KPMG LLP (U.S.)1 is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information (sometimes referred to as "personally identifiable information" or "PII") that has been collected by or provided to us through any of our websites, web-based and mobile applications, meetings and events (in-person and virtual), marketing materials and content and services that link to, post or otherwise refer to this Privacy Statement (collectively, “Activities”).
Please review this Privacy Statement to learn more about how we collect, use, share and protect the personal information that we have obtained. By engaging in Activities (e.g., using online services or visiting a KPMG office), you consent to the collection and processing of your personal information as set forth in this Privacy Statement.
We and our third-party providers (including service providers, as referred to in Section 6.2) collect the personal information that you provide when you engage in any Activities. For example, when you register for a service or attend an event, we may collect basic information about you such as your name, username, password, email address, mailing address, phone number, date of birth, and other personal and business demographic or contact information. You may also provide us with certain employment information in connection with an application for employment with KPMG. In some cases, you may have previously provided your personal information to KPMG (e.g., if you are a KPMG alum).
We use the personal information we collect (including through the automatic collection of personal information, as described in Section 1.1) to: enable you to engage in Activities; provide you with web-based and mobile applications; communicate with you; provide you with information about KPMG’s products and services; comply with applicable laws, regulations and/or professional standards, including for auditor independence, anti-money laundering and know-your-client checks; operate, maintain and enhance any of our Activities; and fulfill your specific requests. For example, if you send us an email message requesting information about KPMG, we will use your email address and other personal information you supply to respond to your request. If you send us a resume or curriculum vitae to apply online for a position with KPMG, we will use the personal information that you provide to match you with available KPMG job opportunities. Your personal information is used only for the purposes described in this Privacy Statement, unless we (i) obtain your express permission, (ii) provide an additional privacy notice, or (iii) as otherwise required or permitted by law or professional standards.
In some cases where you have registered for certain Activities we may store your personal information temporarily until we receive confirmation of the information you provided via an email (i.e., where we send an email message to the email address provided as part of your registration to confirm a subscription request). Please note that your rights for any particular request, product or service will be determined by the notice provided with such request, product or service, and in the event of a conflict between this notice and that notice, the specific notice provided with the request, product or service shall control.
KPMG only collects sensitive personal information when (i) you voluntarily provide us with this information, (ii) you expressly permit us to use this information, or (iii) such information is required or permitted to be collected by law or professional standards. Sensitive personal information includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual orientation or criminal record. Please use your discretion when providing sensitive personal information to KPMG or permitting KPMG to use such sensitive personal information. Do not provide sensitive personal information to KPMG or permit KPMG to use such sensitive personal information, unless you consent to (i) KPMG's use of that sensitive personal information for its business purposes, and (ii) the transfer and storage of that sensitive personal information to and in KPMG systems.
An Internet Protocol (“IP”) address is a number assigned to your Internet-enabled device (including computers and mobile devices) whenever you access the Internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for KPMG’s IT security and system diagnostic purposes. This information may also be used to maintain and improve our Activities and to generate and analyze statistics about the Activities and your engagement in them.
Cookies may be placed on your Internet-enabled device whenever you engage in our online Activities. This allows our websites, applications or collaboration platforms to remember your device and serves several purposes.
For some of our online Activities, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked using this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your web browser's cookies.
Although most web browsers automatically accept cookies, you may be able to choose whether to accept cookies via your web browser's settings. You may also be able to delete cookies from your device. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features of our online Activities.
Below is a list of the types of cookies used as part of our online Activities:
|Purpose||Description||Type & Expiry|
|Performance (i.e., User's Browser)||Our online Activities are built using common Internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).||
Deleted upon closing the browser
|Security (e.g. Asp .NET) Cookies||If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.||
Deleted upon closing the browser
|Site Preferences||Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.||
Deleted upon closing the browser
|Analytical||We use several third-party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on kpmg.com for our visitors. The aggregated statistical data cover items such as total visits or page views, and referrers to our web sites. Further details on our use of Google Analytics are described in Section 1.1.4.||Persistent, but will delete automatically after two years if you no longer engage in our online Activities.|
|Site visitor feedback||
We use a third-party survey tool to invite a percentage of visitors to provide their feedback. Cookies are used to prevent visitors from being invited multiple times.
The first cookie (1) is set if the visitor is not invited to participate in the survey, and is used to ensure visitors are not invited after their first page view.
The second cookie (2) is set if the visitor is invited to participate in the survey, and is used to ensure the visitor is not invited again to participate for a period of 90 days.
