This website is operated by KPMG LLP (“KPMG LLP”), a UK limited liability partnership, a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. KPMG International does not provide client services.
2. Who is processing your personal data?
Licenced Insolvency Practitioners are appointed in a personal capacity to act as Officeholders in the insolvency of a company or individual. When appointed in this capacity, it is the relevant Officeholders, not KPMG LLP, who determine the purpose and means in respect of personal data they process in the exercise of their duties as Officeholders.
However, Officeholders do not determine the purpose and means for personal data processed by the insolvent company/individual before the insolvency appointment. Instead Officeholders act as agents for the insolvent entity. It is the entity that controls the purpose and means for any personal data processed prior to its insolvency.
The Officeholders only handle your data for the purposes of administering the insolvent estate. Their overriding obligations will generally be dictated by insolvency legislation in the first instance and, where this conflicts with an individual’s specific data requirements, the Officeholders will be obliged to fulfil their duties under the insolvency legislation.
3. Who can you contact for privacy questions or concerns?
You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about the Officeholders data handling practices.
4. How do the Officeholders collect personal data?
Company/Individual Data – Upon appointment, the Officeholders have statutory obligations to collect and store certain of the insolvent entity’s pre-appointment records. Such records will be recovered directly from the company/individual to assist the Officeholders with a number of matters including, but not limited to, the identification of company assets, investigation of conduct prior to appointment and the agreement of claims, including those of employees and the relevant tax authorities where applicable. Some of the data retained and stored will clearly include personal data.
The Officeholder’s duty to collect records does not extend to all records and you should be aware that the Officeholders will only collect the records that they need to fulfil their statutory and regulatory obligations.
Any records that the Officeholders do not require for a particular purpose will be securely destroyed. Those records that they do retain will be held securely.
Practitioner Data – As the Officeholders administer the case they will create their own records, referred to as Practitioner Data. Given the nature of the work being undertaken, there will be personal data collected, processed and held, particularly in relation to employees and creditors and the agreement and processing of their claims.
5. What categories of personal data do the Officeholders collect?
As noted above, the Officeholders may obtain the following categories of personal data about individuals through direct interactions as they trade the business or administer the insolvent estate.
Personal data - The data that the Officeholders collect will vary depending on the insolvency process being administered but below is a list of personal data which is commonly collected to conduct their business activities:
Sensitive personal data – The Officeholders typically do not collect sensitive or special categories of personal data about individuals. When they do need to process sensitive personal data, they have a legal obligation to do so and this would be obtained directly from the entity’s records or the individual. Examples of sensitive personal data the Officeholders may obtain include:
6. What lawful reasons do the Officeholders have for processing personal data?
The Officeholders have an obligation to process personal data which flows from their role and duties as Officeholders, as set out in the Insolvency Act 1986 as amended and other related insolvency legislation.
On the whole, the Officeholders are, therefore, relying on “legal obligation” as the lawful reason to process personal data. This allows them to process personal data in order to meet their legal and regulatory obligations, as set out in the insolvency legislation.
It is important to be aware that the Officeholders only process personal data for the purpose of administering the insolvent estate. Their overriding obligations will generally be dictated by insolvency legislation in the first instance. Where this conflicts with individual’s specific data requirements, the Officeholders will be obliged to fulfil their duties under the insolvency legislation.
7. Why do the Officeholders need personal data?
The Officeholders only collect such personal data as they require to exercise their duties in relation to the relevant appointment. The purposes of use typically include:
8. Do the Officeholders share personal data with third parties?
The Officeholders may occasionally share personal data with trusted third parties to help them deliver efficient and quality services. These recipients are contractually bound to safeguard the data the Officeholders entrust to them. The Officeholders may engage with several or all of the following categories of recipients to assist them with the administration of an insolvent estate:
9. Do the Officeholders transfer your personal data outside the European Economic Area?
The Officeholders store personal data on servers located in the European Economic Area (EEA).
Depending upon the nature of the insolvency process and the location of the insolvent entity, the Officeholders may transfer personal data to KPMG International, KPMG member firms, and reputable third party organisations situated inside or outside the EEA when the Officeholders have a business reason to engage these organisations. Each organisation is required to safeguard personal data under contractual obligations including data protection legislation.
10. What are my data protection rights?
Your data protection rights are highlighted here. To submit a data request please send an email to firstname.lastname@example.org, quoting the name of the specific Officeholders and the relevant insolvency appointment.
The Officeholders may need to request specific information from you to help them confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps them to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive.
As already advised, depending on the circumstances, the Officeholders may be unable to comply with your request based on other lawful grounds, particularly in relation to their legal obligation to administer the insolvent estate.
11. What about personal data security?
Any records that the Officeholders retain will be held securely. The Officeholders have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. They aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
If you have access to parts of the Officeholder’s websites or use their services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst the Officeholders do their best to try to protect the security of your personal data, they cannot ensure or guarantee the security of your data transmitted to their site; any transmission is at your own risk.
12. How long do the Officeholders retain personal data?
The Officeholders retain personal data to provide their services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that they are subject to. All personal data will be held throughout the duration of the insolvency process, unless there are specific reasons identified why certain data is no longer needed.
The Officeholders’ records destruction policy varies depending upon the data that is held:
Any records that the Officeholders do not require for a specific purpose will be securely destroyed. The Officeholders will dispose of personal data in a secure manner when they no longer need it.
14. Do the Officeholders link to other websites?