Privacy

Privacy

Date of update: July 2023

Introduction

KPMG in Romania* is dedicated to protecting the safety and confidentiality of the information entrusted to it. As part of this fundamental obligation, KPMG is committed to protecting and using personal information referred to as ‘personal data’, belonging to data subjects, which has been collected online through any of its websites in Romania, as set out below:

In general, our intention is to collect only personal data which are provided voluntarily by online visitors or as a result of their actions on the KPMG websites in Romania, such as: enabling the option to receive information from us or to participate in certain events, so that we can provide information and/or services to those people or provide information about employment opportunities.

To the extent that the collection and processing of personal data takes place as a result of other processes/activities, which do not involve interaction with Romanian KPMG websites, information on the processing of your personal data will made available as part of those processes/activities, which are indicated in a general overview in the General Privacy Note for protection of personal data available here.

Please refer to this Privacy Statement (‘Privacy Statement’) to find more details about how we collect, use, share and protect the personal data entrusted to us.

1.  Collection and use of personal data

1.1. What information we collect

1.2. Legal bases and purposes for the processing of your personal data

1.3. Automatic collection of personal data

1.3.1.    IP addresses

1.3.2.    Cookies

1.3.3.    Google Analytics

1.3.4.    Web beacons

1.3.5.    Systems based on your location

1.4. Social media applications and widgets

1.5. Minors

1.6. Events and training sessions

2.   Sharing and transferring personal data

3.   Data retention

4.    Your rights

5.    Data security and integrity

6.     Links to other websites

7.     Amendments to this Privacy Statement

8.    Contact addresses

1. Collection and use of personal data

1.1. What information we collect

We collect personal information about you such as, but not limited to, surname, first name, e-mail address, telephone number, country of residence, company/organization you represent, your function/position within the company, photo/video images, data contained in your curriculum vitae (CV), only if you choose to provide them to us, for example so that we can contact you via e-mail or for you to be able to register to receive information about our services, participate in events organized by KPMG or to apply for employment opportunities.

If you choose to register or authenticate yourself on a KPMG website using a single third-party connection service that authenticates your identity and connects your authentication information to social networks with KPMG, (e.g. LinkedIn, Google or Twitter), we will collect any information or content required for the registration or logging that you have enabled the social media provider to share with us such as your name and address and e-mail. Other information we collect will depend on the privacy settings you have chosen in relation to your social network provider, so please consult the Data Protection Policy or Confidentiality Policy of the applicable service.

When you register or send personal information to KPMG, we will use it as described in this Privacy Statement. Your personal information are not used for other purposes, unless we obtain your permission or if required or allowed by law or by professional standards. For example, if you register on a KPMG website and provide information about your preferences, we will use them to customize your user experience.

If you register or authenticate using single sign-in, we can recognize you as the same user on any devices you use and customize your user experience on other KPMG websites you visit.

If you send us a curriculum vitae (CV) or a letter of application to apply online for an open job within KPMG, we will use the information you provide to match with the KPMG employment opportunities available, in accordance with the privacy statement available here.

In cases where you choose to send us a request initiated by yourself, using any available channel or directly using the contact addresses indicated on this website, we will process the data you provide to us on a discretionary basis, to respond to your request.

1.2. The legal grounds and purposes of processing your personal data

KPMG generally collects only the personal data required to meet your request. You will be notified of this at the moment of data collection.

The law allows us to process personal data as long as we have a legal basis for doing so. The law also requires us to inform you of the purposes of the processing. As a result, when we process your personal data, we will rely on one of the following legal grounds for processing, for the purposes indicated:

  • Legitimate interest, in answering a request/application we will process information about you which you submit when you fill in the forms available on this website, or the data you choose to send to us at your discretion directly to the contact addresses indicated on this website.
    We can process the data provided in the use of the website for fraud or criminal activity prevention and protection of IT systems.
    We can also process your image when, in events you chose to participate in, we perform video recordings or photos.
  • ·Your consent, in some cases, we will ask you for specific permission to process some of your personal data, and we will process your personal data in this way, only if you agree to do so; for example, when you exercise your option to receive information from us or to participate in certain events, according to our registration section, available here. Your consent may be withdrawn at any time following the steps available in the indicated section. If at any point you opt-in for particular services or communications, such as newsletters, you will be able to unsubscribe at any time by following the instructions included in each communication. Your consent regarding "Cookies" could be managed according to section 1.3.2 indicated  below. Note, however, that some portions of our sites may not work properly if you choose to refuse specific cookies..
  • The execution of a contract, respectively the steps you initiate to conclude a contract, such as if you apply as a candidate for one of the available positions within our organization, in accordance with the section available here.

