KPMG LLP (U.S.)1 (“KPMG”) is dedicated to protecting the confidentiality and privacy of information entrusted to it, including Personal Information (also known as “personal data,” “Personally Identifiable Information,” or “PII”). This Firm Personnel Data Privacy Notice (“Privacy Notice”) aims to give Firm Personnel (as defined below) information on how their Personal Information (as defined below) is collected, processed, used, and retained by KPMG. For the purposes of this Privacy Notice: (i) “Firm Personnel” includes current and former partners, principals, employees, directors, officers, and interns of KPMG; and (ii) “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer that is a member of, or a particular household that includes a member of, Firm Personnel.

Please review this Privacy Notice to learn more about how we collect, use, share, and protect the Personal Information of Firm Personnel that we obtain. For more information about KPMG’s privacy policies applicable to Firm Personnel, please see the Confidentiality and Privacy section of the Policy Center

Collection and Use of Personal Information

KPMG’s collection of Personal Information from and about Firm Personnel is necessary in order for KPMG to fulfill its legal, professional, and contractual obligations, and for the performance of current and former partnership or employment relationships, as applicable. Therefore, the failure by any Firm Personnel to provide Personal Information, in whole or in part, could prevent KPMG from fulfilling some or all of its obligations regarding the partnership or employment relationship, or as may be required under contract, applicable law, or our professional standards, including, but not limited to, obligations related to auditor independence rules, payroll, social security contribution, tax, and insurance.

KPMG may process the following types of Personal Information, including Sensitive Personal Information (as defined below), for the purposes set out in this Privacy Notice, and subject to and in accordance with applicable law:

- Identifiers, which may include: your name, address, email address, phone number, and other contact details; usernames and passwords; social security number and national identity number, driver’s license number, passport number, or other government-issued identification number;

- Commercial and financial information, which may include: your bank account information and other information relating to your financial institution; credit applications, credit checks, and information from credit reporting agencies; and brokerage account information;

- Professional or employment-related information, which may include: information regarding your current and previous employers; job title and responsibilities; assets; income; and/or other information related to your work history and/or prospective employment; compensation, bonus or incentive information and social security premiums (including amounts paid, the frequency and currency of payments); benefits information (e.g., car allowance, health insurance, pension contributions) (including amounts paid, the frequency and currency of payments); records of your work history (including internal and external work history, references, and civil and criminal background checks); participation on corporate boards or advisory councils; records of your performance (including evaluations and ratings, grievances, and disciplinary records); information relating to absences from work; general organizational data (such as your department, work location, job title, and seniority);

- Education information, which may include: academic record, degrees, and educational history;

- Biometric information, which may include: signatures; fingerprints; facial scans; voice recognition information; genetic information; and/or other similar biometric identifiers;

- Information relating to Internet activity or other electronic network, application, and systems activity, which may include: cookie identifiers, clear gifs, browser type, Internet service provider (ISP), Internet Protocol (IP) addresses, media access control (MAC) addresses, referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version, and/or other device characteristics including your choice of settings such as Wi-Fi, Bluetooth, and Global Positioning System (GPS) data; usage data; and other, similar Personal Information collected for monitoring purposes, or other purposes pursuant to any KPMG policy, in relation to your interaction with KPMG’s networks, applications, and systems, including badge swipes to KPMG’s facilities, hoteling, training, messaging and calendaring, mobile device management, and remote access;

- Geolocation data, which may include: GPS data; locational information based upon your IP address; cell network data; and/or other similar locational data;

- Audio, electronic, or visual information, which may include: records of calls to or from our service or support centers; and/or audio or video information recorded for surveillance or training purposes, during meetings (virtual or in person), or at firm events/town halls;

- Information not listed above and related to characteristics protected under applicable state or federal law, which may include: gender; race and ethnicity; nationality; marital status; military service or veteran status; and/or date of birth;

- Inferences about you, which may include preferences and characteristics and other information we may infer from other Personal Information we have collected;

- Other Personal Information not listed above and defined in applicable law(s), which may include: insurance policy number; and/or bank account number, credit card number, debit card number, and other financial, medical, and health insurance information;

- Other information voluntarily disclosed by you to us, or collected or generated by KPMG in connection with your partnership or employment relationship or the related activities in which you participate on account of your relationship with KPMG.

KPMG may process Sensitive Personal Information (as defined below) if and to the extent such processing is: (i) necessary for compliance with applicable law; (ii) specifically authorized or required by law; or (iii) of Sensitive Personal Information that is voluntarily shared by any Firm Personnel with KPMG. For the purposes of this Privacy Notice, “Sensitive Personal Information” is Personal Information that may reveal an individual’s race or ethnic origin, political opinions, health data, including genetic data, disability information, sex life, sexual orientation, religious or similar beliefs, membership in a trade union organization, and/or criminal records.

We may create de-identified or anonymized data from Personal Information by removing data components that make the data personally identifiable to you, or through obfuscation or other means. Our use of de-identified or anonymized data is not subject to this Privacy Notice.

Collection and Use of Personal Information of Family Members of Firm Personnel

KPMG may also collect certain information from or regarding the spouses, partners, dependents, and other household members of Firm Personnel (“Family Members”), such as emergency contact details and contact information and information in connection with the administration of health, medical, or other employment benefits. In addition, to comply with federal law, regulations, and professional standards, KPMG is required to collect certain information from or regarding Family Members of Firm Personnel, including certain financial information, such as brokerage account information, and certain Personal Information that we require to fulfill our obligations under applicable professional standards and laws, including, without limitation, auditor independence rules. KPMG’s collection and processing of Personal Information of Family Members of Firm Personnel is subject to KPMG’s external Privacy Statement.

Purposes of Processing Personal Information

Personal Information may be processed by KPMG for the purposes set out below:

- Managing the recruitment, onboarding, and retention of Firm Personnel;

- Administering human resource functions, including performance reviews and appraisals, personal time off, including, without limitation, sickness leave, training, internal directories and organizational charts, internal communications, professional development and continuing education tracking, social and cultural activities directly implemented by KPMG and dealing with disciplinary action, termination, and retirement of Firm Personnel;

- Planning and staffing client engagements, including, without limitation, providing resumes and descriptions of work experience and qualifications to clients and potential clients;

- Administering payroll, or partner drawing accounts and partner statements, the reimbursement of expenses, the payment of remuneration and other benefits of Firm Personnel, such as bonuses, car allowances, the booking of a flight or hotel room, loans, pensions, health insurance, life insurance, travel insurance, death-in-service benefits, and disability plans;

- Firm Personnel communications, including authorizing, granting, and administering access to or use of KPMG systems, facilities, devices, and records, including management of email accounts;

- Health, safety, and wellness of our workplace, facilities, and workforce;

- Investigating and resolving complaints, grievances, or misconduct;

- Preparing for and acting in relation to inquiries, investigations, or proceedings by governmental, administrative, judicial, or regulatory authorities or third parties, including civil litigation;

- Audit purposes and complying with policy, procedures, laws, regulations, and professional standards, including performing checks for auditor independence purposes;

- Monitoring Firm Personnel pursuant to our policies and applicable law, including those policies set forth in the Policy Center;

- Improving the delivery or quality of services or technology to KPMG’s clients (including, but not limited to, for software/machine learning, internal analytics, and benchmarking related to those services or technology);

- Alumni updates and post-employment engagement;

- Any other purposes relating to the above.

