Data protection policy for the application process of KPMG AG Wirtschafts-prüfungsgesellschaft and its
affiliates or associates (KPMG)
The following data protection policy is to inform you about how we process personal data during the application process at KPMG. Basic information on data protection when using the KPMG website can be found here.
1. Who is responsible for data processing?
KPMG Wirtschaftsprüfungsgesellschaft AG
If you have specific queries about your application, please contact:
KPMG Application Hotline: 0800-5764-562
2. How can the dataprotection officer be reached?
KPMG Wirtschaftsprüfungsgesellschaft AG
Data Protection Officer
3. For what purpose do we process your data during the application process and on what legal basis?
KPMG collects and uses personal data on KPMG's websites in accordance with Article 6 (1)(a) to (f) of the European General Data Protection Regulation (GDPR), i.e. to the extent permissible under the GDPR or another regulation or if the user (data subject) has given consent to the processing. Legally standardised data protection contracts are agreed with all service providers which we use as processors pursuant to Article 28 EU GDPR. Basic information on data protection when using the KPMG website can be found.
a) Information regarding online applications using one of the websites of KPMG
To apply via one of the KPMG websites, applicants must register using the KPMG application tool and set up a personal user account. This requires personal data such as your name, contact details, as well as voluntary information such as date of birth and professional career, to complete the registration/login process and administration of the individual user account.
On registration, login and use of the user account, the user's IP address and time of login are also logged. A legitimate interest pursuant to Article 6 (1)(f) EU GDPR is pursued by KPMG for security reasons (e.g. protection against abuse, unauthorised use).
Otherwise, the General Data Protection Policy applies to the use of KPMG websites, which is available here.
b) General data protection policy for the application process at KPMG
(1) Application procedure
Unless otherwise explicitly specified in the following paragraphs, KPMG processes your data during the application process based on Article 6 (1)(b) GDPR in conjunction with Section 26 of the German Federal Data Protection Act [BDSG].
The following types of personal data must be provided during the KPMG application process:
· Personal data (e.g. name)
· Contact details (address, phone number, email address)
· Education and professional training (e.g. school, university, leaving certificates, previous employers, work certificates/references, further education, if applicable)
Data provided for application purposes is entered into the KPMG online application tool on the basis of consent pursuant to Article 6 (1)(a) EU GDPR. This tool is operated for KPMG by the service provider IBM/Kenexa. In addition, the KPMG online application tool provides the possibility for recruiters of international KPMG member firms and Kenexa’s technical support (our service provider, an IBM group company) to access your data.
If inclusion of the application data in the KPMG online application tool is not desired, applications can also always be sent by email by sending the complete application materials to the email address provided under item 1 above. The application will then be processed not using the KPMG online tool, but of course without any disadvantages to the applicant during the application process.
The application is always coordinated by internal recruiters of KPMG during the application process, who only grant those responsible for recruiting in the specialist departments of the entity concerned access to review the candidate profile (including attachments). Access to these is restricted to the recruiters once more at the end of the application process. Furthermore, information is shared, to the extent legally required, with the competent KPMG staff council for the consultation process based on Article 6 (1)(c) GDPR.
(2) KPMG applicant pool
You can always be included in the KPMG applicant pool on completion of the regular application process by giving your consent pursuant to Article 6 (1)(a) EU GDPR. We will contact you separately to inform you of this option before your candidate profile is deleted. Should you agree to be included, your candidate profile will remain on file and our recruiters will regularly check your profile against vacancies and contact you for renewed application if a suitable position becomes available.
4. To whom could applicant data be forwarded?
KPMG uses the data collected as part of the application to examine your suitability for the advertised position. If an application is submitted to KPMG for a specific vacancy, your data is forwarded only to the KPMG firm (in Germany or abroad) to which the application is directed.
An overview of all member firms of KPMG International and their locations can be found using the following link.
We gladly review an application for a specific position also for other vacancies at KPMG. This will be done on the basis of consent pursuant to Article 6 (1)(a) EU GDPR, which can be given during the application process.
5. How long will data be stored?
Unless otherwise explicitly stated, KPMG stores personal data for as long as necessary for the above-mentioned purposes. This is subject to the statutory retention obligations. KPMG employees are instructed to regularly check the duration of storage of personal data and to delete these if necessary.
If your application is rejected, the personal candidate profile of the applicant is deleted, subject to the applicant's consent in the KPMG applicant pool, six months after rejection, unless you log into our application system or the application system of another KPMG member firm in the meantime. In that case, deletion occurs six months after the most recent login.
Following receipt of a deletion request, your personal candidate profile is first disabled immediately. Your data cannot be viewed by you or our recruiters from this point on. Access to the data is only available to system administrators. Unless you revoke the deletion request, your data will be completely deleted six months after being disabled.
If – despite registration – you have not applied for a position at KPMG in Germany or at an international KPMG member firm and no application is being processed, your registration data will be deleted six months after your last login.
6. What data protection rights do data subjects have?
Applicants and other data subjects are afforded rights of access pursuant to Article 15 EU GDPR regarding the
processing of their personal data by KPMG (also regarding the purpose of processing, any possible recipients and the expected duration of the storage of data), rights to rectify incorrect data (Art. 16 EU GDPR), rights to
erasure (Art. 17 EU GDPR), rights to restriction of processing and the data portability of the data provided (Art. 18, 20 EU GDPR) and the right to object against the use of their data for marketing purposes and based on a legitimate interest (Art. 21 EU GDPR).
Any consent given to KPMG can be revoked at any time with future effect. In order to safeguard these rights any data subject can contact the KPMG data protection officer (see item 2). Furthermore, they also have the right to complain to a data protection supervisory authority. Data subjects can lodge their complaint with the competent data protection supervisory authority in their place of residence or with any other data protection supervisory authority.