Privacy: KPMG International website policy on the collection and use of personal information

Fraud alert - telephone scams, phishing emails and online employment scams

KPMG in Canada privacy policy

KPMG LLP (Canada) respects the privacy rights of our clients and personnel, and is committed to protecting all personal information in our possession or control. We have adopted this Privacy Policy to guide how we collect, use and disclose the personal information we require in the course of fulfilling our professional responsibilities and operating our business. This Privacy Policy applies to all subsidiaries and associated companies and partnerships of KPMG LLP and KPMG Management Services LP in Canada (collectively referred to in this Privacy Policy as “KPMG”, “we”, “our” or “us”).

KPMG takes the privacy of our clients and our personnel very seriously. We have developed this Privacy Policy to clearly define our ongoing commitment to protecting the privacy rights of our clients and KPMG personnel. Certain of the practices discussed in this Privacy Policy reflect requirements set out in Canadian federal and/or provincial privacy legislation. KPMG’s policy is to at all times adhere to the requirements of applicable law and professional responsibilities, and to be responsive to our clients and personnel who expect us to respect their privacy and to protect their personal information.

For purposes of this Privacy Policy, the term “personal information” means information about an identifiable individual, as more specifically defined by applicable privacy legislation.

KPMG is accountable for all personal information in our possession or control. This includes any personal information that we receive directly, for example, from individual clients and KPMG personnel, as well as any personal information that we may receive indirectly, for example, through corporate and government clients. We have established policies and procedures aimed at protecting the personal information of our clients and KPMG personnel. We have appointed a Privacy Officer to oversee privacy issues for KPMG. We have also educated KPMG personnel about our Privacy Policy and their role in protecting the personal information of our clients and personnel. If you have questions about our privacy practices, you are free to contact our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

Client personal information

In most instances, KPMG will collect, use or disclose personal information about clients only for the purpose of providing professional services, to comply with applicable laws, regulations and professional standards, or for the purpose of obtaining technological, administrative, analytical and clerical services or support.

Client personal information may also be collected, used or disclosed internally and to other member firms of the KPMG International Cooperative network for the purpose of compliance with KPMG policies and processes, in the performance of quality reviews, or in order to allow us to offer services or products that may be of interest to clients.

KPMG may also collect, use or disclose personal information about clients, prospective clients and alumni for marketing purposes, including client relationship development  which may include (i) developing and maintaining and generate insights into our relationship with you, (ii) conducting research to develop, evaluate, and improve our services, and (iii) communicating with you products, services, offers, news and information updates or invitations to KPMG hosted and sponsored events that may be of interest to you. You can withdraw your consent to the use and disclosure of your personal information for marketing purposes by contacting us through: 1) your Engagement Partner; 2) the KPMG Online Subscription Centre; or 3)  Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955. 

KPMG may also aggregate personal information with information from other sources for the purpose of improving quality and service, and for use in presentations to clients and non-clients, in a form where such information is sufficiently de-identified so as not to be attributable to any individual or organization.

In accordance with professional standards, if a client is an assurance client, personal information may be shared with the KPMG assurance engagement team and other KPMG personnel so that it may be used in the assurance engagement.

KPMG partner and employee personal information

KPMG collects, uses, and discloses personal information about KPMG personnel in order to pay them, to comply with laws, regulations and professional standards, to provide them with benefits, to administer performance management tools, to administer, manage, enforce and monitor compliance with KPMG programs, policies and employee relations, and generally to establish, manage or terminate the employment or partnership relationship.

KPMG may also collect, use and disclose KPMG partner, employee and contractor resumes, professional profiles (including KPMG professional profile photographs, if applicable) and curriculum vitae (CVs) in order to determine suitability for client engagements and respond to RFPs, for client service delivery, business development and engagement related purposes, as well as marketing and communication purposes.

We may also collect, use, or disclose KPMG partner and employee personal information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.

KPMG may also collect, use, or disclose personal information about KPMG partners, employees and individuals seeking employment with KPMG to develop business metrics and analytics, and to evaluate the effectiveness of our policies, programs, and processes.

We may also collect, use, or disclose KPMG partner and employee personal information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.

We may collect, use, and disclose personal information about individuals seeking employment or partnership with KPMG for the purpose of evaluating their application, to communicate with them regarding employment or partnership opportunities that may be of interest, and for the purpose of evaluating or monitoring KPMG policies, programs and practices.

At or before the time that KPMG collects personal information, we will inform KPMG personnel of the reasons why we require such information, what use will be made of it, and with whom it may be shared, except where we are permitted or required by law to collect, use, or disclose personal information without providing such notice. For example, collection may occur without notice or consent as permitted by law in the course of an investigation.

We collect personal information about clients and KPMG personnel for the above purposes directly from you, or indirectly from third party sources (including publicly available sources, suppliers, vendors, member firms of the KPMG International Cooperative network, previous employers, public websites, educational institutions, and social media) as permitted by applicable law.

How will we use cookies and other technologies

Our websites are managed by KPMG International and may use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. For more information on cookies managed on our websites, please refer to KPMG International’s privacy policy available here: Privacy - KPMG Global.

KPMG and our third-party service providers may use cookies and other marketing automation tools for the purposes of tracking behaviour and preferences in order to deliver personalized content in advertising and marketing to you. These cookies and marketing automation tools also assist KPMG with understanding the content you engage with, as well as measuring the performance of our content and advertising campaigns. You can manage and control cookies through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site.

How will we ask for consent?

