Last updated: 22 August 2023

 

PRIVACY STATEMENT

on processing related to recruitment

 

This general privacy statement (“Privacy Statement”) was drawn up on the basis of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

Introduction

KPMG Hungária Kft.OR KPMG Tanácsadó Kft. ORKPMG Legal Tóásó Law Office (“Company” or “KPMG”) have an obligation to protect and respect your private life. On the basis of Article 13 of the GDPR, this employee privacy statement provides you with information on your rights regarding the processing of your personal data as well as on the measures that we take to protect your personal data.

This Privacy Policy shall cover all private individuals who submit an application for a job advertised by the Company in any manner, and in so doing makes their personal data available to the Company for processing and collection purposes.

Pursuant to Article 4 (7) of the GDPR, KPMG shall be considered the controller with regard to the processing referred to above.

KPMG data:

Company name:	KPMG Hungária Kft.	KPMG Tanácsadó Kft.	KPMG Legal Tóásó Law Firm
Registered office:	1134 Budapest, Váci út 31
Contact person:	Marketing and Communications department
Email address:	info@kpmg.hu
Company registration number:	Cg. 01-09-063183	Cg. 01-09-698768	N/A
Company reg. number:	N/A	N/A	3502
Tax number:	10263332-2-44	12691908-2-44	18147995-2-41
Website address:	https://home.kpmg/hu/hu/home.html
Telephone number:	+36 1 887 7100

 

NAME AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER FOR KPMG HUNGÁRIA KÖNYVVIZSGÁLÓ, ADÓ- ÉS KÖZGAZDASÁGI TANÁCSADÓ KORLÁTOLT FELELŐSSÉGŰ TÁRSASÁG AND KPMG TANÁCSADÓ KFT.

• Name: dr. Georgina Kelemen-Kustyán
• Address: 1134 Budapest, Váci út 31.
• Email: dataprivacykpmghu@kpmg.hu

Should you have any questions or comments regarding the processing of your personal data, please get in touch at the following email address: dataprivacykpmghu@kpmg.hu. You can also use this address to communicate any concerns you may have if you believe we are not complying with our Privacy Statement.

In this Privacy Statement, the phrases “KPMG”,” “we,” “our,” and “us” refer to KPMG Hungária Kft. OR KPMG Tanácsadó Kft. OR KPMG Legal Tóásó Law Firm. They may also, depending on the context, refer to KPMG International Cooperative (“KPMG International”), a Swiss entity, and/or to any one or more of the other member firms of the KPMG network of independent firms affiliated with KPMG International. KPMG International provides no client services.

 

What personal information do we collect and use?

We process data which you provide on your application form, or which are included in your curriculum vitae and other documents (e.g. correspondence, motivation letter). These data are CV information, ID number, name, email address, telephone number, position applied for, permanent address, date of birth, gender, date of last application, date of registration, status (active/passive), salary expectation and other demands, area, level and description of qualifications, spoken languages and level thereof, fields of work experience, level of position, number of years, ideal area of work, level of position, location, date of application, feedback from company.

On the application form there are obligatory fields – these data are necessary for processing the application. Without providing these data you are unable to take part in the application process.

In certain cases the personal data collected by us contain “sensitive personal data”, such as data referring to diversity (including race or ethnicity, political opinion, religion or belief, personal data on trade union membership, and on sexual life or sexual orientation), or health data (such as disability records, smoker records, fitness for work) and data about alleged or proven criminal offences, in each case where permitted by law.

In some cases, KPMG will also collect personal data from third parties, such as recruitment agencies that you used to move to KPMG, or other KPMG entities if you transferred to us from that KPMG entity. Furthermore, data from recruitment firms such as candidate reports on suitability for a given position, your salary demands, professional experience and other background support services (primarily the one providing our flexible benefits programme). Besides these, we collect data from publicly available sources, such as social media sites.The KPMG shall receive and process personal data from the recruitment firm assuming that the recruiter obtained such from the Job Applicant based on explicit and freely given consent after being properly informed. The recruitment firm is obliged to obtain the afore-mentioned consent from the Job Applicant in the manner described above. The consent must include the fact that the KPMG may obtain the data from the recruitment firm.

What do we use your personal data for?

We process the personal data of employees to:

• primarily undertake recruitment activities (including processing your application, internal hires and secondments, informing data subjects about possible job opportunities,making appointments with data subjects and conducting the selection process), checking for any existing or potential conflicts of interest or any other restrictions which may limit an Employee’s activities or work engagements within KPMG, furthermore examining future opportunities to employ you.

Furthermore to:

• manage our IT resources, including infrastructure management and business continuity;
• forward and make available personal data within the KPMG network of independent firms;
• reply to an official request from a public or judicial authority.

Data security

KPMG has up-to-date security policies and processes to protect personal data from being unlawfully destroyed, lost, altered, published or accessed by unauthorised persons. However, despite KPMG’s best efforts, security cannot be fully ensured against all threats. To our best knowledge, your personal data can only be accessed by those who need to know them. These persons, who can have access to the data, are obliged to agree to a confidentiality obligation with regard to such data.

