Privacy

Privacy

Last updated January 16, 2024

KPMG LLP (U.S.) (“KPMG,” “we,” “our” or “us”) is committed to protecting the confidentiality and privacy of the personal information we obtain via our websites, web-based and mobile applications, meetings and events (in-person and virtual), marketing materials and content, and other services, in each case that link to, post or otherwise refer to this Privacy Statement (collectively, “Activities”). The following explains our practices regarding the collection, use, disclosure and protection of personal information. By engaging in such Activities, you understand and agree to our privacy practices.

1. What We Collect

1.1 Personal Information You Provide

1.1.1 Sensitive Personal Information

1.2 Information We Gather

1.2.1 What We Gather

1.2.2 How We Gather Personal Information

1.3 Do Not Track

1.4 Children

2. How We Use Personal Information

2.1 Participate in Activities and Further Our Business Purposes

2.2 Advertising

2.3 Data Retention

3. Disclosure of Personal Information

3.1 Business Purposes

3.2 Sale or Sharing of Personal Information

3.3 Legal Reasons

3.4 Corporate Transactions

3.5 Social Media

3.6 Cross-Border Collection and Transfer

4. Choices

5. Data Security

6. Additional Data Subject Notices

6.1 California Residents

6.2 Colorado Residents

6.3 Connecticut Residents

6.4 Utah Residents

6.5 Virginia Residents

6.6 Non-U.S. Residents

6.7 Firm Personnel

7. Data Privacy Framework

8. Links to Other Sites

9. Cookie Preferences

10. Changes to This Privacy Statement

11. Questions and Comments
 

1. WHAT WE COLLECT

We, and third-party providers engaged by us, collect personal information when you engage in Activities. The personal information we collect will depend on your relationship with KPMG. For example, we may collect personal information from our business clients during an engagement to provide products and services to our clients; our collection and use of such personal information is governed by our contract or engagement letter with that entity. In other cases, we may collect personal information directly from individuals that engage in our Activities. Please also review the Additional Data Subject Notices in Section 6, applicable to any Firm Personnel, California residents, Colorado residents, Connecticut residents, Virginia residents, Utah residents, and individuals outside of the U.S.

Categories of Personal Information Collected

We may collect the following categories of personal information about you:

  • Identifiers, which may include real name and alias, postal address, unique personal identifier, online identifiers as detailed below, Internet Protocol (“IP”) address. E-mail address; telephone number, account number, username and password, Social Security number, driver’s license number, passport number, state or other government-issued identification card number, and/or other similar identifiers;
  • Commercial and financial information pertaining to you or member of your household, which may include records of personal property, products or services purchased, obtained, or considered, account balances, payment history, or account activity, bank account information and other information relating to your financial institution, credit application, credit checks, and information from credit reporting agencies, criminal histories, and/or other purchasing or consumer histories or tendencies;
  • Information relating to Internet activity, which may include cookie identifiers, clear gifs, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version and/or other device characteristics including your choice of settings;
  • Geolocation data based upon your IP address, cell network data, and/or other similar location data;
  • Audio, electronic, or visual information, which may include records of calls to or from our customer service centers, recordings and/or transcriptions of events or meetings, and/or video surveillance information;
  • Professional or employment-related information, which may include information regarding your professional licenses, current and previous employers, job titles and responsibilities, assets and income, and/or other information related to your work history and/or prospective employment or contract with the firm;
  • Education information, which may include academic records, degrees, and educational history;
  • Biometric information, which may include fingerprints, facial scans, voice recognition information, genetic information, and/or other similar biometric identifiers;
  • Inferences about you, which may include preferences and characteristics and other information we may infer from other personal information we have collected;
  • Information not listed above and related to characteristics protected under federal or state law, which may include gender, race and ethnicity, nationality, marital status, military service or veteran status, and/or date of birth; and
  • Medical information and health insurance information;
  • Allergies, dietary restrictions, disabilities, and any special accommodations; and
  • Other personal information not listed above, including signature, physical characteristics or description, insurance information, and/or any other financial- or health-related information.

