^{Slovenská verzia Všeobecných informácií o ochrane osobných údajov je dostupná na nasledovnej adrese.}

Dear Data Subject,

We would like to inform you about how and for what purpose we, as individual or joint data controllers , process your personal data  and as well as about your rights under the relevant data protection legislation. In case of any questions or when exercising your rights under relevant data protection legislation please contact directly our Data Protection Officer through the contacts listed below. Our goal is to protect privacy, confidential information and personal data entrusted to us. We are committed to ensure appropriate security and use of personal data.
 

More detailed information on how we process your personal data can be found in the following sections: 
 

• 1. Executive search services
• 2. Direct marketing
• 3. Subject of the registry and accounting records
• 4. Third parties
• 5. Visitors
• 6. Legal representative – Proxy
• 7. External events participants and subjects of external KPMG communication
• 8. Applicant
• 9. Employee
• 10. Contractual partners (natural persons) and employees of the contractual partners
• 11. Clients of tax and advisory services
• 12. Clients of audit and advisory services
• 13. Clients of legal services
• 14. General Information
  • 14.1. Identity and contact details of the controller and DPO
  • 14.2.Collection and use of personal information
    • 14.2.1. What information we collect 
    • 14.2.2. Overview of processing (agendas, purposes, legal bases)
    • 14.2.3 The legal grounds we have to use your personal information
    • 14.2.4. Automatic collection of personal information
      
      • 14.2.4.1 IP addresses
      • 14.2.4.2 Cookies
      • 14.2.4.3 Google Analytics
      • 14.2.4h.4 Web beacons
      • 14.2.4.5 Location-based tools
    • 14.2.5 Social media widgets and applications
    • 14.2.6 Children
  • 14.3. Choices
  • 14.4  Access Your rights
  • 14.5. Links to other sites
• 15. Sharing and transfer of personal data
  • 15.1 Transfers to third parties
• 16. Data security and integrity
• 17. Changes to this policy
• 18. Policy questions and enforcement
• 19. Valuation Services
• 20. Users of KPMG Websites 

We might use sections above as more specific privacy notices that are more relevant and informative in certain situations. The above specific sections prevail over the information provided here and/or provide more detailed information. However, these specific privacy notices all form part of this General Privacy Policy and should always be read and understood in conjunction with it.

Please note that information not found in specific privacy notices can still be found here or in other specific sections (and vice versa). See in particular Section 14. (General Information) and Section 15. (Sharing and transfer of personal data) below that have a general application. 
 

14. General Information

14.1. Identity and contact details of the controller and DPO 

By referring to "KPMG," "we," "our," and "us" we refer to the following companies acting either individually as data controllers or jointly as joint controllers: (i) KPMG Slovensko Advisory, k.s., (as the main contact point) with its registered seat: Dvořákovo nábrežie 10, 811 02 Bratislava, Business Identification No.: 31 403 417, registered with the Commercial Register of Municipal Court Bratislava III, Section: Sr, Insert No.: 272/B, (ii) KPMG Slovensko spol. s r.o., with its registered seat: Dvořákovo nábrežie 10, 811 02 Bratislava,  Business Identification No.: 31 348 238, registered with the Commercial Register of Municipal Court Bratislava III, Section: Sro, Insert No.: 4864/B, (iii) KPMG Legal s.r.o., with its registered seat: Dvořákovo nábrežie 10, 811 02 Bratislava, Business Identification No.: 47 238 623, registered with the Commercial Register of Municipal Court Bratislava III, Section: Sro, Insert No.: 81210/B, (iv) KPMG Valuation s. r. o., with its registered seat: Dvořákovo nábrežie 10, 811 02 Bratislava, Business Identification No.: 44 744 820, registered with the Commercial Register of Municipal Court Bratislava III, Section: Sro, Insert No.: 58279/B.

Exact position (controller vs. joint controller) of a given entity is explained in relation to each purpose specifically in Section 14.2.2 below. For contacting us, please use the above postal addresses or the following email for general queries: kpmg@kpmg.sk.

