KPMG Privacy Policy

KPMG Privacy Policy

Last updated June 2016

KPMG in Australia is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy sets out how KPMG handles personal information. 

This Privacy Policy does not apply to personal information collected by KPMG that is exempted under the Privacy Act, for example employee records.

KPMG may modify this Privacy Policy from time to time to reflect its current privacy practices.

In this Privacy Policy, ‘KPMG’, ‘we’, ‘us’ and ‘our’ is a reference to the KPMG partnership and includes any entity carrying on business in Australia that is part of the KPMG group of entities.


Select a section



The types of personal information we collect include:

  • names, job titles, contact and address details
  • information in identification documents (for example, passport, driver’s licence)
  • tax file numbers and other government-issued identification numbers
  • date of birth and gender
  • bank account details, shareholdings and details of investments
  • details of superannuation and insurance arrangements
  • educational qualifications, employment history, salary and referee reports
  • visa or work permit status
  • your Internet Protocol (IP) address
  • payment details and
  • personal information about your spouse and dependants.

It may be necessary in some circumstances for KPMG to collect sensitive information about you in order to provide specific services or for recruiting purposes. Examples of the types of sensitive information that may be collected in such circumstances include professional memberships, ethnic origin, criminal record and health information.

It is generally not practical to remain anonymous or to use a pseudonym when dealing with KPMG as usually we need to use your personal information to provide specific services to you, or which relate to or involve you.

Back to top




2.1 How we collect personal information

Generally we collect your personal information from you directly (for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey, when you subscribe to our publications or when you use our website or our social media).

Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information from your employer where they are our client, from your personal representative, another KPMG member firm or a publicly available record.

We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites.

Back to top


2.2 Where you provide us with personal information about someone else

If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy or any Privacy Collection Statement we give you.

Back to top


2.3 Holding personal information

KPMG holds personal information in hard copy and electronic formats. We take security measures to protect the personal information we hold including physical (for example, security passes to enter our offices and storage of files in lockable cabinets) and technology (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates) security measures. We also have document retention policies and processes. In some cases, KPMG engages third parties to host electronic data (including data in relation to the services we provide) on our behalf.

Back to top


2.4 Purpose for collecting, holding, using and disclosing personal information

KPMG collects, holds and uses personal information for a number of purposes including:

  • to provide professional services
  • to provide technology services and solutions
  • to respond to requests or queries
  • to maintain contact with our clients and other contacts (including alumni)
  • to keep our clients and other contacts informed of our services and industry developments
  • to notify of seminars and other events
  • to verify your identity
  • for administrative purposes, including processing payment transactions
  • for recruitment purposes
  • for purposes relating to the employment of our personnel, providing internal services or benefits to our partners and staff and for matters relating to the partnership
  • when engaging service providers, other KPMG member firms, contractors or suppliers relating to the operation of our business
  • to manage any conflict of interest or independence (including auditor independence) obligations or situations
  • to conduct surveys
  • for seeking your feedback
  • to meet any regulatory obligations
  • as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business (including KPMG’s business) or entering into an alliance, joint venture or referral arrangement or
  • to perform internal statistical analysis, including of our databases and website
  • for any other business related purposes.

If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing you or our clients with the services we were engaged to perform.

The types of third parties to whom we may disclose your personal information include:

  • experts or other third parties contracted as part of an engagement
  • our agents, contractors and external service providers
  • our professional advisers
  • other KPMG member firms or KPMG International Co-operative
  • as part of an engagement, if you are a customer, an employee, a contractor or supplier of services to one of our clients, then we may disclose your personal information as part of providing services to that client
  • as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business (including KPMG’s business) or to enter into an alliance, joint venture or referral arrangement or
  • government or regulatory bodies or agencies, as part of an engagement or otherwise, (for example, the Australian Taxation Office).

We do not disclose personal information to third parties for the purpose of allowing them to send marketing material to you. However, we may share non personal, de-identified or aggregated information with them for research or promotional purposes.

Back to top


2.5 Disclosure of personal information overseas and sharing personal information amongst and within the KPMG member firm network 

KPMG is a member firm of the KPMG network which has over 150 independent member firms globally that are affiliated with the KPMG International Co-operative. 

Depending on the nature of the engagement or circumstances of collection, we may disclose your personal information to other KPMG member firms or entities overseas to fulfil the purpose for which the personal information was collected, or a related or ancillary purpose or otherwise in accordance with the Privacy Act. The countries to which such disclosures are made, and types of personal information disclosed, depend on the specific circumstances of the engagement. For a list of where our member firms are located, see KPMG's global locations

We may also store, process or back-up your personal information on servers that are located overseas (including through third party service providers). These servers are commonly located in the United States of America, the United Kingdom, the Netherlands, Ireland, Germany and Singapore.