1.1 Personal Information You Provide

We collect the personal information that you provide voluntarily (e.g., subscribing to a newsletter or participating in a survey). For example, when you register attend a firm-sponsored event, we may collect business contact information about you such as your name, title, employer, work e-mail address, mailing address, and phone number. We may also collect information about your allergies, dietary restrictions, disabilities, and any special accommodations needed.

1.1.1  Sensitive Personal Information

We only collect sensitive personal information when you voluntarily provide us with this information What constitutes "sensitive personal information" may vary by law, and generally includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, disabilities, biometrics, precise geolocation, sexual orientation or criminal record. Please use your discretion when providing sensitive personal information to KPMG or permitting KPMG to use such sensitive personal information. Do not provide sensitive personal information to KPMG or permit KPMG to use such sensitive personal information unless you consent to KPMG's use of that sensitive personal information for its business purposes. 

1.2  Information We Gather

In some instances, we and our third-party providers use cookies, web beacons, wayfinding technology, and other tracking technologies to collect certain types of personal information when you engage in Activities (e.g., web-based or mobile applications), as well as through messages that we may exchange or through collaboration platforms.

1.2.1 What We Gather

IP Addresses. We collect an IP address when you conduct an Activity online. An IP address is a number assigned to your Internet-enabled device (including computers and mobile devices) whenever you access the Internet. It allows computers and servers to recognize and communicate with one another.

Cookie Data. We gather various information via cookies or similar web tracking technologies. Please see our Cookie Preferences in Section 9 for further information.

Location Information. We may collect geographical location from your Internet-enabled device (e.g., via tracking beacons, Bluetooth, or Global Positioning System technology) in connection with certain Activities, but only if you have not disabled sharing of such information via your device. Typically, you may disable or enable sharing of such information by managing the location services preferences on your device. If you disable location services, some features of our Activities may not be available.

1.2.2  How We Gather Personal Information

Cookies. We use cookies to identify you online and gather certain personal information. Please see our Cookie Preferences in Section 9 for further information.

Web Beacons. We may use web beacons to gather certain information. A web beacon is a small image file on a web page that can be used to collect certain information from your Internet-enabled device, such as an IP address, the time the content was viewed, web browser type, and the existence of cookies previously set by the same server. You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded. If you opt to render some web beacons unusable, some features of our Activities may not be available.

Social Media Applications. Our online Activities may permit the sharing of information between third party social media platforms (e.g., Facebook and LinkedIn), or allow you to use your social media platform credentials to log into and access our online Activities. These social media platforms may collect and use personal information regarding your use of our online Activities. Information you provide via a social media platform may be collected and used by the provider of that social media platform and subject to their privacy practices. We do not have control over, or responsibility for, those providers, or their use of your information.

Analytics Tools. We use third-party usage analytics tools as part of online Activities, including Google Analytics, which may be subject to Google’s privacy policies. More information about how Google Analytics is used by KPMG can be found here: https://policies.google.com/technologies/partner-sites.To provide website visitors with more choice on how their data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The Add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Add-on does not prevent information from being sent to us or to other web analytics services.

In some of our online Activities (e.g., newsletters and marketing materials), we and third-party providers operating on our behalf, may monitor recipient actions such as e-mail open rates through embedded links within the messages. If you wish to unsubscribe from receiving certain publications or from all KPMG communications, a unique link to manage your preferences is available in the footer of our marketing messages. You may also opt out at any time by e-mailing us-optout@kpmg.com.

1.3 Do Not Track

Our online Activities may not recognize all web browser-based “Do Not Track” signals.  However, you may be able to modify your Internet-enabled device’s web browser settings to block all cookies or third-party cookies.

1.4  Children

KPMG understands the importance of protecting children's privacy. Our Activities are not intentionally designed for nor directed at children under the age of 18. It is our policy not to knowingly collect or maintain personal information about anyone under the age of 18, except as may be required by applicable law or professional standards, and where permission has been granted by a child’s parent or legal guardian.
 

2. HOW WE USE PERSONAL INFORMATION

We use the personal information we collect to enable you to engage in Activities as detailed below. Among other things, this personal information allows us to customize your online experience; improve the performance, usability and effectiveness of our Activities; advertise and market our Activities; measure the effectiveness of our Activities; and generate and analyze statistics about your engagement in our Activities. We also use your personal information (i) when you expressly permit us to use it, or (ii) as required or permitted by applicable law or professional standards.

