some of our online Activities (e.g., newsletters), we and third-party providers operating on our behalf, may monitor recipient actions such as e-mail open rates through embedded links within the messages. If you wish to unsubscribe from receiving certain publications or from all KPMG communications, please visit the subscription Preference Center.

1.3 Do Not Track and Global Privacy Control Signals

Our online Activities may not recognize all web browser-based “Do Not Track” or opt-out preference signals such as the Global Privacy Control. You may be able to modify your Internet-enabled device’s web browser settings to block all cookies or to block “third-party” cookies. Cookies that we set on our online Activities are considered “first-party” cookies. More information about Global Privacy Controls is available here: https://globalprivacycontrol.org.

Please be aware that your opt-out preference signal may only apply to the collection and use of information from that particular browser or device. Opting out on a particular device may not opt you out of information collection on other devices, nor may it limit cross-device sharing on those other devices. If you use different browsers on a device or multiple devices, for each browser and device you wish to opt out, you may need to individually set your preference signals to opt-out each device and browser separately.

1.4 Children

KPMG understands the importance of protecting children's privacy. Our Activities are not intentionally designed for nor directed at children under the age of 18. It is our policy not to knowingly collect or maintain personal information about anyone under the age of 18, except as may be required by applicable law or professional standards, and where permission has been granted by a child’s parent or legal guardian.

2. HOW WE USE PERSONAL INFORMATION

We use the personal information we collect to enable you to engage in Activities as detailed below. Among other things, this personal information allows us to customize your online experience; improve the performance, usability and effectiveness of our Activities; advertise and market our Activities; measure the effectiveness of our Activities; and generate and analyze statistics about your use of or engagement in our Activities. If we provide specific terms in connection with a particular request, product or service, those terms which apply to such request, product or service, and in the event of a conflict between this Privacy Statement and those terms, the specific terms provided in connection with the request, product or service shall control. We use your information when (i) you expressly permit us to use this information, or (ii) such information is required or permitted to be collected by law or professional standards.

2.1 To Participate in Activities and Further Our Business Purposes

We use the personal information we collect to enable you to engage in Activities; provide you with web-based and mobile applications; communicate with you; provide you with information about KPMG’s products and services; comply with applicable laws, regulations and/or professional standards, including for background checks for prospective clients, auditor independence, anti-money laundering and know-your-client checks; operate, maintain and enhance any of our Activities; and fulfill your specific requests. For example, if you send us a message requesting information about KPMG, we will use the contact information you provide, such as your e-mail address, and other personal information you provide, to respond to your request. If you send us a resume or curriculum vitae to apply online for a position with KPMG, we will use the personal information that you provide to match you with available KPMG job opportunities.

IP addresses from which visitors appear to originate may be recorded for our IT security and system diagnostic purposes. This information may also be used to maintain and improve our Activities and to generate and analyze statistics about the Activities and your engagement.

We may use location data we gathered to provide you information regarding our Activities, products and services which we believe may be of interest to you based on your geographic location, and to improve our location-based Activities, responses to requests, products and services. We use data from monitoring recipient actions, such as e-mail open rates, to gauge user interest and to maintain and improve our online Activities.

We or our third-party providers may use data gathered via web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.

We may use personal information in an aggregated or deidentified form for our legitimate business purposes detailed below, including research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. Any deidentified information will be maintained in a deidentified form and will not be re-identified.

2.2 Advertising

We may use "interest-based" ads, also known as “online behavioral advertising" or “cross-context behavioral advertising” (collectively, “Targeted Advertising”). Targeted Advertising is advertising that is targeted to you based on your web browsing and app usage over time and across websites or applications. We may partner with ad networks and other advertising providers (“Advertising Providers”) who serve ads on the firm’s behalf and at our discretion on third party websites and platforms. Some of these Advertising Providers may use cookies and other tracking technologies to collect information about your online activities over time and across third party websites, applications, and Internet-enabled devices to deliver Targeted Advertising based on your interests and preferences, as inferred from your browsing history. Some of these ads may be personalized, meaning that they are intended to be relevant to you based on information that KPMG and its Advertising Providers collect about your visits to our websites and elsewhere.

You have the option to restrict the use of information for Targeted Advertising and to opt-out of receiving Targeted Advertising. Please see Sale or Sharing of Personal Information in Section 3.2 for further information and opt-out methods.

2.3 Data Retention

We retain personal information only for so long as it is needed to fulfil the purpose for which it was collected as described in this Privacy Statement, including to meet business needs and comply with legal requirements, professional standards, or an individual’s request. Accordingly, the retention period may vary and depend on the firm’s retention policies.

