KPMG New Zealand is committed to protecting the confidentiality and privacy of information entrusted to it.  This privacy statement explains how KPMG handles the information that we collect, including personal information, and how we comply with the requirements of the New Zealand Privacy Act 2020 (‘the Privacy Act’). 

In this privacy statement, ‘KPMG’, ‘we’, ‘us’, and ‘our’ is a reference to the KPMG New Zealand partnership and includes any entity carrying on business in New Zealand that is part of the KPMG group of entities.  Reference to ‘you’ and ‘your’ is used to refer to the individual who is the subject of the personal information.

KPMG may modify this privacy statement to reflect current privacy practices and to ensure compliance with applicable laws.

1.         Collection and use of personal information

1.1       Personal information we collect

Personal information is any information about an identifiable individual, such as your name or your contact information.  Personal information might be provided to us by you or by others.

We will collect your personal information where you choose to provide it.  The type of personal information we collect depends on the nature of our relationship with you.

• If you visit our website:  We do not collect any personal information about you, except to the limited extent through the use of cookies.  More Information on how we use cookies is found at paragraph 1.3.2.
• If you use our Office Locator tool:  We will collect the geographical location of your computer or mobile device to provide you with information on where your nearest KPMG office is located.  More information on location-based tools is found at paragraph 1.3.5.
• If you register with us to receive ongoing updates about our services, our events and/or for other marketing purposes, or if you register to join our alumni network:  We will collect personal information in the form of your name and email address to provide these updates.  You might choose to also provide us with other contact details such as your telephone number or your address.
• If you make an enquiry or request a proposal through our website:  We will collect your name and email address so we can respond to your query or proposal.  You might choose to also provide us with your telephone number, the company you work for and your job title, and your social media details.
• If you engage us to provide services to you:  We will collect the personal information necessary to provide the services.  This may include your name, contact details (such as an email address, telephone number, address), identification documents such as a copy of your passport or driver’s licence, tax file numbers or other government-issued identification numbers.  To provide you with certain services, we might be required to collect further personal information from you to verify your identity.  For example, where you ask us to provide a service that is a designated activity under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.  We will provide you with further information where this applies to your engagement.
• If you apply for a job with us or express interest in a role:  We will collect your name and email address for recruitment purposes.  You might also provide us with other contact details such as your telephone number your address and social media details, share with us the company you work for and your job title, or share your CV with us.  If your application is successful, we will ask you to provide further personal information.  We will provide you with more information on this process where this applies to you.

Where you provide us with your personal information, you agree to allow our use of this information as detailed in this Privacy Statement. We try to only collect the personal information necessary to fulfil your request.  We will notify you where the information we ask for is additional or optional.

We will generally collect information from you directly.  In some instances, we might collect your personal information from a third-party.  For example, where your employer is our client, from your representative or from another KPMG member firm.

1.2       Third-party single sign-on service

You may register or login to our website using a third-party single sign-on service.  Where you log in this way, the service authenticates your identity and connects your social media login information (e.g. LinkedIn, Google, Twitter or Facebook) with KPMG.  We will collect any information or content needed for the registration or login that you have permitted the social media provider to share with us, such as your name and email address.

Other information we collect will depend on the privacy settings you have set with your social media provider and their privacy statement.

1.3     Automatic collection of personal information

In some instances, KPMG (or our service provider) will use cookies, web beacons and other technologies to automatically collect certain types of information when you visit us online, as well as through emails that we may exchange. Collecting this information allows us to customise your online experience, as well as improve the performance, usability and effectiveness of our online presence, and measure the effectiveness of our marketing activities.

1.3.1 IP addresses

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognise and communicate with one another. IP addresses from where visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information is typically used in aggregate form to conduct website trend and performance analysis.

1.3.2 Cookies

Cookies will be placed on your computer or internet-enabled device whenever you visit our website. This allows the site to remember your computer or device and serves a number of purposes.

On some of our websites, a notification banner will appear requiring your consent to collect cookies. If you do not provide consent, your computer or internet-enabled device will not be tracked for marketing-related activities. A secondary type of cookie referred to as “user-input” cookies may still be necessary for functionality. These cookies will not be blocked through the use of this notification banner. If you wish to revoke or change your selection, you may do so by clearing your browser’s cookies.

Other third-party tools and widgets, if used on our websites, may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.

In our analytical reports, we may use cookies to obtain identifiers including IP addresses.  This is to identify visitor trends, such as the number of unique visitors to our websites and the geographic origin of those visitors.  It is not to identify individual visitors.

Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browsers settings (often found in your browser’s Tools or Preferences menu). You may also delete cookies from your device at any time. If you do not accept cookies, you may not be able to fully experience some of our website’s features.

Further information about managing cookies can be found in your browser’s help file or through sites such as www.allaboutcookies.org.

Table 1: Cookies used on KPMG websites:

1.3.3 Google Analytics

KPMG uses Google Analytics. More information about Google Analytics can be found here: https://marketingplatform.google.com/about/analytics/terms/us/.

To provide visitors with more choice on how their data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or other web analytics services.

1.3.4 Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time content is viewed, a browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its service providers will use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.

You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.

In some of our newsletters and other communications, we will monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance user experiences.

1.3.5 Location-based tools

KPMG will collect and use the geographical location of your computer or mobile device. This location data is collected to provide you with information regarding services which we believe may be of interest to you based on your geographic location, access to your nearest KPMG office and to improve our location-based products and services.