All the above KPMG entities appointed and use the same internal Data Protection Officer (“DPO”). DPO is your contact point for any data subject requests and queries. DPO’s contact details are:

KPMG Data Protection Officer
KPMG Slovensko Advisory, k.s.
Dvořákovo nábrežie 10, 811 02 Bratislava
privacy@kpmg.sk
 

14.2. Collection and use of personal information

14.2.1 What information we collect

In general, we obtain personal information about you if you choose to provide it — for example, to contact mailboxes or to register for certain services. In these cases, the provision of personal data is strictly voluntary and is not required by law. Consequence of not providing the information might be that we cannot contact you, send you communication or you might not use certain services. In some cases, you may have previously provided your personal data to KPMG (if, for example, you are a former employee). In case where you sign a contract with KPMG, provision of the personal data is a contractual requirement, and KPMG might be required by law to collect such information. There might also be a legal requirement to provide information to us irrespective of whether a contract is signed. Consequence of not providing the information might be a breach of contract or inability to fulfil the contract or legal obligations. More specific information about provision of personal data to us can be found in specific sections above.

If you choose to register or login to a KPMG web site using a third party single sign-in service that authenticates your identity and connects your social media login information (e.g., LinkedIn, Google, or X (formerly Twitter)) with KPMG, we will collect any information or content needed for the registration or log-in that you have permitted the social media provider to share with us, such as your name and email address. Other information we collect may depend on the privacy settings you have set with your social media provider, so please review the privacy statement or policy of the applicable service. By registering and/or submitting personal information to KPMG, you are also acknowledging that KPMG may use of this information in accordance with this General Privacy Policy. Your personal information is not used for other purposes, unless we obtain your permission, or unless otherwise required or permitted by law or professional standards. For example, if you register to a KPMG web site and provide information about your preferences we will use this information to personalize your user experience. Where you register or login using a third party single user sign-in we may also recognize you as the same user across any different devices you use and personalize your user experience across other KPMG sites you visit. If you send us an email message requesting information about KPMG, we will use your email address and other information you supply to respond to your request. If you send us a resume or curriculum vitae (CV) to apply online for a position with KPMG, we will use the information that you provide to match you with available KPMG job opportunities. Or, if you are an unsuccessful candidate or you are a leaving us an employee, we may keep and process your data for 1 year, if you provide us with your consent. See more specific information in Section 8 (Applicant) and Section 9 (Employee – exit interviews) above. 

In some cases where you have registered for certain services we may store your email address temporarily until we receive confirmation of the information you provided via an email (i.e. where we send an email to the email address provided as part of your registration to confirm a subscription request).

14.2.2 Overview of processing  (agendas, purpose, legal bases)

This table provides an overview of personal data processing at KMPG structured in relation to the specific agendas and purposes of processing: 

