Online Privacy Statement

To view the French version of this statement, click here.

In accordance with Law n°1.565 of the 3rd December 2024 and the General Data Protection Regulation (EU) 2016/679 ("GDPR"), KPMG is committed to the protection and confidentiality of personal data.

The terms "KPMG", "we", "us" and "our" refer to KPMG GLD et Associés S.A.M. ("KPMG GLD et Associés Monaco" or "KPMG Monaco"), a Monegasque public limited company that is a member of the KPMG network of independent firms affiliated with KPMG International Limited ("KPMG International"), a private company limited by guarantees under English law and/or KPMG Multi Family Office S.A.M. ("KPMG Multi Family Office",  "KPMG MFO Monaco" or "KPMG Monaco"), a Monegasque public limited company, member of the KPMG network of independent firms affiliated with KPMG International Limited ("KPMG International"), a private company limited by guarantees under English law.

KPMG Monaco is committed to preserving the confidentiality of data and protecting the data entrusted to it. KPMG is committed to implementing an adequate level of protection for personal data collected online from users.

In general, we seek to collect only personal data voluntarily provided by users of our websites, in order to provide them with information and/or services, or to provide them with information about job vacancies within the KPMG network.

The user acknowledges and accepts that the use of the Internet network involves risks and takes the necessary measures to protect his or her equipment. KPMG cannot be held liable for any damages resulting from this. KPMG strives to provide continuous access to its websites. However, KPMG may suspend or terminate access to its websites at any time without notice. KPMG cannot be held liable in the event of lack of access to one or more of its websites.

Please review this Online Data Privacy Statement to learn more about how we collect, use, share, and protect your personal data. 

In this policy we would like to explain, in all transparency, the way your data is treated by KPMG when you visit our Sites. We explain the reasons for collecting your personal data, the categories of data used, who has access to your personal data and the period for which your personal data is stored. 

This document also contains information relating to your rights and how you can exercise them.

This policy is intended for users of our websites and does not relate to the processing of data relating to customers, prospects, suppliers, partners, service providers or candidates.
For more information, please consult our general privacy policy by clicking here.

Personal data means all information relating to you as an individual. You are identifiable once such data is collected. An individual may be identified by a single item of data (your surname, for example) or by combining several items of data.

We may share your personal data with other KPMG network member entities in connection with international commitments and with KPMG International and other member entities when necessary or desirable to comply with our legal and regulatory obligations around the world.

As part of its engagements, KPMG acts by nature as a Data Controller. In this sense, we determine the main purpose of the use of personal data and decide on the means used to achieve this purpose. In the course of providing its services, KPMG may use suppliers or service providers who will act as Processors.

When performing our engagements, KPMG may be required to act as Data Processor within the meaning of the provisions of Articles 4 and 28 of the GDPR and Chapter IV of Law n°1.565. KPMG will then process your personal data on behalf of the Data Controller and on its instructions only. Appropriate technical and organisational measures are implemented so that the processing meets the requirements of the GDPR and Law n°1.565 by guaranteeing your rights. A contract governs our relationship with the Controller and incorporates all the provisions required under Article 28 of the GDPR and Article 26 of Law n°1.565.

We obtain personal data about you when you choose to provide it to us, for example when you contact us by email or register on our websites to receive certain services. In some cases, you may also have previously provided personal data about yourself to KPMG (e.g. if you are a former employee).

When you decide to register or log in to KPMG's websites using a third-party single sign-on service that authenticates your identity and connects your social media credentials (such as LinkedIn, Google or Twitter) to the KPMG website, we collect from the social network provider the data and content necessary for the registration or login you have authorised,  like your name and email address. The other data we collect depends on the privacy settings you have set with your social media provider, so we encourage you to review the privacy policy applicable to the relevant service.

By registering and/or providing personal data to KPMG, you also agree to the use of such personal data in accordance with this Online Data Privacy Statement. We do not use your personal data for any other purpose unless we obtain your consent to do so, or as permitted or required by law or professional standards. For example, if you register on a KPMG website and provide data about your preferences, we will use it to personalise your user experience.