If we provide specific terms in connection with a particular request, product or service, those terms which apply to such request, product or service, and in the event of a conflict between this Privacy Statement and those terms, the specific terms provided in connection with the request, product or service shall control.

2.1 To Participate in Activities and Further Our Business Purposes

We may use the personal information we collect to: enable you to engage in Activities; provide you with web-based and mobile applications; communicate with you; provide you with information about KPMG’s products and services; comply with applicable laws, regulations, and/or professional standards, including for background checks for onboarding Firm Personnel and prospective clients, auditor independence, anti-money laundering, and know-your-client checks; operate, maintain, and enhance any of our Activities; improve the delivery or quality of services or technology for KPMG and its clients through the use of technologies, such as artificial intelligence (including, but not limited to, machine learning), internal analytics, and benchmarking; and fulfill your specific requests. For example, if you send us a message requesting information about KPMG, we will use the contact information you provide, such as your e-mail address, and other personal information you provide, to respond to your request. If you send us a resume or curriculum vitae to apply online for a position with KPMG, we will use the personal information that you provide to match you with available KPMG job opportunities.

IP addresses from which visitors appear to originate may be recorded for our IT security and system diagnostic purposes. This information may also be used to maintain and improve our Activities and to generate and analyze statistics about the Activities and your engagement.

We may use location data we gathered to provide you information regarding our Activities, products and services which we believe may be of interest to you based on your geographic location, and to improve our location-based Activities, responses to requests, products and services. We use data from monitoring recipient actions, such as e-mail open rates, to gauge user interest and to maintain and improve our online Activities.

We or our third-party providers may use data gathered via web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies. 

We or our third-party providers may also use personal information in an aggregated, deidentified or anonymized data for our legitimate business purposes detailed below, including, but not limited to, improving the delivery or quality of services or technology, and for research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. Any deidentified information will be maintained in a deidentified form and will not be re-identified.

2.2 Advertising

We may use "interest-based" ads, also known as “online behavioral advertising" or “cross-context behavioral advertising” (collectively, “Targeted Advertising”). Targeted Advertising is advertising that is targeted to you based on your web browsing and app usage over time and across websites or applications. We may partner with ad networks and other advertising providers (“Advertising Providers”) who serve ads on the firm’s behalf and at our discretion on third party websites and platforms. Some of these Advertising Providers may use cookies and other tracking technologies to collect information about your online activities over time and across third party websites, applications, and Internet-enabled devices to deliver Targeted Advertising based on your interests and preferences, as inferred from your browsing history. Some of these ads may be personalized, meaning that they are intended to be relevant to you based on information that KPMG and its Advertising Providers collect about your visits to our websites and elsewhere.

You have the option to restrict the use of information for Targeted Advertising and to opt-out of receiving Targeted Advertising. Please see Sale or Sharing of Personal Information in Section 3.2 for further information and opt-out methods.

2.3 Data Retention

We retain personal information only for so long as it is needed to fulfil the purpose for which it was collected as described in this Privacy Statement, including to meet business needs and comply with legal requirements, professional standards, or an individual’s request. Accordingly, the retention period may vary and depend on the firm’s retention policies.
 

3.  DISCLOSURE OF PERSONAL INFORMATION
 

3.1 Business Purposes

We disclose personal information with third parties that we engage to carry out your requests and as necessary for our legitimate professional and business needs, and to market our products or services, including in coordination with other third parties for joint-marketing purposes, as required or permitted by law or professional standards, or otherwise with your permission. We require them to safeguard any personal information disclosed in the same manner as we do. In most cases, the third parties work on our behalf and at our direction, as service providers, except in limited instances as described in Section 3.2.

Furthermore, we may disclose aggregated or deidentified information, including reports on user demographics and traffic patterns, with certain third parties.