Sharing and Transfer of Personal Information

We do not share Personal Information with unaffiliated third parties, except as stated in this Privacy Notice, including as necessary for our legitimate professional and business needs, to carry out your requests, to market our services, and/or as required or permitted by law or professional standards, or otherwise with your consent.

In some instances, KPMG may share Personal Information about you with various third-party service providers and vendors working on our behalf, or to help fulfill your requests. These third parties include, for example, providers of administrative, identity management, website hosting, data analysis, data back-up, and security management services. Third parties receiving Personal Information from KPMG are obligated to protect Personal Information in accordance with their contractual obligations and data protection legislation applicable to their provision of services.

KPMG and our service providers also may use aggregated, anonymized data for research and development. As set forth above, anonymized data does not identify you individually but rather helps to identify trends in preferences and behaviors of Firm Personnel at an aggregate level.

KPMG may disclose Personal Information to address or respond to requests of, or guidance provided by, government entities, bodies, or agencies, law enforcement agencies, or other entities or organizations, such as public health agencies, authorized by, or otherwise acting or operating pursuant to the lawful direction or authority of, an international, federal, state, or local governmental body, including to meet national security or law enforcement requirements and for health and safety purposes. We may also disclose Personal Information where disclosure is required by applicable laws, court orders, government regulations, or other legal process, or where we believe disclosure is necessary or appropriate to protect the rights or safety of KPMG, Firm Personnel, or other third parties.

In the event that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information may also be shared in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the Personal Information collected by KPMG in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding Personal Information as described in this Privacy Notice.

KPMG may also need to disclose certain Personal Information in connection with audits and/or to investigate or respond to a complaint or security threat.

KPMG does not sell Personal Information to any third parties.

Further, Personal Information may be disclosed to the extent necessary for the purposes described in this Notice to the following recipients:

- Departments within KPMG, including, Human Resources, Finance, Digital Nexus, and Office of General Counsel, among others;

- Financial institutions, pension plan institutions, insurance companies, consultants, and professional advisors;

- Other service providers, such as payroll administrators, benefits providers and administrators, and information technology systems providers involved in the provision of services to KPMG and/or Firm Personnel;

- Independent public accountants and auditors, authorized representatives of internal control functions, such as audit, legal, and/or firm-wide security;

- Applicable tax authorities.

Cross-Border Collection and Transfer

We may directly collect Personal Information from or about you if you are in a jurisdiction other than the U.S. for purposes of your employment. Similarly, if you are in the U.S., we may transfer outside of the U.S. the Personal Information we collect from or about you. Regardless of where you are, we may transfer certain Personal Information across geographical borders to KPMG International, other member firms affiliated with KPMG International, or to various third party providers working on our behalf, or we may receive Personal Information in the U.S. or elsewhere transferred from another member firm affiliated with KPMG International or an unaffiliated third party. KPMG may also store Personal Information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your Personal Information as your home country. By providing your Personal Information to KPMG, you understand that your Personal Information may be collected, transferred, and/or stored in a jurisdiction other than your home country. Each member firm affiliated with KPMG International is required to safeguard Personal Information of personnel in accordance with its contractual obligations, applicable data protection legislation, policies, and applicable professional standards. Your Personal Information will only be transferred if appropriate or suitable safeguards are in place.

Privacy Shield Frameworks

The following provisions in this section apply only to Firm Personnel who are residents of the European Union and/or United Kingdom:

KPMG complies with the EU-U.S. Privacy Shield (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and United Kingdom, as applicable to the U.S. in reliance on Privacy Shield. KPMG has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles with respect to such Personal Information. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Please review our Privacy Shield Statement for information about KPMG’s data practices regarding Personal Information received from the European Union and United Kingdom pursuant to Privacy Shield. To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/.

Following recent decisions invalidating the adequacy of Privacy Shield, we no longer rely on Privacy Shield for cross-border transfers of Personal Information. As stated above, KPMG relies on the direct collection of Personal Information from individuals located outside of the U.S., or we use other bases, such as standard contractual clauses for cross-border transfers of Personal Information from another entity to us, including KPMG International and other member firms affiliated with KPMG International.

KPMG’s participation in Privacy Shield is subject to investigation and enforcement by the Federal Trade Commission. In compliance with the Privacy Shield Principles, KPMG commits to resolve all complaints about our collection or use of your Personal Information. EU or UK individuals with inquires or complaints regarding our Privacy Shield Statement should first contact Human Resources at us-hrprivacy@kpmg.com.

Should your complaint remain fully or partially unresolved after a review by KPMG, the firm has also committed to refer unresolved privacy complaints under Privacy Shield and the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the BBB EU Privacy Shield’s consumer complaint system for more information and to file a complaint. KPMG has further committed to cooperate with the panel established by the EU data protection authorities (“DPAs”) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. Should your complaint remain fully or partially unresolved after a review by KPMG, the BBB, and the DPAs, you may be able, under certain conditions, to invoke binding arbitration to resolve disputes regarding Privacy Shield compliance. For more information about remedies, please refer to Privacy Shield’s Annex I: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Rights of Firm Personnel

It is the responsibility of all Firm Personnel to provide the Human Resources Department with accurate Personal Information. If you have provided Personal Information to KPMG, under most circumstances, subject to applicable law, you have the right to reasonable access to that Personal Information to correct any inaccuracies. You can also make a request to update or remove Personal Information about you, and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. To request access to or correction, updating, or removal of your Personal Information, please contact Human Resources at us-hrprivacy@kpmg.com.

KPMGConnect.com Alumni Portal

Firm Personnel may enroll in the firm’s alumni community portal, available at KPMGConnect.com (“KPMGConnect”). KPMGConnect is a voluntary social platform to connect Firm Personnel, including retired partners and principals, alumni, and current professionals. This Privacy Notice applies to the collection and processing of Personal Information on KPMGConnect, in conjunction with its Terms of Use. The Personal Information associated with your KPMGConnect profile, including but not limited to your name, address, email address, telephone number, employment history, and your service on corporate boards and advisory councils, is visible to Firm Personnel who are enrolled in KPMGConnect, and may be made available to Firm Personnel upon reasonable request. KPMGConnect further provides registered users with the ability to set privacy preferences through its portal.

Data Security and Integrity

KPMG has, and requires its service providers to have, security policies and procedures in place to help protect Personal Information from unauthorized loss, misuse, alteration, or destruction. Despite KPMG’s efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your Personal Information to those who have a need to know. Those individuals who have access to such information are required to maintain the confidentiality of it. We also make efforts to retain Personal Information only for so long as such information is needed for legitimate business purposes or pursuant to applicable law, provided that we might in certain cases retain Personal Information for longer periods to comply with a data subject’s request to do so, or until the data subject asks that the information be deleted, as permitted by law.

KPMG seeks to limit the collection of Personal Information to information that is relevant for processing purposes. Unless otherwise required or permitted by applicable law, KPMG does not process Personal Information in a way that is incompatible with the purposes for which it is collected or authorized to use.

Links to Other Sites

Please be aware that KPMG websites, applications, and social media platforms may contain links to other sites, including sites maintained by KPMG International and other member firms affiliated with KPMG International, that are not governed by this Privacy Notice, but by other privacy statements that may differ.

KPMG is not responsible for the content or practices of these other sites. We encourage Firm Personnel to review the privacy policy of each website visited before disclosing any Personal Information.