If you register or log in using a third-party single sign-on service, we may also identify you as a single user across all the devices you use, in order to personalise your user experience on all other KPMG websites you visit. If you have sent us your curriculum vitae (CV) to apply online for a job offer within the KPMG network, we will use the personal data you have provided to us to consider your application and/or to provide you with job offers at KPMG which match your profile.

In some cases, when you register for certain services, we may temporarily retain your email address until we receive confirmation of the information you have provided to us by email (i.e., when we send an email to the email address provided when you registered to confirm your subscription).

What data do we process when you browse our Sites?

When you browse our Sites, send a request form or sign on to your user account, KPMG processes: 

• Personal data memorised by cookies and tracking cookies,
• Identification (title, surname, first name, photograph),
• Contact details (professional email address, mailing address, telephone number),
• Data on your work (company/entity, position held),
• Data to process your request (type of request and details).

When you apply for one of our employment opportunities, KPMG processes: 

• Data on your academic credentials, professional background and experience (CV, cover letter, education, institution, type of diploma, graduation date),
• Data available on your LinkedIn account,
• Financial data (salary expectations),
• Your preferences (available start date, interest in opportunities in another region).

No sensitive data under Article 9 of the GDPR and Article 2 of Law n°1.565 is collected intentionally. However you may send us such data when filling out a form or attending one of our events (for example, a particular diet that reveals your religious beliefs or food allergies). In deciding to provide sensitive personal data in this way, you consent for it to be collected and processed.

In general, KPMG only collects personal data that is necessary to respond to your requests. When we request additional optional data, you will be informed at the time of collection. Under the Laws in Monaco and Europe we are permitted to process personal data provided there is a valid legal basis for doing so. We are also obligated to inform you about the nature and purpose of this processing.

Therefore, when we process your personal data, we will rely on one of the following legal basis:

In the context of a contract: where the processing of your personal information is necessary to perform our obligations for a contract to which you are a party.

Obligations imposed by law: when we are required to process your personal data to comply with a legal obligation, including for archiving purposes in order to comply with our tax obligations, or to disclose information to a public body or law enforcement authority.

Legitimate interests: We will process your personal data if it is in our legitimate interests to do so, in order to best manage our business affairs in accordance with the law, and to the extent that such interest does not override your own interests.

Your consent: In some cases, we will ask you for specific permission to process some of your personal information, and we will process it only for the purposes to which you have consented. You have the option to withdraw your consent at any time by contacting KPMG Data Protection Officer (mc-privacy@kpmg.mc).

Examples of "legitimate interests" referred to above:

• Provide information and/or services to visitors to our websites or provide information about employment opportunities,
• Prevent fraud or criminal activity and safeguard our computer systems (IT),
• Personalise your online user experience and improve the performance, usability and efficiency of KPMG's online presence,
• To carry out and measure the effectiveness of our marketing activities,
• Fulfill our corporate social responsibility obligations.

In some cases, and to the extent expressly provided for or permitted by law, the personal data we collect may include special categories of data, such as information relating to diversity (including information concerning an individual's race, ethnic origin, religious beliefs and other similar signs of membership, trade union membership, and data concerning a person's sex life or sexual orientation physical data), health data or data relating to offences.

In some cases, KPMG and its service providers use cookies, web beacons and other technologies to automatically collect certain types of data when you visit our online sites, and in connection with emails we may exchange. Collecting this data allows us to personalise your online experience, improve the performance, usability and effectiveness of KPMG's online presence, and measure the effectiveness of our marketing activities.

3.1.1. IP addresses

An IP address is an address assigned to your computer every time you access the Internet. This allows computers and servers to recognise and communicate with each other. The originating IP addresses of our visitors may be collected for the purposes of security and diagnosis of computer systems.  We may also use this aggregated data to analyse trends and performance on our websites.

3.1.2. Cookies

When you browse our Sites, cookies may be left and stored on your device This allows the site to remember your computer or device and thus allow cookies to serve several purposes.

Some of our sites display an information banner that asks for your consent to the collection of cookies. If you refuse, we will not be able to track your computer or connected device for marketing purposes.

However, a second type of cookie, "user input" cookies, is still necessary for the performance of certain functionalities. The information banner does not allow you to block them. Your decision is stored in a cookie that is stored for 90 days.

