KPMG¹ is committed to protecting the confidentiality and privacy of information entrusted to the firm. As part of this fundamental obligation, KPMG is committed to the protection and appropriate use of personal information (sometimes referred to as "personal data" "personal information" "personally identifiable information" or "PII") collected through its websites.

Our general intent is to collect only the personal information that those who visit our websites voluntarily provide in order to offer them information and/or services or to provide them with information about employment opportunities. Please read this Online Privacy Policy ("Online Privacy Policy" or "Privacy Policy") carefully to learn more about how we collect, use, share and protect the personally identifiable information ("PII") we collect. 

• 1. Collection and use of personal information
  • 1.1 What information we collect
  • 1.2 The legal grounds we have to use your personal information
  • 1.3 Automatic collection of personal information
    
    • 13.1 IP addresses
    • 1.3.2 Cookies
    • 1.3.3 Google Analytics
    • 1.3.4 Web beacons
    • 1.3.5 Location-based tools
  • 1.4 Widgets and applications in social networks
  • 1.5 Children
• 2. Exchange and transfer of personal information
• 3. Options
• 4. Access
• 5. Data security and integrity
• 6. Links to other sites
• 7. Changes to this policy
• 8. Compliance and doubts

1. Collection and use of personal information

1.1 What information we collect

We obtain personal information about you if you choose to provide it, for example, when you contact us via email or register for certain services. In some cases, you may have already provided your personal information to KPMG (if, for example, you are a former employee). If you choose to register or log in to a KPMG website using a third-party single sign-on service, which authenticates your identity and connects your social media login information (e.g., LinkedIn, Google or Twitter) with KPMG, we will collect any information or content required for registration or login that you have allowed the social media provider to share with us, such as your name and email address. Other information we collect will depend on the privacy settings you have established with your social media provider, so please review the privacy policy or statement of the relevant service.

When you register or submit personal information to KPMG, we will use this information in the manner described in this privacy policy. Your personal information will not be used for other purposes unless we obtain your permission, or unless required or permitted by law or professional standards. For example, if you register on a KPMG website and provide information about your preferences, we will use this information to personalize your user experience. When you register or sign in with a third-party single user login, we may also recognize you as the same user on any different device you use and personalize your user experience on other KPMG sites you visit. If you send us a curriculum vitae (CV) to apply online for a job at KPMG, we will use the information you provide to match it with available KPMG job opportunities.

In some cases where you have registered for certain services, we will store your e-mail address temporarily until we receive confirmation of the information you provided by e-mail (i.e., when we send an e-mail to the e-mail address provided as part of your registration to confirm a subscription request).

1.2 Legal basis for the use of your personal information

KPMG generally collects only the personal information necessary to fulfill your request. Where additional and optional information is requested, it shall be notified to that effect at the collection point.

The law in Uruguay allows us to process personal information, provided that we have a lawful basis for doing so. It also requires us to tell you what these reasons are. As a result, when we process your personal information, we will rely on one of the following processing conditions:

- Performance of a contract: this is where the processing of your personal information is necessary to fulfill our obligations under a contract;

- Legal obligation: is when we must process your personal information to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;

- Legitimate interests: We will process information about you where it is based on our legitimate interest in the administration of a lawful business to do so in order to promote that business, provided that it does not exceed your interests; or

- Your consent: in some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting KPMG at uy-fmprivacy@kpmg.com.

Examples of the "legitimate interests" mentioned above are:

- To provide information and/or services to people who visit our website or offer information about employment opportunities.

- To prevent fraud or criminal activity and to safeguard our information systems.

- To personalize the individual's online experience and improve the usability performance and effectiveness of KPMG's online presence.

- Conduct and analyze our marketing activities.

- To fulfill our corporate and social responsibility obligations.

In some cases, the personal data we collect will also include special categories of data, such as diversity-related information (including data on racial and ethnic origin, political opinions, religious and other beliefs of a similar nature, trade union membership and data on sex life and sexual orientation), or health data and data on suspected or proven criminal offenses on a case-by-case basis where permitted by law.