Updates to This Privacy Notice

KPMG may update or modify this Privacy Notice from time to time to reflect our current privacy practices. When we make changes to this Privacy Notice, we will revise the "last updated" date at the top of this page. We encourage you to periodically review this Privacy Notice to be informed about how KPMG is protecting your Personal Information.

Policy Questions and Enforcement

KPMG is committed to protecting the privacy of your Personal Information. If you have questions or comments about our processing of your Personal Information, please contact the Privacy Office at us-privacy@kpmg.com. You may also use the foregoing email address, or contact KPMG’s Ethics and Compliance office at us-eandc@kpmg.com, to communicate any concerns you may have regarding our compliance with this Privacy Notice. 

KPMG LLP (U.S.)1 is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information (sometimes referred to as "personally identifiable information" or "PII") that has been collected by or provided to us through any of our websites, web-based and mobile applications, meetings and events (in-person and virtual), marketing materials and content and services that link to, post or otherwise refer to this Privacy Statement (collectively, “Activities”).

Please review this Privacy Statement to learn more about how we collect, use, share and protect the personal information that we have obtained. By engaging in Activities (e.g., using online services or visiting a KPMG office), you consent to the collection and processing of your personal information as set forth in this Privacy Statement.

• 1. Collection and Use of Personal Information
  • 1.1 Automatic collection of personal information
    • 1.1.1 IP Addresses
    • 1.1.2 Cookies
    • 1.1.3 Do Not Track
    • 1.1.4 Usage Analytics
    • 1.1.5 Web Beacons
    • 1.1.6 Location-based tools
      • 1.2 Social Media Widgets and Applications
      • 1.3 Children
• 2. Sharing and Transfer of Personal Information
• 3. Choices
• 4. Data Privacy Requests
• 5. Data Security and Integrity
• 6. Additional Disclosures for California Residents
  • 6.1 Information We Collect
  • 6.2 Purposes and Sources of Collection
  • 6.3 Disclosures of Personal Information
    • 6.3.1 Categories of Third Parties with Whom We Share Personal Information
    • 6.3.2 Disclosures of Personal Information for Business or Commercial Purposes
    • 6.3.3 Sales of Personal Information
  • 6.4 Your Privacy Rights
• 7. Additional Non-U.S. Data Subject Notices
• 8. Privacy Shield Frameworks
• 9. Links to Other Sites
• 10. Changes to This Privacy Statement
• 11. Questions and Comments

1. Collection and Use of Personal Information

We and our third-party providers (including service providers, as referred to in Section 6.2) collect the personal information that you provide when you engage in any Activities. For example, when you register for a service or attend an event, we may collect basic information about you such as your name, username, password, email address, mailing address, phone number, date of birth, and other personal and business demographic or contact information. You may also provide us with certain employment information in connection with an application for employment with KPMG. In some cases, you may have previously provided your personal information to KPMG (e.g., if you are a KPMG alum). 

We use the personal information we collect (including through the automatic collection of personal information, as described in Section 1.1) to: enable you to engage in Activities; provide you with web-based and mobile applications; communicate with you; provide you with information about KPMG’s products and services; comply with applicable laws, regulations and/or professional standards, including for auditor independence, anti-money laundering and know-your-client checks; operate, maintain and enhance any of our Activities; and fulfill your specific requests. For example, if you send us an email message requesting information about KPMG, we will use your email address and other personal information you supply to respond to your request. If you send us a resume or curriculum vitae to apply online for a position with KPMG, we will use the personal information that you provide to match you with available KPMG job opportunities. Your personal information is used only for the purposes described in this Privacy Statement, unless we (i) obtain your express permission, (ii) provide an additional privacy notice, or (iii) as otherwise required or permitted by law or professional standards.

In some cases where you have registered for certain Activities we may store your personal information temporarily until we receive confirmation of the information you provided via an email (i.e., where we send an email message to the email address provided as part of your registration to confirm a subscription request). Please note that your rights for any particular request, product or service will be determined by the notice provided with such request, product or service, and in the event of a conflict between this notice and that notice, the specific notice provided with the request, product or service shall control. 

KPMG only collects sensitive personal information when (i) you voluntarily provide us with this information, (ii) you expressly permit us to use this information, or (iii) such information is required or permitted to be collected by law or professional standards. Sensitive personal information includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual orientation or criminal record. Please use your discretion when providing sensitive personal information to KPMG or permitting KPMG to use such sensitive personal information. Do not provide sensitive personal information to KPMG or permit KPMG to use such sensitive personal information, unless you consent to (i) KPMG's use of that sensitive personal information for its business purposes, and (ii) the transfer and storage of that sensitive personal information to and in KPMG systems. 

1.1 Automatic collection of personal information

In some instances, we and our third-party providers use cookies, web beacons, wayfinding technology, Wi-Fi, Bluetooth, Global Positioning System (“GPS”) technology and other technologies (including other location-based technologies) to automatically collect certain types of personal information when you engage in our Activities (e.g., our web-based or mobile applications), as well as through email messages that we may exchange or through collaboration platforms. The collection of this personal information allows us to: customize your online experience; improve the performance, usability and effectiveness of KPMG's Activities; advertise and market our Activities; measure the effectiveness of our Activities; and generate and analyze statistics about your use of or engagement in our Activities. 

1.1.1 IP addresses

An Internet Protocol (“IP”) address is a number assigned to your Internet-enabled device (including computers and mobile devices) whenever you access the Internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for KPMG’s IT security and system diagnostic purposes. This information may also be used to maintain and improve our Activities and to generate and analyze statistics about the Activities and your engagement in them.

1.1.2 Cookies

Cookies may be placed on your Internet-enabled device whenever you engage in our online Activities. This allows our websites, applications or collaboration platforms to remember your device and serves several purposes.

For some of our online Activities, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked using this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your web browser's cookies. 

Although most web browsers automatically accept cookies, you may be able to choose whether to accept cookies via your web browser's settings. You may also be able to delete cookies from your device. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features of our online Activities.

Below is a list of the types of cookies used as part of our online Activities:

Other third-party tools and widgets may be used on our individual websites or portions of certain online Activities to provide additional functionality. Depending on how you set your preferences in your browser and/or the cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use and ensure your interaction is displayed properly.

Cookies by themselves do not tell us your personal information or otherwise identify you personally.

BY ACCESSING, USING, OR ENGAGING IN OUR ONLINE ACTIVITIES, OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR INTERNET-ENABLED DEVICE

1.1.3 Do Not Track

Our online Activities may not recognize web browser based “Do Not Track” signals. However, as discussed in Section 1.1.2, you may be able to modify your Internet-enabled device’s web browser settings to block all cookies, or to block “third-party” cookies. Cookies that we set on our online Activities are considered “first-party” cookies. Details on your ability to restrict or change the personal information that we may collect about you are listed below under the following sections of this Privacy Statement: Choice (Section 3), Access (Section 4), Additional Disclosures for California Residents (Sections 6) and Additional European Union Notices (Section 7).
 
1.1.4 Usage Analytics

KPMG uses third-party usage analytics tools as part of our online Activities, including Google Analytics, which may be subject to separate privacy policies. More information about how Google Analytics is used by KPMG can be found here: https://policies.google.com/technologies/partner-sites.

To provide website visitors with more choice on how their data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to us or to other web analytics services.