1.3. Automatic collection of personal data

In some cases, KPMG and its service providers use cookies, web beacons and other technologies to automatically collect certain types of information when you are visiting us online. This automated cookie-based processing will be done in accordance with the options explicitly expressed by you within the Cookie Settings section, available at the bottom of the main page. Collecting this information enables the website to function, supports the customization of the online experience, improves performance and ease of use, and also makes the online presence of KPMG more effective as well as helping with measuring the effectiveness of our marketing activities.

1.3.1. IP addresses

An IP address is a number assigned to your computer every time you access the Internet. It enables computers and servers to recognize and communicate with each other. Visitors' IP addresses will be registered for IT security purposes and system diagnostics. This information will also be commonly used to analyze trends and the performance of the website.

1.3.2. Cookies

Cookies will usually be placed on your computer or other devices connected to the Internet whenever you visit us online. This allows the website to remember your computer or device and serves several purposes.

When accessing our websites, a notification banner (cookie banner) will appear, allowing you to manage your consent to collect cookies. Your option for collecting cookies  and available options to manage your consent, can be found within the Cookie Settings section of the main page of each of our websites.

Cookies do not give us your e-mail address and they do not personally identify you. In our analytical reports, we will obtain other identifiers, including IP addresses, but this is to identify the number of unique visitors to our websites and their geographical origin, not to identify visitors individually.

Below is a summary of the cookie categories that are collected on our websites, as well as how your consent can impact your experience of specific features as you browse these websites. Please note that our websites do not collect the same categories of cookies, whereas the cookies are customized for each website, as you will be informed at the time of the first interaction with each of our websites.

Strictly necessary Cookies: Cookies that are strictly necessary are essential to enable users to navigate the website and use its features, such as accessing secure areas on the website. These cookies must always be enabled, without the possibility to be blocked or refused, otherwise the website will not work.

Performance cookies: Performance cookies are cookies used to collect data to improve the performance of a website.

You can manage your consent for performance cookies using the Cookie Settings section or updating your browser settings (often found in Tools or Preferences of your browser).

Functionality cookies: Functionality cookies are used to remember visitor selections that change how the site works or looks. You can opt-out of these cookies, but this will affect your experience on our website and you may need to repeat certain selections every time you visit us.

You can manage your consent to functionality cookies using the Cookie Settings section or updating your browser settings (often found in the Tools or Browser Preferences menu).

Advertising cookies or targeting cookies (marketing): Targeting cookies are used to provide content relevant to your interests. They are also used to limit the number of views of certain marketing materials as well as to help measure the effectiveness of those marketing materials. If you do not express your consent, your computer or connected device will not be able to be tracked for marketing-related activities.

You can manage your consent for targeting cookies using the Cookie Settings section or by updating your browser settings (often found in Tools or Preferences of your browser).

Although most browsers automatically support cookies, you can choose whether to accept cookies through the cookie banner and the Cookie Settings section or your browser settings (often found in the Tools or Browser Preferences). If you want to cancel the selection, you can do this by deleting your browser cookies, or by updating your preferences in the Cookie Settings section. However, we would like to remind you that some sections of our websites cannot function correctly if you refuse certain cookies.

More information about cookie management can be found in your browser help file or through sites like www.allaboutcookies.org.

Below is a list of cookies that our website uses.

The types of cookies we use on our websites are found in detail in the Cookie Settings section by accessing the Cookies Details subsection:

Purpose

Description

Type & Expiration

Performance (i.e. User's Browser)

Our web sites are built using common internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).

Session Deleted upon closing the browser, or persistent.

Security cookies

If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.

Session Deleted upon closing the browser, or persistent.

Site Preferences

Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for obtaining access or to create an account.

Session Deleted upon closing the browser, or persistent.

Analytical cookies

We use several third-party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on kpmg.com for our visitors. The aggregated statistical data covers items such as total visits or page views, and referrers to our websites. For further details on our use of Google Analytics, see below.

Persistent, but will delete automatically after two years if you no longer visit kpmg.com

Social sharing

We use third party social media widgets or buttons to provide you with additional functionality to share content from our web pages to social media websites and e-mail. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed on our webpages (e.g. the social share count cache is updated) and log information about your activities across the Internet and on our websites. We encourage you to review each provider's privacy information before using any such service. For further details on our use of social media widgets and applications, please see below.