1.3 Automatic collection of personal information

In some instances, KPMG and its service providers use cookies, web beacons and other technologies to automatically collect certain types of information when you visit us online, as well as through emails that we may exchange. The collection of this information allows us to customize your online experience, improve the performance, usability and effectiveness of KPMG's online presence, and to measure the effectiveness of our marketing activities.

In some cases, KPMG and its service providers use cookies, web beacons and other technologies to automatically collect certain types of information when you visit us online, as well as through e-mails we may exchange. Collecting this information allows us to personalize your online experience, improve the performance, usability and effectiveness of KPMG's online presence, and measure the effectiveness of our marketing activities.

1.3.1 IP Addresses

An IP address is a number that is assigned to your computer when you access the Internet. Enables recognition and communication between different computers and servers. IP addresses used by users are logged for IT security and system diagnostics purposes. In addition, this information may also be used in aggregate form for website performance and trend analysis. 

1.3.2 Cookies

Generally, cookies will be placed on your computer or Internet-enabled device each time you visit us online. This allows the site to remember your computer or device and serves several purposes.

On some of our websites, you will see a notification banner that requires your consent to collect cookies. If you do not consent, your computer or Internet-enabled device will not be tracked for marketing-related activities. A secondary type of cookie called "user input" cookies may still be required for the necessary functionality. Such cookies will not be blocked by the use of this notification banner. Your selection will be stored in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your browser's cookies.

Although most browsers automatically accept cookies, you can choose whether or not to accept cookies through your browser settings (often found in your browser's Tools or Preferences menu). You can also delete cookies from your device at any time. However, please note that if you do not accept cookies, you may not be able to fully experience some of the features of our websites.

More information about cookie management can be found in your browser's help file or on sites such as www.allaboutcookies.org.

Below is a list of the types of cookies used on our website:

Purpose	Description	Type & Duration
Performance (e.g., User Browser)	Our websites are created using common Internet platforms. These have built-in cookies that help with compatibility issues (e.g., to identify your browser type) and improve performance (e.g., faster loading of content).	Session Removed when closing the browser.
Security (e.g. Asp .NET) Cookies	If you register to access a restricted area, our cookies ensure that your device is logged in for the duration of your visit. You will need your username and password to access restricted areas.	Session Removed when closing the browser.
Site preferences	Our cookies may also remember your site preferences (e.g., language) or seek to enhance your experience (e.g., by personalizing a greeting or content). This will apply to areas where you have specifically registered to access or create an account.	Session Removed when closing the browser.
Analytical	We use various third-party analytics tools to help us understand how site visitors use our website. This allows us to improve the quality and content of kpmg.com for our visitors. Aggregate statistical data includes items such as total visits or page views and referrals to our websites. For more details on our use of Google Analytics, please see below.	Persistent, but will be automatically deleted after two years if you no longer visit kpmg.com
Feedback from site visitors	We use a third-party survey tool to invite a percentage of visitors to provide feedback. Cookies are used to prevent visitors from being invited multiple times. The first cookie (1) is set if the visitor is not invited to participate in the survey and is used to ensure that visitors are not invited after their first visit to the page. The second cookie (2) is set if the visitor is invited to participate in the survey and is used to ensure that the visitor is not invited to participate again for a period of 90 days.	1 Session Removed when closing the browser. 2 Persistent.It is automatically deleted after 90 days or upon submission of the survey invitation.
Share on social networks	We use third-party social media widgets or buttons to provide you with additional functionality to share content from our web pages on social networking websites and email. The use of these widgets or buttons may place a cookie on your device to make your service more user-friendly, ensure that your interaction is displayed on our web pages (e.g., social share count cache is updated) and record information about your activities on the Internet and on our websites. We recommend that you review each provider's privacy information before using that service. For more details on our use of widgets and social networking applications, see below.	Persistent, but will be automatically deleted after two years if you no longer visit kpmg.com

Other third-party tools and widgets will sometimes be used on our individual web pages to provide additional functionality. The use of these tools or widgets will generally place a cookie on your device to facilitate their use and ensure that your interaction is displayed correctly on our web pages.