1.1.5 Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your Internet-enabled device, such as an IP address, the time the content was viewed, a web browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its third-party providers may use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies. 
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded. 

In some of our online Activities (e.g., newsletters and other communications), we and third-party providers operating on our behalf, may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to maintain and improve our online Activities and such third-parties’ services.

Please be aware that if you opt to render some web beacons unusable, you may not be able to fully experience some of the features of our online Activities.

1.1.6 Location-based tools

KPMG and its service providers may collect and use the geographical location of your Internet-enabled device (e.g., via tracking beacons, Bluetooth or GPS) in connection with certain Activities, but only with your express permission. With respect to the collection of precise information about the location of your device, once you have consented to the collection you may adjust or withdraw this permission at any time by managing your “Location Services” preferences through your device’s settings. This location data is collected for the purpose of providing you with information regarding our Activities, products and services which we believe may be of interest to you based on your geographic location, and to improve our location-based Activities, responses to requests, products and services.

Please be aware that if you opt to exercise your right to alter, or altogether turn off, location-based services on your device, you may not be able to fully experience some of the features of our Activities.

1.2 Social media widgets and applications

Our online Activities may include functionality to enable sharing via third party social media platforms (e.g., Facebook, Twitter and LinkedIn), or allow you to use your social media platform credentials to log into and access our online Activities. These social media platforms may collect and use personal information regarding your use of our online Activities (see details on “Social Sharing” cookies discussed in Section 1.1.2). Please be aware that certain personal information that you provide via such social media platforms may be collected and used by the social media platform provider and such interactions are governed by the privacy policies of those providers. We do not have control over, or responsibility for, those companies, or their use of your personal information. If you do not agree to such social media platform terms or privacy policy, do not use such social media platforms. 
In addition, our online Activities may feature blogs, forums, crowd-sourcing and other applications or services (collectively, “Social Media Features”). The purpose of Social Media Features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG Social Media Feature may be shared with other users of that Social Media Feature (unless otherwise stated at the point of collection), over whom we may have limited or no control. 

1.3 Children

KPMG understands the importance of protecting children's privacy, especially in an online environment. Our Activities are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain personal information about anyone under the age of 13, except as part of an engagement to provide professional services.

2. Sharing and transfer of Personal Information

We do not share personal information with unaffiliated third parties, except as stated in this Privacy Statement, including as necessary for our legitimate professional and business needs, to carry out your requests, to allow you to engage in our Activities, and to market our products or services, including in coordination with other service providers for joint-marketing purposes, as required or permitted by law or professional standards, or otherwise with your permission.

In some instances, KPMG may share personal information about you with various third-party providers working on our behalf. KPMG requires these entities to safeguard personal information in the same manner as KPMG.

KPMG may also disclose personal information in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, government regulations, or professional rules. In the event, that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information may also be shared in connection with the consideration, negotiation or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

KPMG does not sell personal information to third parties. KPMG and our third-party providers may use personal information in an anonymized form for research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. In addition, we may share de-identified reports on user demographics and traffic patterns, as well as de-identified information, with third parties. 

Cross-Border Collection and Transfer. We may directly collect personal information from or about you if you are in a jurisdiction other than the U.S. to provide you with services associated with the Activities. Similarly, if you are in the U.S., we may transfer outside of the U.S. the information we collect from or about you outside of the U.S. Regardless of where you are, we may transfer certain personal information across geographical borders to other member firms affiliated with KPMG International or to various third party providers working on our behalf, or we may receive personal information in the U.S. or elsewhere transferred from another member firm affiliated with KPMG International or an unaffiliated third party. KPMG may also store personal information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your personal information as your home country. By providing your personal information to KPMG, you understand that your personal information may be collected, transferred and/or stored in a jurisdiction other than your home country. Each member firm affiliated with KPMG International is required to safeguard personal information in accordance with its contractual obligations and data protection legislation applicable to its provision of services. Your personal information will only be transferred if appropriate or suitable safeguards are in place. If you are located outside of the U.S., you may have additional rights as described in Section 7. 

3. Choices

We may require you to provide certain personal information in order to receive additional information about our Activities. KPMG may also ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular Activities (e.g., an online newsletter), you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from an Activity, we will try to remove your personal information promptly, although we may require additional information or confirmation before we can process your request.

As described in Section 1.1.2, if you wish to prevent cookies from tracking you as you engage in our online Activities, you may be able to do so by changing your web browser settings on your Internet-enabled device. Note, however, that some portions of our online Activities may not work properly if you elect to refuse cookies. 

4. Data Privacy Requests

If you have submitted your personal information to KPMG, you may have the right to request, under applicable law, that KPMG provide you with reasonable access to your personal information, update or correct any inaccuracies in your personal information, or delete your personal information, and, in any such event, KPMG will make all reasonable and practical efforts to comply with your request, so long as our doing so would be consistent with applicable law, KPMG’s contractual requirements, and/or the professional standards applicable to KPMG. 

To make a Data Privacy Request, please contact us by:
- Submitting a Data Privacy Request through our webform;
- Emailing us-privacy@kpmg.com; or
- Calling toll-free at 1-844-977-1440.

5. Data security and integrity

KPMG has and requires its service providers to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration or destruction. Despite KPMG’s efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know and require those individuals to maintain the confidentiality of such information. We also make efforts to retain personal information only for so long as the information is needed for our professional, marketing or analytic purposes or to comply with legal requirements, professional standards or an individual’s request, or until that person asks that the information be deleted.

6. Additional Disclosures for California Residents
This section applies to any California residents about whom we have collected personal information as part of engaging in our Activities.

For purposes of this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household; “household” means a person or group of people who: (i) reside at the same address, (ii) share a common device or the same service provided by a business, and (iii) are identified by the business as sharing the same group account or unique identifier. Personal information does not include publicly available information or information that has been de-identified.

6.1 Information We Collect

The types of personal information we collect about you will depend on your relationship with KPMG. For example, in many cases, we may collect personal information from our business clients during an engagement to provide products and services to our clients; our collection and use of such personal information is governed by our contract with that entity. In other cases, we may collect personal information directly from consumers or households that engage in Activities. 

We may collect the following categories of personal information about you or members of your household:

- Identifiers, which may include real name and alias; postal address; unique personal identifier; online identifiers as detailed below; IP address; email address; telephone number; account number, name and password; Social Security number; driver’s license number, passport number, state or other government-issued identification card number; and/or other similar identifiers;

- Commercial information, which may include records of personal property; products or services purchased, obtained, or considered; account balances, payment history, or account activity; bank account information and other information relating to your financial institution; credit application, credit checks, and information from credit reporting agencies; and/or other purchasing or consumer histories or tendencies;

- Biometric information, which may include fingerprints; facial scans; voice recognition information; genetic information; and/or other similar biometric identifiers;

- Information relating to Internet activity or other electronic network activity, which may include cookie identifiers, clear gifs, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version and/or other device characteristics including your choice of settings such as Wi-Fi, Bluetooth and GPS data;

- Geolocation data, which may include GPS data; locational information based upon your IP address; cell network data; and/or other similar locational data;

- Audio, electronic, or visual information, which may include records of calls to or from our customer service centers; and/or video surveillance information;

- Professional or employment-related information, which may include information regarding your current and previous employers; job title and responsibilities; assets; income; and/or other information related to your work history and/or prospective employment;

- Education information, which may include academic record, degrees and educational history;

- Inferences about you, which may include 
preferences and characteristics and other information we may infer from other personal information we have collected;

- Information not listed above and related to characteristics protected under California or federal law; which may include gender; race and ethnicity; nationality; marital status; military service or veteran status; and/or date of birth; and

- Other personal information not listed above and described in the California Customer Records Act, California Civil Code Section 1798.80(e), which may include signature, physical characteristics or description, insurance policy number, bank account number, credit card number, debit card number, and/or any other financial, medical or health insurance information.

6.2 Purposes and Sources of Collection

We may collect or use personal information for the following purposes:

- Administer, maintain and improve our Activities;
- Assessing third-party providers and service providers;
- Auditing and compliance with policies, procedures, laws, regulations and/or professional standards, including for auditor independence checks;
- Billing, payment and fulfillment;
- Customer and client communications;
- Customer and client relationship management;
- Financial reporting and accounting;
- General business administration;
- Health, safety, and wellness of our workplace, facilities and workforce;
- Internal analytics and benchmarking;
- Marketing our Activities;
- Marketing the products and services of KPMG International, other member firms affiliated with KPMG International or other third parties;
- Protect against fraud and other malicious or illegal activity, including for anti-money laundering and know-your-client checks;
- Provision and performance of the services; and
- systems and data security.

We may collect personal information from the following sources, including, but not limited to via applications and forms, collaboration platforms, communications and interactions with us and through our in-person events or meetings and online Activities such as websites and mobile applications:

- Our clients and customers and prospective clients and customers, or their authorized representatives;
- Our subsidiaries, affiliates, joint ventures, and other companies under our common control (collectively, "Affiliates");
- KPMG International;
- Other member firms affiliated with KPMG International;
- Our service providers, such as customer relationship management providers, analytics providers, website hosting providers, systems administrators and communications delivery services;
- Unaffiliated third parties with which we have a business relationship and/or promotional and joint-marketing partners;
- Social media platforms providers, online communities and forums and online advertising providers and partners;
- Employees, contractors, KPMG alumni and job applicants;
- Government entities and databases, such as anti-fraud databases, sanctions list and court judgments; and
- Publicly available sources.

6.3 Disclosures of Personal Information

6.3.1 Categories of Third Parties with Whom We Share Personal Information

We may share personal information as described in this Privacy Statement, including with the following categories of third parties:

- Affiliates. We may share personal information with our Affiliates. 

- KPMG International. We may share personal information with KPMG International.

- Member Firms. We may share personal information with other KPMG member firms affiliated with KPMG International.

- Technical and Operational Service Providers and Business Partners. We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal information to our third-party business partners and service providers in order to maintain and operate the websites and provide, improve, and personalize the services, including to fulfill requests for the services and for other technical and processing functions, such as sending e-mails on our behalf, fulfilling orders, and technical support. We may also share personal information to service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats.

- Marketing, Advertising and Analytics Providers. We may share personal information with third-party providers for marketing, advertising and analytics purposes.

- Government Entities. We may share personal information with government entities and agencies, regulators, law enforcement, and other third parties, including to provide the services, comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process and to establish or exercise our legal rights or for fraud- or crime-prevention purposes.

- Professional Service Firms. We may share personal information with other professional service firms in connection with our legal, regulatory and professional obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, insurers and consultants.

- Corporate Transactions. Subject to applicable law, we reserve the right to transfer some or all personal information in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal information collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal information as described in this Privacy Statement.

6.3.2 Disclosures of Personal Information for Business or Commercial Purposes

We may have disclosed the following types of personal information to third parties or service providers for a business or commercial purpose in the previous twelve (12) months:

- Identifiers;
- Commercial information;
- Biometric information;
- Information relating to Internet activity or another electronic network activity;
- Geolocation data;
- Audio, electronic, or visual information;
- Professional or employment-related information;
- Education information;
- Inferences about you;
- Information not listed above and related to characteristics protected under California or federal law; and
- Other personal information not listed above and described in the California Customer Records Act, California Civil Code Section 1798.80(e).

6.3.3 Sales of Personal Information

We do not sell personal information and did not sell personal information in the previous twelve (12) months.

6.4 Your Privacy Rights

You may be entitled by applicable law to exercise the following rights with respect to your personal information:

- Right to Know. You have the right to request what personal information we collect, use, disclose and/or sell, as applicable.
- Right to Delete. You have the right to request that we delete the personal information that we have collected about you.
- Right to Opt-out of the Sale of Personal Information. You have the right to request to be opted-out from the sale of your personal information. However, as described in Section 
- Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above. 

You may also authorize someone to exercise the above rights on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.

To exercise any of your rights, please contact us by:

- Submitting a Data Privacy Request through our webform; 
- Emailing us-privacy@kpmg.com; or
- Calling toll-free at 1-844-977-1440. 

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a service provider, we may refer you to the business with whom you have a direct relationship in order to implement your request, pursuant to applicable law. 

In addition, the above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances, we may be unable to implement your request.

7. Additional Non-U.S. Data Subject Notices

KPMG provides our Activities in the U.S. and does not direct such activities to data subjects that are located outside of the U.S. However, in certain circumstances, we do interact with or collect personal information about data subjects outside of the U.S. In such circumstances, we typically collect personal information from data subjects outside of the U.S. through a direct collection of that information via our Activities. However, in some circumstances, personal information may be transferred to us from KPMG International, a member firm affiliated with KPMG International or an unaffiliated third party outside of the U.S. Where this applies, we typically receive your personal information because it is necessary to perform a contract or pre-contractual measures with you or because of our legitimate interests. If we receive personal information transferred by a member firm affiliated with KPMG International or an unaffiliated third party, it would typically be pursuant to the appropriate foreign regulator-approved standard contractual clauses or based on another lawful basis. To know more about additional non-U.S. data subject notices and rights, please review our Notice of Processing.

8. Privacy Shield Frameworks

KPMG complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union, United Kingdom, and Switzerland, as applicable to the U.S., in reliance on Privacy Shield. KPMG has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles with respect to such personal information. Please review our Privacy Shield Statement for information about KPMG’s data practices regarding personal information it has received from the European Union, United Kingdom, and Switzerland pursuant to Privacy Shield. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/.

Following recent decisions invalidating the adequacy of Privacy Shield, we no longer rely on Privacy Shield for cross-border transfers of personal information. As described in Section 7, we rely on the direct collection of personal information from individuals located outside of the U.S., or we use other bases, such as standard contractual clauses for cross-border transfers of personal information from another entity to us.
 
9. Links to Other Sites

Please be aware that our Activities may contain links or refer you to other websites, applications, social media platforms, collaboration platforms, products and services maintained by KPMG International, other member firms affiliated with KPMG International, or by unaffiliated third parties (collectively, “Other Sites”). Other Sites are not governed by this Privacy Statement, but by other privacy statements that may differ. KPMG is not responsible for the content or practices of these Other Sites. We encourage users to review the applicable privacy policies of these Other Sites visited before disclosing any personal information.

10. Changes to This Privacy Statement

KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy Statement to be informed about how KPMG is protecting your personal information. Your continued use after each such update is your consent to such updated terms. 

11. Questions and Comments

KPMG is committed to protecting the privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us by email at us-privacy@kpmg.com. You may also contact us to communicate any concerns you may have regarding compliance with this Privacy Statement.
 
