Privacy Notice

This Privacy Notice was last updated* on 20 October 2022.


1. Who is responsible for processing of your personal data?

KPMG Central Services VOF/SNC, having its office at Luchthaven Brussel Nationaal 1K, 1930 Zaventem, Belgium and registered under company number 0473.719.789, RPR/RPM Brussels (hereafter referred to as “KPMG”) processes your personal data, in its capacity as data controller or as data processor of another Belgian KPMG entity, in accordance with the applicable European privacy legislation (including the General Data Protection Regulation 2016/679 - hereafter referred to as “GDPR”), the national privacy legislation (including but not limited to the Belgian Law of 30 July 2018 concerning the protection of natural persons with regard to the processing of personal data) and all applicable related jurisprudence and guidelines.


2. What personal data do we process?

KPMG may process the following personal data:

  • Contact details (such as your first name, last name, address, e-mail address, phone number);
  • Personal information (such as your date of birth, license plate);
  • Dietary requirements (such as a food intolerance or allergy);
  • Professional information contained in your resume and/or your profile on a public networking website (such as your education and training, professional experience, former employer, former title/function);
  • Images of you (photos and/or videos);
  • Any other information that you may provide

3. How do we collect your personal data?

KPMG may collect the personal data that:

  • You provide through one of KPMG’s website, online platform, application or survey;
  • You provide directly to a person working at KPMG or another Belgian KPMG entity;
  • A third party (such as universities, high schools, business schools, student associations, recruitment agencies, recruitment platforms, …) has transmitted to KPMG;
  • You provide for your registration to an event (such as webinars, workshops, job fairs, …) that KPMG organizes or in which KPMG participates;
  • You publish on a public networking website (e.g. LinkedIn).

And for which you shall remain solely responsible.


4. For which purposes do we process your personal data?

KPMG only processes your personal data for specified, explicit and legitimate purposes and will not process your personal data further in a way that is incompatible with those purposes. Thus, KPMG processes your personal data in order to:

  • Communicate with you;
  • Carry out selection and recruitment activities;
  • Review and assess your profile, application and/or suitability for a position within KPMG or another Belgian KPMG entity;
  • Build and enlarge KPMG’s recruitment and talent pool;
  • Invite you to events (such as recruiting or networking events);
  • Take (pre-)contractual measures in relation to your engagement or employment within KPMG or another Belgian KPMG entity;
  • Create, store, reproduce images of you and/or publish them on KPMG’s (online) communication media (including but not limited to KPMG’s event websites and social media channels).

5. On which legal grounds do we rely for processing your personal data?

Depending on the purpose of the processing, KPMG may rely on the following legal grounds in order to process your personal data:

  • A processing can be based on your consent, as provided for in article 6.1 a) of GDPR: for example, KPMG will ask consent to process personal data in order to add interesting profiles from a public networking website (e.g. LinkedIn) to its recruitment and talent pool or to publish images of you taken during an (online) event on KPMG’s communication media (including but not limited to KPMG’s social media channels).
  • A processing can be based on your explicit consent, as provided for in article 9.2 a) of GDPR: for example, KPMG will ask your explicit consent for the processing your personal data related to dietary requirements.
  • A processing can be necessary to take steps at your request prior to entering into a contract or for the performance of a contract to which you are party, as provided for in article 6.1 b) of GDPR: for example, KPMG may process personal data in order to establish a (employment) contract with KPMG or another Belgian KPMG entity.
  • A processing can be necessary for the purposes of the legitimate interests pursued by KPMG, as provided for in article 6.1 f) of GDPR: for example, KPMG may have a legitimate business interest in maintaining and developing contacts with the data subjects who have expressed their interest in working for KPMG or another Belgian KPMG entity.

6. Who has access to your personal data?

Your personal data may be shared with other entities of the KPMG network in the framework of the abovementioned purposes.

In the context of these processing activities, KPMG may call on several (sub)processors for:

  • Providing and operating KPMG’s recruitment and talent pool;
  • Supporting the organization of events (including but not limited to the distribution of packages to the attendees);
  • Performing aptitude tests via external test platforms in order to assess your suitability for a position within KPMG or another Belgian KPMG entity.

KPMG may also publish images of you (photos and/or videos) on its communication media (including but not limited to its social media channels) and making them accessible to other users of these media in digital and printed form. In the context of these processing activities, KPMG may process your personal data by publishing them on its social media channels. In this respect, KPMG and the respective social media act as “joint controller” and have undertaken the necessary action to be compliant with the requirements of article 26 GDPR.


7. Where do we process your personal data?

Your personal data will mainly be processed in the European Economic Area (hereafter referred to as the “EEA”).

In addition, some of your personal data may be transferred outside of the EEA to outside companies working with KPMG or on its behalf for the purposes described in this Privacy Notice (for example in relation to (IT) support and/or infrastructures services). If we do so, your personal data will continue to be protected by an appropriate safeguard provided for in the GDPR (such as the standard contractual clauses issued by the European Commission).


8. How long do we keep your personal data?

KPMG will not keep your personal data longer than necessary for the purposes for which they have been collected or otherwise processed. The precise retention time will depend on the purposes for which KPMG processes your personal data. For example, your personal data may be kept for the following periods:

  • Organization and facilitation of events (such as recruiting or networking events): maximum thirty (30) days following the end of the event, unless you give your consent for an additional period;
  • Selection and recruitment activities (including enlarging KPMG’s recruitment and talent pool): maximum two (2) years after receiving your personal data, unless you give your consent for an additional period of two (2) years;
  • Relationship management such as invitation to job events, job fairs and/or workshops etc.: maximum three (3) years after last contact with you, unless you object, on grounds relating to your particular situation, to this processing;
  • (Pre-)contractual measures: maximum ten (10) years after the termination of your (employment) contract with KPMG or another Belgian KPMG entity.

9. What rights do you have as data subject and how can you exercise them?

You have the right to access, rectify and erase your personal data as well as to restrict or object the processing of your personal data. Besides that, you have the right to data portability. You also have the right to withdraw your consent at any moment. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

You can exercise these rights by filling out this form and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

You also have the right to lodge a complaint with the Belgian Data Protection Authority should any of your rights be violated.

For the sake of completeness, your personal data will be processed in accordance with KPMG’s Privacy Statement.


* KPMG may modify this Privacy Notice from time to time. When KPMG makes changes to this notice, KPMG will revise the "updated" date at the top of this page. KPMG encourages you to periodically review this Privacy Notice to be informed about how KPMG is protecting your personal data.


Dutch version of this Privacy notice
French version of this Privacy notice