Introduction
KPMG in Romania* is dedicated to protecting the safety and confidentiality of the information entrusted to it. As part of this fundamental obligation, KPMG is committed to protecting and using personal information referred to as ‘personal data’, belonging to data subjects, which has been collected online through any of its websites in Romania, as set out below:
In general, our intention is to collect only personal data which are provided voluntarily by online visitors or as a result of their actions on the KPMG websites in Romania, such as: enabling the option to receive information from us or to participate in certain events, so that we can provide information and/or services to those people or provide information about employment opportunities.
To the extent that the collection and processing of personal data takes place as a result of other processes/activities, which do not involve interaction with Romanian KPMG websites, information on the processing of your personal data will made available as part of those processes/activities, which are indicated in a general overview in the General Privacy Note for protection of personal data available here.
Please refer to this Privacy Statement (‘Privacy Statement’) to learn more about how we collect, use, share and protect the personal data entrusted to us.
1. Collection and use of personal data
1.1 What information we collect
1.2 Legal bases and purposes for the processing of your personal data
1.3 Automatic collection of personal data
1.3.1 IP addresses
1.3.2 Cookies
1.3.3 Google Analytics
1.3.4 Web beacons
1.3.5 Systems based on your location
1.4 Social media applications and widgets
1.5 Minors
1.6 Events and training sessions
2. Sharing and transferring personal data
3. Data retention
4. Your rights
5.Data security and integrity
6. Links to other websites
7. Amendments to this Privacy Statement
8. Contact addresses
1. Collection and use of personal data
1.1. What information do we collect?
We collect personal information about you such as, but not limited to, surname, first name, email address, telephone number, country of residence, company/organization you represent, your function/position within the company, photo/video images, data contained in your curriculum vitae (CV), only if you choose to provide them to us, for example so that we can contact you via e-mail or for you to be able to register to receive information about our services, participate in events organized by KPMG or to apply for employment opportunities.
If you choose to register or authenticate yourself on a KPMG website using a single third-party connection service that authenticates your identity and connects your authentication information to social networks with KPMG, (e.g. LinkedIn, Google, or Twitter), we will collect any information or content required for the registration or logging that you have enabled the social media provider to share with us such as your name and address and e-mail. Other information we collect will depend on the privacy settings you have chosen in relation to your social network provider, so please consult the Data Protection Policy or Confidentiality Policy of the applicable service.
When you register or send personal information to KPMG, we will use it as described in this Privacy Statement. Your information personal data are not used for other purposes, unless we obtain your permission, or if required or allowed by law or professional standards. For example, if you register on a KPMG website and provide information about your preferences, we will use them to customize your user experience.
If you register or authenticate using single sign-in, we can recognize you as the same user on any devices you use, and customize your user experience on other KPMG sites you visit.
If you send us a curriculum vitae (CV) or a letter of application to apply online for an open job within KPMG, we will use the information you provide to match with the KPMG employment opportunities available, in accordance with the privacy statement available here.
In cases where you choose to send us a request initiated by yourself, using any available channel or directly using the contact addresses indicated on this website, we will process the data you provide to us on a discretionary basis, to respond to your request.
1.2. The legal bases and purposes of processing your personal data
KPMG generally collects only the personal data required to meet your request. You will be notified of this at the point of data collection.
The law allows us to process personal data as long as we have a legal basis for doing so. The law also obliges us to inform you of the purposes of the processing. As a result, when we process your personal data, we will rely on one of the following legal grounds for processing, for the purposes indicated:
1.3. Automatic collection of personal data
In some cases, KPMG and its service providers use cookies, web beacons and other technologies to automatically collect certain types of information when you are visiting us online. This automated cookie-based processing will be done in accordance with the options explicitly expressed by you within the Cookie Settings section, available at the bottom of the main page. Collecting this information enables the website to function, supports the customization of the online experience, improves performance and ease of use, and also makes the online presence of KPMG more effective as well as helping with measuring the efficiency of our marketing activities.
1.3.1. IP addresses
An IP address is a number assigned to your computer every time you access the Internet. It enables computers and servers to recognize and communicate with each other. Visitors' IP addresses will be registered for IT security purposes and system diagnostics. This information will also be commonly used to analyze trends and the performance of the website.
1.3.2. Cookies
Cookies will usually be placed on your computer or other devices connected to the Internet whenever you visit us online. This allows the site to remember a computer or device and serves several purposes.
Your consent to collect cookies is collected within the Cookie Settings section of the main page.
Cookies do not give us your email address and they do not personally identify you. In our analytical reports, we will obtain other identifiers, including IP addresses, but this is to identify the number of unique visitors to our websites and their geographical origin, not to identify visitors individually.
Below is a summary of the cookie categories that are collected on our websites, as well as how your consent can impact your experience of specific features as you browse these websites:
Cookies strictly necessary: Cookies that are strictly necessary are essential to enable users to navigate the website and use its features, such as access to secure areas on the website. These cookies must always be enabled, otherwise the website will not work.
Performance cookies: Performance cookies are cookies used to collect data to improve the performance of a website.