Persistent, but will be deleted automatically after two years if you no longer visit kpmg.com

Other third-party tools and widgets will be used on our pages to provide additional functionality. Depending on how you set your preferences in your browser and/or cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use and ensure your interaction is displayed on our webpages properly.

1.3.3. Google Analytics

KPMG uses Google Analytics. More information about how Google Analytics is used by KPMG can be found here: http://www.google.com/analytics/learn/privacy.html.

To provide website visitors more options on how their data is collected by Google Analytics, Google has developed Google Analytics Opt-out Browser Add-on. Add-on communicates with JavaScript Google Analytics (ga.js) to indicate that site visit information should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the web site itself or to other web analytics services.

1.3.4. Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time the content was viewed, a browser type and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its service providers will use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and to manage cookies.

You have the option to reject some web beacons by rejecting associated cookies. The Web beacon can still record an anonymous visit from your IP address, but cookie information will not be recorded.

In some of our newsletters and other communications, we will monitor recipient actions such as e-mail open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences.

1.3.5. Location-based tools

KPMG will collect and use the geographical location of your computer or mobile device used for visiting our websites. This location data is collected for the purpose of providing you with information about services which we believe may be of interest to you based on your geographical location and to improve our location-based products and services.

1.4. Social media applications and widgets

KPMG websites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications will collect and use information about your use of KPMG websites (see details on ‘Social Sharing’ cookies above). Any personal information that you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.

In addition, KPMG websites may host blogs, forums, crowd-sourcing and other applications, or services (collectively “social media features”). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG social media feature will typically be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we often have limited or no control.

1.5. Minors

KPMG understands the importance of protecting children's privacy, especially in an online environment. Our websites are not intentionally designed or directed to children under the age of 16. Our policy is not to collect or knowingly store information about people under the age of 16, unless we do so as part of a commitment to provide professional services.

1.6. Training events and sessions

Following your registration for an event, a training session or any other format organized by KPMG and/or its partners, using electronic communication tools, in KPMG offices or in other locations, you acknowledge that the photos and video registrations of the event will be used by KPMG and/or the event organizers to promote the event in the public space (internet, including social media platforms, media), in digital format or in printed form, in accordance with information on the processing of personal data contained in this Privacy Statement.

2. Sharing and transfer of personal data

2.1. Transfer within the KPMG global network

We may be able to convey information about you to other KPMG global network member firms as part of international commitments with KPMG International Limited and other member firms, where necessary, to meet our legal and regulatory obligations worldwide, but also the obligations on KYC (know your customer) aspects,  providing support for customer services,  ensuring management of certain types of insurance policies or to allow hosting and support of IT applications. However, we will ensure that any data transmitted is only what is necessary to fulfill this purpose.

2.2. Transfer to third parties

We do not share personal data with third parties, unless necessary for our legitimate business and professional needs, to analyze and respond to your requests and/or, as necessary, permitted by legal or professional standards. For more information about these third parties, please go to this link. In addition, KPMG can transfer certain personal data outside the European Economic Area to external companies working with us or on our behalf.

In addition, in the event that KPMG can store personal data outside the European Economic Area, they are normally transmitted to the following countries. In the event of a possible transfer of data, we will ensure that it will only take place if an adequate level of protection of personal data is recognized by the European Commission for the recipient country. In the absence of such a decision issued by the European Commission, we will only transfer your personal data to a third country if appropriate legal safeguards are provided to protect them.

In any case, we will ensure that any data transmitted is only what is necessary to fulfill the intended purpose.

KPMG will not transfer your personal data for the direct marketing of third parties.

3. Data retention

The data we receive via our websites will be processed for the purposes specified in Section 1.2 of this Privacy Statement depending on the purpose.

After the completion of providing a service or after applying for a position within our organization or responding to a request/application, we will retain your personal data only for compliance with any legal obligations and for the defense of our rights in the event of legal proceedings, for a period of up to 5 (five) years from the time of collection, unless, following the operations listed above, a new legal relationship will be initiated between you and KPMG, by reference to which other retention periods will begin, in accordance with the legal provisions in force.

4. Your rights

To the extent that KPMG processes personal data relating to you, you have the following rights, in accordance with EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (‘GDPR’):

Right to information: you have the right to receive information on the processing of personal data carried out through the website. Compliance with this right is achieved through this Privacy statement.

Right of access: you have the right to obtain extensive information on the processing of your personal data, in which case our reply will follow at least the categories of information as indicated within GDPR.

Right to rectification: you have the right to obtain, without unjustified delays, rectification of inaccurate data concerning you or to completion of incomplete personal data.