You can revoke your choice at any time by deleting the cookies from your browser. While most browsers automatically accept cookies, you can decide whether or not to accept them in the settings of your browser (most often, in the browser's Tools or Preferences menu). You can also delete cookies from your devices at any time.

However, you should understand that if you refuse cookies, you will not be able to take full advantage of certain features of our sites.

Below is a list of the types of cookies used on our sites:

We may use other third-party tools and widgets on our various web pages to provide you with additional functionality. If you use these tools and widgets, cookies may be stored on your device to facilitate the use of these services and to ensure that your interactions on our website pages are displayed correctly.

These cookies do not allow us to obtain your email address or identify you personally. Our analytics reports allow us to obtain other identifiers, such as IP addresses, but only for the purpose of determining the number of unique visitors to our websites and geographic trends of those visitors, and not to identify individual visitors.

When you browse our sites or enter your credentials to access restricted areas for registered users, you agree that we may store these cookies on your computer or connected device.

KPMG uses Google Analytics. More information on how KPMG uses Google Analytics can be found here:

Terms of Service | Google Analytics – Google

To provide website visitors with more choices about how their data is collected by Google Analytics, Google has developed a Google Analytics opt-out browser add-on. This add-on communicates with the Google Analytics JavaScript (ga.js) to tell it not to send data about this site to Google Analytics. The Google Analytics Opt-Out Browser Add-on does not prevent data from being sent to the site itself or to other web analytics services.

A web beacon is a small image file of a web page that can be used to collect certain data from your computer, such as the IP address, the time of view of content, the type of browser and the existence of cookies previously stored by the same server. KPMG only uses web beacons in accordance with applicable law.

KPMG or its vendors may use web beacons to monitor the effectiveness of third-party sites that provide recruitment or marketing services to KPMG, or to collect aggregated visitor statistics and manage cookies.

You have the option to make certain tags unusable by refusing cookies. The web beacon will then still record an anonymous visit from your IP address, but no data cookies will be stored.

For some newsletters and other communications, we may monitor the actions of recipients, such as the open rate of emails, by means of links embedded in the messages. We collect this data to gauge interest in our communications and improve subsequent user experiences.

KPMG may collect and use data about the geographic location of your computer or mobile device. This location data is collected in order to provide you with information about services that may be of interest to you and to improve our location-based products and services.

KPMG's sites may include features to enhance sharing by third-party social media applications, such as the Facebook Like button or the Twitter widget. These social media applications may collect and use data about your use of KPMG's sites (for more information, please refer to the "Social Media Sharing" section of the cookie table above). The personal data you provide through these social media applications may be collected and used by other members of these applications. These interactions are governed by the data protection policies of the companies providing the application. We have no control over, and are not responsible for, the use of your data by these companies.

In addition, KPMG's Sites may host blogs, forums, applications, and collaborative and other finance services (collectively, "Social Media Features"). These social media features are intended to facilitate the sharing of knowledge and content. The personal data you provide through KPMG's social media features may be shared with other users of those features (unless otherwise specified at the point of collection), over whom we have no or only limited control.

KPMG understands the importance of protecting children's privacy, especially online. As such, our websites were not intentionally designed for or intended for children under the age of 13. It is our policy to never knowingly collect or maintain data from minors under the age of 13 unless it is necessary as part of a commitment to provide professional services.

Are any wholly automated decisions made using your personal data?

A wholly automated decision is one based solely on algorithms applied to your personal data, without any human involvement.

No processing of personal data carried out by KPMG involves wholly automated decision-making. While in some cases algorithms may be applied to your data to facilitate decision-making, KPMG systematically reviews the decision to ensure that it is fair, equitable and objective.

Should an automated decision-making process be set up, when KPMG collects your data, and at any other moment upon your request, KPMG undertakes to inform you of the process, the rationale behind it, and foreseen consequences. You would also have the right to human involvement to express your viewpoint and dispute the decision.

Who can access the data we collect when you browse our Sites?

The following persons are authorised to access your personal data when you browse our Sites: 

• KPMG network member firms,
• Authorised persons from our Marketing & Communications department in connection with communication campaigns (service offers, newsletter, events),
• Authorised persons from KPMG Academy,
• Individuals involved in the recruitment process who are so authorised at KPMG (recruitment department, future manager and his or her team),
• KPMG employees and partners you contact through online forms,
• Our suppliers, partners and service providers, if needed by us.