Cookies by themselves do not tell us your e-mail address or identify you personally. In our analytics reporting, we will obtain other identifiers, including IP addresses, but this is for the purpose of identifying the number of unique visitors to our websites and the geographic origin of visitor trends, and not to identify individual visitors.

BY BROWSING OUR WEBSITES OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE MAY PLACE THESE COOKIES ON YOUR COMPUTER OR INTERNET ENABLED DEVICE.

1.3.3 Google Analytics

KPMG uses Google Analytics. You can find more information on how KPMG uses Google Analytics here.

To provide website visitors with more choices about how Google Analytics collects their data, Google has developed the Google Analytics opt-out add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics opt-out browser add-on does not prevent information from being sent to the website itself or to other web analytics services.

1.3.4 Web beacons

A web beacon is a small image file embedded in a web page that can be used to collect certain information from your computer, such as IP address, time of access, content visited, browser type and the existence of Cookies previously stored by the same server. KPMG only uses web beacons in compliance with applicable law.

KPMG or its service providers may use web beacons to track the effectiveness of third party websites that provide recruitment or marketing services to us or to collect data on aggregate user statistics and manage Cookies.

You have the option to delete some unusable web beacons by rejecting their associated Cookies. The web beacon may still record an anonymous visit from your IP address but no information in the form of a cookie will be recorded.

In some of our newsletters or other communications, we may confirm the recipient's e-mail address through links included within the messages. We collect this information to assess user interest and to improve the future user experience. 

1.3.5 Location-based tools

KPMG will collect and use the geographic location of your computer or mobile device. This location data is collected in order to provide you with information about services that we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.

1.4 Widgets and applications in social networks

KPMG websites generally include functionality that enables sharing through third-party social networking applications, such as the Facebook Like button and Twitter widget. These social media applications will collect and use information about your use of KPMG websites (see details on 'Social Media Sharing' cookies above). Any personal information you provide through such social networking applications will often be collected and used by other members of that social networking application and such interactions are governed by the privacy policies of the companies providing the application. We have no control over or responsibility for those companies or their use of your information.

In addition, KPMG websites may host blogs, forums, crowdsourcing and other applications or services (collectively "social networking features"). The purpose of social networking applications is to facilitate the exchange of knowledge and content. Any personal information you provide on any KPMG social media feature will generally be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we often have limited or no control.

1.5 Children

KPMG understands the importance of protecting children's privacy, especially in an online environment. Therefore, our sites are not designed for or directed to children under the age of 13. It is our firm's policy not to knowingly collect or maintain information from persons under the age of 13, except as part of the performance of professional services. 

2. Exchange and transfer of personal information

2.1 Transfer between member firms of the KPMG network

We share information about you with other member firms in the KPMG network as part of international engagements, and with KPMG International and other member firms where necessary or desirable to comply with our legal and regulatory obligations worldwide. Other parts of the KPMG network are also used to provide services to you and us, for example, hosting and supporting IT applications, providing certain forms of insurance for member firms and their clients, performing client conflict checks and anti-money laundering checks, assisting with client engagement services and otherwise as necessary to continue KPMG's business.

2.2 Transfers to third parties

We do not share personal information with third parties except as necessary for our legitimate business and professional needs, to carry out your requests, and/or as required or permitted by law or professional standards. For more information on these third parties, please see this link. In addition, KPMG will transfer certain personal information outside the EEA to outside companies working with us or on our behalf for the purposes described in this Privacy Policy. KPMG also often stores personal information outside the EEA. We typically send personal information to the following countries. If we do this, your personal information will continue to be protected by means of contracts that we have in place with those organizations outside the EEA, which contain standard data protection clauses in accordance with the format approved by the European Commission.

KPMG will not transfer the personal information you provide to third parties for their use in direct marketing.

