Personal information is information about an identifiable individual. It includes information such as age, income, opinions, home location and family. It does not include the name, title, business address or telephone number of an employee of an organization such as KPMG or our corporate clients.
Principle 1 – We Are Accountable For The Personal Information In Our Possession.
Principle 2 – KPMG will inform you why we are collecting your personal information when the information is collected.
In most instances, KPMG will collect, use or disclose personal information about clients only for the purpose of providing professional services. Each Engagement Letter includes an explanation of why KPMG requires the information, what use will be made of it and with whom it may be shared in order to provide professional services.
Client personal information may also be disclosed internally and to other member firms of KPMG International for the purpose of determining compliance with applicable professional standards, KPMG internal policies, or in the performance of quality reviews. In accordance with professional standards, if a client is an audit or attest client, personal information may be shared with the
KPMG audit or attest engagement team and other KPMG personnel so that it may be used in the audit or attest engagement.
KPMG will also collect and use personal information about clients, prospective clients and alumni, for the purpose of sending news and information updates or invitations to events hosted or sponsored by KPMG.
Personal Information may also be shared internally and with other member firms of KPMG International in order to allow us to offer services or products that may be of interest to clients.
KPMG collects personal information about our partners and employees in order to pay them, comply with laws, provide them with benefits, administer performance management tools such as "Dialogue", to improve on and manage programs, policies and employee relations and generally to establish, manage or terminate the employment or partnership relationship. In certain cases, KPMG may also aggregate partner and employee personal information to provide business metrics and evaluate the effectiveness of our HR programs, but this aggregated information will not allow the identification of any individual.
We may also use or disclose partner and employee information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.
We also collect personal information from individuals seeking employment with KPMG.
When KPMG collects personal information, we will inform you of the reasons why we require such information, what use will be made of it and with whom it may be shared. Collection may occur without knowledge or consent as permitted by law, including collection in the course of an investigation.
Principle 3 – KPMG will collect, use or disclose personal information about you only with your informed consent.
How Will We Ask for Consent?
Client Personal Information
The Terms and Conditions of every KPMG professional services engagement are documented in each Engagement Letter. These Terms and Conditions include a discussion about how KPMG may use and disclose your personal information. By signing the Engagement Letter, the client will be providing its consent to the collection, use and disclosure described in the Terms and Conditions.
Partner and Employee Information
Forms and applications used to provide human resources-related services to partners and employees will describe the purposes for which their personal information is required and with whom it will be shared.
Employment candidates will also be advised of the purposes for which their personal information is being collected.
What happens if you choose not to give us your consent? What if you withdraw your consent at a later date?
KPMG clients always have the option not to provide their consent to the collection, use and distribution of their personal information, or to withdraw their consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to continue providing the client with our services.
Where a partner, employee or candidate for employment chooses not to provide us with permission to collect, use or disclose personal information, we may not be able to employ them, continue to employ them or to provide them with benefits.
Principle 4 – KPMG Canada limits the amount and type of personal information we collect.
KPMG will limit the collection of personal information to that which is reasonably required to provide our services or operate our business.
Principle 5 – KPMG Canada will use and disclose your personal information only for the purposes for which we have your consent. We will keep personal information only as long as necessary to accomplish these purposes.
Use of Personal Information
If KPMG intends to use personal information for any purpose not previously identified to the individual, we will obtain their prior consent.
However, KPMG may use personal information without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, including steps taken under our pandemic policies, or as otherwise permitted by law including for purposes of an investigation. We may also disclose personal information without consent as permitted or required by applicable federal and provincial privacy laws, including:
- to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies
- to a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law
- to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.
Retention of Personal Information
In compliance with professional standards, we keep a record of the work performed by KPMG partners and employees. This record, or "working papers", may include personal information and will be retained until such working papers are no longer reasonably required for legal, administrative, audit or regulatory purposes. Working papers are safeguarded against inappropriate access, as discussed in Principle "7" below.
KPMG retains personal information about current and past partners and employees in accordance with employment laws and standards. We will destroy human resources and other files containing partner and employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. Certain additional information may be retained to administer and keep former partners and employees informed about our Alumni Program. Former partners and employees may request at any time that they not be contacted about the Alumni Program.
Personal information collected from individuals seeking employment with KPMG will be retained by KPMG for 24 months so that KPMG may contact the applicant about other positions that may also be of interest. Should another suitable position at KPMG become available within this 24 month period, KPMG may contact the applicant to discuss this other position, and the applicant's information will be retained for an additional 24 months. If a candidate is hired, the personal information collected during the application process will be retained in order to establish, manage and terminate the employment relationship.
Principle 6 – KPMG will endeavor to keep accurate the personal information in our possession or control.
In order to provide clients with a professional level of service and partners and employees with appropriate benefits, the personal information that we collect must be accurate, complete and current. From time to time, clients, partners and employees may be asked to update their personal information. Individuals are encouraged to advise us of any changes to their personal information that may be relevant to the services we are providing.
Clients are encouraged to contact their engagement partner to update their personal information.
Employees and candidates should contact the HR Service Team should they need to update their personal information.
Principle 7 – KPMG Canada protects your personal information with safeguards appropriate to the sensitivity of the information.
KPMG will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment.
In some circumstances, personal information may be processed and stored outside of Canada by KPMG or a third party processor, and such personal information may be subject to disclosure in accordance with the laws applicable in the jurisdiction in which the information is processed or stored. These laws may not provide the same level of protection as Canadian privacy laws.
Principle 8 – KPMG will be open about the procedures used to manage your personal information.
Principle 9 – At their request, KPMG will advise individuals of what personal information we have in our possession or control about them, what it is being used for, and to whom and why it has been disclosed.
Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their engagement partner.
Partners and employees have the right to review and obtain copies of their personal information on record by contacting their HR Consultant.
In most instances, individuals will receive a response to their access request within 30 days. If an individual has any concerns about the access that is provided, they are encouraged to contact our Privacy Officer at email@example.com or at 1-866-502-2955.
KPMG will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.
To challenge compliance with this Policy, individuals should forward their concerns in writing to KPMG's Privacy Officer. The Privacy Officer will ensure that a complete investigation of all complaints has been undertaken and will report their findings to the individual in most instances within 30 days.
We know that protecting the privacy of our clients, partners and employees is important. If you have any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at firstname.lastname@example.org or at 1-866-502-2955.