Is your personal data transferred outside the European Economic Area (EEA) or out of countries listed as adequate?

KPMG favours the European Economic Area (GDPR) and countries listed as adequate (Law n°1.565: list-of-countries-with-a-level-of-adequate-protection) for the processing of personal data entrusted to it.

The personal data entrusted to us may, however, be transferred to:

• Other member firms of the KPMG international network

There are KPMG member firms in more than 150 countries around the world. They may receive your personal data for administrative reasons or to carry out some of our services. As a result, your personal data may be transferred to countries outside adequate countries that do not offer an adequate level of protection recognised by the APDP.

In the event of such a transfer, KPMG is committed to complying with the appropriate safeguards set forth in Article 46 of the GDPR and Article 98 of Law n°1.565 by means of a document ratified by the entire KPMG network and providing a framework for transfers within the KPMG network. The document reflects the regulatory requirements modified by the “Schrems II” ruling, including the modernised standard contractual clauses for data transfers released by the European Commission on 4 June 2021, and resulting requirements such as Transfer Impact Assessments.

To learn more about the entities that are members of the KPMG international network, click here.

• Our suppliers, partners and service providers

In the context of the performance of the services, KPMG may share your personal data with suppliers, partners and service providers (e.g. suppliers of IT technologies, cloud hosting solutions, website maintenance). If these third parties are located outside the European Economic Area, your personal data may be transferred to a country that does not offer a level of protection deemed sufficient by the European Commission.

In the event of such a transfer, KPMG is committed to complying with the appropriate safeguards set forth in Article 46 of the GDPR and Article 98 of Law n°1.565, including the standard contractual clauses adopted and published by the APDP.

Finally, if the agreement between us stipulates that personal data entrusted to us must be located in a certain geographical region, we undertake not to modify it without your prior agreement.

How long do we keep the data we collect?

The personal data collected or entrusted is kept for a period of time in accordance with the legal provisions governing KPMG's activities in Monaco, plus the limitation periods provided for by law.

At the end of the retention period, the documents or files are securely deleted in accordance with our policies.

Generally, you are not asked to provide any personal data to KPMG online, and we may ask you to provide certain personal data in order to provide you with additional information about our services and events. KPMG may also ask for your consent to certain uses of your personal data, which you can choose to give or refuse. If you request specific services or communications, such as e-newsletters, you may unsubscribe at any time by following the instructions contained in each communication. If you decide to unsubscribe from a service or communication, we will ensure that we delete your data promptly, but we may need additional information before we can process your request.

As mentioned in the "Cookies" section above, if you do not want cookies to track your browsing on our sites, you can set your browser to refuse all cookies, or to notify you that a cookie has been sent. You should understand, however, that some parts of our site may not function properly if you choose to decline cookies.

What are your rights to control your personal data and how can you exercise them?

What are your GDPR rights?

In accordance with the regulation in force, KPMG enables you to exercise your rights:

• Right of access (Art. 15 of the GDPR)
  You can ask us whether or not we have any data concerning you, and to send it to you to verify the content and whether or not it is accurate.
• Right to rectification (Art. 16 of the GDPR)
  You can ask us to rectify incorrect or incomplete information concerning you.
• Right to erasure or “right to be forgotten” (Art. 17 of the GDPR)
  You can ask for personal data concerning you to be erased.
• Right to restriction of processing (Art. 18 of the GDPR)
  You can ask for the use of some of your personal data to be temporarily suspended.
• Right to data portability (Art. 20 of the GDPR)
  You may receive part of your data in an open, commonly used format in order to transfer it to a third party of your choice, in order to reuse it for other purposes.
• Right to object (Art. 21 of the GDPR)
• At any moment, you may object to KPMG's use of some of your data.
• Right to withdraw consent (Art. 7 of the GDPR)
• If KPMG uses your personal data with your prior consent, you may withdraw this consent at any time. After you withdraw your consent, KPMG will no longer use your data.
• Right to “digital death” (Art. 85 of the French Act on Data Processing, Data Files and Individual Liberties)
  You can give instructions regarding the storage, erasure and communication of your personal data after your death.
• Right to file a complaint with the CNIL (Art. 12 GDPR)

What are your rights under Law n°1.565 (Chapter 3)?