3. Options

In general, you are not required to provide any personal information to KPMG, but we will ask you to provide certain personal information so that you may receive additional information about our services and events. KPMG will also ask your permission for certain uses of your personal information, and you can agree or decline those uses. If you choose particular services or communications, such as an electronic newsletter, you may be detained at any time in accordance with the instructions contained in each communication. If you choose to unsubscribe from a service or communication, we will attempt to remove your information immediately, although we may need additional information before we can process your request.

As described in the "Cookies" section above, if you wish to prevent cookies from tracking you as you browse our sites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, please note that some sections of our sites may not function properly if you choose to decline cookies.

4. Your rights

If KPMG processes your personal information, you have the following rights:

- Access and correction: you have the right to access this data. This is sometimes called an "Access Request". If we agree that we are obligated to provide you with personal information, we will provide it to you free of charge. Before we provide you with personal information, we may request proof of identity and sufficient information about your interactions with us to enable us to locate your personal information. If the information we hold about you is incorrect, you have the right to ask us to correct any inaccuracies in the personal information.

- Object to processing: you have the right to object to our processing of your personal information if we no longer have the right to use it.

- Other rights: In addition, you may have the right to have your information deleted if we keep it too long, restrict its processing in certain circumstances and/or to obtain copies of the information we hold about you in electronic form.

You can make a request or exercise these rights by contacting KPMG at and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

You may make a request or exercise these rights by contacting KPMG at uy-fmprivacy@kpmg.com and we will make all reasonable and practical efforts to comply with your request, provided that it is consistent with applicable law and professional standards.

5. Data security and integrity

KPMG has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration or destruction. However, despite KPMG's best efforts, security cannot be guaranteed absolutely against all threats. To the best of our ability, access to your personal information is limited to those who need to know. Persons having access to data should keep the information confidential.

We also make reasonable efforts to retain personal information only as long as i) the information is necessary to fulfill an individual's request, ii) it is necessary to comply with legal, regulatory, internal business or policy requirements, or iii) until that individual requests that the information be deleted. The period for which data is retained will depend on the specific nature and circumstances under which the information was collected; however, subject to the requirements of i) -iii) above, personal information will not be retained for more than 2 years.

6. Links to other sites

Please note that KPMG websites may include links to other sites, including the sites of other KPMG member firms that are not governed by this Privacy Policy, but by other privacy policies that may differ. We urge users to review the privacy policy of each website they visit before disclosing any personal information. 

By registering on any KPMG website and then navigating to another KPMG website while still logged in, you agree to the use of your personal information in accordance with the privacy policy of the KPMG website you are visiting.

7. Changes to this policy

KPMG may amend this Privacy Policy from time to time to reflect our current privacy practices. When we make changes to this Policy, we will revise the "updated" date at the top of this page. Any changes to the processing of personal data as described in this Privacy Policy that affect you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.

8. Compliance and doubts

KPMG is committed to protecting the privacy of your personal information online. If you have any questions or comments about the management of your personal information, please contact us at uy-fmprivacy@kpmg.com. You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Policy.

If you are not satisfied with the response you receive, you may bring your concern to the attention of the KPMG Uruguay Privacy Officer by sending an email to uy-fmprivacy@kpmg.com. We will acknowledge receipt of your email within 14 days and will attempt to resolve your concern within one month of receipt. When the concern is complex or we have a large volume of concerns, we will notify you that the concern will take more than one month to resolve, and we will seek to resolve your concern within three months of the first concern. We may accept your concern (and in that case implement one of the actions set forth in the "Your Rights" section above), or we may reject your concern for legitimate reasons.

In any case, you always have the right to file a complaint with the Regulatory and Personal Data Control Unit, the regulator in charge of protecting personal information.

 

¹ "KPMG," "we," "our," and "us" refers to KPMG International Cooperative ("KPMG International"), a Swiss entity, and/or to any one or more of the member firms of the KPMG network of independent firms affiliated with KPMG International. KPMG International provides no client services.