Right to erase data: You have the right to request the deletion of personal data concerning you, in any of the following cases set out in the GDPR, as follows:

  • personal data are no longer required for the purposes for which they have been collected or processed;
  • you have withdrawn your consent granted and there is no other legal basis for the processing;
  • you oppose the processing of personal data;
  • your personal data have been unlawfully processed;
  • your personal data must be deleted to comply with a legal obligation.

Right to restrict processing: you have the right to obtain the restriction of personal data processing in any of the following situations set out in the GDPR, as follows:

  • you dispute the accuracy of the data. The processing will be restricted for the period of time necessary to verify the accuracy of the data;
  • processing of your personal data is illegal, but you choose to request its restriction rather than deletion;
  • you request restriction for the establishment, exercise or defense of a right in court;
  • you oppose processing based on legitimate interest.

Right to data portability: you have the right to receive personal data concerning you in a structured format that is commonly used and that can be read automatically and to transmit such data to another operator when the technical means allow it. This right may be exercised when the processing is based on consent and done by automatic means.

Right of opposition: you have the right to object to the processing of your personal data, for reasons relating to a particular situation in which you are in.

The right not to be the subject of a decision based solely on automated processing, including profiling.

The right to withdraw your consent for processing based on consent as a legal basis.

For the exercise of the above rights, you can send us a written request by e-mail to dataprotection-office@kpmg.com.

You are also entitled to lodge a complaint with the National Supervisory Authority Personal Data Processing Supervisory Authority (ANSPDCP) based in 28-30 G-ral Gheorghe Magheru Avenue, District 1, Postal Code 010336, Bucharest, in the form of a written address at the institution's premises or electronically at anspdcp@dataprotection.ro, in case of a possible violation of your rights in the context of the processing of your personal data.

5. Data security and integrity

KPMG has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.

We also make reasonable efforts to retain personal information only for so long i) as the information is necessary to comply with an individual’s request, ii) as is necessary to comply with legal, regulatory, internal business or policy requirements, or iii) until that person requests that the information be deleted. The period for which data is retained will depend on the specific nature and circumstances under which the information was collected.

6. Links to other websites

Please be aware that KPMG websites will typically contain links to other websites, including websites maintained by other KPMG member firms that are not governed by this Privacy Statement, but by other privacy statements which may differ. We encourage users to review the privacy policy of each visited website before disclosing any personal information.

By registering on any KPMG website and then navigating to another KPMG website while still logged in, you agree to the use of your personal information in accordance with the privacy statement of the KPMG website you are visiting.

The websites for the KPMG entities of Romania are as follows:

KPMG in Romania - KPMG Romania (home.kpmg)

KPMG Legal

KPMG Careers & Job Search | KPMG Careers

KPMG Corporate Tax Manager (kpmgprofitax.com)

7. Amendments to this Statement

KPMG can modify this Privacy Statement to reflect our privacy policies. If we modify this Statement, we will note the updated date at the top of this page. Any change in how your personal data is processed as described in this Privacy Statement and affecting you will be communicated through an appropriate channel, depending on how we communicate with you.

8. Contact addresses

KPMG is committed to protecting the online privacy of your personal data. If you have questions or comments about the processing your personal data, please contact us at dataprotection-office@kpmg.com. You can also use this address to send us any requests in relation to respect for personal data protection.

We will acknowledge the receipt of your email and try to resolve your request within one month of receipt. If the request is complex or we have a large number of pending requests, we will let you know that it will take more than one month to resolve the request and we will try to resolve it within three months of receiving it.

Also, you have the possibility to lodge a complaint with the local data protection authority, the National Supervisory Authority for the Processing of Personal Data at the contact details indicated above in Section 4.

*"KPMG," "we,", “us” and “our refers to KPMG International Cooperative ("KPMG International"), a limited liability company of English nationality, and/or any or more member firms of the global KPMG organization of independent firms affiliated to KPMG International.

KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

The following KPMG entities are incorporated in Romania, and headquartered in Bucharest, District 1, 89A București-Ploiești Road:

  • KPMG Romania S.R.L.
  • KPMG Audit S.R.L.
  • KPMG Tax S.R.L.
  • KPMG Advisory S.R.L.
  • KPMG Business Tax Services S.R.L.
  • KPMG Restructuring S.P.R.L.
  • KPMG Delivery Center S.R.L.
  • KPMG Foundation
  • KPMG Accounting and Payroll Services S.R.L.
  • KPMG Legal through TONCESCU and Associates of S.P.A.R.L.

Connect with us