You can manage your consent for performance cookies using the Cookie Settings section or updating your browser settings. (Often found in Tools or Preferences of your browser)
Functionality cookies: Functionality cookies are used to remember visitor selections that change how the site works or looks. You can discard these cookies, but this will affect your experience on the website and you may need to repeat certain selections every time you visit us.
You can manage your consent to functionality cookies using the Cookie Settings section or updating your browser settings (often found in the Tools or Browser Preferences menu).
Analysis cookies or target cookies (marketing): Analysis cookies are used to provide content relevant to your interests. They are also used to limit the number of views of certain marketing materials as well as to help measure the effectiveness of those marketing materials. If you do not express your consent, your computer or connected device will not be able to be registered for marketing activities.
You can manage your consent to analysis cookies using the Cookie Settings section or by updating your browser settings (often found in Tools or Preferences of your browser).
Although most browsers automatically support cookies, you can choose whether to accept cookies through the Cookie Settings section or your browser settings (often found in the Tools or Browser Preferences). If you want to cancel the selection, you can do this by deleting your browser cookies, or by updating your preferences in the Cookie Settings section. Please note, however, that some sections of the sites cannot function correctly if you refuse cookies.
More information about cookie management can be found in your browser help file or through sites like www.allaboutcookies.org.
Below is a list of cookies that our website uses.
The types of cookies we use on our website are found in detail in the Cookie Settings section by accessing the Cookies Details subsection:
Purpose |
Description |
Type & Expiration |
Performance (i.e. User's Browser) |
Our web sites are built using common internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content). |
Session Deleted upon closing the browser, or persistent. |
Security cookies |
If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas. |
Session Deleted upon closing the browser, or persistent. |
Site Preferences |
Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account. |
Session Deleted upon closing the browser, or persistent. |
Analytical cookies |
We use several third-party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on kpmg.com for our visitors. The aggregated statistical data covers items such as total visits or page views, and referrers to our web sites. For further details on our use of Google Analytics, see below. |
Persistent, but will delete automatically after two years if you no longer visit kpmg.com |
Social sharing |
We use third party social media widgets or buttons to provide you with additional functionality to share content from our web pages to social media websites and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed on our webpages (e.g. the social share count cache is updated) and log information about your activities across the Internet and on our web sites. We encourage you to review each provider's privacy information before using any such service. For further details on our use of social media widgets and applications, see below. |
Persistent, but will be deleted automatically after two years if you no longer visit kpmg.com |
Other third-party tools and widgets will be used on our pages to provide additional functionality. Depending on how you set your preferences in your browser and/or cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.
1.3.3.Google Analytics
KPMG uses Google Analytics. More information about how Google Analytics is used by KPMG can be found here: http://www.google.com/analytics/learn/privacy.html
To provide visitors to the website with more options on how their data is collected by Google Analytics, Google has developed an add-on browser to exclude Google Analytics. It communicates with JavaScript Google Analytics (ga.js) to indicate that site visit information should not be sent to Google Analytics. Adding the exclusion of Google Analytics does not prevent information from being sent to the web site itself or to other web analytics services.
1.3.4. Web beacons
A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time the content was viewed, a browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.
KPMG or its service providers will use web beacons to track the effectiveness of third-party web sites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.
You have the option to reject some web beacons by rejecting associated cookies. The Web beacon can still record an anonymous visit from your IP address, but cookie information will not be recorded.
In some of our newsletters and other communications, we will monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences.
1.3.5. Location-based tools
KPMG will collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information about services which we believe may be of interest to you based on your geographical location, and to improve our location-based products and services.
1.4. Social media applications and widgets
KPMG web sites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications will collect and use information about your use of KPMG websites (see details on ‘Social Sharing’ cookies above). Any personal information that you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.
In addition, KPMG websites may host blogs, forums, crowd-sourcing and other applications, or services (collectively “social media features”). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG social media feature will typically be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we often have limited or no control.
1.5. Minors
KPMG understands the importance of protecting children's privacy, especially in an online environment. Our websites are not intentionally designed or directed to children under the age of 16. Our policy is not to collect or knowingly store information about people under the age of 16 unless we do so as part of a commitment to provide professional services.
1.6. Training events and sessions
Following your registration for an event, a training session or any other format organized by KPMG and/or its partners, using electronic communication tools, in KPMG offices or in other locations, you acknowledge that the photos and video registrations of the event will be used by KPMG and/or the event organizers to promote the event in the public space (internet, including social media platforms, media), in digital format or in printed form, in accordance with information on the processing of personal data contained in this Privacy Statement.
2. Sharing and transfer of personal data
2.1. Transfer within the KPMG global network
We may be able to convey information about you to other KPMG global network member firms as part of international commitments with KPMG International and other member firms, where necessary, to meet our legal and regulatory obligations worldwide such as hosting and supporting IT applications. However, we will ensure that any data transmitted is only what is necessary to fulfill this purpose.
2.2.Transfer to third parties
We do not share personal data with third parties, unless necessary for our legitimate business and professional needs, to analyze and respond to your requests. and/or, as necessary, legal or professional standards. For more information about these third parties, please go to this link. In addition, KPMG can transfer certain personal data outside the European Economic Area to external companies working with us or on our behalf.
