Skip to main content

      This statement summarises how KPMG collects, uses, discloses and manages personal information as part of the whistleblower service it provides to its clients.

      In this Privacy Collection Statement, ‘KPMG’, ‘we’, ‘us’ and ‘our’ is a reference to the KPMG Australia partnership and includes any entity carrying on business in Australia that is part of the KPMG group of entities (which includes Associated Entities).

      This statement should be read in conjunction with KPMG’s Privacy Policy.

      KPMG is committed to protecting personal information. Where KPMG collects personal information as part of providing the whistleblower service, KPMG will treat the information in accordance with applicable privacy laws, regulations and lawful client instruction.

      Collection of personal information

      When you provide us information or report an incident, you have the option of remaining anonymous. If you identify yourself to us, we will not disclose your personal information to your employer, unless you consent to your identity being disclosed, or disclosure of your identity is required or permitted to be disclosed in accordance with applicable law.  Any personal information provided to KPMG about you or other individuals will be collected in accordance with applicable privacy laws, regulations and law client instructions.

      The type of personal information that we collect may include contact information, such as your name, information about your organisation, including your current employer and position, and details relating to the incident you are reporting or providing information about.

      If you choose not to provide certain personal information to us on request, this may mean we are unable to provide the whistleblower service to you, or the incident that you are reporting may not be able to be properly investigated. 

      Purpose, use and disclosure of personal information

      The personal information provided to us via the whistleblower service will be used for the purpose of providing a report on, or relating to, the incident reported. The report will be passed and disclosed to the relevant organisation in accordance with our terms of service, and may also be passed or disclosed to the relevant regulator(s) as required by law.

      Your identity, or information identifying you, will only be disclosed by KPMG to the relevant organisation with your consent (except in exceptional circumstances and where the law permits it).

      KPMG’s Privacy Policy contains more detail about KPMG’s external service providers, and the purposes for which we may potentially disclose personal information to those service providers, in the course of delivering KPMG’s various service offerings. In the context of providing whistleblower services, KPMG’s use of and disclosures to external service providers is more limited.

      In the context of providing whistleblower services to you, KPMG may disclose personal information to our external service providers on a confidential basis and in the course of delivering our services, including for the purposes of managing the database upon which details of your report will be stored and ensuring that we meet legal obligations. These external service providers include assurance and IT security specialists, and legal counsel. In making any such disclosures KPMG is bound by and complies with applicable regulations governing the protection of whistleblowers, including those set out in the Corporations Act 2001 (Cth).

      Disclosure of personal information overseas

      Where a whistleblowing disclosure is made from outside of Australia, the details of the report will disclosed to our team in Australia to manage. Australia may not have equivalent privacy laws to those in other countries.

      Where our client's people are located outside of Australia or may require whistleblower services in other languages, we may use other KPMG member firms and outsource service providers (including but not limited to) in South Africa, Hong Kong, China, Thailand and Argentina to assist in the provision of whistleblower services.

      Security of personal information

      KPMG has systems in place to protect the personal information it holds. KPMG will store the personal information collected as part of the whistleblower service it provides on a database or in storage with restricted access.

      Accessing and updating your personal information

      KPMG’s Privacy Policy contains information about how you can access and seek correction of your personal information.

      Lodging a privacy complaint

      KPMG is committed to dealing with complaints in relation to privacy fairly and resolving issues in a timely manner. KPMG's Privacy Policy contains information about how you can make a complaint about KPMG's handling of your personal information and how KPMG will deal with such complaints.

      Contacting KPMG

      If you would like to access or update your personal information or you would like further information in relation to KPMG’s privacy practices, please contact the National Privacy Officer by emailing AUSTPrivacy@kpmg.com.au or writing to:

      National Privacy Officer
      KPMG
      GPO Box 2291U
      MELBOURNE VIC 3001