Privacy Policy

Last updated on 11 june, 2018

KPMG is committed to safeguard the privacy and confidentiality of data KPMG is entrusted with. Therefore, KPMG strives to ensure the protection and correct use of your personal information that identifies you or makes you identifiable (referred to as "personal data"). 

This Privacy Statement mainly concerns the KPMG Netherlands website(s). By means of this Privacy Statement, KPMG Netherlands informs its website visitors and users of KPMG Netherlands’ services on the manner in which personal data is handled by KPMG. In general, KPMG solely collects personal data if you voluntarily provide this in order to enable us to provide information and/or services to you. This Privacy Statement informs you on the collection, use, disclosure and protection of personal data by KPMG.

1. Collection and use of personal data
1.1 What information we collect?

We obtain personal information about you if you choose to provide it — for example, to contact mailboxes or to register for certain services. In some cases, you will have previously provided your personal information to KPMG (for example if you are a client or former client). 

You can also register or login to a KPMG website using a third party single sign-in service that authenticates your identity and connects your social media login information (e.g., LinkedIn, Google or Twitter) with KPMG. If you choose to use this option, we will collect any information or content needed for the registration or login, such as your name and e-mail address. Where you register or login using a third party single user sign-in we may also recognize you as the same user across any different devices you use and personalize your user experience across other KPMG sites you visit. Other information we collect will depend on the privacy settings you have set with your social media provider, so please review the privacy statement or policy of the applicable service. 

When you register or submit personal information to KPMG we will use this information in the manner outlined in this Privacy Statement. Your personal information is not used for other purposes, unless we obtain your permission, or unless otherwise required or permitted by law or professional standards, or to optimize the quality of our services and to inform you about other services of KPMG. 

We will, for example, use the information regarding your preferences that you provided to us to personalize your user experience. Or, if you request us per e-mail to provide information about KPMG, we will use your e-mail address and other information you provide to us to respond to such request. If you send us a resume or curriculum vitae (CV) to apply online for a position with KPMG, we will use the information that you provide to match you with available KPMG job opportunities.

1.2 The legal grounds we have to use your personal information

KPMG generally only collects the personal information necessary to fulfill your request. Where additional, optional information is sought, you will be notified of this at the point of collection. 

The privacy legislation, including the General Data Protection Regulation (“GDPR”) allows us to process personal information, so long as we have ground (pursuant to the GDPR) to do so. If we process your personal data, we will rely on one of the following processing conditions:
  • Processing of your personal data is necessary in order to perform our obligation under a contract to which you are party.
  • Processing of your personal data is necessary in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.
  • Processing of your personal data is in KPMG’s legitimate interest. This processing is allowed as long as this does not outweigh your interests. Legitimate interest includes for example processing for the purposes of: 1) marketing; and 2) acquisition (sales) with regard to clients with whom we have a commercial relationship; 3) customer relationship management & account management; optimizing and/or personalizing content and 5) maintaining and optimizing effective business operations
  • You have provided specific and explicit consent for the processing of your personal data for a specific purpose. For example for the receipt of content per e-mail for marketing purposes, including invitations for events organized by KPMG. We will only process your personal data in this way if you agree to us doing so.
You may withdraw your consent at any time via the link that will be included in every e-mail that we send you with that regard, by logging in to our website or by contacting KPMG at Special categories of personal data will only be collected if you voluntarily provide these to us or if this is required or permitted by law. Special categories of personal data are i.a. data about racial and ethnic origin, political opinions, religious beliefs and other beliefs of a similar nature, trade union membership, data about sexual life and sexual orientation and health data. We ask you to only provide special categories of personal data to KPMG if you consent to the processing thereof by KPMG. If you have any questions on the provision of special categories of personal data to KPMG, please contact KPMG via

1.3 Automatic collection of personal data

KPMG uses cookies, web beacons and other technologies to automatically collect certain types of information when you visit us online and/or if you use our online services. The collection of these data enables us to improve the performance, usability and effectiveness of KPMG’s online presence, to customize your online experience and to measure the effectiveness of our marketing activities.

1.3.1 IP addresses

An IP address is a number assigned to your computer whenever you access the internet. IP addresses will be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct website trend and performance analysis, in which case information will not be processed on individual (identifiable) level.

1.3.2 Cookies

A “cookie” is a small text file that is placed by a website in the browser of the device you use to visit the website (for example a computer or smartphone). This enables the website to recognize your device. Cookies are used for various purposes. 

On some of our websites, a cookie notification banner will appear informing you on the use of cookies. In general we assume that no cookies will be used, or that the use does not cause a wrongful infringement on the rights and freedoms of website visitors and users of KPMG’s services. Therefore, only cookies are used that do not require to obtain explicit consent or that these cookies are not activated before you as visitor have explicitly consented to the use of them. Some cookies are required for necessary functionality of the website. These ‘functional’ cookies will not be blocked by the use of the cookie banner and no consent is required for the use of these functional cookies. 

Via your browser’s setting you can configure your browser to notice you on the receipt of a cookie or to refuse cookies. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our websites' features. 