Legal Purposes
Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our business includes:

  • Our legitimate interest in developing and improving our site, and your user experience.
  • Performance of a contract.
  • Compliance with a legal or regulatory obligation.
  • Our legitimate interest in providing you with seamless, consistent, high-quality services and securing prompt payment of any fees, costs and debts in respect of our services.
  • Our legitimate interest in understanding any conflict of interest or challenge with regard to independence legislation.
  • Our legitimate interest in safeguarding KPMG against inadvertently dealing with the proceeds of criminal activities or assisting in any other unlawful or fraudulent activities (for example, terrorism).
  • Our legitimate interest in organizing events or meetings, managing the registration process for such events or meetings, and creating summaries of such events or meetings.
  • Our legitimate interest in protecting our people, assets and information, and to prevent unauthorized people from gaining access to KPMG events.
  • Our legitimate interest in providing information about KPMG, our services and events we organize.
  • Our legitimate interest to process and manage applications for roles at KPMG, including the screening and selecting of candidates.
  • ·Compliance with a legal or regulatory obligation (when carrying out background checks to warrant a candidate is eligible to work).
  • For any other purpose with your consent.

3.2 Sale or Sharing of Personal Information

While KPMG does not sell or share any personal information collected through its online Activities for monetary consideration, we may be deemed as selling or sharing limited personal information for non-monetary consideration to certain third parties that we engage under applicable law. Specifically, our use of your IP address, information related to your Internet activity, and third-party cookie and tracking information may be provided to the firm’s Advertising Providers and analytics tool providers. Any sale or sharing of personal information is limited to our online Activities. 

Please refer to the Choices in Section 4 to opt-out of any sale or sharing of your personal information. Alternatively, you may click the “Do Not Sell or Share My Personal Information” link on the footer of our websites to initiate a Data Privacy Request, available at: https://kpmg.com/us/en/how-we-work/data-privacy.html.

3.3 Legal Reasons

We may also disclose personal information in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, government regulations or professional rules.

3.4 Corporate Transactions

In the event that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information that has been collected by KPMG may also be shared in connection with the consideration, negotiation or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

3.5 Social Media

If you use social media platforms and integrated third-party provider tools to share personal information or you otherwise interact with these features, those providers may collect information about you and may use and share such information in accordance with your account settings, including by sharing such information with the general public. Your interactions with such social media platforms and tools may be governed by the privacy policies of those providers. We encourage you to carefully read those privacy policies.

In addition, our online Activities may feature blogs, forums, crowd-sourcing and other applications or services (collectively, “Social Media Features”). The purpose of Social Media Features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG Social Media Feature may be shared with other users of that Social Media Feature (unless otherwise stated at the point of collection), over whom we may have limited or no control. 

3.6 Cross-Border Collection and Transfer

We may collect personal information from or about you if you are in a jurisdiction other than the U.S. in connection with your use of KPMG services. Similarly, if you are in the U.S., we may transfer outside of the U.S. the information we collect from or about you. Regardless of where you are, we may transfer certain personal information across geographical borders to KPMG International, other member firms affiliated with KPMG International or to various third-party providers working on our behalf, or we may receive personal information in the U.S. or elsewhere transferred from KPMG International, another member Firm affiliated with KPMG International, or an unaffiliated third party. KPMG may also store personal information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your personal information as your home country. By providing your personal information to KPMG, you understand that your personal information may be collected, transferred and/or stored in a jurisdiction other than your home country. Each KPMG Member Firm affiliated with KPMG International is required to safeguard personal information in accordance with its contractual obligations and data protection legislation applicable to its provision of services. Your personal information will only be transferred if appropriate or suitable safeguards are in place.
 

4. CHOICES

We may require you to provide certain personal information in order to receive additional information about our Activities. We may also ask for your permission for certain uses of your personal information, and you may agree to or decline those uses. If you have previously opted in to particular Activities (e.g., an online newsletter), you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from an Activity, we will remove your personal information, and reach out to you in case we require additional information or confirmation before we can process your request.

If you have submitted personal information to us, you may have the right to request, under applicable law, that we provide you with reasonable access to your personal information, update or correct any inaccuracies in your personal information, delete your personal information, and, in any such event, we will undertake reasonable and practical efforts to comply with your request, so long as our doing so would be consistent with applicable law, our contractual requirements, our record retention policies, and/or the professional standards applicable to us.

To make a Data Privacy Request, please contact us by:

5. DATA SECURITY

We have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration or destruction, and require our third-party providers to similarly safeguard personal information. Despite those efforts, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know and require those individuals to maintain the confidentiality of such information.
 