In addition, in the event that KPMG can store personal data outside the European Economic Area, they are normally transmitted to the following countries. In the event of a possible transfer of data, we will ensure that it will only take place if an adequate level of protection of personal data is recognized by the European Commission for the recipient country. In the absence of such a decision issued by the European Commission, we will only transfer your personal data to a third country if appropriate legal safeguards are provided to protect them.
In any case, we will ensure that any data transmitted is only what is necessary to fulfill the intended purpose.
KPMG will not transfer your personal data for the direct marketing of third parties.
3. Data retention.
The data we receive via the website will be processed for the purposes specified in Section 1.2 of this Privacy Statement depending on the purpose.
After the service has ended, or after applying for a position within our organization, or responding to a request/application, we will retain your personal data only for compliance with any legal obligations and for the defense of our rights in the event of legal proceedings, for a period of up to 5 years from the time of collection, unless, following the operations listed above, a new legal relationship will be initiated between you and KPMG, by reference to which other retention periods will begin, in accordance with the legal provisions in force.
4. Your rights
To the extent that KPMG processes personal data relating to you, you have the following rights, in accordance with EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (‘GDPR’):
Right to information: you have the right to receive information on the processing of personal data carried out through the website. Compliance with this right is achieved through this Privacy statement.
Right of access: you have the right to obtain extensive information on the processing of your personal data, in which case our reply will follow at least the categories of information as indicated by the GDPR Regulation.
Right to rectification: you have the right to obtain, without unjustified delays, rectification of inaccurate data concerning you or to completion of incomplete personal data.
Right to erase data: You have the right to request the deletion of personal data concerning you, in any of the following cases set out in the GDPR Regulation, as follows:
Right to restrict processing: you have the right to obtain the restriction of personal data processing in any of the following situations set out in the GDPR Regulation, as follows:
Right to data portability: you have the right to receive personal data concerning you in a structured format that is commonly used and that can be read automatically and to transmit such data to another operator when the technical means allow it. This right may be exercised when the processing is based on consent and done by automatic means.
Right of opposition: you have the right to object to the processing of your personal data, for reasons relating to a particular situation in which you are in.
The right not to be the subject of a decision based solely on automated processing, including profiling.
The right to withdraw your consent for processing based on consent as a legal basis.
For the exercise of the above rights, you can send us a written request by e-mail to dataprotection-office@kpmg.com.
You are also entitled to lodge a complaint with the National Supervisory Authority Personal Data Processing Supervisory Authority (ANSPDCP) based in B-Dul G-ral Gheorghe Magheru 28-30, District 1, Postal Code 010336, Bucharest, in the form of a written address at the institution's premises, or electronically at anspdcp@dataprotection.ro in the case of a possible violation of your rights in the context of the processing of personal data.
5.Data security and integrity
KPMG has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.
We also make reasonable efforts to retain personal information only for so long i) as the information is necessary to comply with an individual’s request, ii) as is necessary to comply with legal, regulatory, internal business or policy requirements, or iii) until that person requests that the information be deleted. The period for which data is retained will depend on the specific nature and circumstances under which the information was collected;
6. Links to other websites
Please be aware that KPMG web sites will typically contain links to other sites, including sites maintained by other KPMG firms that are not governed by this Privacy Statement but by other privacy statements that will often differ somewhat. We encourage users to review the privacy policy of each web site visited before disclosing any personal information.
By registering on any KPMG website and then navigating to another KPMG website while still logged in, you agree to the use of your personal information in accordance with the privacy statement of the KPMG website you are visiting.
The websites for the KPMG entities of Romania are as follows:
KPMG in Romania - KPMG Romania (home.kpmg)
KPMG Corporate Tax Manager (kpmgprofitax.com)
Next Generation Performance Management | QuercusApp
KPMG Careers & Job Search | KPMG Careers
7. Amendments to this Declaration
KPMG can modify this Privacy Statement to reflect our privacy policies. If we modify this Statement, we will note the updated date at the top of this page. Any change in how your personal data is processed as described in this Privacy Statement and affecting you will be communicated through an appropriate channel, depending on how we communicate with you.
8. Contact addresses
KPMG is committed to protecting the online privacy of your personal data. If you have questions or comments about processing your personal data, please contact us at dataprotection-office@kpmg.com. You can also use this address to send us any requests in relation to respect for personal data protection.
We will acknowledge the receipt of your email and try to resolve your request within one month of receipt. If the request is complex or we have a large number of pending requests, we will let you know that it will take more than one month to resolve the request and we will try to resolve it within three months of receiving it.
You can also lodge a complaint with the local data protection authority, the National Supervisory Authority for the Processing of Personal Data at the contact details indicated above in Section 4.
*"KPMG," "new," refers to KPMG International Cooperative ("KPMG International"), a limited liability company of English nationality, and/or any or more member firms of the global KPMG organization of independent firms affiliated to KPMG International.
In Romania the following entities exist, based in Bucharest, District 1, Bucharest-Ploieşti Road No. 89A: