Privacy | KPMG | CA

Privacy

Privacy

Privacy: KPMG International

KPMG LLP (Canada) privacy policy

KPMG LLP (Canada) respects the privacy rights of our clients and personnel, and is committed to protecting all personal information in our possession or control. We have adopted this Privacy Policy to guide how we collect, use and disclose the personal information we require in the course of fulfilling our professional responsibilities and operating our business. This Privacy Policy applies to all subsidiaries and associated companies and partnerships of KPMG LLP and KPMG Management Services LP in Canada (collectively referred to in this Privacy Policy as “KPMG”, “we”, “our” or “us”).

KPMG takes the privacy of our clients and our personnel very seriously. We have developed this Privacy Policy to clearly define our ongoing commitment to protecting the privacy rights of our clients and KPMG personnel. Certain of the practices discussed in this Privacy Policy reflect requirements set out in Canadian federal and/or provincial privacy legislation. KPMG’s policy is to at all times adhere to the requirements of applicable law and professional responsibilities, and to be responsive to our clients and personnel who expect us to respect their privacy and to protect their personal information.

For purposes of this Privacy Policy, the term “personal information” means information about an identifiable individual, as more specifically defined by applicable privacy legislation.

Principle 1 - We are accountable for the personal information in our possession or control.

KPMG is accountable for all personal information in our possession or control. This includes any personal information that we receive directly, for example, from individual clients and KPMG personnel, as well as any personal information that we may receive indirectly, for example, through corporate and government clients. We have established policies and procedures aimed at protecting the personal information of our clients and KPMG personnel. We have appointed a Privacy Officer to oversee privacy issues for KPMG. We have also educated KPMG personnel about our Privacy Policy and their role in protecting the personal information of our clients and personnel. If you have questions about our privacy practices, you are free to contact our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

Principle 2 - KPMG will explain why we are collecting personal information at or before the time that the information is collected, subject to limited exceptions.

Client Personal Information

In most instances, KPMG will collect, use or disclose personal information about clients only for the purpose of providing professional services, to comply with applicable laws, regulations and professional standards, or for the purpose of obtaining technological, administrative, analytical and clerical services or support.

Client personal information may also be collected, used or disclosed internally and to other member firms of the KPMG International Cooperative network for the purpose of compliance with KPMG policies and processes, in the performance of quality reviews, or in order to allow us to offer services or products that may be of interest to clients.

KPMG may also collect, use or disclose personal information about clients, prospective clients and alumni for the purpose of sending news and information updates or invitations to events hosted or sponsored by KPMG.

KPMG may also aggregate personal information with information from other sources for the purpose of improving quality and service, and for use in presentations to clients and non-clients, in a form where such information is sufficiently de-identified so as not to be attributable to any individual or organization.

In accordance with professional standards, if a client is an assurance client, personal information may be shared with the KPMG assurance engagement team and other KPMG personnel so that it may be used in the assurance engagement.

You can withdraw your consent to the use and disclosure of your personal information for marketing purposes by contacting our Privacy Officer.

KPMG Partner and Employee Personal Information

KPMG collects, uses and discloses personal information about KPMG personnel in order to pay them, to comply with laws, regulations and professional standards, to provide them with benefits, to administer performance management tools, to administer, manage, enforce and monitor compliance with KPMG programs, policies and employee relations, and generally to establish, manage or terminate the employment or partnership relationship.

KPMG may also collect, use or disclose KPMG partner and employee personal information to develop business metrics and analytics, and to evaluate the effectiveness of our policies, programs and processes.

We may also collect, use or disclose KPMG partner and employee personal information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.

We also collect, use and disclose personal information from individuals seeking employment with KPMG for the purpose of evaluating their application, to communicate with them regarding employment opportunities that may be of interest, and for the purpose of evaluating or monitoring KPMG policies, programs and practices.

At or before the time that KPMG collects personal information, we will inform KPMG personnel of the reasons why we require such information, what use will be made of it, and with whom it may be shared, except where we are permitted or required by law to collect, use or disclose personal information without providing such notice. For example, collection may occur without notice or consent as permitted by law in the course of an investigation.

Principle 3 - KPMG will collect, use or disclose personal information about you with your consent except where collection, use or disclosure without consent is permitted or required by law.

How Will We Ask for Consent?

Client Personal Information

The terms and conditions of every KPMG professional services engagement are documented in an engagement letter. These terms and conditions include a discussion about how KPMG may collect, use and disclose client personal information. By signing the engagement letter, the client is providing its consent to the collection, use and disclosure of personal information described in the terms and conditions. If a client provides us with personal information relating to a third party, by signing the engagement letter the client represents and warrants that they have obtained consent from the third party to allow us to collect, use and disclose their personal information as described in the engagement letter.

KPMG Partner and Employee Personal Information

Forms and applications used to provide human resources-related services to KPMG personnel will describe the purposes for which their personal information is required and to whom it will be disclosed.

In addition, certain KPMG policies or program documents may provide information about how personal information relating to partners and employees may be collected, used and disclosed.

Employment candidates will also be advised of the purposes for which their personal information is being collected, used and disclosed.

What happens if you choose not to give us your consent? What if you withdraw your consent at a later date?

KPMG clients always have the option not to provide their consent to the collection, use and disclosure of their personal information, or to withdraw their consent at a later stage, subject to contractual and legal restrictions and reasonable notice. Where a client chooses not to provide us with permission to collect, use or disclose their personal information, we may not be able to provide, or continue to provide, the client with our services.

Where a partner, employee or candidate for employment chooses not to provide us with permission to collect, use or disclose their personal information, we may not be able to employ them, continue to employ them or to provide them with benefits.

Principle 4 - KPMG limits the amount and type of personal information we collect.

KPMG will limit the collection of personal information to that which is reasonably required to provide our services and to operate our business.

In order to protect the personal information in our possession, KPMG employs data loss prevention software which is used to monitor access, use and disclosure of confidential and personal information through any device which is connected to the KPMG network. The use of data loss prevention software may result in the incidental collection or use of personal information.

Principle 5 - KPMG will use and disclose your personal information only for the purposes for which we have your consent or as permitted or required by law. We will keep personal information only as long as necessary to accomplish these purposes.

Use and Disclosure of Personal Information

If KPMG intends to use or disclose personal information for any purpose not previously identified to an individual, we will obtain their prior consent unless we are permitted or required by law to use or disclose their personal information without consent.

For example, but without limitation, KPMG may use and disclose personal information without consent:

  • for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, including steps taken under our pandemic policies;
  • to prevent, detect or suppress fraud or financial abuse;
  • in connection with an investigation;
  • to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies;
  • to a government institution that has requested the information, identified its lawful authority, and has indicated that disclosure is for the purpose of enforcing, administering, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law, or to national security or the conduct of international affairs; and
  • to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or we suspect the information relates to national security or the conduct of international affairs.

Retention of Personal Information

In compliance with professional standards, we keep a record of the work performed by KPMG personnel. This record, or “working papers”, may include personal information and will be retained until such working papers are no longer reasonably required for legal, administrative, audit, regulatory or professional purposes. Working papers are safeguarded against inappropriate access, as discussed in Principle 7 below.

KPMG retains personal information about current and past KPMG personnel in accordance with employment laws and standards. We will destroy human resources and other files containing KPMG partner and employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. Certain additional information may be retained to administer and to keep former KPMG personnel informed about our Alumni Program. Former KPMG personnel may request at any time that they not be contacted about the Alumni Program.

Personal information collected from individuals seeking employment with KPMG will be retained by KPMG for 24 months so that KPMG may contact the applicant about other positions that may also be of interest. Should another suitable position at KPMG become available within this 24 month period, KPMG may contact the applicant to discuss this other position, and the applicant’s information will be retained for an additional 24 months. If a candidate is hired, the personal information collected during the application process will be retained in order to establish, manage and terminate the employment relationship.

Principle 6 - KPMG will endeavor to keep accurate the personal information in our possession or control.

In order to provide clients with a professional level of service and KPMG personnel with appropriate benefits, the personal information that we collect must be accurate, complete and current. From time to time, clients and KPMG personnel may be asked to update their personal information. Individuals are encouraged to advise us of any changes to their personal information.

Clients are encouraged to contact their engagement partner to update their personal information.

KPMG personnel and employment candidates should contact the HR Service Team should they need to update their personal information.

Principle 7 - KPMG protects your personal information with safeguards appropriate to the sensitivity of the information.

KPMG will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to prevent the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment.

We are responsible for all personal information transferred to third party service providers. We require third party service providers to respect the confidentiality of personal information and all legal requirements under applicable Canadian federal and provincial privacy legislation, and to agree to contractual requirements that are consistent with this Privacy Policy. These third party service providers are prohibited from using personal information except for the specific purpose(s) for which we supply it to them.

In some circumstances, personal information may be collected, used, disclosed or stored outside of Canada, including but not limited to in the U.S., EU and Asia, by KPMG or a third party to provide professional services and administrative, analytical and clerical support, and to comply with applicable law, regulation and professional standards, and such personal information may be subject to disclosure in accordance with the laws applicable in the jurisdiction in which the information is collected, used, disclosed or stored. These laws may not provide the same level of protection as Canadian privacy laws.

Principle 8 - KPMG will be open about the procedures used to manage your personal information.

The most up-to-date version of our privacy policy is available in its entirety at www.kpmg.ca or by contacting our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

Principle 9 - At their request, KPMG will advise individuals of what personal information we have in our possession or control about them, what it is being used for, and to whom and why it has been disclosed.

Personal information files are maintained in our offices or on our servers (or those of our service providers) and are accessible by authorized personnel, agents and mandataries who require access in connection with their job responsibilities.

Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their engagement partner.

KPMG personnel have the right to review and obtain copies of their personal information on record by contacting their HR Consultant.

The right to access personal information is subject to certain legal restrictions and we will take reasonable steps to verify an individual’s identity before providing access.

In most instances, individuals will receive a response to their access request within 30 days. If an individual has any concerns about the access that is provided, they are encouraged to contact our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

Principle 10 - Individuals may challenge KPMG’s compliance with this Privacy Policy.

KPMG will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.

To challenge compliance with this Privacy Policy, individuals should forward their concerns in writing to KPMG’s Privacy Officer. The Privacy Officer will ensure that an investigation of all complaints has been undertaken and will report their findings to the individual, in most instances within 30 days.

We know that protecting the privacy of our clients, partners and employees is important. If you have any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at cdnprivacyofficer@kpmg.ca or at 1-866-502-2955.

April 2018