6. ADDITIONAL DATA SUBJECT NOTICES

6.1 California Residents

The California Consumer Privacy Act, as amended, and its regulations, (“CCPA”), grants certain rights to California residents with regard to their personal information. The following explains your CCPA rights and our personal information practices as applicable.

For purposes of this Privacy Statement, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household; “sensitive personal information” is defined separately under the CCPA and in accordance with Section 1.1.1; and other terms below have the meaning defined in the CCPA.

Our collection practices, including personal information collected during the preceding 12 months, are identified in Section 1.

Source of Personal Information

We may collect personal information from the following sources, including, but not limited to via applications and forms, collaboration platforms, communications and interactions with us and through our in-person events or meetings and online Activities such as websites and mobile applications:

  • Our clients and customers and prospective clients and customers, or their authorized representatives.
  • Our subsidiaries, affiliates, joint ventures, and other companies under our common control (collectively, "Affiliates").
  • KPMG International.
  • Other member firms affiliated with KPMG International.
  • Our service providers, such as customer relationship management providers, analytics providers, website hosting providers, systems administrators and communications delivery services.
  • Unaffiliated third parties with which we have a business relationship and/or promotional and joint-marketing partners.
  • Social media platforms providers, online communities and forums and online advertising providers and partners.
  • Current and former employees, partners and principals, contractors, and job applicants.
  • Government entities and databases, such as anti-fraud databases, sanctions lists and court judgments.
  • Publicly available sources.

Purposes for Which Personal Information is Collected

We may collect or use personal information for the following purposes:

  • Administer, maintain and improve our Activities.
  • Assessing third-party providers and service providers.
  • Auditing and compliance with policies, procedures, laws, regulations and/or professional standards, including for auditor independence checks.
  • Billing, payment and fulfillment.
  • Customer and client communications.
  • Customer and client relationship management.
  • Financial reporting and accounting.
  • General business administration.
  • Health, safety, and wellness of our workplace, facilities and workforce.
  • Internal analytics and benchmarking.
  • Marketing our Activities.
  • Marketing the products and services of KPMG International, other member firms affiliated with KPMG International or other third parties.
  • Protect against fraud and other malicious or illegal activity, including for anti-money laundering and know-your-client checks.
  • Provision and performance of the services.
  • Summarizing events or meetings, including through audio and video recordings or transcripts, for legitimate firm business purposes.
  • Systems and data security.

Categories of Third Parties to Whom Personal Information is Disclosed

We may share personal information as described in this Privacy Statement, including with the following categories of third parties:

  • Affiliates. We may disclose personal information to our Affiliates.
  • KPMG International. We may disclose personal information to KPMG International.
  • Member Firms. We may disclose personal information to other KPMG member firms affiliated with KPMG International.
  • Technical and Operational Service Providers and Business Partners. We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal information to our third-party business partners and service providers in order to maintain and operate the websites and provide, improve, and personalize the services, including to fulfill requests for the services and for other technical and processing functions, such as sending e-mails on our behalf, fulfilling orders, and technical support. We may also share personal information to service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats.
  • Marketing, Advertising and Analytics Providers. We may share personal information with third-party providers for marketing, advertising and analytics purposes.
  • Government Entities. We may share personal information with government entities and agencies, regulators, law enforcement, and other third parties, including to provide the services, comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process and to establish or exercise our legal rights or for fraud- or crime-prevention purposes.
  • Professional Service Firms. We may share personal information with other professional service firms in connection with our legal, regulatory and professional obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, insurers and consultants.
  • Corporate Transactions. Subject to applicable law, we reserve the right to transfer some or all personal information in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal information collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal information as described in this Privacy Statement.

Categories of Personal Information Sold or Shared
In the past 12 months, we may have sold or shared the following categories of your personal information for conducting website analytics and Targeted Advertising:

  • IP address;
  • Information relating to Internet activity as described in Section 1; and
  • Third-party cookie and tracking information as described in Section 9.

Categories of Third Parties to Whom Personal Information is Sold or Shared

In the past 12 months, we may have sold or shared personal information to the following categories of third parties for conducting website analytics and Targeted Advertising:

If you are a California resident, you may be able to exercise the following privacy rights.