Below is a list of the types of cookies used on our websites.
Security (e.g. Asp .NET)
Cookies Our websites are built using common internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).

Deleted upon closing the browser.
This cookie records whether consent is given for the use of cookies.

Automatically deleted after 2 years
Site Preferences
Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.

Deleted upon closing the browser
We use several third party analytics tools to help us understand how site visitors use our website. This allows us to improve the quality and content on for our visitors. Information collected is: IP address, number of unique visitors, search terms, location (land code) of visitor, date, duration and frequency of visit, used hardware, browser type, marketing campaign data.

Deleted automatically after three years if you no longer visit the KPMG website
In order to improve our marketing campaigns, we use third party services to measure the effectiveness of our adds, and for cost control purposes. Reporting is done on aggregated level, not on individual level.

Deleted automatically after two years if you no longer visit the KPMG website.
Site visitor feedback
We use a third party survey tool to invite a percentage of visitors to provide their feedback. Cookies are used to prevent visitors from being invited multiple times. 

The first cookie (1) is set if the visitor is invited to participate in the survey, and is used to ensure visitors are not again invited within the next 90 days.

The second cookie (2) is set if the visitor is not invited to participate in the survey, and is used to ensure the visitor is not invited to participate during their visit. 

The third cookie (3) is set in order to ensure that a visitor will not be invited again during the same visit, in case the invitation is not visible (due to technical defaults, browser incompatibilities/settings etc.).
1 Persistent

Deleted automatically after 90 days following to the first survey invite.

2 and 3 Session

Deleted upon closing the browser
Social media (e.g., Gigya, Google+, Facebook, Twitter)
We use third party social media widgets or buttons to provide you with additional functionality to share content from our web pages to social media websites and e-mail. 

On an aggregated level (not on individual level) interactions and activities of visitors of our websites that use these services are measured (e.g., number of information shares (social share count)).Furthermore, cookies and scripts of Facebook, Twitter, LinkedIn and Google are used to measure the effectiveness of content, and to better meet your preferences. 

We encourage you to review each provider's privacy information before using any such service.
Persistent, but will be deleted automatically after two years if you no longer visit the KPMG website.
This cookie serves as a tracking cookie and is only placed after permission. The cookie collects the following information: the domain, utk (see below), initial time measurement (first visit), last time measurement (last visit), current time measurement (current visit and session number)

But is automatically removed if you do not use the KPMG website for two years.
This cookie is used to measure the identity of a website visitor and is only placed after permission. The information of this cookie is transferred to Hubspot and is used to prevent the duplication of contacts

But is automatically removed if you do not use the KPMG website for ten years.
This cookie is used to follow sessions to complete the __hstc cookie and is only placed after permission. This way it is used to determine whether the session number and the time measurement should be included in the __hstc cookie. 

The cookie collects the following information: the domain, viewCount (includes all page visits within a session), start time of the session.

But is automatically deleted after thirty minutes
This cookie serves to check when cookies are refreshed and whether the user has restarted his browser. This cookie is only placed after permission.

Removed after closing the browser
Other third party tools and widgets may be used on our individual web pages to provide additional functionality. Use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.

Cookies by themselves do not tell us your e-mail address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers including IP addresses, but this is for the purpose of identifying the number of unique visitors to our websites and geographic origin of visitor trends, and not to identify individual visitors.

1.3.3 Google Analytics

KPMG uses Google Analytics. More information about how Google Analytics is used by KPMG can be found here.
To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.

1.3.4 Web beacons

A web beacon is a small image file on a webpage, newsletter, e-mail or other communication that can be used to collect certain information from, such as the degree in which an e-mail is opened, which content is viewed, etc. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its service providers may use web beacons to track the effectiveness of third party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.

You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.

In some of our newsletters and other communications, we may monitor recipient actions such as e-mail open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences. When registering for such communication we have informed you about this and/or you have provided your consent. If so desired, you can unsubscribe for the newsletter by clicking the link in the newsletter.


1.4 Social media widgets and applications

KPMG websites may include functionality to enable sharing via third party social media applications, such as Facebook and Twitter. These social media applications may collect and use information regarding your use of KPMG websites. Any personal information that you provide via such social media applications may be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.

In addition, KPMG websites may host blogs, forums, crowd-sourcing and other applications or services (collectively "social media features"). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal data that you provide on any KPMG social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

1.5 Children

KPMG understands the importance of protecting children's privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16, except as part of an engagement to provide professional services.

2. Sharing and transfer of personal information

We do not share personal data with third parties, unless this is necessary in order to carry out your request, for our professional or legitimate business needs or as required or permitted by law, professional standards. For example, KPMG may, in some instances, share your personal data with third parties or service providers engaged by KPMG, in order to carry out your requests.

In the following circumstances, KPMG shares personal data with third parties:
  • Facilitating and sending content for marketing purposes per e-mail;
  • Registrations with regard to events organized by KPMG;
  • Optimizing and/or personalizing content on our websites;
  • Effective business operations;
In all circumstances above, appropriate arrangements will be made with these parties in order to ensure a correct and secure data processing in compliance with applicable legislation.