We use third party social media widgets or buttons to provide you with additional functionality to share content from our online Activities to social media platforms and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed webpages (e.g. the social share count cache is updated) and log information about your activities across the Internet and on our online Activities. We encourage you to review each provider's privacy information before using any such service. Further details on our use of social media widgets and applications are described in Section 1.2.
|Persistent, but will be deleted automatically after two years if you no longer engage in our online Activities|
Other third-party tools and widgets may be used on our individual websites or portions of certain online Activities to provide additional functionality. Depending on how you set your preferences in your browser and/or the cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use and ensure your interaction is displayed properly.
Cookies by themselves do not tell us your personal information or otherwise identify you personally.
BY ACCESSING, USING, OR ENGAGING IN OUR ONLINE ACTIVITIES, OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR INTERNET-ENABLED DEVICE
Our online Activities may not recognize web browser based “Do Not Track” signals. However, as discussed in Section 1.1.2, you may be able to modify your Internet-enabled device’s web browser settings to block all cookies, or to block “third-party” cookies. Cookies that we set on our online Activities are considered “first-party” cookies. Details on your ability to restrict or change the personal information that we may collect about you are listed below under the following sections of this Privacy Statement: Choice (Section 3), Access (Section 4), Additional Disclosures for California Residents (Sections 6) and Additional European Union Notices (Section 7).
KPMG uses third-party usage analytics tools as part of our online Activities, including Google Analytics, which may be subject to separate privacy policies. More information about how Google Analytics is used by KPMG can be found here: https://policies.google.com/technologies/partner-sites.
A web beacon is a small image file on a web page that can be used to collect certain information from your Internet-enabled device, such as an IP address, the time the content was viewed, a web browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.
KPMG or its third-party providers may use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded.
In some of our online Activities (e.g., newsletters and other communications), we and third-party providers operating on our behalf, may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to maintain and improve our online Activities and such third-parties’ services.
Please be aware that if you opt to render some web beacons unusable, you may not be able to fully experience some of the features of our online Activities.
KPMG and its service providers may collect and use the geographical location of your Internet-enabled device (e.g., via tracking beacons, Bluetooth or GPS) in connection with certain Activities, but only with your express permission. With respect to the collection of precise information about the location of your device, once you have consented to the collection you may adjust or withdraw this permission at any time by managing your “Location Services” preferences through your device’s settings. This location data is collected for the purpose of providing you with information regarding our Activities, products and services which we believe may be of interest to you based on your geographic location, and to improve our location-based Activities, responses to requests, products and services.
Please be aware that if you opt to exercise your right to alter, or altogether turn off, location-based services on your device, you may not be able to fully experience some of the features of our Activities.
In addition, our online Activities may feature blogs, forums, crowd-sourcing and other applications or services (collectively, “Social Media Features”). The purpose of Social Media Features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG Social Media Feature may be shared with other users of that Social Media Feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.
KPMG understands the importance of protecting children's privacy, especially in an online environment. Our Activities are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain personal information about anyone under the age of 13, except as part of an engagement to provide professional services.
We do not share personal information with unaffiliated third parties, except as stated in this Privacy Statement, including as necessary for our legitimate professional and business needs, to carry out your requests, to allow you to engage in our Activities, and to market our products or services, including in coordination with other service providers for joint-marketing purposes, as required or permitted by law or professional standards, or otherwise with your permission.
In some instances, KPMG may share personal information about you with various third-party providers working on our behalf. KPMG requires these entities to safeguard personal information in the same manner as KPMG.
KPMG may also disclose personal information in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, government regulations, or professional rules. In the event, that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information may also be shared in connection with the consideration, negotiation or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
KPMG does not sell personal information to third parties. KPMG and our third-party providers may use personal information in an anonymized form for research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. In addition, we may share de-identified reports on user demographics and traffic patterns, as well as de-identified information, with third parties.
Cross-Border Collection and Transfer. We may directly collect personal information from or about you if you are in a jurisdiction other than the U.S. to provide you with services associated with the Activities. Similarly, if you are in the U.S., we may transfer outside of the U.S. the information we collect from or about you outside of the U.S. Regardless of where you are, we may transfer certain personal information across geographical borders to other member firms affiliated with KPMG International or to various third party providers working on our behalf, or we may receive personal information in the U.S. or elsewhere transferred from another member firm affiliated with KPMG International or an unaffiliated third party. KPMG may also store personal information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your personal information as your home country. By providing your personal information to KPMG, you understand that your personal information may be collected, transferred and/or stored in a jurisdiction other than your home country. Each member firm affiliated with KPMG International is required to safeguard personal information in accordance with its contractual obligations and data protection legislation applicable to its provision of services. Your personal information will only be transferred if appropriate or suitable safeguards are in place. If you are located outside of the U.S., you may have additional rights as described in Section 7.
We may require you to provide certain personal information in order to receive additional information about our Activities. KPMG may also ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular Activities (e.g., an online newsletter), you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from an Activity, we will try to remove your personal information promptly, although we may require additional information or confirmation before we can process your request.
