Updated 1 December 2021
KPMG recognizes the importance of maintaining the privacy, confidentiality, and security of the information that parties entrust us with during the course of business and this includes personal information (sometimes referred to as “personal data”, "personally identifiable information" or "PII") that are collected from our employment candidates.
In this notice, “KPMG”, “we”, “our” and “us” refer to the global organisation or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity. KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.
This Privacy Notice for Candidates aims to explain how we handle and protect your personal data in connection with KPMG’s recruitment processes and what KPMG’s data protection obligations are along with your rights. “Personal data” means information that either by itself or in combination with other personal data may identify an individual. The term Candidate (or “You”) as used in this Privacy Notice for Candidates refers to an individual who applies for or is seeking employment with us, either on temporary or permanent basis. This also includes candidates applying for internship, attachment or other training program in KPMG.
What personal information do we collect
The personal information that we collect in the process of your job application and interview with us include, but are not limited to:
— Personal details such as name, gender, date of birth, national registration identification and/or passport number, residential address, contact details (phone and e-mail address), name and profession of parents and siblings;
— Details of your education background, professional qualifications, work experience;
— Results of psychometric tests;
— References from your previous employer(s) or referee(s);
— Details of other employment or vocation apart from main occupation.
For purposes of our hiring assessment, we will also require candidates to furnish sensitive personal data relating to your religious or other beliefs of a similar nature, and declaration of your health status, the commission or alleged commission of any offence and bankruptcy status.
Where do we collect the information from
In addition to obtaining information directly from you, KPMG may also collect your personal data from third parties, such as recruitment agency through which you applied, your named referees or from publicly available sources such as LinkedIn.
What do we use the information for
We collect and process your personal data for the purposes of:
— Identifying and evaluating candidates for potential employment;
— Identifying candidates for future hiring opportunities that may become available;
— Identifying potential conflict of interest in candidates;
— Conducting reference and/or background checks.
The legal basis by which we process your personal data
We collect your personal information to process your application, on the basis of consent. This also covers the sensitive personal data referred to above. The processing is also with a view to entering into a contract of employment with you (should the application proceed to an offer of employment).
Where other sensitive personal data apart from that referred to above is required, we will seek your explicit consent prior to processing.
Should your job application proceed to an offer of employment with KPMG, and when you have accepted the offer, the bases for our processing of your personal data from then on will be as according to the Privacy Notice for Employees.
Must you give us the personal information we ask for
Whilst you have the right not to provide your personal information, without these, you will understand that we will not be able to carry out a due and proper assessment of your application for job opportunity with KPMG.
KPMG has reasonable security policies and procedures in place to protect personal information from loss, misuse, unauthorized or accidental access or disclosure, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know and KPMG employees who have an access are required to maintain the confidentiality of such information.
For how long do we keep your personal information
We will retain your personal data only for so long as is necessary for the purposes of which these were collected. If the processing of your job application leads to an offer of employment with KPMG, your personal data collected as a candidate will become part of KPMG’s employee records. The retention period of your personal data from then on will be as addressed in the Privacy Notice for Employees.
If your application is unsuccessful, we may still retain and use your personal data collected during the recruitment process in order to consider you for new positions, and, where necessary, for our reference should you submit a new application in the future. In any case, we will not keep your personal data for any longer than two years.
KPMG does not use any automated system to carry out any process that will result in automated decision making in relation to your job application.
Transfer within the network of KPMG member firms
We may share information of our employment candidates with other member firms of the KPMG network for purposes that are related to the employment opportunities which the candidates are seeking. We also share personal information with the KPMG network for purposes of providing services such as the hosting and supporting of IT applications.
Transfer to third parties
The processing of reference and background checks of the employment applications are carried out by third parties engaged by KPMG. These parties may utilise the services of other service providers such as for the purpose of hosting of servers that will require the transfer of data outside of Malaysia.
Except for these purposes, we do not disclose your personal information to third parties or subject the information to a transfer outside of Malaysia without your consent. Where such a need arises, we ensure that third parties to which we transfer personal data will provide an adequate level of protection on the personal data in accordance with the strict standards that we require for processing of data.
KPMG will not transfer the personal information that you provide to any third parties for purposes of direct marketing.
It is important that you make sure the personal information we hold about you is accurate, complete and up to date. If any of your details change or if you believe that any personal information KPMG has collected about you is inaccurate, you can contact MY-FMPrivacy@kpmg.com.my and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable laws and regulations.
In the event that your application did not result in an offer of employment, your rights remain in respect of the personal data that we may continue to retain. After the retention period of two years, we will not be able to process any request as your personal data will no longer be retained by us.
Changes to privacy notice
KPMG may modify this Privacy Notice for Candidates from time to time to reflect our current privacy practices. When changes are made, we will revise the “updated” date at the top of this page and any changes affecting you will be communicated through an appropriate channel, depending on how we normally communicate with you.
If you have any questions or concerns regarding this Privacy Notice for Candidates or would like further information about how we protect your information, please email us at MY-FMPRIVACY@kpmg.com.my.
For the Bahasa Malaysia version, please click here