1.4     Use of personal information

When you provide us with your personal information, we will use this information for the purposes outlined in this Privacy Statement.

Your personal information will not be used for other purposes unless we obtain your consent to the secondary use, or the secondary use is required or permitted by law.

Examples of secondary use might include:

• Where you register with the KPMG website and provide us with information about your preferences, we will use this information to personalise your user experience.
• Where you register or login using a third-party single user sign-on, we may recognise you as the same user across any different devices you use and personalise your user experience across other KPMG websites you visit.
• If you provide a CV for recruitment purposes, you may agree to allow us to retain this to match you with the current and future KPMG job opportunities.

In some cases where you have registered for certain services, we may store your email address temporarily until we receive confirmation of the information you provided via an email (for example where we send an email to the email address provided as part of your registration to confirm a subscription request.)

1.5 Social media widgets and applications

KPMG’s websites include functionality to enable sharing via third-party social media applications, such as the Facebook Like button and Twitter widget.  These social media applications will collect and use information regarding your use of the KPMG websites. Any personal information that you provide via these social media applications may be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application.

We do not have control over, or responsibility for, those companies or their use of your information.

KPMG websites may also host blogs, forums, crowd-sourcing and other applications or services (collectively “social media features”). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

1.6 Children

KPMG understands the importance of protecting children’s privacy, especially in an online environment.

Our websites are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16, except as part of an engagement to provide professional services.

2. Sharing and transfer of personal information

2.1 Transfers within the KPMG network of firms

KPMG New Zealand is a New Zealand partnership and a member firm of the KPMG international network of independent member firms.  Member firms are located around the world.

We may share your personal information with other member firms where your engagement is an international engagement, or to meet our legal and regulatory obligations in jurisdictions outside of New Zealand.

We may use other member firms to provide services to us and you.  These services might include hosting and supporting IT applications, the provision of certain forms of insurance for member firms and clients, performing client conflict checks or identity verification checks (where required) and assisting with client engagement services.

We may store, process or back-up your personal information on servers that are located overseas (including through third-party service providers). These servers are commonly held in the United States of America, the United Kingdom, the Netherlands, Ireland, Germany and Singapore.

By providing us with your personal information, you are consenting to the transfer and/or storage of your personal information in this way.

2.2     Transfers to third parties

The information you provide to us may be shared with third-party providers to the extent necessary to carry out our professional and business needs, to complete your requests or where we are required to disclose that information by law or for safety reasons.

Examples of this might include:

• Sharing with our service providers:  We work with reputable service partners, service providers and agencies to meet our business needs as well as to assist in our delivery of services to you.  We may share your personal information with these providers where, and to the extent that it is as required in the provision of the services you have asked that we provide.  KPMG will only share personal information with providers who have met our standards on the processing of data and security.
• Sharing for internal and compliance purposes:  The transfer or disclosure of your personal information might be necessary for data privacy or security audits, other audits required by local legislation, or where we are required to investigate or respond to a complaint or a security threat.
• Sharing as required under law:  There may be occasions where Courts, Tribunals or law enforcement regulatory bodies require KPMG to share information with them, or it may be prudent for KPMG to comply with such request.
• Sharing in the event of sale or transfer:  In the event KPMG or the business of the website is sold, transferred or assigned disclosure might be necessary for that sale, transfer or assignment, or as a result of the sale, transfer or assignment.   

At no time will KPMG sell your personal information to any third parties or transfer your personal information to any third parties for their direct marketing use.

3. Security and retention of personal information

KPMG has security policies and procedures in place to protect personal information from loss, unauthorised access, use, modification, disclosure or misuse. Despite KPMG’s best efforts, security cannot be guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who need to know. Those individuals who have access to the data are required to maintain the confidentiality of the information.

We also make reasonable efforts to retain personal information only for

• so long as the information is necessary to comply with an individual’s request; or
• as necessary to comply with legal, regulatory, internal business and policy requirements.

The period for which the information is retained will depend on the specific nature and circumstances under which the information was collected.

4. General Data Protection Regulation

The General Data Protection Regulation (‘GDPR’) came into effect on 25 May 2018 and applies to residents of the European Union.  Under the GDPR, the term ‘Personal Data’ is used in the place of ‘Personal Information’.

Where you are a resident of the European Union or United Kingdom, you may have additional rights under the GDPR in respect of your personal information.

Please contact us if you have any questions.

5. Links to other sites

KPMG’s websites may contain links to other sites, including sites maintained by other KPMG member firms that are not governed by this Privacy Statement.  These sites will be governed by a privacy statement that relates to that member firm’s jurisdiction.  We encourage users to review the privacy statement of each website before disclosing any personal information.

6. Your choice

In general, you are not required to submit any personal information to KPMG.  It will be necessary for you to provide certain personal information for you to receive information about our services and events, or if you wish to apply for a position with KPMG.

KPMG will ask for your permission for certain uses of your personal information, and you can agree to or decline those uses.

If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication.

7. Your privacy rights

Where we hold personal information about you

• you have the right to access that information where it can be readily retrieved; and
• if that information is incorrect, you may ask that we correct it.

Requests can be made to the KPMG New Zealand Privacy Liaison.

8. How to contact us

If you have a query about this privacy statement or the privacy of your information, or if you would like to enforce your privacy rights, please contact KPMG as follows:

Privacy Liaison
KPMG New Zealand 
P O Box 1584
Auckland 1140
[email protected]