Agenda	Purpose of processing	Legal basis	Our position
1.      Executive search	Creation of a database of potential job candidates and consequently a direct search for a suitable candidate to fill a vacancy in an organization that is a client of KPMG, as a part of our service Executive search	Legitimate interest and consent	Data controller (KPMG Slovensko spol. s r.o.)
2.      Direct Marketing	Direct marketing of our services	Legitimate interest and consent	Joint data controllers (all KPMG entities)
3.      Subject of the registry and accounting records	Maintenance of accounting and management of registry records of KPMG member firms	Legal obligation	Joint data controllers (all KPMG entities)
4.      Whistleblowing	Fulfilment of our statutory obligations of the controller related to whistleblowing	Legal obligation	Joint data controllers (all KPMG entities)
5.      Insider trading	Fulfilment of statutory obligations of the controller related to measures to prevent insider trading with the aim to ensure integrity of financial markets in the EU	Legal obligation	Joint data controllers (all KPMG entities)
6.      Protection of the rights and Interests of the Controller or a third party	Protecting rights and interests of KPMG member firms or a third party	Legitimate interest	Joint data controllers (all KPMG entities)
7.      Exercising the rights of a Data Subject	To facilitate the exercise and actual exercise of the rights of the data subject in the area of personal data protection	Legal obligation	Joint data controllers (all KPMG entities)
8.      Internal quality and risk management	Performing internal controls, the subject of which is internal risk assessment and quality assurance and compliance with professional standards in the provision of service	Legitimate interest	Joint data controllers (all KPMG entities)
9.      Registration of visitors	To protect against unauthorised entry, to protect property, financial and other interest of KPMG member firms	Legitimate interest	Joint data controllers (all KPMG entities)
10. Monitoring system	Protection of rights and interest of the controller or a third party, to protect property, financial and other interest of KPMG member firms	Legitimate interest	Joint data controllers (all KPMG entities)
11. Statutory obligations	Fulfilment of statutory obligations of KPMG member firms listed below (e.g. listing of persons authorized to act on behalf of KPMG member firms in the relevant public and non-public registers, notification of changes to the relevant registries, registration of relevant part of executive body as ultimate beneficial owners of KMPG member firms)	Legal obligation	Joint data controllers (all KPMG entities)
12. Participants in external events	Organizing and realization of an external event organized by KPMG member firms and informing participants and the public about the planed event	Legitimate interest	Joint data controllers (all KPMG entities)
13. Subjects of External communication	Informing the public about the various facts and events that help promote services of KPMG member firms and develop KPMG brand.	Legitimate interest and consent	Joint data controllers (all KPMG entities)
14. Applicant	Including you into job applicants database of the KPMG member firms with the aim to fill the vacant positions.	Consent	Joint data controllers (all KPMG entities)
15. Payroll and personal agenda	Fulfilment of the employer's obligations related to the employment relationships, to the relationships on the basis of agreements on work performed outside the employment relationship and including pre-contractual relations of employees; settlement of wages and all related transactions; assessing the required level of reliability and integrity of the employee before his/her onboarding in the context of the nature of the work to be performed	Legal obligations, contract performance and legitimate interest	Joint data controllers (all KPMG entities)
16. Benefits	Providing benefits to KPMG member firms employees, their family members and close person	Legitimate interest	Joint data controllers (all KPMG entities)
17. Exit interviews	Conducting exit interviews	Consent	Joint data controllers (all KPMG entities)
18. Employees of contractual partners	Providing service by one of KPMG member firms based on contract with your employer (i.e. you as a Data Subject are not a party to a contract to which the processing activity relates)	Legitimate interest	Joint data controllers (all KPMG entities)
19. Contractual partners – natural persons	Providing services by one of the KPMG member firms based on contract concluded with you	Contract performance	Joint data controllers (all KPMG entities)
20. Tax services	Providing tax advisory services by KPMG Slovensko Advisory under a contract with a client	Legal obligation	Data controller (KPMG Slovensko Advisory, k.s.)
21. Specialized advisory services	Providing advisory services (other than the statutory audit) by KPMG Slovensko Advisory under a contract with a client (i. e. you as a Data Subject, are not a party in the relationship to which the processing activity relates)	Legitimate interest and consent	Data controller (KPMG Slovensko Advisory, k.s.)
22. AML Procedures	Fulfilment of obligations of the controller in the area of anti-money laundering	Legal obligation	Joint data controllers (all KPMG entities)
23. Statutory Audit Services	Providing statutory audit services by KPMG Slovakia under a contract with a client	Legal obligations	Data controller (KPMG Slovensko spol. s r.o.)
24. Advisory services	Providing advisory services (other than the statutory audit) by KPMG Slovakia under a contract with a client (i. e. you as a Data Subject, are not a party in the relationship to which the processing activity relates).	Legitimate interest	Data controller (KPMG Slovensko spol. s r.o.)
25. Education Activities - KPMG Business Institute	Providing services of educational activities, which we provide as part of our KPMG Business Institute services.	Legitimate interest	Joint data controllers (KPMG Slovensko spol. s r.o. and KPMG Slovensko Advisory, k.s.)
26. Legal services	providing legal services by KPMG Legal under an agreement on providing legal services concluded with a client.	Legal obligations	Data controller (KPMG Legal, s.r.o.)
27.  Internal communication and internal events	Internal communication and organizing internal events of KPMG member firms	Legitimate interest	Joint data controllers (all KPMG entities)

