KPMG B-H d.o.o. za reviziju and KPMG Tax&Advisory B-H d.o.o., with their business seat in Sarajevo, Zmaja od Bosne 7-7A ( “KPMG” or “we”) highly value and understand the importance of maintaining the confidentiality and privacy of personal data that has been collected by, or entrusted to us.
Personal data means every information relating to an identified or identifiable natural person. Data concerning legal entities is not considered as personal data, and therefore this Statement does not apply to legal entities.
We hereby inform you how we process personal data that we collect directly from you or from third parties, regardless of whether such data is collected through our web site or through other channels. Certain parts of this Statement can be supplemented with notices that are given in other locations of our web site or through other means, if the same is more appropriate.
This Statement is subject to change, and the date of its last change is specified in its title. Depending on the manner in which we usually communicate with you, we will inform you through appropriate channels about any changes to this Statement that have an impact on you.
In case of any discrepancy between the content of this Statement and any service contract entered into between us, the provisions of the service contract shall prevail.
For the purpose of ensuring a greater transparency, this Statement is divided into specific sections. Should you have any questions, please direct the same to KPMG’s Data Protection Officer in Bosnia and Herzegovina via mail firstname.lastname@example.org
7.1. Clients and potential clients
7.1.1. Why do we collect and process your personal data?
7.1.2. What personal data do we collect?
7.1.3. From which sources do we collect personal data?
7.2. Marketing communications
7.3. Potential employees
7.4. Business partners and business partners’ employees
8.1. What personal data we collect online?
8.2. Automatic collection of personal data
8.2.1. IP addresses
8.2.3. Google Analytics
8.2.4. Web beacons
8.2.5. Location-based tools
8.3. Social medial widgets and applications
8.5. Right to choose
In the event you have any questions regarding this Statement or you wish to submit a request to exercise your rights regarding your personal data, please contact our Data Privacy Officer, via e-mail email@example.com or by regular mail to the following address: KPMG, Zmaja od Bosne 7-7A, 71000 Sarajevo.
Our obligations in relation to the protection of your personal data differ depending on whether we act as a controller (where we determine the purpose and means of processing) or as a processor for someone else (where we process personal data based on instructions given to us by the party that engaged us).
When we act as a data controller, you have the following rights:
Your ability to exercise some or all of the above noted rights depends on the reason and basis for particular processing. For example, when we have a legal obligation to keep personal data for a certain period of time, such personal data cannot be erased on your request.
Should you submit a request we will aim to respond to your request within one month of receiving the same. In the event of a complex request, or us receiving a large number of requests, we will inform you if we require more than one month to respond. In those extraordinary cases, we shall act on your request at the latest within three months of its receipt. Your request can be accepted, or it can be denied if we find it to be unsubstantiated. In the event of a request that is clearly unsubstantiated or excessive, we reserve the right to charge a reasonable fee to respond, or to refuse to act, but in any way we shall inform you of the same in advance.
In the event that you are not satisfied with our response, you can submit a complaint to the Personal Data Protection Agency, Dubrovačka 6, 71000 Sarajevo, e-mail: firstname.lastname@example.org.
When we act as a data processor for someone else, your request will be forwarded to the party for whom we act as the processor, who is obliged to act upon it, and you will be informed that your request has been forwarded.
KPMG generally collects only the personal data necessary to perform its legal or contractual obligations. Where additional, optional information is sought, you will be notified of this at the point of collection.
The law in Bosnia and Herzegovina allows us to process personal data, so long as we have a basis under the law to do so. It also requires us to tell you what those bases are. When we process your personal data, we rely on the following legal bases for the same:
Examples of our business activities where we rely on the legitimate interest to process your personal data referred to above are:
When we are obliged to collect your personal data, such obligation will be stated to you clearly, as well as the consequences of you refusing to provide the same.
KPMG has reasonable security policies and procedures in place to protect personal data from unauthorized loss, misuse, alteration, or destruction. Despite KPMG’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal data is limited to those who have a need to know. Those individuals who have access to your personal data are required to maintain the confidentiality of such information.
By registering on any KPMG web site and then navigating to another KPMG web site while still logged in, you agree to the use of your personal data in accordance with the privacy statement of the KPMG web site you are visiting.
We make reasonable efforts to retain your personal data for so long: i) as the data is necessary to comply with your request, ii) as necessary to comply with legal, regulatory, internal business or policy requirement, or iii) until you ask that the personal data be deleted.
