KPMG1 is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information (sometimes referred to as “personal data”, "personally identifiable information" or "PII") that has been collected online.
Generally, our intent is to collect only the personal information that is provided voluntarily by online visitors so that we can offer information and/or services to those individuals or offer information about employment opportunities. Please review this privacy statement ("Privacy Statement") to learn more about how we collect, use, share and protect the personal information that we have obtained.
1. Collection and use of personal information
1.1 What information we collect
We obtain personal information about you if you choose to provide it — for example, to contact mailboxes or to register for certain services. In some cases, you may have previously provided your personal information to KPMG (if, for example, you are a former employee). If you choose to register or login to a KPMG web site using a third party single sign-in service that authenticates your identity and connects your social media login information (e.g., LinkedIn, Google, Twitter or microblog, WeChat or QQ) with KPMG, we will collect any information or content needed for the registration or log-in that you have permitted the social media provider to share with us, such as your name and email address. Other information we collect may depend on the privacy settings you have set with your social media provider, so please review the privacy statement or policy of the applicable service.
By registering and/or submitting personal information to KPMG, you are also acknowledging that KPMG may use this information in accordance with this Privacy Statement. Your personal information is not used for other purposes, unless we obtain your permission, or unless otherwise required or permitted by law or professional standards. For example, if you register to a KPMG web site and provide information about your preferences we will use this information to personalise your user experience. Where you register or login using a third party single user sign-in we may also recognize you as the same user across any different devices you use and personalise your user experience across other KPMG sites you visit. If you send us a resume or curriculum vitae (CV) to apply online for a position with KPMG, we will use the information that you provide to match you with available KPMG job opportunities.
In some cases where you have registered for certain services we may store your email address temporarily until we receive confirmation of the information you provided via an email (i.e. where we send an email to the email address provided as part of your registration to confirm a subscription request).
This Privacy Statement also covers other means by which we collect information. For example, it also covers how we collect information from in person discussions, telephone conversations, and through non-electronic communications (i.e., collection through means other than KPMG’s online systems).
1.2 The legal grounds we have to use your personal information
KPMG generally collects only the personal information necessary to fulfil your request. Where additional, optional information is sought, you will be notified of this at the point of collection. The law in the Peoples’ Republic of China, Hong Kong SAR, Macau SAR and European Union General Data Protection Regulation (“GDPR”) where applicable, allows us to process personal information, so long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one of the following processing conditions:
Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under a contract;
Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
Legitimate interests: we may process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh your interests; or
Your consent: we may occasionally ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting KPMG at email@example.com.
KPMG only collects "sensitive" personal information when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual life or criminal record. Please use your discretion when providing sensitive information to KPMG, and under any circumstances, do not provide sensitive information to KPMG, unless you thereby consent to KPMG's use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in KPMG databases. By consenting to this Privacy Statement, you explicitly provide consent to KPMG and/or confirm to KPMG that consent of a third party from whom sensitive personal data are received and provided to KPMG for processing has been obtained (which consent may be required under the applicable law) for purposes described in this Privacy Statement. If you have any questions about whether the provision of sensitive information to KPMG is, or may be, necessary or appropriate for particular purposes, please contact KPMG at firstname.lastname@example.org.
2. Sharing and transfer of personal information
2.1 Transfers to third parties
We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards. This would include:
Our service providers: KPMG work with reputable partners, service providers or agencies so they can process your personal information on our behalf. KPMG will only transfer personal information to them when they meet our strict standards on the processing of data and security. We only share personal information that allows them to provide their services.
If we are reorganised or sold to another organisation: KPMG may also disclose personal information in connection with the sale, assignment, or other transfer of the business of the site to which the data relates;
Courts, tribunals, law enforcement or regulatory bodies: KPMG may disclose personal information in order to respond to requests of courts, tribunals, government or law enforcement agencies or where it is necessary or prudent to comply with applicable laws, court or tribunal orders or rules, or government regulations.
Audits: disclosures of personal information may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
In addition, KPMG may transfer certain personal information inside and outside of Hong Kong and/or China to companies working with us or on our behalf for the purposes described in this Privacy Statement.
KPMG may also store personal information inside or outside of Hong Kong and/or China. If we do this your personal information will continue to be protected by means of contracts we have in place with those organisations inside and outside Hong Kong and/or China, which are in a form approved by the competent authority in the applicable jurisdiction.
KPMG will not transfer the personal information you provide to any third parties for their own direct marketing use.
2.2 Transfer within the network of KPMG firms
We share information including personal information you provided with other member firms of the KPMG network as part of international engagements, and with KPMG International and other member firms where required or desirable to meet our legal and regulatory obligations around the world. Other parts of the KPMG network are also used to provide services to us and you, for example hosting and supporting IT applications, provision of certain forms of insurance for member firms and its clients, performing client conflicts checks and Anti-Money Laundering checks, assisting with client engagement services and otherwise as required in order to continue to run KPMG’s business.
By providing KPMG with personal information via online systems, visitors are consenting to this transfer and/or storage of their personal information across borders for the purpose of the foregoing 2.1 and 2.2. If information you provided includes personal information of individuals based within or outside the European Economic Area (“EEA”), you agree to obtain express consent, whenever required under the applicable law, from these individuals prior to the submission of such personal information to KPMG. By consenting to this Privacy Statement, you confirm that explicit consent has been obtained from the relevant individuals.
3. Data security and integrity
KPMG has reasonable security policies and procedures in place to protect personal information from unauthorised loss, misuse, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.
We also make reasonable efforts to retain personal information only for so long as the information is necessary to comply with an individual's request or until that person asks that the information be deleted and, in any case, no longer than 10 years.
4. Changes to this statement
KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy Statement to be informed about how KPMG is protecting your information.
5. Policy questions and enforcement
KPMG is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us at email@example.com. You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Statement.
If you are not satisfied with the response you receive, you may escalate your concern to the Global Privacy Officer by sending an email to firstname.lastname@example.org. We will acknowledge your email within 28 days and seek to resolve your concern within 3 months of receipt. We may accept your concern (and in that case implement one of the measures set out in the ‘Your Rights’ section above), or we may reject your concern on legitimate grounds.
In any event, you always have the right to lodge a complaint with the Privacy Commissioner for Personal Data, Hong Kong; the Office for Personal Data Protection Macao; or Ministry of Industry and Information Technology of the People’s Republic of China; whichever has appropriate jurisdiction and being the regulator in charge of protecting personal information.