1. Collection and use of personal data
1.1 What information we collect?
1.2 The legal grounds we have to use your personal information
1.3 Automatic collection of personal data
1.3.1 IP addresses
1.3.3 Google Analytics
1.3.4 Web beacons
1.4 Social media widgets and applications
2. Sharing and transfer of personal information
4. Your rights
5. Data security and integrity
6. Links to other sites
7. Changes to this statement
8. Policy questions and enforcement
KPMG is committed to safeguard the privacy and confidentiality of data KPMG is entrusted with. Therefore, KPMG strives to ensure the protection and correct use of your personal information that identifies you or makes you identifiable (referred to as "personal data").
For KPMG Ideation Challenge 2020, we will use the Innovation Factory platform that is hosted by KPMG Netherlands but accessed, monitored and used by each member firm taking part in the competition. For all extensive purposes, the member firms taking part in KPMG Ideation Challenge 2020 will adhere to their own local legal obligations for privacy and data protection but below is the statement and policy as outlined by the Innovation Factory. If you have any queries in relation to this, please contact us on GO-FMKPMGICC@kpmg.com
This Privacy Statement mainly concerns the KPMG Netherlands website(s). By means of this Privacy Statement, KPMG Netherlands informs its website visitors and users of KPMG Netherlands’ services on the manner in which personal data is handled by KPMG. In general, KPMG solely collects personal data if you voluntarily provide this in order to enable us to provide information and/or services to you. This Privacy Statement informs you on the collection, use, disclosure and protection of personal data by KPMG.
1.1 What information we collect?
We obtain personal information about you if you choose to provide it — for example, to contact mailboxes or to register for certain services. In some cases, you will have previously provided your personal information to KPMG (for example if you are a client or former client).
You can also register or login to a KPMG website using a third party single sign-in service that authenticates your identity and connects your social media login information (e.g., LinkedIn, Google or Twitter) with KPMG. If you choose to use this option, we will collect any information or content needed for the registration or login, such as your name and e-mail address. Where you register or login using a third party single user sign-in we may also recognize you as the same user across any different devices you use and personalize your user experience across other KPMG sites you visit. Other information we collect will depend on the privacy settings you have set with your social media provider, so please review the privacy statement or policy of the applicable service.
When you register or submit personal information to KPMG we will use this information in the manner outlined in this Privacy Statement. Your personal information is not used for other purposes, unless we obtain your permission, or unless otherwise required or permitted by law or professional standards, or to optimize the quality of our services and to inform you about other services of KPMG.
We will, for example, use the information regarding your preferences that you provided to us to personalize your user experience. Or, if you request us per e-mail to provide information about KPMG, we will use your e-mail address and other information you provide to us to respond to such request. If you send us a resume or curriculum vitae (CV) to apply online for a position with KPMG, we will use the information that you provide to match you with available KPMG job opportunities.
KPMG generally only collects the personal information necessary to fulfill your request. Where additional, optional information is sought, you will be notified of this at the point of collection. Each member firm that is taking part in our KPMG Ideation Challenge will strictly adhere to their own local privacy and data protection legal requirements.
The privacy legislation, including the General Data Protection Regulation (“GDPR”) allows us to process personal information, so long as we have ground (pursuant to the GDPR) to do so. If we process your personal data, we will rely on one of the following processing conditions:
- Processing of your personal data is necessary in order to perform our obligation under a contract to which you are party.
- Processing of your personal data is necessary in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.
- Processing of your personal data is in KPMG’s legitimate interest. This processing is allowed as long as this does not outweigh your interests. Legitimate interest includes for example processing for the purposes of: 1) marketing; and 2) acquisition (sales) with regard to clients with whom we have a commercial relationship; 3) customer relationship management & account management; optimizing and/or personalizing content and 5) maintaining and optimizing effective business operations.
- You have provided specific and explicit consent for the processing of your personal data for a specific purpose. For example for the receipt of content per e-mail for marketing purposes, including invitations for events organized by KPMG. We will only process your personal data in this way if you agree to us doing so.