1"KPMG,” “we,” “our,” and “us” refers to KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited (“KPMG International”), a private English company limited by guarantee. KPMG International and its related entities do not provide services to clients.

KPMG LLP (U.S.)1 is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, KPMG is committed to the appropriate protection and use of personal information (sometimes referred to as "personally identifiable information" or "PII") that has been collected by or provided to us through any of our websites, web-based and mobile applications, meetings and events (in-person and virtual), marketing materials and content and services that link to, post or otherwise refer to this Privacy Statement (collectively, “Activities”).

Please review this Privacy Statement to learn more about how we collect, use, share and protect the personal information that we have obtained. By engaging in Activities (e.g., using online services or visiting a KPMG office), you consent to the collection and processing of your personal information as set forth in this Privacy Statement.

• 1. Collection and Use of Personal Information
  • 1.1 Automatic collection of personal information
    • 1.1.1 IP Addresses
    • 1.1.2 Cookies
    • 1.1.3 Do Not Track
    • 1.1.4 Usage Analytics
    • 1.1.5 Web Beacons
    • 1.1.6 Location-based tools
      • 1.2 Social Media Widgets and Applications
      • 1.3 Children
• 2. Sharing and Transfer of Personal Information
• 3. Choices
• 4. Data Privacy Requests
• 5. Data Security and Integrity
• 6. Additional Disclosures for California Residents
  • 6.1 Information We Collect
  • 6.2 Purposes and Sources of Collection
  • 6.3 Disclosures of Personal Information
    • 6.3.1 Categories of Third Parties with Whom We Share Personal Information
    • 6.3.2 Disclosures of Personal Information for Business or Commercial Purposes
    • 6.3.3 Sales of Personal Information
  • 6.4 Your Privacy Rights
• 7. Additional Non-U.S. Data Subject Notices
• 8. Privacy Shield Frameworks
• 9. Links to Other Sites
• 10. Changes to This Privacy Statement
• 11. Questions and Comments

1. Collection and Use of Personal Information

We and our third-party providers (including service providers, as referred to in Section 6.2) collect the personal information that you provide when you engage in any Activities. For example, when you register for a service or attend an event, we may collect basic information about you such as your name, username, password, email address, mailing address, phone number, date of birth, and other personal and business demographic or contact information. You may also provide us with certain employment information in connection with an application for employment with KPMG. In some cases, you may have previously provided your personal information to KPMG (e.g., if you are a KPMG alum). 

We use the personal information we collect (including through the automatic collection of personal information, as described in Section 1.1) to: enable you to engage in Activities; provide you with web-based and mobile applications; communicate with you; provide you with information about KPMG’s products and services; comply with applicable laws, regulations and/or professional standards, including for auditor independence, anti-money laundering and know-your-client checks; operate, maintain and enhance any of our Activities; and fulfill your specific requests. For example, if you send us an email message requesting information about KPMG, we will use your email address and other personal information you supply to respond to your request. If you send us a resume or curriculum vitae to apply online for a position with KPMG, we will use the personal information that you provide to match you with available KPMG job opportunities. Your personal information is used only for the purposes described in this Privacy Statement, unless we (i) obtain your express permission, (ii) provide an additional privacy notice, or (iii) as otherwise required or permitted by law or professional standards.

In some cases where you have registered for certain Activities we may store your personal information temporarily until we receive confirmation of the information you provided via an email (i.e., where we send an email message to the email address provided as part of your registration to confirm a subscription request). Please note that your rights for any particular request, product or service will be determined by the notice provided with such request, product or service, and in the event of a conflict between this notice and that notice, the specific notice provided with the request, product or service shall control. 

KPMG only collects sensitive personal information when (i) you voluntarily provide us with this information, (ii) you expressly permit us to use this information, or (iii) such information is required or permitted to be collected by law or professional standards. Sensitive personal information includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual orientation or criminal record. Please use your discretion when providing sensitive personal information to KPMG or permitting KPMG to use such sensitive personal information. Do not provide sensitive personal information to KPMG or permit KPMG to use such sensitive personal information, unless you consent to (i) KPMG's use of that sensitive personal information for its business purposes, and (ii) the transfer and storage of that sensitive personal information to and in KPMG systems. 

1.1 Automatic collection of personal information

In some instances, we and our third-party providers use cookies, web beacons, wayfinding technology, Wi-Fi, Bluetooth, Global Positioning System (“GPS”) technology and other technologies (including other location-based technologies) to automatically collect certain types of personal information when you engage in our Activities (e.g., our web-based or mobile applications), as well as through email messages that we may exchange or through collaboration platforms. The collection of this personal information allows us to: customize your online experience; improve the performance, usability and effectiveness of KPMG's Activities; advertise and market our Activities; measure the effectiveness of our Activities; and generate and analyze statistics about your use of or engagement in our Activities. 

1.1.1 IP addresses

An Internet Protocol (“IP”) address is a number assigned to your Internet-enabled device (including computers and mobile devices) whenever you access the Internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for KPMG’s IT security and system diagnostic purposes. This information may also be used to maintain and improve our Activities and to generate and analyze statistics about the Activities and your engagement in them.

1.1.2 Cookies

Cookies may be placed on your Internet-enabled device whenever you engage in our online Activities. This allows our websites, applications or collaboration platforms to remember your device and serves several purposes.

For some of our online Activities, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked using this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your web browser's cookies. 

Although most web browsers automatically accept cookies, you may be able to choose whether to accept cookies via your web browser's settings. You may also be able to delete cookies from your device. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of the features of our online Activities.

Below is a list of the types of cookies used as part of our online Activities:

Other third-party tools and widgets may be used on our individual websites or portions of certain online Activities to provide additional functionality. Depending on how you set your preferences in your browser and/or the cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use and ensure your interaction is displayed properly.

Cookies by themselves do not tell us your personal information or otherwise identify you personally.

BY ACCESSING, USING, OR ENGAGING IN OUR ONLINE ACTIVITIES, OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR INTERNET-ENABLED DEVICE

1.1.3 Do Not Track

Our online Activities may not recognize web browser based “Do Not Track” signals. However, as discussed in Section 1.1.2, you may be able to modify your Internet-enabled device’s web browser settings to block all cookies, or to block “third-party” cookies. Cookies that we set on our online Activities are considered “first-party” cookies. Details on your ability to restrict or change the personal information that we may collect about you are listed below under the following sections of this Privacy Statement: Choice (Section 3), Access (Section 4), Additional Disclosures for California Residents (Sections 6) and Additional European Union Notices (Section 7).
 
1.1.4 Usage Analytics

KPMG uses third-party usage analytics tools as part of our online Activities, including Google Analytics, which may be subject to separate privacy policies. More information about how Google Analytics is used by KPMG can be found here: https://policies.google.com/technologies/partner-sites.

To provide website visitors with more choice on how their data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to us or to other web analytics services.

1.1.5 Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your Internet-enabled device, such as an IP address, the time the content was viewed, a web browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its third-party providers may use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies. 
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded. 

In some of our online Activities (e.g., newsletters and other communications), we and third-party providers operating on our behalf, may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to maintain and improve our online Activities and such third-parties’ services.

Please be aware that if you opt to render some web beacons unusable, you may not be able to fully experience some of the features of our online Activities.