Furthermore, KPMG may share personal data with other KPMG member firms or third parties abroad with who we collaborate or who provide services for and on behalf of KPMG. KPMG may also store personal data in a country other than your country of residence. When KPMG transfers personal data to countries outside the Netherlands, KPMG complies with requirements pursuant to European (and Netherlands) privacy legislation.

KPMG may process personal data with regard to the assignment of services which include personal data processing. Legal obligations, court orders or government decrees may also require KPMG to disclose personal data. Personal data may also be required to perform privacy- or security audits or to invest an complaint. KPMG does not sell personal data to third parties.

KPMG will not transfer the personal data you provide to any third parties for their own direct marketing use.

3. Choices

You have several choices with regard to the use of our online services (including websites, portals, apps). In general, you are not required to submit any personal data to KPMG online. However, KPMG may require you to provide certain personal data in order for you to receive additional information about our services and events. KPMG may also ask for your permission for certain uses of your personal data, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request. 

As described in "Cookies" above, if you wish to prevent cookies from tracking you as you navigate our sites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our sites may not work properly if you elect to refuse cookies.

4. Your rights

If KPMG processes personal data about you, you have, in most cases, the right to access this personal data and to correct possible inaccuracies. If you are registered on our website trough MyKPMG, you have the possibility to directly access your personal data. You can also request us for access. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge.

Before providing personal information to you, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. If the information we hold about you is incorrect, you are entitled to ask us to correct any inaccuracies in the personal information.

You have the right to object to us processing your personal information if we are not entitled to use it anymore, and furthermore, you have the right to have your personal data deleted if we are keeping it too long, have its processing restricted in certain circumstances and/or obtain copies of information we hold about you in electronic form.

You can make a request or exercise these rights by contacting KPMG at and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. KPMG strives to follow up a request within the legal time frame of one month. Where the request is complex or we have a large volume of requests, we will notify you that it will take longer than one month to resolve, and we will seek to resolve your request within three months of the concern being first raised. You will be informed on such extension within one month. It may also occur that we do not need to follow up a request, for example if we have a legal ground to process your personal data. If this would be the case, this will be substantiated to you.

5. Data security and integrity

KPMG has reasonable security policies and procedures in place to protect personal data from unauthorized loss, misuse, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal data is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such data.

We also make reasonable efforts to retain personal data only for so long as the data is necessary to provide services to you, we are legally entitled to retain data or until you ask us to delete your personal data.

The personal data that you provide to us for the purposes of 1) marketing; 2) acquisition (sales); 3) customer relationship management & account management; 4) optimizing and/or personalizing content and 5) maintaining and optimizing effective business operations, we apply standard retention periods of 1 year upon ending of the contact or relation, unless explicitly informed otherwise.

The standard retention period takes effect whenever your personal data are no longer actively used by you or KPMG.

The retention period consists of two parts:
  1. Within 3 months after the retention period has taken effect, your personal data will be archived, meaning that they may no longer actively be used for said purposes;
  2. Within 12 months after the retention period has taken effect, your personal data will effectively be deleted (this includes deletion from underlying systems, used for e.g. report and back-up purposes). If during this retention period your personal data is actively used by you or KPMG for said purposes, for example if you register an update on your personal data, the archiving- and deletion process is stopped.

6. Links to other sites

Please be aware that KPMG websites will typically contain links to other sites, including sites maintained by other KPMG member firms that are not governed by this Privacy Statement, but by other privacy statements that will often differ somewhat. We encourage users to review the privacy policy of each website visited before disclosing any personal information.

By registering on any KPMG website and then navigating to another KPMG website while still logged in, your personal data will be used by the KPMG website you are visiting. This use will then be governed by the privacy statement of the KPMG website you visit.

7. Changes to this statement

KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage to regularly review this Privacy Statement.

8. Policy questions and enforcement

KPMG is committed to protecting the online privacy of your personal information. If you have questions or comments about the processing of your personal data, please contact us at You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Statement.

KPMG has a designated a Data Protection Officer. For questions or requests concerning the processing of your personal data, you may also contact the Data Protection Officer per e-mail:

In any event, you always have the right to lodge a complaint with the Dutch regulator in charge of protecting personal information, the Dutch Data Protection Authority / De Autoriteit Persoonsgegevens (AP).

Throughout this website, "KPMG," "we," "our," and "us" refers to KPMG NV and its subsidiaries. For personal data processing within the KPMG organization, KPMG Staffing & Facility Services B.V. (“KPMG S&F”) is data controller, jointly with the KPMG-entity that primarily determines the purpose and means of the personal data processing, unless other written agreements apply to a specific data processing. In general, KPMG S&F will be (to the extent possible) entrusted with the performance of requirements pursuant to the General Data Protection Regulation and thereto related (implementation) regulation, in order to relieve other data controllers within the KPMG organization as much as possible. This concerns in particular the requirements on informing data subjects and resolving request of data subjects wishing to exercise their rights. KPMG S&F is a subsidiary of KPMG NV, which is registered with the trade register in the Netherlands under number 34153861.