In some circumstances, KPMG also uses third party service providers to carry out its functions and provide services. These service providers are typically located in India, the Philippines and Finland.

Back to top



KPMG may also use your personal information for the purpose of marketing its services. 

If you do not want to receive marketing material from us, you can contact us as detailed below:

  • for electronic communications, you can click on the unsubscribe function in the communication or
  • for hard copy communications, you can email or
  • through our contact details in 'How to contact us'.

Back to top




4.1 Automatic collection of personal information

Cookies, web beacons and other technologies are used by KPMG and its service providers on some KPMG websites and through email to automatically collect certain types of information. The collection of this information allows us to customise your online experience, improve the performance, usability and effectiveness of KPMG’s online presence and to measure the effectiveness of our marketing activities.

Back to top


4.1.1 IP address

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognise and communicate with one another. Public IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct web site trend and performance analysis.

Back to top


4.1.2 Cookies

Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves a number of purposes.

Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser's settings (often found in your browser's Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web sites' features.

Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers including public IP addresses, but this is for the purpose of identifying the number of unique visitors to our web sites and geographic origin of visitor trends, and not to identify individual visitors.

Back to top


4.1.3 Google Analytics

KPMG uses Google Analytics. To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.

Back to top


4.1.4 Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time the content was viewed, a browser type, and the existence of cookies previously set by the same server.

KPMG or its service providers may use web beacons to track the effectiveness of third party web sites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.

You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.

In some of our newsletters and other communications, we may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences.

Back to top


4.1.5 Location-based tools

KPMG may collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.

Back to top


4.1.6 Social media widgets and applications

KPMG web sites may include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications may collect and use information regarding your use of KPMG web sites. Any personal information that you provide via such social media applications may be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.

In addition, KPMG web sites may host blogs, forums, crowd-sourcing and other applications or services (collectively "social media features"). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

Back to top


4.2 Links to third party websites

KPMG’s websites may contain links to third parties’ websites, including sites maintained by other KPMG member firms. Those other websites are not subject to our privacy policy and procedures. You will need to review those websites to view a copy of their privacy policy.

KPMG also does not endorse, approve or recommend the services or products provided on third party websites.

Back to top


4.3 Your choices

You have several choices regarding your use of KPMG’s websites. In general, you are not required to provide personal information when you visit our websites. However, if you apply to receive information about our services, events and industry updates or wish to apply for a job, provision of certain personal information will generally be required.

Back to top



We understand the importance of protecting children’s privacy, especially in an online environment.

In particular, our websites are not intentionally designed for or directed at children under the age of 13.

It is our policy to never knowingly collect or maintain information about anyone under the age of 13, except as part of a specific engagement to provide professional services which necessitates such personal information be collected or for the purposes of ensuring compliance with our auditor independence policies.

Back to top



You can request access to your personal information, subject to some limited exceptions permitted or required by law. Such request must be made in writing to the KPMG National Privacy Officer. Please see 'How to contact us' for details.

KPMG may charge reasonable costs for providing you access to your personal information.

Back to top



If you believe that any personal information KPMG has collected about you is inaccurate, not up-to-date, incomplete, irrelevant or misleading, you may request correction. To do so, please contact the National Privacy Officer and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act. Please see 'How to contact us' for details as to how to contact the National Privacy Officer.

Back to top



If you wish to make a complaint to KPMG about our handling of your personal information, you can contact the National Privacy Officer as set out in 'How to contact us'. You will be asked to set out the details of your complaint in writing in a form provided.

KPMG will endeavour to reply to you within 30 days of receipt of the completed complaint form and, where appropriate, will advise you of the general reasons for the outcome of the complaint. In some circumstances, the National Privacy Officer may decline to investigate the complaint, for example if the complaint relates to an act or practice that is not an interference of the privacy of the person making the complaint.

If you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner.

Back to top



If you have a query in relation to this Privacy Policy or you would like to notify KPMG that you no longer wish to receive marketing material from us, access or correct your personal information or to make a complaint about KPMG’s handling of your personal information, please contact KPMG as follows:

National Privacy Officer
GPO Box 2291U
T 61 3 9288 6068 (option 3)
F 61 3 9288 6666

Back to top



View a full version of KPMG Australia's Privacy Policy (PDF 61KB).

Back to top