The above agendas are in more detail explained in Section 1 to Section 13 above. Where KPMG entities act as joint controllers, they do so based on the joint controller’s agreement concluded pursuant to the Article 26 GDPR. Such agreement is available to all personnel internally via intranet and its essence is as follows. Joint controllers shall:

• process personal data for the same purpose, while this purpose is specified in this General Privacy Policy;
• cannot unilaterally decide on other or further purposes of joint processing without the agreement of other joint controllers;
• undertake all processing in the same IT system with access to it by designated personnel selected by joint controllers;
• comply with information and transparency obligations under Article 12, 13 and 14 of the GDPR by virtue of this Global Privacy Policy to be internally managed and updated by KPMG Slovensko Advisory, k.s. as the joint controller appointed to be responsible for information and transparency obligations;
• use contact details of KPMG Slovensko Advisory, k.s. in this General Privacy Policy as the joint contact details designated as a joint contact point for all joint controllers in this General Privacy Policy without affecting the possibility and right of data subjects to address their requires to any joint controller individually;
• use the same internal DPO appointed by KPMG Advisory Slovensko, k.s. to handle all data subject requests;
• adopt unified organisational and security measures to protect jointly process personal data;
• be jointly and severally liable for any damages and infringements caused by any joint controllers to data subjects or third parties;
• determine the exact scope of the processing by issuing joint instructions to their designated personnel pursuant to the Article 29 GDPR;
• fully comply with other internal regulations and processes adopted at KPMG.  
   

14.2.3 The legal grounds we have to use your personal information

KPMG generally collects only the personal information necessary to fulfil your request. Where additional, optional information is sought, you will be notified of this at the point of collection.

The law in Slovakia allows us to process personal information, so long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one or more of the following legal bases:

• Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under a contract; 
• Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as complying with employment regulations^[1], keeping records for tax purposes or providing information to a public body or law enforcement agency; 
• Legitimate interests: we may process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh your interests (such legitimate interest is explained in section 1 to 13 above); or
• Your consent: we may occasionally ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting KPMG at privacy@kpmg.sk or by technical means available (e.g. website or cookies banner). Our general consent validity period is 1 year. However, if a more specific period is mentioned in the consent itself, specific privacy notice or this General Privacy Policy, this specific period prevails. Please note that the withdrawal of your consent does not affect the lawfulness of the prior processing. In case of direct marketing purposes, consent withdrawal and objection against marketing have the same effect. It shall be as easy to withdraw as to give consent.

KPMG only collects "sensitive" personal information when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual life or criminal record. Please use your discretion when providing sensitive information to KPMG, and under any circumstances, do not provide sensitive information to KPMG, unless you thereby consent to KPMG's use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in KPMG databases. If you have any questions about whether the provision of sensitive information to KPMG is, or may be, necessary or appropriate for particular purposes, please contact KPMG at privacy@kpmg.sk.