3. DISCLOSURE OF PERSONAL INFORMATION

3.1 Business Purposes

We disclose personal information with third parties that we engage to carry out your requests and as necessary for our legitimate professional and business needs, and to market our products or services, including in coordination with other third parties for joint-marketing purposes, as required or permitted by law or professional standards, or otherwise with your permission. We require them to safeguard any personal information disclosed in the same manner as we do. In most cases, the third parties work on our behalf and at our direction, as service providers, except in limited instances as described in Section 3.2.

Furthermore, we may disclose aggregated or deidentified information, including reports on user demographics and traffic patterns, with certain third parties.

Legal Purposes

Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our business includes:

Our legitimate interest in developing and improving our site, and your user experience.
Performance of a contract.
Compliance with a legal or regulatory obligation.
Our legitimate interest in providing you with seamless, consistent, high-quality services and securing prompt payment of any fees, costs and debts in respect of our services.
Our legitimate interest in understanding any conflict of interest or challenge with regard to independence legislation.
Our legitimate interest in safeguarding KPMG against inadvertently dealing with the proceeds of criminal activities or assisting in any other unlawful or fraudulent activities (for example, terrorism).
Our legitimate interest in organizing events and managing the registration process for such events.
Our legitimate interest in protecting our people, assets and information, and to prevent unauthorized people from gaining access to KPMG events.
Our legitimate interest in providing information about KPMG, our services and events we organize.
Our legitimate interest to process and manage applications for roles at KPMG, including the screening and selecting of candidates.
Compliance with a legal or regulatory obligation (when carrying out background checks to warrant a candidate is eligible to work).
For any other purpose with your consent.

3.2 Sale or Sharing of Personal Information

While KPMG does not sell or share any personal information collected through its online Activities for monetary consideration, we may be deemed as selling or sharing limited personal information for non-monetary consideration to certain third parties that we engage under applicable law. Specifically, our use of your IP address, information related to your Internet activity, and third-party cookie and tracking information may be provided to the firm’s Advertising Providers and analytics tool providers. Any sale or sharing of personal information is limited to our online Activities.

Please refer to the Choices in Section 4 to opt-out of any sale or sharing of your personal information. Alternatively, you may click the “Do Not Sell or Share My Personal Information” link on the footer of our websites to initiate a Data Privacy Request, available at: https://www.kpmg.us/content/global/forms/data-privacy-request.html.

3.3 Legal Reasons

We may also disclose personal information in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, government regulations or professional rules.

3.4 Corporate Transactions

In the event that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information that has been collected by KPMG may also be shared in connection with the consideration, negotiation or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

3.5 Social Media

If you use social media platforms and integrated third-party provider tools to share personal information or you otherwise interact with these features, those providers may collect information about you and may use and share such information in accordance with your account settings, including by sharing such information with the general public. Your interactions with such social media platforms and tools may be governed by the privacy policies of those providers. We encourage you to carefully read those privacy policies.

In addition, our online Activities may feature blogs, forums, crowd-sourcing and other applications or services (collectively, “Social Media Features”). The purpose of Social Media Features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG Social Media Feature may be shared with other users of that Social Media Feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

3.6 Cross-Border Collection and Transfer

We may collect personal information from or about you if you are in a jurisdiction other than the U.S. in connection with your use of KPMG services. Similarly, if you are in the U.S., we may transfer outside of the U.S. the information we collect from or about you. Regardless of where you are, we may transfer certain personal information across geographical borders to KPMG International, other member firms affiliated with KPMG International or to various third-party providers working on our behalf, or we may receive personal information in the U.S. or elsewhere transferred from KPMG International, another member Firm affiliated with KPMG International, or an unaffiliated third party. KPMG may also store personal information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your personal information as your home country. By providing your personal information to KPMG, you understand that your personal information may be collected, transferred and/or stored in a jurisdiction other than your home country. Each KPMG Member Firm affiliated with KPMG International is required to safeguard personal information in accordance with its contractual obligations and data protection legislation applicable to its provision of services. Your personal information will only be transferred if appropriate or suitable safeguards are in place.

4. CHOICES

We may require you to provide certain personal information in order to receive additional information about our Activities. We may also ask for your permission for certain uses of your personal information, and you may agree to or decline those uses. If you have previously opted in to particular Activities (e.g., an online newsletter), you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from an Activity, we will remove your personal information, and reach out to you in case we require additional information or confirmation before we can process your request.

