KPMG is committed to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information (sometimes referred to as "personally identifiable information" or "PII") that has been collected through its Tax Web sites and mobile applications.
Generally, our intent is to collect only the personal information that is provided voluntarily by users in our applications or by authorised parties so that we can offer information and/or services to clients, their affiliates, and certain other individuals.
We are committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all laws concerning the protection of personal information, including the Data Protection Act 1998.
This Online Privacy Statement ("Online Privacy Statement" or "Privacy Statement") explains the following:
- what information KPMG may collect about you;
- how we will use or share the information we collect about you;
- the use of cookies on our websites and how you can reject these cookies;
- the use of geo-location tracking on the KPMG mobile app — KPMG LINK Anywhere;
- whether KPMG will disclose your details to anyone else;
- your choices regarding the personal information you provide to us.
Please review this Online Privacy Statement to learn more about how we collect, use, share, and protect the PII that we have obtained in conjunction with offering tax-related services and information.
The information is contained in the relevant sections below:
-
What information we collect
- Sensitive personal information
- How long do we keep the information
-
Automatic collection of PII
- IP Addresses
- Cookies
- Do not track signals
- Geo-Location tracking
- Sharing and Transfer of PII
- Policy regarding Children
- Choices
- Access
- Data Security and Integrity
- Links to other sites
- Safe Harbour
- Changes to This Policy
- Policy Questions and Enforcement
1. What information we collect
We obtain personal information about individuals:
- when they complete their personal profile on our KPMG LINK Business Traveller website,
- if they have authorized their employer to provide such information to us, or if they authorize collection, or as permitted by law in order to provide certain tax-related services. We also collect employee travel data from our mobile app — KPMG LINK Anywhere and this is collected through our Geo-Location tracking facility on the mobile device. This is explained in more detail below.
In some cases, users may have previously provided PII to KPMG (if, for example, the individual is a former user). When registering for use of our Web sites and applications, individuals consent to the use of this information in accordance with this Privacy Statement. In the event of any conflict or inconsistency between any applicable provisions governing the use of your PII, the terms and conditions of the relevant user agreement shall govern. Personal information is not used for other purposes, unless we obtain permission from the user, or unless otherwise required or permitted by law or professional standards.
KPMG generally collects only the personal information necessary to fulfil the user's request or the agreed upon service with the user or employer, or where required or permitted by law. Where additional, optional information is sought, users will be notified of this at the point of collection. Sometimes in providing tax services, additional PII may be required or provided in the course of providing the authorised service. This information may include but is not limited to spousal, domestic partner, and/or dependent information, bank account numbers, income, and assets.
1a) Will KPMG collect "sensitive" personal information?
KPMG only collects "sensitive" personal information when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person's race, ethnicity, political beliefs, religious or similar beliefs, physical or mental health, sexual life, or criminal record. If users have any questions about whether the provision of sensitive information to KPMG is, or may be, necessary or appropriate for particular purposes, please contact the KPMG engagement team or the address indicated below.
1b) How long do we keep the information?
Personal information is retained for no longer than necessary to fulfil the stated purposes, unless otherwise required under applicable law, regulations, or professional standards, and is disposed of in a manner designed to prevent loss, theft, misuse, or unauthorised access.
2. Automatic Collection of PII
In some instances, KPMG automatically collects certain types of information from users when they visit our Web sites, mobile app, tax applications, and through e-mails that we may exchange. Automated technologies may include the use of Web server logs to collect IP addresses and "cookies" and also the use of geo-location tracking technology.
The collection of this information will allow us to better understand and improve the performance, usability, and effectiveness of KPMG Web sites and applications.
2a) Why do we collect "IP Addresses"?
An IP address is a number assigned to the user's computer whenever the user accesses the Internet. It allows computers and servers to recognise and communicate with one another. IP addresses from which users appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct Web site and application use and performance analysis.
2b) Cookies
What is a cookie?
A "cookie" is a small piece of text sent to your computer, tablet or mobile phone browser from a website's computer and is stored on your device's hard drive and that allows the site to remember the user. Cookies cannot be used to run programs or deliver viruses to the user's computer. Cookies by themselves do not tell the user's e-mail address or otherwise identify the user personally. If a user accesses a KPMG Web site, we may use cookies to compile aggregate statistics to help us determine what areas of the site users prefer to use.
Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. Many websites do this whenever a user visits their website in order to track online traffic flows.
How do we use cookies?
Information supplied by cookies can help us to analyse the profile and preferences of our users and help us to provide you with a better user experience. Cookies enable us to identify your device, or you when you have logged in. We use cookies that are:
- vital to enable you to move around the site or to provide certain basic features.
- enhance the features and functionality of the website
- help us to improve the performance of the site for a better user experience.
This information is used to help improve the services we provide.
How to accept or reject cookies?
Users have the choice of deciding whether to accept cookies or not. Users can set their browsers to notify them when a cookie is received or to reject cookies. If you don't want to receive cookies, you can modify your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set.
If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how. Alternatively, there are useful sites for further information such as www.aboutcookies.org, which contains more guidance on how to do this.