You may withdraw your consent at any time via the link that will be included in every e-mail that we send you with that regard, by logging in to our website or by contacting KPMG at firstname.lastname@example.org or GO-FMKPMGICC@kpmg.com.
Special categories of personal data will only be collected if you voluntarily provide these to us or if this is required or permitted by law. Special categories of personal data are i.a. data about racial and ethnic origin, political opinions, religious beliefs and other beliefs of a similar nature, trade union membership, data about sexual life and sexual orientation and health data. We ask you to only provide special categories of personal data to KPMG if you consent to the processing thereof by KPMG. If you have any questions on the provision of special categories of personal data to KPMG, please contact KPMG via email@example.com or GO-FMKPMGICC@kpmg.com.
1.3.1 IP addresses
An IP address is a number assigned to your computer whenever you access the internet. IP addresses will be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct website trend and performance analysis, in which case information will not be processed on individual (identifiable) level.
A “cookie” is a small text file that is placed by a website in the browser of the device you use to visit the website (for example a computer or smartphone). This enables the website to recognize your device. Cookies are used for various purposes.
Below is a list of the types of cookies used on our websites.
Expires on logout or 24hrs unless configured otherwise.
_ga, _gat_StackTracker, _gid, ahoy_track, ahoy_visit, ahoy_visitor
Other third party tools and widgets may be used on our individual web pages to provide additional functionality. Use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.
Cookies by themselves do not tell us your e-mail address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers including IP addresses, but this is for the purpose of identifying the number of unique visitors to our websites and geographic origin of visitor trends, and not to identify individual visitors.
KPMG uses Google Analytics. More information about how Google Analytics is used by KPMG can be found here.
A web beacon is a small image file on a webpage, newsletter, e-mail or other communication that can be used to collect certain information from, such as the degree in which an e-mail is opened, which content is viewed, etc. KPMG only uses web beacons in accordance with applicable laws.
KPMG or its service providers may use web beacons to track the effectiveness of third party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.
In some of our newsletters and other communications, we may monitor recipient actions such as e-mail open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences. When registering for such communication we have informed you about this and/or you have provided your consent. If so desired, you can unsubscribe for the newsletter by clicking the link in the newsletter.
KPMG websites may include functionality to enable sharing via third party social media applications, such as Facebook and Twitter. These social media applications may collect and use information regarding your use of KPMG websites. Any personal information that you provide via such social media applications may be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.
In addition, KPMG websites may host blogs, forums, crowd-sourcing and other applications or services (collectively "social media features"). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal data that you provide on any KPMG social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.
KPMG understands the importance of protecting children's privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16, except as part of an engagement to provide professional services.
We do not share personal data with third parties, unless this is necessary in order to carry out your request, for our professional or legitimate business needs or as required or permitted by law, professional standards. For example, KPMG may, in some instances, share your personal data with third parties or service providers engaged by KPMG, in order to carry out your requests.
In the following circumstances, KPMG shares personal data with third parties:
- Facilitating and sending content for marketing purposes per e-mail;
- Registrations with regard to events organized by KPMG;
- Optimizing and/or personalizing content on our websites;
- Effective business operations;
In all circumstances above, appropriate arrangements will be made with these parties in order to ensure a correct and secure data processing in compliance with applicable legislation.
Furthermore, KPMG may share personal data with other KPMG member firms or third parties abroad with who we collaborate or who provide services for and on behalf of KPMG. KPMG may also store personal data in a country other than your country of residence. When KPMG transfers personal data to countries outside the Netherlands, KPMG complies with requirements pursuant to European (and Netherlands) privacy legislation.
KPMG may process personal data with regard to the assignment of services which include personal data processing. Legal obligations, court orders or government decrees may also require KPMG to disclose personal data. Personal data may also be required to perform privacy- or security audits or to invest an complaint. KPMG does not sell personal data to third parties.
KPMG will not transfer the personal data you provide to any third parties for their own direct marketing use.
You have several choices with regard to the use of our online services (including websites, portals, apps). In general, you are not required to submit any personal data to KPMG online. However, KPMG may require you to provide certain personal data in order for you to receive additional information about our services and events. KPMG may also ask for your permission for certain uses of your personal data, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request.
If KPMG processes personal data about you, you have, in most cases, the right to access this personal data and to correct possible inaccuracies. If you are registered on our website trough MyKPMG, you have the possibility to directly access your personal data. You can also request us for access. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge.
Before providing personal information to you, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. If the information we hold about you is incorrect, you are entitled to ask us to correct any inaccuracies in the personal information.
You have the right to object to us processing your personal information if we are not entitled to use it anymore, and furthermore, you have the right to have your personal data deleted if we are keeping it too long, have its processing restricted in certain circumstances and/or obtain copies of information we hold about you in electronic form.
You can make a request or exercise these rights by contacting KPMG at firstname.lastname@example.org or or GO-FMKPMGICC@kpmg.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. KPMG strives to follow up a request within the legal time frame of one month. Where the request is complex or we have a large volume of requests, we will notify you that it will take longer than one month to resolve, and we will seek to resolve your request within three months of the concern being first raised. You will be informed on such extension within one month. It may also occur that we do not need to follow up a request, for example if we have a legal ground to process your personal data. If this would be the case, this will be substantiated to you.
KPMG has reasonable security policies and procedures in place to protect personal data from unauthorized loss, misuse, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal data is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such data.
We also make reasonable efforts to retain personal data only for so long as the data is necessary to provide services to you, we are legally entitled to retain data or until you ask us to delete your personal data.
The personal data that you provide to us for the purposes of 1) marketing; 2) acquisition (sales); 3) customer relationship management & account management; 4) optimizing and/or personalizing content and 5) maintaining and optimizing effective business operations, we apply standard retention periods of 1 year upon ending of the contact or relation, unless explicitly informed otherwise.
The standard retention period takes effect whenever your personal data are no longer actively used by you or KPMG.
The retention period consists of two parts:
- Within 3 months after the retention period has taken effect, your personal data will be archived, meaning that they may no longer actively be used for said purposes;
- Within 12 months after the retention period has taken effect, your personal data will effectively be deleted (this includes deletion from underlying systems, used for e.g. report and back-up purposes).
If during this retention period your personal data is actively used by you or KPMG for said purposes, for example if you register an update on your personal data, the archiving- and deletion process is stopped.
By registering on any KPMG website and then navigating to another KPMG website while still logged in, your personal data will be used by the KPMG website you are visiting. This use will then be governed by the privacy statement of the KPMG website you visit.
KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage to regularly review this Privacy Statement.
KPMG is committed to protecting the online privacy of your personal information. If you have questions or comments about the processing of your personal data, please contact us at email@example.com or GO-FMKPMGICC@kpmg.com. You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Statement.
KPMG has a designated a Data Protection Officer. For questions or requests concerning the processing of your personal data, you may also contact the Data Protection Officer per e-mail: FG@kpmg.nl.
In any event, you always have the right to lodge a complaint with the Dutch regulator in charge of protecting personal information, the Dutch Data Protection Authority / De Autoriteit Persoonsgegevens (AP).
Throughout this website, "KPMG," "we," "our," and "us" refers to KPMG NV and its subsidiaries. For personal data processing within the KPMG organization, KPMG Staffing & Facility Services B.V. (“KPMG S&F”) is data controller, jointly with the KPMG-entity that primarily determines the purpose and means of the personal data processing, unless other written agreements apply to a specific data processing. In general, KPMG S&F will be (to the extent possible) entrusted with the performance of requirements pursuant to the General Data Protection Regulation and thereto related (implementation) regulation, in order to relieve other data controllers within the KPMG organization as much as possible. This concerns in particular the requirements on informing data subjects and resolving request of data subjects wishing to exercise their rights. KPMG S&F is a subsidiary of KPMG NV, which is registered with the trade register in the Netherlands under number 34153861.