If you have submitted your personal information to KPMG, you may have the right to request, under applicable law, that KPMG provide you with reasonable access to your personal information, update or correct any inaccuracies in your personal information, or delete your personal information, and, in any such event, KPMG will make all reasonable and practical efforts to comply with your request, so long as our doing so would be consistent with applicable law, KPMG’s contractual requirements, and/or the professional standards applicable to KPMG.
To make a Data Privacy Request, please contact us by:
KPMG has and requires its service providers to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration or destruction. Despite KPMG’s efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know and require those individuals to maintain the confidentiality of such information. We also make efforts to retain personal information only for so long as the information is needed for our professional, marketing or analytic purposes or to comply with legal requirements, professional standards or an individual’s request, or until that person asks that the information be deleted.
This section applies to any California residents about whom we have collected personal information as part of engaging in our Activities.
For purposes of this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household; “household” means a person or group of people who: (i) reside at the same address, (ii) share a common device or the same service provided by a business, and (iii) are identified by the business as sharing the same group account or unique identifier. Personal information does not include publicly available information or information that has been de-identified.
The types of personal information we collect about you will depend on your relationship with KPMG. For example, in many cases, we may collect personal information from our business clients during an engagement to provide products and services to our clients; our collection and use of such personal information is governed by our contract with that entity. In other cases, we may collect personal information directly from consumers or households that engage in Activities.
We may collect the following categories of personal information about you or members of your household:
We may collect or use personal information for the following purposes:
We may collect personal information from the following sources, including, but not limited to via applications and forms, collaboration platforms, communications and interactions with us and through our in-person events or meetings and online Activities such as websites and mobile applications:
We may share personal information as described in this Privacy Statement, including with the following categories of third parties:
We may have disclosed the following types of personal information to third parties or service providers for a business or commercial purpose in the previous twelve (12) months:
We do not sell personal information and did not sell personal information in the previous twelve (12) months.
You may be entitled by applicable law to exercise the following rights with respect to your personal information:
You may also authorize someone to exercise the above rights on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.
To exercise any of your rights, please contact us by:
We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a service provider, we may refer you to the business with whom you have a direct relationship in order to implement your request, pursuant to applicable law.
In addition, the above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances, we may be unable to implement your request.
KPMG provides our Activities in the U.S. and does not direct such activities to data subjects that are located outside of the U.S. However, in certain circumstances, we do interact with or collect personal information about data subjects outside of the U.S. In such circumstances, we typically collect personal information from data subjects outside of the U.S. through a direct collection of that information via our Activities. However, in some circumstances, personal information may be transferred to us from KPMG International, a member firm affiliated with KPMG International or an unaffiliated third party outside of the U.S. Where this applies, we typically receive your personal information because it is necessary to perform a contract or pre-contractual measures with you or because of our legitimate interests. If we receive personal information transferred by a member firm affiliated with KPMG International or an unaffiliated third party, it would typically be pursuant to the appropriate foreign regulator-approved standard contractual clauses or based on another lawful basis. To know more about additional non-U.S. data subject notices and rights, please review our Notice of Processing.
KPMG complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union, United Kingdom, and Switzerland, as applicable to the U.S., in reliance on Privacy Shield. KPMG has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles with respect to such personal information. Please review our Privacy Shield Statement for information about KPMG’s data practices regarding personal information it has received from the European Union, United Kingdom, and Switzerland pursuant to Privacy Shield. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/.
Following recent decisions invalidating the adequacy of Privacy Shield, we no longer rely on Privacy Shield for cross-border transfers of personal information. As described in Section 7, we rely on the direct collection of personal information from individuals located outside of the U.S., or we use other bases, such as standard contractual clauses for cross-border transfers of personal information from another entity to us.
Please be aware that our Activities may contain links or refer you to other websites, applications, social media platforms, collaboration platforms, products and services maintained by KPMG International, other member firms affiliated with KPMG International, or by unaffiliated third parties (collectively, “Other Sites”). Other Sites are not governed by this Privacy Statement, but by other privacy statements that may differ. KPMG is not responsible for the content or practices of these Other Sites. We encourage users to review the applicable privacy policies of these Other Sites visited before disclosing any personal information.
KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy Statement to be informed about how KPMG is protecting your personal information. Your continued use after each such update is your consent to such updated terms.
KPMG is committed to protecting the privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us by email at firstname.lastname@example.org. You may also contact us to communicate any concerns you may have regarding compliance with this Privacy Statement.
1"KPMG,” “we,” “our,” and “us” refers to KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited (“KPMG International”), a private English company limited by guarantee. KPMG International and its related entities do not provide services to clients.