  • Right to Know. In the last 12 months:
    • The categories of personal information that we collected or maintained about you;
    • The categories of sources from which that personal information was collected;
    • The business or commercial purpose for collecting that personal information;
    • The categories of personal information we disclosed for a business purpose;
    • The categories of third parties to whom we disclosed that personal information;
    • The categories of personal information that we “sold” or “shared” (as such terms are defined under the CCPA);
    • The categories of third parties to whom we sold or shared that personal information; and
    • The specific pieces of personal information that we collected or maintained about you.
  • Right to Correct. The correction of personal information that we maintain about you.
  • Right to Delete. The deletion of personal information that we have collected from you.
  • Right to Limit Use and Disclosure of Sensitive Personal Information. To limit or restrict the use of Sensitive Personal Information that we have collected or maintained about you for the purpose of inferring characteristics.
  • Right to Opt Out of Sale or Sharing. To opt out of the sale or sharing of your personal information.

To exercise any of your rights, please contact us by:

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. The above rights are subject to various exclusions and exceptions under applicable laws and the firm’s record retention policies, and under certain circumstances we may be unable to implement your request.

Where we have received your personal information through our business clients or where we are otherwise operating as a service provider, we may refer you to the business with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your child under 16, you may exercise the above rights on their behalf.

Opt-Out Preference Signals. You may provide us with an opt-out preference signal like the Global Privacy Control (“GPC”). Please be aware that your opt-out preference signal may only apply to the collection and use of information from that particular browser or device. Opting out on a particular device may not opt you out of information collection on other devices, nor may it limit cross-device sharing on those other devices. If you use different browsers on a device or multiple devices, for each browser and device you wish to opt out, you may need to individually set your preference signals to opt-out each device and browser separately.

6.2 Colorado Residents

The Colorado Privacy Act (“CPA”), grants certain rights to Colorado residents with regard to their personal information. The following explains your CPA rights and our personal information practices as applicable.

For purposes of this Privacy Statement, “personal information” means “personal data” that is linked or reasonably linkable to an identified or identifiable natural person; “sensitive data” is defined separately under the CPA and in accordance with Section 1.1.1; and other terms below have the meaning defined in the CPA. Our collection practices and business purposes for collecting personal information are identified in Sections 1 and 3.1, respectively. In Sections 2 and 3, we described how we use and disclose personal information. Please see the additional information below related to our “sales” of personal information as that term is defined under the CPA, as well as our disclosures of personal information for targeted advertising.

Categories of Personal Information Sold or Disclosed for Targeted Advertising
In the past 12 months, we may have sold or disclosed the following categories of your personal information for conducting website analytics and Targeted Advertising:

  • IP address;
  • Information relating to Internet activity as described in Section 1; and
  • Third-party cookie and tracking information as described in Section 9.

Categories of Third Parties to Whom Personal Information is Sold or Disclosed for Targeted Advertising

In the past 12 months, we may have sold personal information to the following categories of third parties for conducting website analytics and Targeted Advertising:

If you are a Colorado resident, you may be able to exercise the following privacy rights.

  • Right to Access. To confirm whether or not we process your personal information and to access such personal information.
  • Right to Portability. In some circumstances, where you have provided personal information to us, you can ask us to transmit that personal information (in a structured, commonly used, and machine-readable format) directly to another company if this is technically feasible.
  • Right to Correct. To correct inaccuracies the personal information we collect from you;
  • Right to Delete. To delete personal information provided by you or obtained about you;
  • Right to Opt Out of Targeted Advertising, Sale, or Profiling. To opt out of the processing of your personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Appeal. To appeal our denial of your request(s).

To exercise any of your rights, please contact us by:

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a processor, we may refer you to the controller with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your minor child, you may exercise the above rights on their behalf.

The above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances we may be unable to implement your request.

If you wish to appeal our denial of a request, you may e-mail the firm’s U.S. Privacy Office us-privacy@kpmg.com to reconsider your submission. If the U.S. Privacy Office rejects your appeal, you may further elect to submit a claim through the Colorado Office of the Attorney General.