If you have submitted personal information to us, you may have the right to request, under applicable law, that we provide you with reasonable access to your personal information, update or correct any inaccuracies in your personal information, delete your personal information, opt out of any sale or share of your personal information, and, in any such event, we will undertake reasonable and practical efforts to comply with your request, so long as our doing so would be consistent with applicable law, our contractual requirements, our record retention policies, and/or the professional standards applicable to us.

To make a Data Privacy Request, please contact us by:

Submitting a Data Privacy Request through our webform;
E-mailing us-privacy@kpmg.com; or
Calling toll-free at 1-844-977-1440.

As noted in Section 1.3, your browser or device may also be configured to automatically opt you out of certain sales or sharing activities as well as set your cookie preferences.

5. DATA SECURITY

We have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration or destruction, and require our third-party providers to similarly safeguard personal information. Despite those efforts, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know and require those individuals to maintain the confidentiality of such information.

6. ADDITIONAL DATA SUBJECT NOTICES

6.1 California Residents

The California Consumer Privacy Act, as amended, and its regulations, (“CCPA”), grants certain rights to California residents with regard to their personal information. The following explains your CCPA rights and our personal information practices as applicable.

For purposes of this Privacy Statement, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household; “sensitive personal information” is defined separately under the CCPA and in accordance with Section 1.1.1; and other terms below have the meaning defined in the CCPA.

Our collection practices, including personal information collected during the preceding 12 months, are identified in Section 1.

Source of Personal Information

We may collect personal information from the following sources, including, but not limited to via applications and forms, collaboration platforms, communications and interactions with us and through our in-person events or meetings and online Activities such as websites and mobile applications:

Our clients and customers and prospective clients and customers, or their authorized representatives.
Our subsidiaries, affiliates, joint ventures, and other companies under our common control (collectively, "Affiliates").
KPMG International.
Other member firms affiliated with KPMG International.
Our service providers, such as customer relationship management providers, analytics providers, website hosting providers, systems administrators and communications delivery services.
Unaffiliated third parties with which we have a business relationship and/or promotional and joint-marketing partners.
Social media platforms providers, online communities and forums and online advertising providers and partners.
Current and former employees, partners and principals, contractors, and job applicants.
Government entities and databases, such as anti-fraud databases, sanctions lists and court judgments.
Publicly available sources.

Purposes for Which Personal Information is Collected

We may collect or use personal information for the following purposes:

Administer, maintain and improve our Activities.
Assessing third-party providers and service providers.
Auditing and compliance with policies, procedures, laws, regulations and/or professional standards, including for auditor independence checks.
Billing, payment and fulfillment.
Customer and client communications.
Customer and client relationship management.
Financial reporting and accounting.
General business administration.
Health, safety, and wellness of our workplace, facilities and workforce.
Internal analytics and benchmarking.
Marketing our Activities.
Marketing the products and services of KPMG International, other member firms affiliated with KPMG International or other third parties.
Protect against fraud and other malicious or illegal activity, including for anti-money laundering and know-your-client checks.
Provision and performance of the services.
Systems and data security.

Categories of Third Parties to Whom Personal Information is Disclosed

We may share personal information as described in this Privacy Statement, including with the following categories of third parties:

Affiliates. We may disclose personal information to our Affiliates.
KPMG International. We may disclose personal information to KPMG International.
Member Firms. We may disclose personal information to other KPMG member firms affiliated with KPMG International.
Technical and Operational Service Providers and Business Partners. We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal information to our third-party business partners and service providers in order to maintain and operate the websites and provide, improve, and personalize the services, including to fulfill requests for the services and for other technical and processing functions, such as sending e-mails on our behalf, fulfilling orders, and technical support. We may also share personal information to service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats.
Marketing, Advertising and Analytics Providers. We may share personal information with third-party providers for marketing, advertising and analytics purposes.
Government Entities. We may share personal information with government entities and agencies, regulators, law enforcement, and other third parties, including to provide the services, comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process and to establish or exercise our legal rights or for fraud- or crime-prevention purposes.
Professional Service Firms. We may share personal information with other professional service firms in connection with our legal, regulatory and professional obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, insurers and consultants.
Corporate Transactions. Subject to applicable law, we reserve the right to transfer some or all personal information in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal information collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal information as described in this Privacy Statement.

Categories of Personal Information Sold or Shared

In the past 12 months, we may have sold or shared the following categories of your personal information for conducting website analytics and Targeted Advertising:

IP address;
Information relating to Internet activity as described in Section 1; and
Third-party cookie and tracking information as described in our Cookie Policy in Section 9.