The period for which your personal data is retained will depend on the specific nature and circumstances under which your personal data has been collected.
With the exception of the situation under iii) above, we will not retain your personal data for longer than 11 years from the termination of our business cooperation with you.
Exceptionally, your personal data can be retained for longer than 11 years if it is necessary for judicial or similar proceedings underway.
Your personal data is shared within the network of KPMG firms and in some cases with third parties.
We may share your personal data with other member firms of the KPMG network as part of international engagements, and with KPMG International and other member firms where required or desirable in order to meet our legal and regulatory obligations.
Other parts of the KPMG network are also used to provide services to us and you, for example, hosting and supporting IT applications, provision of certain forms of insurance for member firms and its clients, performance and compliance check of our business with KPMG standards, performing client conflicts checks and Anti-Money Laundering checks, assisting with client engagement services and otherwise as required in order to continue to run KPMG’s business.
When a transfer is necessary to other members of the KPMG network located in third countries, with an inadequate level of personal data protection KPMG shall act in line with Article 18 the Law on Protection of Personal Data.
We do not share personal data with third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards. This includes:
In the above stated cases there is a possibility that your personal data will be shared with third party recipients in third countries. In those cases, we assure adequate level of personal data protection by entering into an agreement with those third party recipients that includes the standard contractual clauses approved by the European Commission and we shall act in line with laws applicable in Bosnia and Herzegovina.
KPMG will not transfer the personal data you provide to any third parties for their own direct marketing use.
We process personal data of clients and potential clients for the following purposes:
We collect personal data which is necessary for us to achieve the previously mentioned purposes. Depending on the circumstances, this may include the following: your name and surname, your address and other contact information (telephone, mobile phone, e-mail), the personal data mandated by the Law on Prevention of Money Laundering and Terrorism Financing, and the personal data which is necessary for the performance of our contractual obligations.
We only collect sensitive personal data (e.g. data relating to health) when it is necessary for the performance of our contractual obligations (e.g. payroll services). Personal data concerning your children can be collected only when it is necessary to fulfil our legal obligations or contractual obligations towards you. In no case, may we enter into a service contract with someone who is under 18 years of age.
We may collect your personal data from the following sources:
KPMG occasionally sends Newsletters, invitations to seminars, and similar direct marketing information.
Such communication is only sent to those recipients who can reasonably expect, taking into consideration our prior business relationship, to receive such information and in those cases we rely on our legitimate interest to provide the same. We are of the opinion that as our client you reasonably expect to be informed of various events, legislative changes, etc. which may affect your business or otherwise be of interest to you. Should you wish to unsubscribe from our mailing list please click HERE and follow the instructions. You can subscribe or unsubscribe from our mailing list at any time.
If we have not had a business relationship in the past, but you wish to receive such communication from us, you can subscribe at any time by expressing your interest to our Marketing Department by sending an email to email@example.com
If you are interested in an employment with KPMG in Bosnia and Herzegovina, you can apply for a job on our website at the following link: https://home.kpmg/ba/en/home/careers.html
When making an online application, you will receive detailed information about the processing of your personal data. In such circumstances, you decide which data you wish to provide. You have the right to access, rectify or erase any data provided by you.
We will process your personal data only for the purpose of recruitment, and in the event that you are offered a position with us for the purpose of employment related activities. If we offer you an employment with KPMG, we will ask you for additional personal data and we will inform you about it in particular.
Your personal data which is obtained in the manner described above may be accessed by other KPMG member firms throughout the world.
For the purpose of communication with our business partners and vendors, we collect their contact data, as well as the contact data of their legal representatives and employees.
Our intention is to collect only the personal data that is provided voluntarily by online visitors so that we can offer information and/or services to those individuals or offer information about employment opportunities.
We collect your personal data only if you choose to provide it, for example, to contact mailboxes or to register for certain services. In some cases, you will have previously provided your personal data to KPMG (if, for example, you are a former employee). If you choose to register or login to a KPMG web site using a third party single sign-in service that authenticates your identity and connects your social media login information (e.g., LinkedIn, Google, or Twitter) with KPMG, we will collect any data or content needed for the registration or log-in that you have permitted the social media provider to share with us, such as your name and email address. Other data we collect will depend on the privacy settings you have set with your social media provider, so please review the privacy statement or policy of the applicable service.