Client personal information

The terms and conditions of every KPMG professional services engagement are documented in an engagement letter. These terms and conditions include a discussion about how KPMG may collect, use and disclose client personal information. By signing the engagement letter, the client is providing its consent to the collection, use and disclosure of personal information described in the terms and conditions. If a client provides us with personal information relating to a third party, by signing the engagement letter the client represents and warrants that they have obtained consent from the third party to allow us to collect, use and disclose their personal information as described in the engagement letter.

KPMG partner and employee personal information

Forms and applications used to provide human resources-related services to KPMG personnel will describe the purposes for which their personal information is required and to whom it will be disclosed.

In addition, certain KPMG policies or program documents may provide information about how personal information relating to partners and employees may be collected, used and disclosed.

Employment candidates will also be advised of the purposes for which their personal information is being collected, used and disclosed.

What happens if you choose not to give us your consent? What if you withdraw your consent at a later date?

KPMG clients always have the option not to provide their consent to the collection, use and disclosure of their personal information, or to withdraw their consent at a later stage, subject to contractual and legal restrictions and reasonable notice. Where a client chooses not to provide us with permission to collect, use or disclose their personal information, we may not be able to provide, or continue to provide, the client with our services.

Where a partner, employee or candidate for employment chooses not to provide us with permission to collect, use or disclose their personal information, we may not be able to employ them, continue to employ them or to provide them with benefits.

KPMG will limit the collection of personal information to that which is reasonably required to provide our services and to operate our business.

In order to protect the personal information in our possession, KPMG employs data loss prevention software which is used to monitor access, use and disclosure of confidential and personal information through any device which is connected to the KPMG network. The use of data loss prevention software may result in the incidental collection or use of personal information.

Use and disclosure of personal information

If KPMG intends to use or disclose personal information for any purpose not previously identified to you, we will obtain their prior consent unless we are permitted or required by law to use or disclose your personal information without consent.

For example, but without limitation, KPMG may use and disclose personal information without consent:

  • For the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, including steps taken under our pandemic policies
  • To prevent, detect or suppress fraud or financial abuse
  • In connection with an investigation
  • To comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies
  • To a government institution that has requested the information, identified its lawful authority, and has indicated that disclosure is for the purpose of enforcing, administering, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law, or to national security or the conduct of international affairs
  • To an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.

Retention of personal information

In compliance with professional standards, we keep a record of the work performed by KPMG personnel. This record, or “working papers”, may include personal information and will be retained until such working papers are no longer reasonably required for legal, administrative, audit, regulatory or professional purposes. Working papers are safeguarded against inappropriate access, as discussed in Principle 7 below.

KPMG retains personal information about current and past KPMG personnel in accordance with employment laws and standards and Canadian federal and provincial privacy legislation. We will destroy human resources and other files containing KPMG partner and employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. Certain additional information may be retained to administer and to keep former KPMG personnel informed about our Alumni Program. Former KPMG personnel may request at any time that they not be contacted about the Alumni Program.

Personal information collected from individuals seeking employment or partnership with KPMG will be retained by KPMG only for as long as necessary for the fulfillment of the purposes for which we have your consent for and destroyed when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. If a candidate is hired, the personal information collected during the application process will be retained in order to establish, manage and terminate the employment relationship.

In order to provide clients with a professional level of service and KPMG personnel with appropriate benefits, the personal information that we collect must be accurate, complete and current. From time to time, clients and KPMG personnel may be asked to update their personal information. You are encouraged to advise us of any changes to your personal information.

Clients are encouraged to contact their engagement partner to update their personal information.

KPMG personnel and employment candidates should contact the HR Service Team should they need to update their personal information.

KPMG will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to prevent the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment

We are responsible for all personal information transferred to third party service providers. We require third party service providers to respect the confidentiality of personal information and all legal requirements under applicable Canadian federal and provincial privacy legislation, and to agree to contractual requirements that are consistent with this Privacy Policy. These third-party service providers are prohibited from using personal information except for the specific purpose(s) for which we supply it to them.

In some circumstances, personal information may be collected, used, disclosed or stored outside of the jurisdiction within Canada in which you are located, including but not limited to in the U.S., EU and Asia, by KPMG or a third party to provide professional services and administrative, analytical and clerical support, and to comply with applicable law, regulation and professional standards, and such personal information may be subject to disclosure in accordance with the laws applicable in the jurisdiction in which the information is collected, used, disclosed or stored. These laws may not provide the same level of protection as Canadian privacy laws, but any such transfer has been assessed to be compliant with applicable law.

The most up-to-date version of our privacy policy is available in its entirety at kpmg.com/ca/privacy or by contacting our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

Personal information files are maintained in our offices or on our servers (or those of our service providers) and are accessible by authorized personnel, agents and mandataries who require access in connection with their job responsibilities.

Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their engagement partner.

KPMG personnel have the right to review and obtain copies of their personal information on record by contacting their HR Consultant.

The right to access personal information is subject to certain legal restrictions and we will take reasonable steps to verify your identity before providing access. 

In most instances, you will receive a response to your access request within 30 days. If you have any concerns about the access that is provided, you are encouraged to contact our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955. 

KPMG will respond to your complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints. 

To challenge compliance with this Privacy Policy, you should forward your concerns in writing to KPMG’s Privacy Officer. The Privacy Officer will ensure that an investigation of all complaints has been undertaken and will report their findings to you, in most instances within 30 days. 

We know that protecting the privacy of our clients, partners and employees is important. If you have any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

Updated October 30, 2023