Data Transfers to Third Parties, data processors, data controllers
Data Transfers to Third Parties
We do not share personal information with third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards. This includes:
— Our service providers: we transfer your personal information to our third party service providers, such as our (IT) systems providers, our hosting providers, our payroll providers, consultants (such as legal advisers) and other goods and services providers. KPMG works with such providers so they (as data processor) can process your personal information on our behalf. KPMG will only transfer personal information to them when they meet our strict standards on the processing of data and security. We only share personal information that allows them to provide their services.
— If we are reorganized or sold to another organization: KPMG will typically also disclose personal information in connection with the sale, assignment, or other transfer of any element of KPMG’s business to which the personal information relates.
— Courts, tribunals, law enforcement or regulatory bodies: KPMG will disclose personal information in order to respond to requests of courts, tribunals, government or law enforcement agencies or where it is necessary or prudent to comply with applicable laws, court or tribunal orders or rules, or government or professional regulations.
— Audits: disclosures of personal information will also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
— Insurers: our professional rules and our business requirements mean that we carry significant insurance cover in respect of business activities (our ‘insurance programme’). This is required to assist each member firm of the KPMG network in covering the costs associated with claims which may arise in the event that it is alleged that something has gone wrong during the course of providing services to its clients. In order to make the insurance programme work effectively, the insurance programme involves a number of different participants in the insurance market (e.g. brokers, insurers and reinsurers, as well as their professional advisors and other third parties involved should there be a claim). Some of these insurance market participants will require that we disclose personal information about you to them. The information will be used by the insurance market participants in the underwriting and ongoing administration of the insurance programme, where there is a claim that you are relevant to and to allow the insurance market participants to comply with their legal and regulatory obligations. Some of these insurance market participants (as data processor) will handle this information on our behalf (like our service providers described above), but others (as data controller) will want to process information about you independent of us.