• Right to information: a person must be informed in a clear and comprehensible manner about the use of his or her personal data, i.e. what data is collected, by whom and for what purpose.
• Right of access: a person may ask a controller to confirm that personal data concerning him or her has been processed, and if so, to provide it in a legible and understandable form (copy of the personal data being processed).
• Right to rectification: a person may request, upon providing supporting documents, that data that is inaccurate or incomplete be rectified or completed.
• Right to erasure: a person may obtain, in cases precisely defined by law, that his or her data be erased, whether or not it is public.
• Right to restriction of processing: a person can report certain personal data to the controller so that they are temporarily no longer processed, except for their storage.
• Right to object: a person may object to his or her data being used by a controller for a specific purpose, for example when the processing is based on a reason of public interest or the legitimate interest of the controller.  To do so, it must put forward "reasons relating to its particular situation", except in the case of commercial prospecting, which it can oppose without reason.
• Right to data portability: a person may, under certain conditions provided for by law, obtain from a data controller the personal data that he or she has provided in a structured, commonly used and machine-readable format. In this way, it will be able to easily reuse this data and, if they wish, have the data transmitted to another controller.
• Right not to be subject to an automated individual decision: a person may not be subject to a decision that is based exclusively on automated processing, without any human intervention when the decision produces legal effects with regard to the data subject or significantly affects him/her.

In the event that you become aware of a breach in the processing of your personal data, we invite you to contact us at mc-privacy@kpmg.mc so  that KPMG can process your request as soon as possible. In any event, you have the right to file a complaint with the personal data protection authority (APDP) in Monaco.

How to exercise your rights?

• You can exercise your rights and send us a complaint through our dedicated form, at mc-privacy@kpmg.mc.
• If you have any questions or comments about this Privacy Policy, you can contact our Data Protection Officer at mc-privacy@kpmg.mc.

What are KPMG's rights and obligations?

KPMG has one month to reply after it receives your request to exercise a right. It is possible to extend this delay in certain justified circumstances. If this happens, we will inform you of this delayed reply and explain why within one month of receiving your request. When you make your request, you will be asked to provide ID to keep your data secure and confidential.

KPMG may reject your request to exercise your rights in the cases provided for in the regulations (unfounded request, infringement on third party rights, compliance with a confidentiality obligation, etc.). If this happens, we will explain our refusal.

Finally, KPMG reserves the right not to reply to requests that are manifestly unfounded or excessive because of their number or repetitive or systematic nature.  

How do we protect your personal data?

KPMG has put in place reasonable security procedures and policies to protect personal data from unauthorised misuse, loss, alteration or destruction. Despite all the efforts made by KPMG, absolute protection against all threats cannot be provided. We strive to ensure that access to your personal data is limited to only those who need to know it. Persons with access to the data are obliged to treat them confidentially.

Additionally, to guarantee a high level of data protection, KPMG systematically analyses the risks pertaining to all personal data processing operations implemented. If it finds data processing operations that are likely to result in a high risk to your rights and freedoms, KPMG conducts an in-depth analysis to reduce the level of risk and guarantee your privacy. This analysis is called a “data protection impact assessment” (DPIA), as described in Article 35 of the GDPR and Article 35 of Law n°1.565.

You should be aware that KPMG sites may contain links to other sites, including sites operated by other firms that are members of the KPMG network that are not subject to this Online Data Privacy Statement, but by other policies that may be materially different. We invite users to consult the data protection policy of each website consulted before providing any personal data.

When you register on one of KPMG's sites and then navigate to another KPMG site without logging out, you agree to the use of your personal data in accordance with the KPMG Online Data Privacy Statement that you are viewing.

KPMG may change this Online Data Privacy Statement periodically to reflect changes in our online data privacy practices. When we change this Online Data Privacy Statement, we will also change the "Last Updated" date at the top of this page. Any changes in the way we process personal data as described in this Online Data Privacy Statement will be communicated to you by appropriate means, depending on how we usually communicate with you. We encourage you to regularly review this Online Data Privacy Statement to be informed on how KPMG is protecting your data.