6.3 Connecticut Residents

The Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTPDPOM”), grants certain rights to Connecticut residents with regard to their personal information. The following explains your CTPDPOM rights and our personal information practices as applicable.

For purposes of this Privacy Statement, “personal information” means “personal data” that is linked or reasonably linkable to an identified or identifiable natural person; “sensitive data” is defined separately under the CTPDPOM and in accordance with Section 1.1.1; and other terms below have the meaning defined in the CTPDPOM. Our collection practices and business purposes for collecting personal information are identified in Sections 1 and 3.1, , respectively. In Sections 2 and 3, we described how we use and disclose personal information. Please see the additional information below related to our “sales” of personal information as that term is defined under the CTPDPOM, as well as our disclosures of personal information for targeted advertising.

Categories of Personal Information Sold or Disclosed for Targeted Advertising

In the past 12 months, we may have sold or disclosed the following categories of your personal information for conducting website analytics and Targeted Advertising:

  • IP address;
  • Information relating to Internet activity as described in Section 1; and
  • Third-party cookie and tracking information as described in Section 9.

Categories of Third Parties to Whom Personal Information is Sold or Disclosed for Targeted Advertising

In the past 12 months, we may have sold personal information to the following categories of third parties for conducting website analytics and Targeted Advertising:

If you are a Connecticut resident, you may be able to exercise the following privacy rights.

  • Right to Access. To confirm whether or not we process your personal information and to access such personal information.
  • Right to Portability. In some circumstances, where you have provided personal information to us, you can ask us to transmit that personal information (in a structured, commonly used, and machine-readable format) directly to another company if this is technically feasible.
  • Right to Correct. To correct inaccuracies the personal information we collect from you;
  • Right to Delete. To delete personal information provided by you or obtained about you;
  • Right to Opt Out of Targeted Advertising, Sale, or Profiling. To opt out of the processing of your personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Appeal. To appeal our denial of your request(s).

To exercise any of your rights, please contact us by:

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a processor, we may refer you to the controller with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your minor child, you may exercise the above rights on their behalf.

The above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances we may be unable to implement your request.

If you wish to appeal our denial of a request, you may e-mail the firm’s U.S. Privacy Office us-privacy@kpmg.com to reconsider your submission. If the U.S. Privacy Office rejects your appeal, you may further elect to submit a claim through the Connecticut Office of the Attorney General.

6.4 Utah Residents

The Utah Consumer Privacy Act, (“UCPA”), grants certain rights to Utah residents with regard to their personal information. The following explains your UCPA rights and our personal information practices as applicable. For purposes of this Privacy Statement, “personal information” means “personal data” that is linked or reasonably linkable to an identified or identifiable natural person; “sensitive data” is defined separately under the UCPA and in accordance with Section 1.1.1; and other terms below have the meaning defined in the UCPA. Our collection practices and business purposes for collecting personal information are identified in Sections 1 and 3.1,  respectively.

If you are a Utah resident, you may be able to exercise the following privacy rights.

  • Right to Know. To confirm whether or not we process your personal information and to access such personal information.
  • Right to Delete. To delete personal information provided by you;
  • Right to Opt Out of Targeted Advertising or Sale. To opt out of the processing of your personal information for purposes of (i) targeted advertising or (ii) the sale of personal information.

To exercise any of your rights, please contact us by:

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a processor, we may refer you to the controller with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your minor child, you may exercise the above rights on their behalf.

The above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances we may be unable to implement your request.

Note, KPMG does not “sell” (as such term is defined under the UCPA) any personal information for monetary consideration.

6.5 Virginia Residents

The Virginia Consumer Data Protection Act, (“VCDPA”), grants certain rights to Virginia residents with regard to their personal information. The following explains your VCDPA rights and our personal information practices as applicable. For purposes of this Privacy Statement, “personal information” means “personal data” that is linked or reasonably linkable to an identified or identifiable natural person; “sensitive data” is defined separately under the VCDPA and in accordance with Section 1.1.1; and other terms below have the meaning defined in the VCDPA. Our collection practices and business purposes for collecting personal information are identified in Sections 1 and 3.1, respectively.

If you are a Virginia resident, you may be able to exercise the following privacy rights.