When you register or submit your personal data to KPMG we will use this data in the manner outlined in this privacy statement. Your personal data is not used for other purposes, unless we obtain your permission, or unless otherwise required or permitted by law or professional standards. For example, if you register to a KPMG web site and provide information about your preferences we will use this information to personalize your user experience. Where you register or login using a third party single user sign-in we may also recognize you as the same user across any different devices you use and personalize your user experience across other KPMG sites you visit. If you send us a resume or curriculum vitae (CV) to apply online for a position with KPMG, we will use the data that you provide to match you with available KPMG job opportunities.
In some cases where you have registered for certain services we will store your email address temporarily until we receive confirmation of the information you provided via an email (i.e. where we send an email to the email address provided as part of your registration to confirm a subscription request).
An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognise and communicate with one another. IP addresses from which visitors appear to originate will be recorded for IT security and system diagnostic purposes. This data will also typically be used in aggregate form to conduct web site trend and performance analysis.
Cookies are small text files which collect non-personal data and send them and store to your computer, smartphone or other internet-enabled device. Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves a number of purposes.
On some of our web sites, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your computer or internet-enabled device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked through the use of this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your browser's cookies.
Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser's settings (often found in your browser's Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web sites' features.
Further information about managing cookies can be found in your browser's help file or through sites such as www.allaboutcookies.org
Below is a list of the types of cookies used on our web sites:
Type & Expiry
Performance (i.e., User's Browser)
Our web sites are built using common internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).
Session - Deleted upon closing the browser
Security (e.g. Asp .NET) Cookies
If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.
Session - Deleted upon closing the browser
Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.
Session - Deleted upon closing the browser
We use several third party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on kpmg.com for our visitors. The aggregated statistical data cover items such as total visits or page views, and referrers to our web sites. For further details on our use of Google Analytics, see below.
Persistent, but will delete automatically after two years if you no longer visit kpmg.com
Site visitor feedback
We use a third party survey tool to invite a percentage of visitors to provide their feedback. Cookies are used to prevent visitors from being invited multiple times.
The first cookie (1) is set if the visitor is not invited to participate in the survey, and is used to ensure visitors are not invited after their first page view.
The second cookie (2) is set if the visitor is invited to participate in the survey, and is used to ensure the visitor is not invited again to participate for a period of 90 days.
We use third party social media widgets or buttons to provide you with additional functionality to share content from our web pages to social media websites and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed webpages (e.g. the social share count cache is updated) and log information about your activities across the Internet and on our web sites. We encourage you to review each provider's privacy information before using any such service. For further details on our use of social media widgets and applications, see below.
Persistent, but will be deleted automatically after two years if you no longer visit kpmg.com
Other third party tools and widgets may be used on our individual web pages to provide additional functionality. Use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.
Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers including IP addresses, but this is for the purpose of identifying the number of unique visitors to our web sites and geographic origin of visitor trends, and not to identify individual visitors.
BY NAVIGATING ON OUR WEB SITES OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE CAN PLACE THESE COOKIES ON YOUR COMPUTER OR INTERNET ENABLED DEVICE.
KPMG uses Google Analytics. More information about how Google Analytics is used by KPMG can be found here: http://www.google.com/analytics/learn/privacy.html
A web beacon is a small image file on a web page that can be used to collect certain data from your computer, such as an IP address, the time the content was viewed, a browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.
KPMG or its service providers will use web beacons to track the effectiveness of third party web sites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.
In some of our newsletters and other communications, we will monitor recipient actions such as email open rates through embedded links within the messages. We collect this data to gauge user interest and to enhance future user experiences.
KPMG will collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.
KPMG web sites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications will collect and use data regarding your use of KPMG web sites (see details on 'Social Sharing' cookies above). Any personal data which you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your data.
In addition, KPMG web sites may host blogs, forums, crowd-sourcing and other applications or services (collectively "social media features"). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal data which you provide on any KPMG social media feature will typically be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we often have limited or no control.
KPMG understands the importance of protecting children's privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain data about anyone under the age of 16, except as part of an engagement agreement entered into with us.
In general, you are not required to submit any personal data to KPMG, but we will require you to provide certain personal data in order for you to receive additional information about our services and events. KPMG will also ask for your permission for certain uses of your personal data, and you can agree to or decline those uses.
If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your data promptly, although we may require additional information before we can process your request.