Data protection policy for the application process of KPMG AG Wirtschaftsprüfungs-gesellschaft and its
affiliates or associates (KPMG)
The following data protection policy is to inform you about how we process personal data during the application process at KPMG. Basic information on data protection when using the KPMG website can be found here.
1. Who is responsible for data processing?
KPMG AG Wirtschaftsprüfungsgesellschaft
If you have specific queries about your application, please contact:
KPMG Application Hotline: 0800-5764-562
2. How can the data protection officer be reached?
KPMG AG Wirtschaftsprüfungsgesellschaft
Data Protection Officer
3. For what purpose do we process your data during the application process and on what legal basis?
KPMG collects and uses personal data on KPMG's websites in accordance with Article 6 (1)(a) to (f) of the European General Data Protection Regulation (GDPR), i.e. to the extent permissible under the GDPR or another regulation or if the user (data subject) has given consent to the processing. Legally standardised data protection contracts are agreed with all service providers which we use as processors pursuant to Article 28 EU GDPR. Basic information on data protection when using the KPMG website can be found here.
a) Information regarding online applications using one of the websites of KPMG
To apply via one of the KPMG websites, applicants must register using the KPMG application tool and set up a personal user account. This requires personal data such as your name, contact details, as well as voluntary information such as date of birth and professional career, to complete the registration/login process and administration of the individual user account.
On registration, login and use of the user account, the user's IP address and time of login are also logged. A legitimate interest pursuant to Article 6 (1)(f) EU GDPR is pursued by KPMG for security reasons (e.g. protection against abuse, unauthorised use).
Otherwise, the General Data Protection Policy applies to the use of KPMG websites, which is available here.
b) General data protection policy for the application process at KPMG
Unless otherwise explicitly specified, KPMG processes your data for the purposes of establishing or implementing an employment relationship (implementing the application process as well as any contract initiation/establishing an employment contract) on the basis of Article 6 (1)(b) GDPR in conjunction with Section 26 of the German Federal Data Protection (BDSG).
The following types of personal data must be provided during the KPMG application process:
· Personal data (e.g. name)
· Contact details (address, phone number, email address)
· Education and professional training (e.g. school, university, leaving certificates, previous employers, work certificates/references, further education, if applicable.
In the event of an employment offer being made, the contractual conditions for the approval process are also logged.
Data provided for application purposes is entered into the KPMG online application tool on the basis of consent pursuant to Article 6 (1)(a) EU GDPR. This tool is operated for KPMG by the service provider IBM/Kenexa. In addition, the KPMG online application tool provides the possibility for staff involved with the application process from international KPMG member firms and Kenexa’s technical support (a IBM group company) to access the candidate profile and the associated data therewith. There is no scope for these to access the approval forms for job hires.
If processing of the application data in the KPMG online application tool is not desired, applications can also always be sent by email by sending the complete application materials to the email address provided under item 1 above. The application will then be processed outside of the KPMG online tool, but of course without any disadvantages to the applicant during the application process.
The application is always coordinated by KPMG staff involved with the application process during this process, who only grant those responsible for recruiting in the specialist departments of the business concerned access to review the candidate profile (including attachments). In addition, staff involved with the application process can view the details of individual positions (e.g. receipt of application for the position or number / type of positions for which the candidate has applied) for the administration of the firm-wide application process.
Upon completion of the application process, access to the candidate profile is then limited again to staff involved with the application process. Information for the contract initiation process is handled in the HR department. To the extent legally required, personal data is forwarded based on Article 6 (1)(c) GDPR to the competent KPMG staff council for the consultation process.
(2) Usage of the KPMG online application tool
Indeed Tracking Pixel
The tracking pixel from Indeed (Indeed Ireland Operations Limited, 124 St. Stephen's Green, Dublin 2,
(3) KPMG applicant pool
You can always be included in the KPMG applicant pool on completion of the regular application process by giving your consent pursuant to Article 6 (1)(a) EU GDPR. We will contact you separately to inform you of this option before your candidate profile is deleted. Should you agree to be included, your candidate profile will remain on file and our staff involved with the application process will regularly check your profile against vacancies and contact you for renewed application if a suitable position becomes available.
4. To whom could applicant data be forwarded?
KPMG uses the data collected as part of the application to examine your suitability for the advertised position. If an application is submitted to KPMG for a specific vacancy, your data is forwarded only to the KPMG firm (in Germany or abroad) to which the application is directed.
An overview of all member firms of KPMG International and their locations can be found using the following link.
We gladly review an application for a specific position also for other vacancies at KPMG. This will be done on the basis of consent pursuant to Article 6 (1)(a) EU GDPR, which can be given during the application process.
5. How long will data be stored?
Unless otherwise explicitly stated, KPMG stores personal data for as long as necessary for the above mentioned purposes. This is subject to the statutory retention obligations. KPMG employees are instructed to regularly check the duration of storage of personal data and to delete these if necessary.
If your application is rejected, the personal candidate profile of the applicant is deleted, subject to the applicant's consent in the KPMG applicant pool, six months after rejection, unless you log into our application system or the application system of another KPMG member firm in the meantime. In that case, deletion occurs six months after the most recent login.
Following receipt of a deletion request, your personal candidate profile is first disabled immediately. Your data cannot be viewed by you or our recruiters from this point on. Access to the data is only available to system administrators. Unless you revoke the deletion request, your data will be completely deleted six months after being disabled.
If – despite registration – you have not applied for a position at KPMG in Germany or at an international KPMG member firm and no application is being processed, your registration data will be deleted six months after your last login.
6. What data protection rights do data subjects have?
Applicants and other data subjects are afforded rights of access pursuant to Article 15 EU GDPR regarding the processing of their personal data by KPMG (also regarding the purpose of processing, any possible recipients and the expected duration of the storage of data), rights to rectify incorrect data (Art. 16 EU GDPR), rights to erasure (Art. 17 EU GDPR), rights to restriction of processing and the data portability of the data provided (Art. 18, 20 EU GDPR) and the right to object against the use of their data for marketing purposes and based on a legitimate interest (Art. 21 EU GDPR).
Any consent given to KPMG can be revoked at any time with future effect. In order to safeguard these rights any data subject can contact the KPMG data protection officer (see item 2). Furthermore, they also have the right to complain to a data protection supervisory authority. Data subjects can lodge their complaint with the competent data protection supervisory authority in their place of residence or with any other data protection supervisory authority.
Candidates are able to amend their data at any time. Deletion of data can be arranged via the recruiting team (see item 1).