Privacy statement
Our services are based on trust. For an accounting firm such as KPMG, the protection of personal data (data protection) is a primary concern. KPMG observes all applicable data protection laws and continuously strives to improve data protection. KPMG is the controller for processing the personal data on these websites as defined by the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [BDSG].
The following data protection policy is to inform you about how KPMG processes personal data on this platform:
1. Who is responsible for data processing?
KPMG AG Wirtschaftsprüfungsgesellschaft Klingelhöferstraße 18
10785 Berlin
Phone: +49 30 2068-0
Fax: +49 30 2068-2000
Email: information@kpmg.de
2. How can I contact the data protection officer?
Either using the postal address set out under 1. or by email (address: de-datenschutz@kpmg.com).
3. For what purpose do we process your data on this website and on what legal basis?
KPMG collects and uses personal data for making the website and our information and services available in accordance with Article 6 (1)(a) to (f) of the European General Data Protection Regulation (GDPR), i.e., to the extent permissible under the GDPR or another regulation or if the user (data subject) has given consent to the processing. Legally standardised data protection contracts are agreed with all service providers which we use as processors pursuant to Article 28 EU GDPR and the service providers first undergo an IT security assessment.
In addition, KPMG processes personal data collected when visiting this website as follows:
a) Registration and participation
We process the data of participants of online events and collect the data as part of your online registration and profile creation.
For the purpose of participating in the event, you receive access to a virtual platform which the aforementioned participants can use to present themselves/their company (profile), to attend the online event, follow presentations and talks either live or afterwards (participation), and meet and network (communication and networking).
To create a virtual profile (visiting card), the following data is usually processed: address, title, surname, first name, position and name of company/organisation, contact details, department, photo (optional), professional interests and preferences (optional), social media accounts such as Xing and LinkedIn (optional) and calendar ID (optional).
For participation in online events, including livestreaming and subsequent reporting of events, the following data is processed: name, company/organisation, rooms and sessions visited, interaction within virtual rooms and date, time and length of participation.
For communication and networking, the following data is usually processed: name, role and name of company/organisation of talk/chat participants, content, time stamp and course of chat as well as date and time of the arranged meetings, name of the contact, type of meeting, notices on calendar entries, availability and calendar ID.
b) Newsletter and mailing
Registration at the event also gives KPMG permission to log future visits to our website by a user for that specific person in order to be able to provide this user with subject-specific information that is targeted to his or her personal interests (e.g. current studies, surveys). To this end, we record the individual KPMG web pages and topics which a registered user looks at during a visit through our service provider HubSpot.
After registration for newsletters/mailings on the KPMG website, each user receives confirmation by email sent to the specified email address (so-called double opt-in procedure). Registration is only complete once confirmation has been received via the link provided in this email.
Consent to receive newsletters/mailings once given can be withdrawn at any time via the link at the end of each email or by sending a message to the KPMG mailbox de-webteam@kpmg.com.
Registrations for newsletters/mailings are logged on the basis of our legitimate interest to be able to prove a user's consent at any time (Art. 6 (1)(f) EU GDPR). Should you not have used our range of services in any form during a specific year, you will be considered not interested and will therefore be automatically deleted from HubSpot.
c) Cookies
KPMG uses cookies for the purposes listed below. A cookie is a text file sent from the web server to the browser and is used to process information from website visitors (e.g. IP address), their settings and the devices used.
We use the following cookies on the virtual platform:
|
Name |
In-house/third party provider |
Stored data |
Purpose |
Type of cookies/ technology |
Length of storage |
|
XSRF-Token |
in-house |
csrf |
Security – verification of transfer |
functionally/technically necessary |
2h |
|
expo_x_session |
in-house |
Temporary storage of session data/unique identification of user |
Security – settings |
functionally/technically necessary |
2h |
|
remember_web_XX |
in-house |
Memory token to determine whether user is already registered |
Security - setting |
functionally/technically necessary |
5 years/ unlimited |
The aforementioned essential cookies serve to enable navigation and the security of the platform (legal basis: Art. 6 (1) f GDPR).
You can actively consent to the use of cookies that are not necessary for the functioning and security of our website or platform by using the cookie consent tool. The legal basis for cookie-based processing based on your consent is your consent (Art. 6 (1)(a) GDPR).
4. How long will data be stored?
Unless otherwise explicitly stated, KPMG stores personal data for as long as necessary for the above-mentioned purposes. This is subject to the statutory retention obligations. KPMG employees are instructed to regularly check the duration of storage of personal data and to delete these if necessary.
5. What data protection rights do data subjects have?
Data subjects are afforded rights of access pursuant to Article 15 EU GDPR regarding the processing of their personal data by KPMG (also regarding the purpose of processing, any possible recipients and the expected duration of the storage of data), rights to rectify incorrect data (Art. 16 EU GDPR), rights to erasure (Art. 17 EU GDPR), rights to restriction of processing and the data portability of the data provided (Art. 18, 20 EU GDPR) and the right to object against the use of their data for marketing purposes and based on a legitimate interest (Art. 21 EU GDPR).
Any consent given to KPMG can be revoked at any time with future effect. In order to safeguard these rights any data subject can contact the KPMG data protection officer (see point 2). Furthermore, they also have the right to complain to a data protection supervisory authority. Data subjects can lodge their complaint with the competent data protection supervisory authority in their place of residence or with any other data protection supervisory authority.