Categories of Third Parties to Whom Personal Information is Sold or Shared

In the past 12 months, we may have sold or shared personal information to the following categories of third parties for conducting website analytics and Targeted Advertising:

Advertising Providers as described in Section 2.2; and
Analytics tool providers as described in Section 1.2.2.

If you are a California resident, you may be able to exercise the following privacy rights.

Right to Know. In the last 12 months:
- The categories of personal information that we collected or maintained about you;
- The categories of sources from which that personal information was collected;
- The business or commercial purpose for collecting that personal information;
- The categories of personal information we disclosed for a business purpose;
- The categories of third parties to whom we disclosed that personal information;
- The categories of personal information that we “sold” or “shared” (as such terms are defined under the CCPA);
- The categories of third parties to whom we sold or shared that personal information; and
- The specific pieces of personal information that we collected or maintained about you.
Right to Correct. The correction of personal information that we maintain about you.
Right to Delete. The deletion of personal information that we have collected from you.
Right to Limit Use and Disclosure of Sensitive Personal Information. To limit or restrict the use of Sensitive Personal Information that we have collected or maintained about you for the purpose of inferring characteristics.
Right to Opt Out of Sale or Sharing. To opt out of the sale or sharing of your personal information.

To exercise any of your rights, please contact us by:

Submitting a Data Privacy Request through our webform;
E-mailing us-privacy@kpmg.com; or
Calling toll-free at 1-844-977-1440.

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. The above rights are subject to various exclusions and exceptions under applicable laws and the firm’s record retention policies, and under certain circumstances we may be unable to implement your request.

Where we have received your personal information through our business clients or where we are otherwise operating as a service provider, we may refer you to the business with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your child under 16, you may exercise the above rights on their behalf.

6.2 Virginia Residents

The Virginia Consumer Data Protection Act, (“VCDPA”), grants certain rights to Virginia residents with regard to their personal information. The following explains your VCDPA rights and our personal information practices as applicable.

For purposes of this Privacy Statement, “personal information” means “personal data” that is linked or reasonably linkable to an identified or identifiable natural person; “sensitive data” is defined separately under the VCDPA and in accordance with Section 1.1.1; and other terms below have the meaning defined in the VCDPA. Our collection practices and business purposes for collecting personal information are identified in Sections 1 and 3.1, respectively.

If you are a Virginia resident, you may be able to exercise the following privacy rights.

Right to Know. To confirm whether or not we process your personal information and to access such personal information.
Right to Correct. To correct inaccuracies the personal information we collect from you;
Right to Delete. To delete personal information provided by you or obtained about you;
Right to Opt Out of Targeted Advertising, Sale, or Profiling. To opt out of the processing of your personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
Right to Appeal. To appeal our denial of your request(s).

To exercise any of your rights, please contact us by:

Submitting a Data Privacy Request through our webform;
E-mailing us-privacy@kpmg.com; or
Calling toll-free at 1-844-977-1440.

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a processor, we may refer you to the controller with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your minor child, you may exercise the above rights on their behalf.

The above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances we may be unable to implement your request.

If you wish to appeal our denial of a request, you may email the firm’s U.S. Privacy Office us-privacy@kpmg.com to reconsider your submission. If the U.S. Privacy Office rejects your appeal, you may further elect to submit a claim through the Virginia Office of the Attorney General.

Note, KPMG does not “sell” (as such term is defined under the VCDPA) any personal information for monetary consideration.

6.3 Non-U.S. Residents

KPMG provides our Activities in the U.S. and does not direct such activities to individuals that are located outside of the U.S. However, in certain circumstances, we do interact with or collect personal information about individuals outside of the U.S. In such circumstances, we typically collect personal information from individuals outside of the U.S. through a direct collection of that information via our Activities. However, in some circumstances, personal information may be transferred to us from KPMG International, a member firm affiliated with KPMG International or an unaffiliated third party outside of the U.S. Where this applies, we typically receive your personal information because it is necessary to perform a contract or pre-contractual measures with you or because of our legitimate interests. If we receive personal information transferred by a member firm affiliated with KPMG International or an unaffiliated third party, it would typically be pursuant to the appropriate foreign regulator-approved standard contractual clauses or based on another lawful basis. To know more about non-U.S. residents’ notices and rights, please review our Notice of Processing.