  • Right to Know. To confirm whether or not we process your personal information and to access such personal information.
  • Right to Correct. To correct inaccuracies the personal information we collect from you;
  • Right to Delete. To delete personal information provided by you or obtained about you;
  • Right to Opt Out of Targeted Advertising, Sale, or Profiling. To opt out of the processing of your personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Appeal. To appeal our denial of your request(s).

To exercise any of your rights, please contact us by:

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a processor, we may refer you to the controller with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

You may authorize someone to exercise the above rights on your behalf. If we have collected information about your minor child, you may exercise the above rights on their behalf.

The above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances we may be unable to implement your request.

If you wish to appeal our denial of a request, you may e-mail the firm’s U.S. Privacy Office us-privacy@kpmg.com to reconsider your submission. If the U.S. Privacy Office rejects your appeal, you may further elect to submit a claim through the Virginia Office of the Attorney General.

Note, KPMG does not “sell” (as such term is defined under the VCDPA) any personal information for monetary consideration.   

6.6 Non-U.S. Residents

KPMG provides our Activities in the U.S. and does not direct such activities to individuals that are located outside of the U.S. However, in certain circumstances, we do interact with or collect personal information about individuals outside of the U.S. In such circumstances, we typically collect personal information from individuals outside of the U.S. through a direct collection of that information via our Activities. However, in some circumstances, personal information may be transferred to us from KPMG International, a member firm affiliated with KPMG International or an unaffiliated third party outside of the U.S. Where this applies, we typically receive your personal information because it is necessary to perform a contract or pre-contractual measures with you or because of our legitimate interests. If we receive personal information transferred by a member firm affiliated with KPMG International or an unaffiliated third party, it would typically be pursuant to the appropriate foreign regulator-approved standard contractual clauses or based on another lawful basis such as described in Section 7. To know more about non-U.S. residents’ notices and rights, please review the KPMG LLP Notice of Processing

6.7 Firm Personnel

This Privacy Statement does not govern the privacy practices concerning any current or former KPMG partners, principals, employees, directors, officers, interns, and individuals engaged with KPMG through a third party, including contractors and contingent workers (collectively, “Firm Personnel”). The collection and processing of Firm Personnel’s personal information is subject to KPMG’s Firm Personnel Data Privacy Notice and in furtherance of other firm policies.
 

7. DATA PRIVACY FRAMEWORK

KPMG complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and as available. KPMG has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regards to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. KPMG has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.

For more details, please review the KPMG LLP Data Privacy Framework Policy, which applies to personal information transferred from member countries of the European Economic Area, the United Kingdom (including Gibraltar), and Switzerland pursuant to the DPF.
 

8. LINKS TO OTHER SITES

Our Activities may contain links or refer you to other websites, applications, social media platforms, collaboration platforms, products or services maintained by KPMG International, other member firms affiliated with KPMG International, or by unaffiliated third parties (collectively, “Other Sites”). Other Sites are not governed by this Privacy Statement and may be governed by their own privacy notices. We are not responsible for the content or practices of these Other Sites. We encourage you to review the applicable privacy notices of Other Sites you visit before disclosing personal information.
 

9. COOKIE PREFERENCES

We use ‘cookies’ and related technologies as part of our online Activities to help identify you, operate our websites, enhance your experience, and conduct advertising and analysis, among other uses. Some of these cookies are optional and are only used when you have agreed to them. You can consent to all our optional cookies at once or set your preferences by (i) clicking “Manage Choices” link, accessible via a banner pop-up when you visit our websites; or (ii) clicking the “Cookie Preferences” link, located in the footer of our websites.
 

10. CHANGES TO THIS PRIVACY STATEMENT

We may modify this Privacy Statement from time to time to reflect our current personal information practices. When we make changes to this Privacy Statement, we will revise the “updated” date at the top of this page. We encourage you to periodically review this Privacy Statement to be aware of updates to our personal information practices. Your use of the Activities after such update signifies your consent to the updated terms.
 

11. QUESTIONS AND COMMENTS

If you have questions or comments about this Privacy Statement or our privacy practices, or if you have any concerns regarding compliance with this Privacy Statement, please contact the U.S. Privacy Office by e-mail at us-privacy@kpmg.com.