Contents
KPMG [1] dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with Personal Data Privacy legislation as currently in force. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information/data (sometimes referred to as "personally identifiable information" or "PII") that it collects either online, or by the professional services it offers, or by its communications/cooperation by any third party. Our commitment to privacy is a natural extension of KPMG’S commitment to client confidentiality, and is based on the conviction that respecting individual privacy is not only the right thing to do, but it enhances our business.
KPMG has adopted this policy about the privacy of Personal Data (the Policy) in order to assist in establishing and maintaining an adequate level of Personal Data privacy in the collecting, processing, disclosing and cross-border transfer of Personal Data including that relating to current, past and prospective KPMG Personnel, clients, suppliers, contractors and business associates of KPMG.
We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your personal data and explains your rights and our obligations when doing so.
[1] KPMG”, “we”, “us” and “our” refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity.
KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.
2. What information and personal data we have about you
This information and personal data may either be directly provided by you or the legal entity for which you work for or provided by a third party (supplier, service provider, business associate etc.).
We may collect various types of personal data about you, according to the purposes for which they are collected, including:
3. Receiving confidential or personal information
Where KPMG and/or its personnel receive personal or confidential information from another member firm or from a third party, it shall:
Where KPMG acts as a Data Processor, it shall comply with GDPR and among others:
Where KPMG acts as a Data Controller, it shall comply with GDPR and among others:
4. For which purpose do we use your personal data
We process your personal data for a specific purpose and only process the personal data which is necessary and relevant to achieving that purpose.
In particular, we process personal data for the following purposes always in accordance with the nature of our collaboration as well as applicable legislation and regulations:
5. How we use your personal data
According to Greek and EU law, we will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if we have a basis or “ground” under the law to do so, such as:
6. Who has access to your personal data and to whom are they transferred?
KPMG do not share personal data with unaffiliated third parties, except as necessary for their legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.
KPMG work with reputable partners, service providers or agencies so they can process your personal data on our behalf. KPMG will only transfer personal data to them when they meet our strict standards on the processing of data and security. KPMG only share personal data that allows them to provide their services.
KPMG ensures that the external services providers that have access to or use confidential information are bound by contractual obligations to maintain the confidentiality and security of the information. Those confidentiality and security obligations shall be at least equivalent to those with which KPMG member firms are obliged to comply. KPMG includes a confidentiality clause in the General terms of Business, and confidentiality or non-disclosure agreements may be signed at times with third parties, (i.e. external service providers that have access to confidential information).
7. Protection of your personal data
We have implemented appropriate organizational and technical measures to provide a high level of privacy and security to your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and other illegal forms of processing.
KPMG incorporates the protection of personal data as an integral part of its business operations by design and by default, so as to protect the rights of data subjects, such as user management policy, distinct roles and responsibilities, backups, physical security measures, policy of destruction of personal data etc.
8. Retention of and access to personal data
To the extent not prohibited by applicable laws or regulations, KPMG:
Your rights include the right of access to data, the rectification the erasure / right to be forgotten, the restriction of processing of personal data, the objection to processing of personal data, the data portability, the right to withdraw consent at any time (where processing is based on consent) and the right to lodge a complaint with a supervisory authority.
For any complaint you may use our Complaint Form (PDF 172 KB) and you may contact us at dataprivacy@kpmg.gr .
Finally, you always have the right to lodge a complaint with Hellenic Data Protection Authority (DPA). [www.dpa.gr/ Call Center: 210 64 75 600, Fax: 210 64 75 628, email: complaints@dpa.gr].