Privacy at KPMG
We take Privacy very seriously at KPMG.
We collect different types of personal information depending on the nature of our engagement with you from a number of different sources including:
- directly from you
- when you use our products or services including our online services
- from outside sources and third parties.
The primary purposes for which we collect personal information from you is to provide you with our products and services and to best manage our relationship with you. We may also collect your personal information for reasons associated with these primary purposes. Rest assured, we will only use your personal information if we have a lawful reason to do so.
The security of your personal information is very important to us and we have systems in place to protect the personal information we hold. We store the personal information we collect in both hard copy as well as electronic formats in secure storage with restricted access.
To access or update your personal information, make a complaint, or you would like to obtain further information in relation to KPMG’s privacy practices, please contact our National Privacy Liaison by email at email@example.com or at GPO Box 2291U Melbourne Victoria 3001.
Last updated December 2020
Select a section
1. PERSONAL INFORMATION WE COLLECT
The types of personal information we collect depends on the nature of our engagement with you.
Examples of personal information we may collect include:
- General identification information such as names, job title, occupation, date of birth and gender.
- Contact details such as address, email address, phone and mobile phone number and Internet Protocol (IP) address.
- Usernames and passwords.
- Educational qualifications, employment history, salary and referee reports.
- Payment details including group certificates, payslips, and other income earning information, for example payment summaries from your employer and super fund, statements from banks and financial institutions showing interest received, employment termination payment summaries, receipts for gifts, donations and work-related expenses.
- Information contained in identification documents such as passport or driver’s licence.
- Government-issued identification numbers such as tax file numbers.
- Financial information such as credit card and bank account details, shareholdings and details of investments (e.g. if you have shares, units, managed funds or other investments, details of dividend payments and distributions from managed funds, any investment gains or losses from the disposal of shares, units and rental properties, including associated income and expenditure).
- Details of superannuation and insurance arrangements.
- Visa or work permit status and related information.
- Information about immigration status.
It may be necessary in some circumstances for us to collect some forms of sensitive information about you in order to provide specific services to you. Sensitive information includes information about a person’s race, gender diversity, sexual orientation, disability, ethnic origin, political opinions, heath, religious or philosophical beliefs and criminal history. We will only collect and use sensitive information with your consent, in accordance with applicable laws or in a de-identified aggregated manner.
It is generally not practical to remain anonymous or to use a pseudonym when dealing with us as usually we need to use your personal information to provide specific services to you, or which relate to or involve you.
Generally we collect your personal information from you directly, for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey or when you subscribe to our publications.
Sometimes we will collect your personal information from outside sources. These can include marketing mailing lists and other public information (including public posts to social networking sites such as Linkedin and Twitter) and commercially available personal, identity, geographic and demographic information. Outside sources may also include information gained from a third party. For example, we may collect your personal information from your employer where they are our client, your referees, your personal representatives, another KPMG member firm, a financial advisor and/or banks where you have authorised disclosure to us.
We may also collect personal information about you from your use of our websites and social media and information you provide to us through contact mailboxes.
We hold personal information in both hard copy and electronic formats. In some cases, we engage third parties to host electronic data (including data in relation to the services we provide) on our behalf. We take security measures to protect the personal information we hold which includes physical controls (for example, security passes to enter our offices and storage of files in lockable cabinets) as well as technological controls (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates).
We also have policies and processes which govern document retention and data breach incidents. We endeavour to ensure that personal information is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
We will only use your information if we have a lawful reason to do so such as when it’s our legal duty, if we have your consent and when it’s in our legitimate interest to do so. Reasons include:
- To provide our services to you or to our client in accordance with the terms of any engagement letter, service agreement or employment agreement including any related reasons such as payroll, tax, superannuation and accounting services.
- To provide, improve and properly manage our products and services and those of other KPMG member firms including:
- developing new products,
- responding to requests or queries,
- verifying your identity,
- to conduct surveys,
- seeking your feedback.
- To maintain contact with our clients and other contacts (including alumni), and keep them informed of our services, industry developments, seminars and other events.
- For administrative purposes, including:
- processing payment transactions,
- charging and billing,
- detecting or preventing fraud,
- identifying breaches of our terms and conditions of engagement.
- For purposes relating to the employment of our personnel (including Partners), contractors and sub-contractors including:
- recruitment purposes such as contacting referees, processing applications, administering psychometric testing, assessment for suitability for future positions, background checks and ongoing analytic purposes such as ensuring we are reaching a diverse range of candidates,
- providing internal services or benefits to our Partners and staff,
- matters relating to the KPMG partnership.
- For governance and compliance purposes including:
- managing any quality, conduct or risk management issues including conflict of interest or independence (including auditor independence) obligations or situations,
- meeting regulatory obligations,
- where we are required to or authorised by legislation or industry code, direction or standard to do so.