If you wish to control what cookies are set on your device through the KPMG website then you can do this but it is important to note that if you change your settings and block certain cookies, this means that certain personalised features cannot then be provided and accordingly you may not be able to take full advantage of all of the websites' features.
2c) Do Not Track signals
Our websites may not recognize browser-based Do Not Track signals. However, as discussed above under "Cookies", your browser may be set to block all cookies, or to block "third-party" cookies. Cookies that we set on our websites are considered "first-party" cookies
2d) Geo-Location data tracking
If enabled by the user, the location of the mobile device with KPMG LINK Anywhere installed is collected using a combination of the onboard GPS, WiFi location information and cell tower triangulation. This location data is collected automatically at regular intervals or if a large distance has been travelled. The data stored is not sufficient to locate an individual at street-level as it is only stored at country, state or city level (depending on client and user preferences).
Is the data stored in the system?
The location data is temporarily held in memory and only stored to the database if a trip is added or edited as a result of the detected location. As above, it is only stored at country, state or city level. If the location data is not used to add or edit a trip then it is not stored.
Can I turn off the location tracking?
The user can turn off location tracking by changing the permissions associated with the LINK Anywhere application in their device's settings, or from within the application's settings.
Is this information shared with any third party?
No third party software or web services are used to convert the latitude and longitude (geo-location co-ordinates) provided by the device into a location. This differs from many other location-based applications which will use a third party web service to obtain the name of the current location.
3. Sharing and Transfer of PII
We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out user requests, and/or as required or permitted by law or professional standards (such as processing of a user's tax return, if applicable). In some instances, KPMG may also share PII about a user with various outside companies or service providers or vendors working on our behalf to provide authorized services as permitted by law.
In addition, KPMG may transfer certain PII across geographical borders to other KPMG member firms or outside companies working with us or on our behalf (for example if completing a work permit application for the user once alerted that the individual has created a risk in an overseas location). KPMG may also store PII in a jurisdiction other than where the individual is based as permitted by law.
KPMG may also disclose PII in connection with the sale, assignment, or other transfer of the business of the site to which the data relates, in order to respond to requests of government or law enforcement agencies or where disclosure is required by applicable laws, court orders, or government regulations. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
Do KPMG market PII data?
KPMG does not sell PII to any third parties. Also, KPMG will not transfer PII to any third parties for their own direct marketing use.
4. Policy regarding Children
KPMG understands the importance of protecting children's privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide professional services.
5. Choices
Users have several choices regarding their use of our site. In general, users are only required to submit limited mandatory PII when visiting our Web sites or applications to enable the operation of our tax and social security and immigration assessments.
6. Access
If users have submitted personal information to KPMG, or if their employers have supplied personal information on their behalf, under most circumstances the individuals have the right to reasonable access to that data to correct any inaccuracies. Users can also make a request to update or remove information about them by contacting us, and we will make all reasonable and practical efforts to comply with the request, so long as it is consistent with applicable law and professional standards. Where personal information was supplied by an individual's employer, KPMG will provide reasonable access in accordance with the policies of the employer and our contract with the employer.
7. Data Security and Integrity
KPMG has reasonable security policies and procedures in place to protect personal information from unauthorised loss, misuse, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. We restrict access to personal information to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. We also make reasonable efforts to retain personal information only for so long as the information is necessary to comply with professional standards or applicable laws (for example, rules of governmental tax agencies or departments like the Internal Revenue Service) or, firm policy, or with an individual's request.
8. Links to Other Sites
Please be aware that KPMG Web sites and applications may contain links to other sites and applications operated by third parties, including those maintained by other KPMG member firms that are not governed by this Privacy Statement but by other privacy statements that may differ somewhat. These third party websites have their own privacy policies, and are also likely to use cookies, and we recommend that you review them. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk. We encourage users to review the privacy policy of each Web site and application visited before disclosing any personal information.
9. Safe Harbor
KPMG, as part of its overall privacy policy, follows the Safe Harbor Agreement between the U.S. Department of Commerce and the European Commission with respect to certain personal information that is transferred from the European Economic Area to the United States. Click here http://www.kpmg.com/US/en/Pages/US-Safe-Harbor.aspx to read more about Safe Harbor at KPMG.
10. Changes to This Policy
KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage users to periodically review this Privacy Statement to be informed about how KPMG is protecting personal information.
11. Policy Questions and Enforcement
KPMG is committed to protecting the online privacy of personal information. If users have questions or comments about our administration of personally identifiable information, they can contact us at Users may also use this address to communicate any concerns they may have regarding compliance with our Online Privacy Statement for Tax Applications.
Throughout this web site, "KPMG," "we," "our," and "us" refers to KPMG International Cooperative ("KPMG International"), a Swiss entity, and/or to any one or more of the member firms of the KPMG network of independent firms affiliated with KPMG International. KPMG International provides no client services.
KPMG LLP ONLINE PRIVACY STATEMENT FOR KPMG LINK Business Traveller version 1.0, dated 13th March 2021