_{[1] For example: Act No. 311/2001 Coll., the Labour Code, as amended; Act No 82/2005 Coll. on illegal work and illegal employment and on amendments and supplements to certain acts, as amended; Act No 663/2007 Coll. on the minimum wage, as amended; Act No 2/1991 Coll. on collective bargaining, as amended; Act No 5/2004 Coll. on Employment Services and on Amendments and Additions to Certain Acts, as amended; Act No 553/2003 Coll. on the remuneration of certain employees in the performance of public work and on the amendment and supplementation of certain acts, as amended; Act No 552/2003 Coll. on the performance of work in the public interest, as amended; Government Regulation No 341/2004 Coll., establishing catalogues of work activities in the performance of public work and amending and supplementing them, as amended; Act No 152/1994 Coll. on the Social Fund and on amendment and supplementation of Act No 286/1992 Coll. on Income Taxes, as amended; Act No 461/2003 Coll. on Social Insurance, as amended; Act No 462/2003 Coll. on Income Compensation in the Event of Temporary; Incapacity for Work of an Employee and on Amendments and Additions to Certain Acts, as amended; Act No 283/2002 Coll. on travel allowances, as amended; Act No 55/2017 Coll. on the Civil Service and on Amendments and Additions to Certain Acts, as amended; Act No. 365/2004 Coll. on Equal Treatment in Certain Areas and Protection against Discrimination and on Amendments and Additions to Certain Acts (Anti-discrimination Act), as amended; Act No 461/2007 Coll. on the use of recording equipment in road transport; Act No 462/2007 Coll. on the organisation of working time in transport and on amendment and supplementation of Act No 125/2006 Coll. on labour inspection and amendment and supplementation of Act No 82/2005 Coll. on illegal work and illegal employment and on amendment and supplementation of certain acts, as amended by Act No 309/2007 Coll.; Act No 650/2004 Coll. on supplementary pension savings and on amendments and supplements to certain acts, as amended; Act No 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments and supplements to certain acts; Slovak Government Regulation No. 113/2017 Coll., establishing branches of the civil service; Government Regulation No. 114/2017 Coll., establishing civil service posts where civil service may only be performed by a Slovak citizen; Decree of the Government Office of the Slovak Republic No 126/2017 Coll., laying down details on the training of civil servants; Decree of the Government Office of the Slovak Republic No 127/2017 Coll., laying down details on selection procedures, as amended by Decree No 507/2019 Coll.; Decree of the Office of the Government of the Slovak Republic No. 128/2017 Coll., laying down details on the scope of data provided to the Register of Selections and other regulations.}
 

14.2.4 Automatic collection of personal information

In some instances, KPMG and its service providers uses cookies, web beacons and other tracking technologies to automatically collect certain types of information when you visit us online, as well as through emails that we may exchange. The collection of this information allows us to customize your online experience, improve the performance, usability and effectiveness of KPMG's online presence, and to measure the effectiveness of our marketing activities. Where required by law, we rely on your consent with collection and storing of such information from / on your device. 

14.2.4.1 IP addresses

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct web site trend and performance analysis.

14.2.4.2 Cookies

Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves a number of purposes.

On some of our web sites, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your computer or internet-enabled device will not be tracked for marketing-related activities. A secondary type of cookie referred to as "user-input" cookies may still be required for necessary functionality. Such cookies will not be blocked through the use of this notification banner. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your browser's cookies.

Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser's settings (often found in your browser's Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web sites' features.

Further information about managing cookies can be found in your browser's help file or through sites such as www.allaboutcookies.org.

Below is a list of the categories and types of cookies used on our web sites:

Category	Description	Type & Expiry
Performance (i.e., User's Browser)	Our web sites are built using common internet platforms. These have built-in cookies which help compatibility issues (e.g., to identify your browser type) and improve performance (e.g., quicker loading of content).	Session Deleted upon closing the browser
Security (e.g. Asp .NET) Cookies	If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.	Session Deleted upon closing the browser
Site Preferences	Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.	Session Deleted upon closing the browser
Analytical	We use several third party analytics tools to help us understand how site visitors use our web site. This allows us to improve the quality and content on kpmg.com for our visitors. The aggregated statistical data cover items such as total visits or page views, and referrers to our web sites. For further details on our use of Google Analytics, see below.	Persistent, but will delete automatically after two years if you no longer visit kpmg.com
Site visitor feedback	We use a third party survey tool to invite a percentage of visitors to provide their feedback. Cookies are used to prevent visitors from being invited multiple times. The first cookie (1) is set if the visitor is not invited to participate in the survey, and is used to ensure visitors are not invited after their first page view. The second cookie (2) is set if the visitor is invited to participate in the survey, and is used to ensure the visitor is not invited again to participate for a period of 90 days.	1 Session Deleted upon closing the browser 2 Persistent Deleted automatically after 90 days or presenting survey invite.
Social sharing	We use third party social media widgets or buttons to provide you with additional functionality to share content from our web pages to social media websites and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed on webpages (e.g. the social share count cache is updated) and log information about your activities across the Internet and on our web sites. We encourage you to review each provider's privacy information before using any such service. For further details on our use of social media widgets and applications, see below.	Persistent, but will be deleted automatically after two years if you no longer visit kpmg.com

Other third party tools and widgets may be used on our individual web pages to provide additional functionality. Use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.