We take all necessary steps to keep personal data only for as long as i) the personal data is consistent with the personal need, ii) is necessary to comply with legal, regulatory, internal business or policy requirements, or iii) until the person requests the erasure of the personal data.

The period the data can be kept for depends on the specific circumstances and conditions under which the personal data was collected; nonetheless, the requirements i)-iii) above must also be met.

What does the law say about this?

GDPR allows us to process personal data so long as we have a basis or “ground” under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal data we will rely on one of the following legal grounds:

• Consent:In some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting KPMG at dataprivacykpmghu@kpmg.hu.
• With due consideration of the above, if you also provide sensitive personal data, the legal basis for the processing of sensitive data shall be your explicit consent in accordance with Article 9 (2) a) of the GDPR.
• Owing to your consent we will have the legal grounds to forward your personal data to other member firms of the KPMG network.
• Legitimate interest: we will process information about you where it is in our legitimate interest in running a lawful business, so long as it doesn’t outweigh your interests;

Examples of the “legitimate interests” referred to above are:

• the establishment, exercise or defence of legal claims.
• To benefit from cost effective services (e.g. we may opt to use certain IT platforms offered by suppliers, or share basic personal data with another KPMG network entity if you transfer to that entity, for use by that KPMG network entity in conducting legally required background checks without collecting the information from you again. 

Must you give us personal information we ask for?

You voluntarily give us your personal data when completing the application form. If you do not give us your personal data, then we either cannot process your application properly during the recruitment procedure, or in certain cases your application may be rejected.

Do you process information about me without any human intervention at all?

Yes, we do. KPMG uses automated systems/processes and automated decision making (including profiling) to provide you with the services you request from us. For example, if there is a change in a law or regulation affecting a specific demographic.

Storage of data

• Personal data is essentially processed based on consent for the duration of the application process. If you are selected, the data given in connection with the application shall be rendered anonymous within 90 days of the first working day.
• If you are not selected, your personal data shall be rendered anonymous within 30 days of notification thereof.
• If your application was unsuccessful, but you provided explicit consent for us to keep your personal data for the purposes of being notified of similar positions becoming vacant in the future, we shall keep your data based on this consent for a period of 2 years from the application so we can contact you based on your consent if you prove suitable for a certain position in the future. If you do not give consent to your data being stored, we shall render your data anonymous within 30 days of notification thereof. If you do not even give consent to the anonymisation of your data, we will erase your personal data immediately but no later than within 30 days from you requesting us to do so.
• Anonymisation: a technical procedure that permanently ensures no link can be restored between the data subject and the data. Anonymous data is information that does not enable a certain job applicant to be personally identified. This data is not connected to other personal data, i.e. the job applicant cannot be identified based on this data.
• If the person is subsequently employed then contractual provisions regarding the given employment along with legislative provisions shall apply to the processing of data and documents.

 

Data transfer

Transfer within the KPMG organisation – access rights for processing

Those participating in evaluating the job applications, in particular, the HR Director, Recruiter, HR Generalist, Recruitment trainees, and the head of the department that is advertising the position are entitled – in line with employment law rules that apply to them – to familiarise themselves with the data of the Job Applicant in connection with the processing set forth in this Privacy Policy.

Transfer within the network of KPMG firms

We share information about you with other member firms of the KPMG network as part of international engagements, and with KPMG International and other member firms where required or desirable to meet our legal and regulatory obligations around the world. Other parts of the KPMG network are also used to provide services to us and you, for example hosting and supporting IT applications, provision of certain forms of insurance.

Data transfer to processors, third persons, and controllers

We do not share personal information with unaffiliated third parties, except as necessary for our legitimate professional and business needs to carry out your requests, and/or as required or permitted by law or professional standards. This would include:

• Technical operator related to KPMG’s processing:KPMG shall engage the services of a processor for the technical operations related to its processing.
• Contact details of Processor:
• Name: hrfelho.hu Kft.
• Registered office: 1119 Budapest, Bártfai u. 15-17
• Company registration number: 01-09-322675

Tax number: 26296465-2-43

The privacy policy of the Processor can be found at this link http://hrfelho.hu/adatvedelem.html, where Job Applicants can learn about the role of the Processor in the Controller’s recruitment processes in connection with registering in the system.