1.1.6 Location-based tools

KPMG and its service providers may collect and use the geographical location of your Internet-enabled device (e.g., via tracking beacons, Bluetooth or GPS) in connection with certain Activities, but only with your express permission. With respect to the collection of precise information about the location of your device, once you have consented to the collection you may adjust or withdraw this permission at any time by managing your “Location Services” preferences through your device’s settings. This location data is collected for the purpose of providing you with information regarding our Activities, products and services which we believe may be of interest to you based on your geographic location, and to improve our location-based Activities, responses to requests, products and services.

Please be aware that if you opt to exercise your right to alter, or altogether turn off, location-based services on your device, you may not be able to fully experience some of the features of our Activities.

1.2 Social media widgets and applications

Our online Activities may include functionality to enable sharing via third party social media platforms (e.g., Facebook, Twitter and LinkedIn), or allow you to use your social media platform credentials to log into and access our online Activities. These social media platforms may collect and use personal information regarding your use of our online Activities (see details on “Social Sharing” cookies discussed in Section 1.1.2). Please be aware that certain personal information that you provide via such social media platforms may be collected and used by the social media platform provider and such interactions are governed by the privacy policies of those providers. We do not have control over, or responsibility for, those companies, or their use of your personal information. If you do not agree to such social media platform terms or privacy policy, do not use such social media platforms. 
In addition, our online Activities may feature blogs, forums, crowd-sourcing and other applications or services (collectively, “Social Media Features”). The purpose of Social Media Features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG Social Media Feature may be shared with other users of that Social Media Feature (unless otherwise stated at the point of collection), over whom we may have limited or no control. 

1.3 Children

KPMG understands the importance of protecting children's privacy, especially in an online environment. Our Activities are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain personal information about anyone under the age of 13, except as part of an engagement to provide professional services.

2. Sharing and transfer of Personal Information

We do not share personal information with unaffiliated third parties, except as stated in this Privacy Statement, including as necessary for our legitimate professional and business needs, to carry out your requests, to allow you to engage in our Activities, and to market our products or services, including in coordination with other service providers for joint-marketing purposes, as required or permitted by law or professional standards, or otherwise with your permission.

In some instances, KPMG may share personal information about you with various third-party providers working on our behalf. KPMG requires these entities to safeguard personal information in the same manner as KPMG.

KPMG may also disclose personal information in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, government regulations, or professional rules. In the event, that the ownership of KPMG or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by KPMG may be transferred to another company. Information may also be shared in connection with the consideration, negotiation or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

KPMG does not sell personal information to third parties. KPMG and our third-party providers may use personal information in an anonymized form for research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. In addition, we may share de-identified reports on user demographics and traffic patterns, as well as de-identified information, with third parties. 

Cross-Border Collection and Transfer. We may directly collect personal information from or about you if you are in a jurisdiction other than the U.S. to provide you with services associated with the Activities. Similarly, if you are in the U.S., we may transfer outside of the U.S. the information we collect from or about you outside of the U.S. Regardless of where you are, we may transfer certain personal information across geographical borders to other member firms affiliated with KPMG International or to various third party providers working on our behalf, or we may receive personal information in the U.S. or elsewhere transferred from another member firm affiliated with KPMG International or an unaffiliated third party. KPMG may also store personal information in a jurisdiction other than where you are based, and such jurisdiction may not provide the same level of protection for your personal information as your home country. By providing your personal information to KPMG, you understand that your personal information may be collected, transferred and/or stored in a jurisdiction other than your home country. Each member firm affiliated with KPMG International is required to safeguard personal information in accordance with its contractual obligations and data protection legislation applicable to its provision of services. Your personal information will only be transferred if appropriate or suitable safeguards are in place. If you are located outside of the U.S., you may have additional rights as described in Section 7. 

3. Choices

We may require you to provide certain personal information in order to receive additional information about our Activities. KPMG may also ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular Activities (e.g., an online newsletter), you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from an Activity, we will try to remove your personal information promptly, although we may require additional information or confirmation before we can process your request.

As described in Section 1.1.2, if you wish to prevent cookies from tracking you as you engage in our online Activities, you may be able to do so by changing your web browser settings on your Internet-enabled device. Note, however, that some portions of our online Activities may not work properly if you elect to refuse cookies. 

4. Data Privacy Requests

If you have submitted your personal information to KPMG, you may have the right to request, under applicable law, that KPMG provide you with reasonable access to your personal information, update or correct any inaccuracies in your personal information, or delete your personal information, and, in any such event, KPMG will make all reasonable and practical efforts to comply with your request, so long as our doing so would be consistent with applicable law, KPMG’s contractual requirements, and/or the professional standards applicable to KPMG. 

To make a Data Privacy Request, please contact us by:
- Submitting a Data Privacy Request through our webform;
- Emailing us-privacy@kpmg.com; or
- Calling toll-free at 1-844-977-1440.

5. Data security and integrity

KPMG has and requires its service providers to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration or destruction. Despite KPMG’s efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know and require those individuals to maintain the confidentiality of such information. We also make efforts to retain personal information only for so long as the information is needed for our professional, marketing or analytic purposes or to comply with legal requirements, professional standards or an individual’s request, or until that person asks that the information be deleted.

6. Additional Disclosures for California Residents
This section applies to any California residents about whom we have collected personal information as part of engaging in our Activities.

For purposes of this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household; “household” means a person or group of people who: (i) reside at the same address, (ii) share a common device or the same service provided by a business, and (iii) are identified by the business as sharing the same group account or unique identifier. Personal information does not include publicly available information or information that has been de-identified.

6.1 Information We Collect

The types of personal information we collect about you will depend on your relationship with KPMG. For example, in many cases, we may collect personal information from our business clients during an engagement to provide products and services to our clients; our collection and use of such personal information is governed by our contract with that entity. In other cases, we may collect personal information directly from consumers or households that engage in Activities. 

We may collect the following categories of personal information about you or members of your household:

- Identifiers, which may include real name and alias; postal address; unique personal identifier; online identifiers as detailed below; IP address; email address; telephone number; account number, name and password; Social Security number; driver’s license number, passport number, state or other government-issued identification card number; and/or other similar identifiers;

- Commercial information, which may include records of personal property; products or services purchased, obtained, or considered; account balances, payment history, or account activity; bank account information and other information relating to your financial institution; credit application, credit checks, and information from credit reporting agencies; and/or other purchasing or consumer histories or tendencies;

- Biometric information, which may include fingerprints; facial scans; voice recognition information; genetic information; and/or other similar biometric identifiers;

- Information relating to Internet activity or other electronic network activity, which may include cookie identifiers, clear gifs, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version and/or other device characteristics including your choice of settings such as Wi-Fi, Bluetooth and GPS data;

- Geolocation data, which may include GPS data; locational information based upon your IP address; cell network data; and/or other similar locational data;

- Audio, electronic, or visual information, which may include records of calls to or from our customer service centers; and/or video surveillance information;

- Professional or employment-related information, which may include information regarding your current and previous employers; job title and responsibilities; assets; income; and/or other information related to your work history and/or prospective employment;

- Education information, which may include academic record, degrees and educational history;

- Inferences about you, which may include 
preferences and characteristics and other information we may infer from other personal information we have collected;

- Information not listed above and related to characteristics protected under California or federal law; which may include gender; race and ethnicity; nationality; marital status; military service or veteran status; and/or date of birth; and

- Other personal information not listed above and described in the California Customer Records Act, California Civil Code Section 1798.80(e), which may include signature, physical characteristics or description, insurance policy number, bank account number, credit card number, debit card number, and/or any other financial, medical or health insurance information.