Cookies by themselves do not tell us your email address or otherwise identify you directly by name, address or contact details. However, we regard cookies and similar technologies as personal data as they allow singling out your devices. In our analytical reports, we may obtain other identifiers including IP addresses, but this is for the purpose of identifying the number of unique visitors to our web sites and geographic origin of visitor trends, and not to identify individual visitors.

14.2.4.3 Google Analytics

KPMG uses Google Analytics. More information about how Google Analytics is used by KPMG can be found here: http://www.google.com/analytics/learn/privacy.html

To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.

14.2.4.4 Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time the content was viewed, a browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its service providers may use web beacons to track the effectiveness of third party web sites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.

You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.

In some of our newsletters and other communications, we may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences.

14.2.4.5 Location-based tools

KPMG may collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.

14.2.5 Social media widgets and applications

KPMG web sites may include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications may collect and use information regarding your use of KPMG web sites (see details on 'Social Sharing' cookies above). Any personal information that you provide via such social media applications may be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.

In addition, KPMG web sites may host blogs, forums, crowd-sourcing and other applications or services (collectively "social media features"). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

14.2.6 Children

KPMG understands the importance of protecting children's privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide professional services.

14.3. Choices

In general, you are not required to submit any personal data to KPMG online, but we may require you to provide certain personal data in order for you to receive additional information about our services and events. KPMG may also ask for your permission for certain uses of your personal data, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request.

As described in "Cookies" above, if you wish to prevent cookies from tracking you as you navigate our sites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our sites may not work properly if you elect to refuse cookies.

14.4. Your rights as data subject

If you have submitted personal information to KPMG, you have the following rights:

• under most circumstances Access and correction: you have the right to reasonable access to that data. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge. Before providing personal information to you, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. If the information we hold about you is incorrect, you may ask us to correct any inaccuracies in the personal data we hold about you. 
• You also have right to have your personal data erased and right to have the processing of your personal data restricted.  In this respect, please refer to Articles 17 and 18 of the GDPR.
• You may withdraw your consent at any time by contacting KPMG at privacy@kpmg.sk or by technical means available (e.g. website or cookies banner).

We would like to explicitly bring to your attention your right to object:

• In general: you have the right to object at any time against any processing of your personal data if it is based on legitimate interest, including profiling based on such legal basis.
• Against direct marketing: where we process your personal data for direct marketing purposes, you have the right to object at any time to such direct marketing processing including marketing profiling. Such objection has the same effect as withdrawal of consent and we must stop using your data for such purposes, if you submit such objection.

Please note that most of the above rights are not absolute and require meeting of different conditions. We may ask you for additional information to verify if these conditions are met, the correctly assess scope of your request or to verify your identity. Failure to provide this additional information requested may prolong the period for responding or may lead to not providing the requested information.

You can also make a request or exercise these rights to update or remove information about you by contacting KPMG at privacy@kpmg.sk and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

14.5. Links to other sites

Please be aware that KPMG web sites may contain links to other sites, including sites maintained by other KPMG member firms that are not governed by this General Privacy Policy but by other privacy statements that may differ somewhat. We encourage users to review the privacy policy of each Web site visited before disclosing any personal information.

By registering on any KPMG web site and then navigating to another KPMG web site while still logged in, you agree to the use of your personal information in accordance with the privacy statement of the KPMG web site you are visiting.

15. Sharing and transfer of personal data

15.1. Transfers to third parties

We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards. This would include:

• Our service providers: KPMG work with reputable partners, service providers or agencies so they can process your personal information on our behalf. KPMG will only transfer personal information to them when they meet our strict standards on the processing of data and security. We only share personal information that allows them to provide their services.