• Our other service providers: We transfer your personal information to our third-party service providers, such as our (IT) systems providers, our hosting providers, our payroll providers, consultants (such as legal advisers) and other goods and services providers. KPMG works with such providers so they can process your personal information on our behalf. KPMG will only transfer personal information to them when they meet our strict standards on the processing of data and security. We only share personal information that allows them to provide their services.
• Courts, law enforcement and regulatory bodies: KPMG will disclose personal information in order to respond to requests of courts, government or law enforcement agencies or where it is necessary to comply with applicable laws, court orders or rules, or government or professional regulations.
• Audits: disclosures of personal information will also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
• Insurers: our professional rules and our business requirements mean that we carry significant insurance cover in respect of business activities (our “insurance programme”). This is required to assist each member firm of the KPMG network in covering the costs associated with claims which may arise in the event that it is alleged that something has gone wrong during the course of providing services to our clients. In order to make the insurance programme work effectively, the insurance programme involves a number of different participants in the insurance market (e.g. brokers, insurers and reinsurers, as well as their professional advisors and other third parties involved should there be a claim). Some of these insurance market participants will require that we disclose personal information about you to them. The information will be used by the insurance market participants in the underwriting and ongoing administration of the insurance programme, where there is a claim that you are relevant to and to allow the insurance market participants to comply with their legal and regulatory obligations. Some of these insurance market participants will handle this information on our behalf (like our service providers described above), but others will want to process information about you independent of us.

For more information in respect of our professional indemnity insurance cover, please send an email to info@kpmg.hu.

Transfer to countries outside of the EEA

KPMG will transfer certain personal information outside of the EEA to member firms of the KPMG network working with us or on our behalf for the purposes described in this Privacy Statement. KPMG will also store personal information outside of the EEA. If we do this your personal information will continue to be protected by means of contracts we have in place with those organisations outside the EEA, containing standard data protection clauses which are in a form approved by the European Commission.

 

Your rights

If KPMG processes personal information about you, you have the following rights:

• Right of access
• Right of information
• Right of rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object.

 

The individual rights of data subjects are detailed below:

1.                 Right of access and information

At your request we shall provide information on whether your personal data are processed. If so, in addition to providing access we will inform you about the categories of data processed, the purpose of the processing, the recipients of the processing or the categories of recipients, the term for storing the data or the criteria for defining this term, the exercise of the data subject’s rights, the right to lodge complaints with the National Authority for Data Protection and Freedom of Information (NAIH), the source of data, and automated decision-making, including profiling. In the event of data transfer outside the European Union or the European Economic Area, the data subject will obtain information on the appropriate safeguards ensured in respect of data transfer.

     2.                  Right of rectification

You are entitled to request the rectification of your data from the Controller if such is inaccurate.

If the personal data processed by us needs to be rectified, you can request the rectification of the data in writing (by mail or email), indicating the correct data.

You must notify us forthwith in writing (mail or email) of any change in the personal data processed by us, but no later than within 5 days of the change taking place. You are responsible for any damage sustained by KPMG if this notification is not given or is delayed.

     3.                 Right to erasure

You shall have the right to obtain the erasure of personal data concerning you without undue delay and KPMG shall have the obligation to erase your personal data without undue delay in the cases defined in Article 17 of the GDPR.

Where KPMG has made the personal data public, i.e. has transferred such to third parties, then when you exercise your right to erasure KPMG shall take reasonable steps to inform other controllers to whom the personal data was transferred that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

     4.                 Right to restriction of processing

You shall have the right to obtain restriction of processing if

•           you contest the accuracy of the personal data;

•           the processing is unlawful;

•           KPMG no longer needs the personal data for the purposes of the processing, but you need them to establish, exercise or defend legal claims;

•           you have already objected to the processing.

     5.                 Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from KPMG, where:

• •           the processing is based on consent; and

•           the processing is carried out by automated means.

     6.                 Right to object

You shall have the right to object to the processing of personal data in accordance with Article 6 (1) f) of the GDPR. In this case, the personal data may no longer be processed for such purposes.

In connection with exercising the rights listed above you may contact KPMG at:

•           1134 Budapest, Váci út 31, and

•           dataprivacykpmghu@kpmg.hu.

We also inform you that if the processing is based on consent you have the right to withdraw consent to processing at any time, however, this shall not affect the legality of data processing prior to the withdrawal of consent and carried out on the basis of the consent. Please note that you only gave consent in relation to the processing of your telephone number, email address, address and notification address, so the withdrawal also only applies to such data. Consent may be withdrawn by sending a statement to the above postal addresses or email addresses.

Finally,you may lodge complaints related to processing with the National Authority for Data Protection and Freedom of Information (NAIH), using the following contact details:

Postal address: 1363 Budapest, Pf.: 9.

Address: 1055 Budapest, Falk Miksa utca 9-11.

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Email address: ugyfelszolgalat@naih.hu

Website: http://naih.hu

Beyond and without prejudice to the above, you shall have the right to turn to the courts relating to the processing of your personal data if such is in violation of the GDPR; furthermore, if you have suffered material or non-material damage due to KPMG violating the GDPR you shall have the right to enforce a claim for compensation against KPMG.

General information and cookie policy

When you visit the KPMG website, KPMG processes other personal data (e.g. by using cookies); you can read more about this data protection at the following link: https://home.kpmg/hu/hu/home/misc/adatvedelem.html   Contact If you have any questions regarding this privacy statement or if you would like further information about how we protect your personal information (for example when we transfer it outside Europe) and/or if you want to contact KPMG’s Data Protection Officer, please email us at dataprivacykpmghu@kpmg.huor call us on +36 1 887 7444.   Amendment to Privacy Statement KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the “updated” date at the top of this page and any changes affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.