6.2 Purposes and Sources of Collection

We may collect or use personal information for the following purposes:

- Administer, maintain and improve our Activities;
- Assessing third-party providers and service providers;
- Auditing and compliance with policies, procedures, laws, regulations and/or professional standards, including for auditor independence checks;
- Billing, payment and fulfillment;
- Customer and client communications;
- Customer and client relationship management;
- Financial reporting and accounting;
- General business administration;
- Health, safety, and wellness of our workplace, facilities and workforce;
- Internal analytics and benchmarking;
- Marketing our Activities;
- Marketing the products and services of KPMG International, other member firms affiliated with KPMG International or other third parties;
- Protect against fraud and other malicious or illegal activity, including for anti-money laundering and know-your-client checks;
- Provision and performance of the services; and
- systems and data security.

We may collect personal information from the following sources, including, but not limited to via applications and forms, collaboration platforms, communications and interactions with us and through our in-person events or meetings and online Activities such as websites and mobile applications:

- Our clients and customers and prospective clients and customers, or their authorized representatives;
- Our subsidiaries, affiliates, joint ventures, and other companies under our common control (collectively, "Affiliates");
- KPMG International;
- Other member firms affiliated with KPMG International;
- Our service providers, such as customer relationship management providers, analytics providers, website hosting providers, systems administrators and communications delivery services;
- Unaffiliated third parties with which we have a business relationship and/or promotional and joint-marketing partners;
- Social media platforms providers, online communities and forums and online advertising providers and partners;
- Employees, contractors, KPMG alumni and job applicants;
- Government entities and databases, such as anti-fraud databases, sanctions list and court judgments; and
- Publicly available sources.

6.3 Disclosures of Personal Information

6.3.1 Categories of Third Parties with Whom We Share Personal Information

We may share personal information as described in this Privacy Statement, including with the following categories of third parties:

- Affiliates. We may share personal information with our Affiliates. 

- KPMG International. We may share personal information with KPMG International.

- Member Firms. We may share personal information with other KPMG member firms affiliated with KPMG International.

- Technical and Operational Service Providers and Business Partners. We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal information to our third-party business partners and service providers in order to maintain and operate the websites and provide, improve, and personalize the services, including to fulfill requests for the services and for other technical and processing functions, such as sending e-mails on our behalf, fulfilling orders, and technical support. We may also share personal information to service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats.

- Marketing, Advertising and Analytics Providers. We may share personal information with third-party providers for marketing, advertising and analytics purposes.

- Government Entities. We may share personal information with government entities and agencies, regulators, law enforcement, and other third parties, including to provide the services, comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process and to establish or exercise our legal rights or for fraud- or crime-prevention purposes.

- Professional Service Firms. We may share personal information with other professional service firms in connection with our legal, regulatory and professional obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, insurers and consultants.

- Corporate Transactions. Subject to applicable law, we reserve the right to transfer some or all personal information in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal information collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal information as described in this Privacy Statement.

6.3.2 Disclosures of Personal Information for Business or Commercial Purposes

We may have disclosed the following types of personal information to third parties or service providers for a business or commercial purpose in the previous twelve (12) months:

- Identifiers;
- Commercial information;
- Biometric information;
- Information relating to Internet activity or another electronic network activity;
- Geolocation data;
- Audio, electronic, or visual information;
- Professional or employment-related information;
- Education information;
- Inferences about you;
- Information not listed above and related to characteristics protected under California or federal law; and
- Other personal information not listed above and described in the California Customer Records Act, California Civil Code Section 1798.80(e).

6.3.3 Sales of Personal Information

We do not sell personal information and did not sell personal information in the previous twelve (12) months.

6.4 Your Privacy Rights

You may be entitled by applicable law to exercise the following rights with respect to your personal information:

- Right to Know. You have the right to request what personal information we collect, use, disclose and/or sell, as applicable.
- Right to Delete. You have the right to request that we delete the personal information that we have collected about you.
- Right to Opt-out of the Sale of Personal Information. You have the right to request to be opted-out from the sale of your personal information. However, as described in Section 
- Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above. 

You may also authorize someone to exercise the above rights on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.

To exercise any of your rights, please contact us by:

- Submitting a Data Privacy Request through our webform; 
- Emailing us-privacy@kpmg.com; or
- Calling toll-free at 1-844-977-1440. 

We will respond to authorized and verified requests as soon as practicable and as required by law, including any reason for denying or restricting a request. Please note that, where we have received your personal information through our business clients or where we are otherwise operating as a service provider, we may refer you to the business with whom you have a direct relationship in order to implement your request, pursuant to applicable law. 

In addition, the above rights are subject to various exclusions and exceptions under applicable laws, and under certain circumstances, we may be unable to implement your request.

7. Additional Non-U.S. Data Subject Notices

KPMG provides our Activities in the U.S. and does not direct such activities to data subjects that are located outside of the U.S. However, in certain circumstances, we do interact with or collect personal information about data subjects outside of the U.S. In such circumstances, we typically collect personal information from data subjects outside of the U.S. through a direct collection of that information via our Activities. However, in some circumstances, personal information may be transferred to us from KPMG International, a member firm affiliated with KPMG International or an unaffiliated third party outside of the U.S. Where this applies, we typically receive your personal information because it is necessary to perform a contract or pre-contractual measures with you or because of our legitimate interests. If we receive personal information transferred by a member firm affiliated with KPMG International or an unaffiliated third party, it would typically be pursuant to the appropriate foreign regulator-approved standard contractual clauses or based on another lawful basis. To know more about additional non-U.S. data subject notices and rights, please review our Notice of Processing.

8. Privacy Shield Frameworks

KPMG complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union, United Kingdom, and Switzerland, as applicable to the U.S., in reliance on Privacy Shield. KPMG has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles with respect to such personal information. Please review our Privacy Shield Statement for information about KPMG’s data practices regarding personal information it has received from the European Union, United Kingdom, and Switzerland pursuant to Privacy Shield. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/.

Following recent decisions invalidating the adequacy of Privacy Shield, we no longer rely on Privacy Shield for cross-border transfers of personal information. As described in Section 7, we rely on the direct collection of personal information from individuals located outside of the U.S., or we use other bases, such as standard contractual clauses for cross-border transfers of personal information from another entity to us.
 
9. Links to Other Sites

Please be aware that our Activities may contain links or refer you to other websites, applications, social media platforms, collaboration platforms, products and services maintained by KPMG International, other member firms affiliated with KPMG International, or by unaffiliated third parties (collectively, “Other Sites”). Other Sites are not governed by this Privacy Statement, but by other privacy statements that may differ. KPMG is not responsible for the content or practices of these Other Sites. We encourage users to review the applicable privacy policies of these Other Sites visited before disclosing any personal information.

10. Changes to This Privacy Statement

KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy Statement to be informed about how KPMG is protecting your personal information. Your continued use after each such update is your consent to such updated terms. 

11. Questions and Comments

KPMG is committed to protecting the privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us by email at us-privacy@kpmg.com. You may also contact us to communicate any concerns you may have regarding compliance with this Privacy Statement.
 
1"KPMG,” “we,” “our,” and “us” refers to KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited (“KPMG International”), a private English company limited by guarantee. KPMG International and its related entities do not provide services to clients.