In some instances, KPMG may share personal data about you, as permitted by law, with various outside companies or service providers or vendors working on our behalf to help fulfill your requests. In addition, KPMG may transfer certain personal data across geographical borders to other KPMG member firms or outside companies working with us or on our behalf. KPMG may also store personal data in a jurisdiction other than where you are based. By providing personal data online, visitors are consenting to this transfer and/or storage of their personal data across borders,

• If we are reorganized or sold to another organization: KPMG may also disclose personal information KPMG may also disclose personal data in connection with the sale, assignment, or other transfer of the business of the site to which the data relates.
• Courts, tribunals, law enforcement or regulatory bodies: KPMG may disclose personal information in order to respond to requests of courts, tribunals, government or law enforcement agencies or where it this is necessary or prudent to comply with required by applicable laws, court or tribunal orders or rules, or government regulations.
• Audits: These disclosures of personal information may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

In addition, KPMG may transfer certain personal information outside of the EEA to outside companies working with us or on our behalf for the purposes described in this General Privacy Policy. KPMG may also store personal information outside of the EEA.  We only carry out these cross-border transfers in strict accordance with the law and only if, in our conclusions and findings, sufficient risk mitigation measures and safeguards are taken for the protection of fundamental rights and freedoms of the data subjects, as required by the Court of Justice in Case C-311/18 (Schrems II).

Supplier / Third-Party	Appropriate safeguards and supplementary measures for cross-border transfers to third countries
Google LLC, with registered seat 1600 Amphitheatre Pkwy Mountain View, CA 94043, US	Google's Privacy Policy Data Privacy Framework New type of standard contractual clauses approved by the relevant decision of the European Commission (module 1 and module 2) and appropriate additional measures with further explanation of the settings.
Meta Platforms, Inc., with registered seat 1601 Willow Rd Menlo Park, CA 94025, US	Facebook's Privacy Policy Instagram’s Privacy Policy Data Privacy Framework - EU SCC – available here
LinkedIn Corporation with registered seat 1000 W Maude Ave Sunnyvale, CA 94085, US	LinkedIn's Privacy Policy Data Privacy Framework A new type of standard contractual clauses approved by the relevant European Commission decision is used (module 2), which also describes the additional measures taken.
Microsoft Corporation, with registered seat Redmond Washington 98052-6399, US	Microsoft's Privacy Policy Approved adequacy mechanism - self-certification EU SCC – available here: https://docs.microsoft.com/en-us/microsoft-365/compliance/offerings-eu-model-clauses?view=o365-worldwide

KPMG does not sell personal data to any third parties. Also, KPMG will not transfer the personal data you provide to any third parties for their own direct marketing use.

16. Data security and integrity

KPMG has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. We also make reasonable efforts to retain personal information only for so long as the information is necessary to comply with an individual's request or until that person asks that the information be deleted. For more detailed information on retention policies on specific personal data provided please refer to the specific privacy notes listed below.

 

17. Changes to this policy

KPMG monitors and periodically updates this General Privacy Policy  to reflect our current privacy practices. If we regard the change substantial, we will bring it to the attention of data subjects via email or by other notification. However, our periodic changes are usually not substantial. Therefore, we encourage you to periodically review this General Privacy Policy  to be informed about how KPMG is protecting your information.

18. Policy questions and enforcement

KPMG is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your personal personally identifiable information, please contact us at privacy@kpmg.sk. You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Statement.

If you are not satisfied with the response you receive, you may escalate your concern to the Global Privacy Officer by sending an email to privacy@kpmg.sk. We may accept your concern (and in that case implement one of the measures set out in the ‘Your Rights’ section above), or we may reject your concern on legitimate grounds.

In any event, you always have the right to lodge a complaint with the Slovak supervisory authority in charge of protecting personal information, the Office for Personal Data Protection of the Slovak Republic:

Úrad na ochranu osobných údajov Slovenskej republiky
Námestie 1.mája 18
811 06 BratislavaSlovak Republic

+ 421 2 32 31 32 14
+ 421 2 32 31 32 49

statny.dozor@pdp.gov.sk
www.dataprotection.gov.sk