6.4 Form Personnel

This Privacy Statement does not govern the privacy practices concerning any current or former KPMG partners, principals, employees, directors, officers, interns, and individuals engaged with KPMG through a third party, including contractors and contingent workers (collectively, “Firm Personnel”). The collection and processing of Firm Personnel’s personal information is subject to KPMG’s Firm Personnel Data Privacy Notice and in furtherance of other firm policies.

7. PRIVACY SHIELD

KPMG complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union, United Kingdom, and Switzerland, as applicable to the U.S., in reliance on Privacy Shield. KPMG has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles with respect to such personal information. Please review our Privacy Shield Statement for information about KPMG’s data practices regarding personal information it has received from the European Union, United Kingdom, and Switzerland pursuant to Privacy Shield. To learn more about the Privacy Shield program, and to view our certification page, please visit: www.privacyshield.gov.

Following recent decisions invalidating the adequacy of Privacy Shield, we no longer rely on Privacy Shield for cross-border transfers of personal information. As described in Section 6.3, we rely on the direct collection of personal information from individuals located outside of the U.S., or we use other bases, such as standard contractual clauses for cross-border transfers of personal information from another entity to us.

8. LINKS TO OTHER SITES

Our Activities may contain links or refer you to other websites, applications, social media platforms, collaboration platforms, products or services maintained by KPMG International, other member firms affiliated with KPMG International, or by unaffiliated third parties (collectively, “Other Sites”). Other Sites are not governed by this Privacy Statement, and may be governed by their own privacy notices. We are not responsible for the content or practices of these Other Sites. We encourage you to review the applicable privacy notices of Other Sites you visit before disclosing personal information.

9. COOKIE POLICY

We may place cookies on your Internet-enabled device whenever you engage in our online Activities. This allows our websites, applications or collaboration platforms to remember your device and serves several additional purposes. Cookies by themselves do not tell us your personal information or otherwise identify you personally.

For some of our online Activities, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked using this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your web browser's cookies.

Most web browsers automatically accept cookies; however, you may be able to choose whether to accept cookies via your web browser's settings. You may also be able to refuse or delete cookies from your device. If you do not accept cookies, you may not be able to fully experience some of the features of our online Activities.

Below is a list of the types of cookies used as part of our online Activities.

Purpose	Description	Type & Expiry
Performance	Our online Activities are built using common Internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).	Session Deleted upon closing the browser
Security	If you register for access to a restricted area, our security cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.	Session Deleted upon closing the browser
Site Preferences	Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.	Persistent, but will delete automatically after one (1) year if you no longer engage in our online Activities.
Analytical	We use several third-party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on our websites. The aggregated statistical data cover items such as total visits or page views, and referrers to our websites.	Persistent, but will delete automatically after two (2) years if you no longer engage in our online Activities.
Site Visitor Feedback	We use a third-party survey tool to invite a percentage of visitors to provide their feedback. Cookies are used to prevent visitors from being invited multiple times. The first cookie (1) is set if the visitor is not invited to participate in the survey, and is used to ensure visitors are not invited after their first page view. The second cookie (2) is set if the visitor is invited to participate in the survey, and is used to ensure the visitor is not invited again to participate for a period of 90 days.	Session Deleted upon closing the browser Persistent Deleted automatically after 90 days or presenting survey invite.
Social Sharing	We use third-party social media widgets or buttons to provide you with additional functionality to share content from our online Activities to social media platforms and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed webpages (e.g., the social share count cache is updated) and log information about your activities across the Internet and on our online Activities. We encourage you to review each provider's privacy information before using any such service.	Persistent, but will be deleted automatically after two years if you no longer engage in our online Activities

Other third-party tools may be used on our individual websites or portions of certain online Activities to provide additional functionality. Depending on how you set your preferences in your browser, use of these tools may place a cookie on your Internet-enabled device for the purposes explained above.

BY ACCESSING, USING, OR ENGAGING IN OUR ONLINE ACTIVITIES, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, MAY PLACE COOKIES ON YOUR INTERNET-ENABLED DEVICE.

10. CHANGES TO THIS PRIVACY STATEMENT

We may modify this Privacy Statement from time to time to reflect our current personal information practices. When we make changes to this Privacy Statement, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy Statement to be aware of updates to our personal information practices. Your use of the Activities after such update signifies your consent to the updated terms.

11. QUESTIONS AND COMMENTS

If you have questions or comments about this Privacy Statement or our privacy practices, or if you have any concerns regarding compliance with this Privacy Statement, please contact the U.S. Privacy Office by e-mail at us-privacy@kpmg.com.