- For business purposes such as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business (including KPMG’s business) or entering into an alliance, joint venture or referral arrangement.
- For development and analytics purposes to develop our expertise and know how, including:
- for benchmarking purposes,
- development, analytics and business intelligence functions including web-site trend and performance analysis.
- quality assurance and thought leadership, and
- other purposes related to our business.
We may also use non-personal, de-identified and aggregated information for several purposes including for data analytics, research, submissions, thought leadership and promotional purposes. Any output is anonymised or aggregated so that no personal information or information relating specifically to you is reasonably identifiable.
KPMG may also use your personal information for the purpose of marketing its services to you. This may include products, services and offers provided by our alliance partners. If you do not want to receive marketing material from us, you can contact us as detailed below:
- for electronic communications, you can click on the unsubscribe function in communications;
- for hard copy communications, you can email firstname.lastname@example.org; or
- through our contact details in 'How to contact us'.
We may share your personal information with other parties including:
- Your authorised representatives, advisors and referees,
- Personnel within KPMG and our professional advisors,
- Experts or other third parties contracted as part of an engagement,
- Our agents, third party contractors and suppliers that assist us with providing our business processes and products and services,
- Nominated superannuation funds,
- Other KPMG member firms (which includes entities they wholly or dominantly own and control) or KPMG International Co-operative,
- Third parties as part of an actual or proposed acquisition, disposition, merger or de-merger of a business (including KPMG’s business) or to enter into an alliance, joint venture or referral arrangement,
- Other parties including government or regulatory bodies (for example, the Australian Taxation Office, the Australian Securities Investment Commission and The Department of Immigration and Border Protection), industry bodies or agencies, as part of an engagement or as required by or in accordance with any industry code or industry standard including foreign authorities or regulators relevant or applicable for the purposes of the provision of services to you,
- Other parties when you ask us to do so or when you consent to that disclosure.
Where you are a customer, an employee, a contractor or supplier of services to one of our clients, then we may disclose your personal information as part of providing services to that client.
We do not disclose personal information to third parties for the purpose of allowing them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information with select third parties for research, development, analytics or promotional purposes other than direct marketing.
In some cases, the organisations that we may disclose your personal information to may be based outside the location where the information is collected. For example, we may share your information with other parties in Argentina, China, Finland, Hong Kong, Ireland, India, South Africa, Thailand, Philippines, United States of America, United Kingdom, countries of the European Union, Singapore and those countries in which our member firms are located. See https://home.kpmg/xx/en/home/about/offices.html
Where we do this, we require these parties to take appropriate measures to protect that information and to restrict how they can use that information.
6.1 Automatic collection of personal information
6.2 Analytics Tools
We use analytics tools, such as Google Analytics and Adobe Analytics. To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. More information about how we use Google Analytics can be found at https://www.google.com/analytics/terms/us.html
Adobe also provides a range of opt-out options for Adobe Analytics.
6.3 Social media widgets and applications
Some of our websites and services may include functionality to enable information sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications may collect and use information regarding your use of our websites. Any personal information that you provide via such social media applications may be collected and used by members of that social media application separate to us and are subject to the privacy policies of the relevant companies that provide the applications. We do not have control over, or responsibility for, those companies or their use of your information.
Any personal information that you provide on any KPMG social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.
KPMG is a member firm of the KPMG network, which has over 150 independent member firms globally that are affiliated with the KPMG International Co-operative. For a list of where our member firms are located, see KPMG's global locations - https://home.kpmg/xx/en/home/about/offices.html.
We understand the importance of protecting the privacy of children, especially in an online environment. In particular, our websites are not intentionally designed for, or directed at, children under the age of 13.
It is our policy to never knowingly collect or maintain information about any person under the age of 13, except as part of a specific engagement to provide services which necessitates such personal information be collected, for the purposes of ensuring compliance with our auditor independence policies, or as otherwise required by law.
It’s important that you make sure the personal information we hold about you is accurate, up to date and complete. If any of your details change or if you believe that any personal information KPMG has collected about you is inaccurate you can contact us (via “How to contact us”) and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act.
You can request access to your personal information that we hold about you. To make a request see 'How to contact us' for details. We may charge reasonable costs for providing you access to your personal information.
You can notify us of any complaint you may have about our handling of your personal information via 'How to contact us'. Following your initial contact, you will be asked to set out the details of your complaint in writing in a form provided.
We will endeavour to reply to you within 30 days of receipt of the completed complaint form and, where appropriate, will advise you of the general reasons for the outcome of the complaint.
While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, if you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner.
National Privacy Liaison
GPO Box 2291U
MELBOURNE VIC 3001