Last updated April 2023
1. Who are we?
2. What categories of personal data do we collect?
2.1 Job applicants
With regard to your application for employment with us or with our clients, we may collect and process the following categories of personal data:
If you are a selected candidate for employment we will request additional personal details as required by the applicable law for the purposes of the employment contract execution.
When you apply as a freelancer, you are asking to be admitted to our data base. In order to admit you to the data base and match your qualifications with our needs, we need to perform a screening process, which evaluates your language skills, personality, domain-specific knowledge, competence and professionalism. We may also need to screen potential freelancers for specific technical skills, as required for the relevant project. In this context, we may collect and process the abovementioned categories of personal data.
If you are a selected freelancer in order to enter into a contractual agreement with you to carry out a work on our behalf, we may request additional further information from you.
Special categories of personal information
In the initial stages of the recruitment process or in the process of selecting appropriate freelancers, we do not seek to collect special categories of personal information from you (this is also known as “sensitive personal information”). Special categories of personal information include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, information concerning health, information concerning a natural person's sex life or sexual orientation.
We may need to collect special categories of personal information from you at a later stage if local employment or other laws require us to do so and we, will notify you explicitly of this.
3. How do we collect personal data for recruitment purposes?
4. Why do we need your personal data?
KPMG may use your personal data for any or all of the following purposes:
5. What lawful reasons do we have for processing personal data? We may rely on the following lawful bases for personal data processing when we collect and use your personal data for recruitment purposes:
Registration as a freelancer – We rely on your consent to processing your data when you register as a freelancer and submit your CV and other relevant documents. By registration as a freelancer, you provide your consent to process your personal data for the purposes described above. KPMG normally does not carry out automated decision-making, including profiling, of personal data in the course of conducting recruitment campaigns or campaigns for selecting freelancers for its own needs or for the purposes of delivering recruitment services to its clients. If such is being carried out, KPMG undertakes to provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.
6. Are you obliged to provide your personal data to us?
Providing personal information to us is voluntary, but necessary for the recruiting process or for the process of selecting suitable freelancers. You are under no statutory or contractual obligation to provide your personal information to KPMG. However, if you do not provide sufficient information we may be unable to consider or process your application for employment or application as a freelancer.
7. Do we share personal data with third parties?
We may share personal data with trusted third parties to help us carry out our business activities and deliver efficient and quality services. These third parties are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of third parties:
8. Do we transfer your personal data outside the European Economic Area?
We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to KPMG International Limited, a private English company limited by guarantee, KPMG member firms, and reputable third party organizations situated inside or outside the EEA when we have a business reason to engage these organizations. Each organization is required to safeguard personal data as either the country where the organization is located is considered an adequate country based on a Decision of the European Commission, or it is obliged by means of contracts we have in place with those organizations outside the EEA, containing standard data protection clauses which are in a form approved by the European Commission.
You may find a complete list of adequate countries here. Upon request we will provide you with additional information about the data protection clauses we use.
9. How long do we retain your personal data?
All documents submitted by and collected from you in the course of the respective recruitment campaign containing your personal data, including but not limited to CVs, certificates, cover letters, test results, etc., will be retained for a period of 6 (six) months upon completion of the campaign in case your application is unsuccessful, unless you have provided consent to keeping your data for future vacancies or further job opportunities. If you provide us with originals or notarized copies of documents during the campaign they will be returned to you within the time limit specified in the previous sentence. The internal documents created by KPMG with regard to the respective recruitment campaign that may contain your personal data will be retained for a period of 3 (three) years upon completion of the campaign for the purposes of establishment, exercise or defense of legal claims and resolving disputes under the Protection Against Discrimination Act.
Upon your explicit consent KPMG will retain and use your application and supporting documents containing personal data in the course of further recruitment campaigns for a period of 3 (three) years upon submission of your application.
Sometimes KPMG receives personal data from candidates who are interested in working at KPMG without applying for a specific job position, for example by sending a CV to KPMG's official e-mail address or in the course of KPMG's participation in various events (e.g. career days organized by universities and others) in order to promote the activities of the Company and recruit potential staff. In these cases, personal data is processed on the basis of consent given by the job applicant and will be retained for a period of 3 (three) years upon submission of the application.
All documents that shall be retained on the basis of the Regulation on the terms and conditions for conducting employment intermediation (e.g. contract for intermediation services) will be stored for a period of 5 (years) as required by law.
When you apply as a freelancer all documents submitted by and collected from you will be retained for a period of 3 (three) years from the date of the submission of your application as a freelancer.
There are two main types of cookies depending on the period for which they remain stored on your device. On the basis of this criterion, we distinguish between the so called session and persistent cookies.
Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web site’s features.
Further information about managing cookies can be found in your browser's help file or through sites such as www.allaboutcookies.org.
Below is a list of the cookies used on our web site for submission and processing of applications:
11. What are your data protection rights and how you can exercise them?
Your data protection rights are highlighted here.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
In case you wish to exercise any of the rights described above, you may use our template form to contact us at 45/A Bulgaria Blvd., Sofia 1404, Bulgaria or at firstname.lastname@example.org.
If you are not satisfied with the response you receive or if you have any concerns in relation to the processing of your personal data from us, you may escalate your concern to our Privacy Liaison by sending an email to email@example.com or to contact him at 45/A Bulgaria Blvd., Sofia 1404, Bulgaria. We will acknowledge your complaint within 14 days and seek to resolve your concern within 3 months of receipt. Where the concern is complex or we have a large volume of concerns, we will notify you that the concern will take longer than one month to resolve, and we will seek to resolve your concern within three months of the concern being first raised.
If you believe that KPMG has not complied with your data protection rights, you always have the right to lodge a complaint with the Commission for Personal Data Protection of the Republic of Bulgaria and to report concerns you may have about our data handling practices at:
Postal address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone number: +359 (2) 91-53-518
Email address: firstname.lastname@example.org
Internet address: www.cpdp.bg
12. What about personal data security?
We have put appropriate technical and organizational security measures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymization, de-identification and anonymization techniques in efforts to further protect personal data.
Last updated April 2023
1. General Provisions
KPMG is a global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee.
KPMG uses an external recruitment platform TalentLyft (the “Platform”) operated by AdoptoTech d.o.o., ., a Croatian company, having its seat and registered address at Ulica Ljudevita Posavskog 34A, 10000 Zagreb, VAT: HR57168930727.
The information contained and accessed on the Platform is provided by KPMG Audit OOD, Uniform Identification Code 040595851, and/or KPMG Bulgaria OOD, Uniform Identification Code 121489246, both having seat and registered address at 45/A Bulgaria Blvd., Sofia 1404, Bulgaria (hereinafter collectively referred to “KPMG”).
Please read these Terms carefully as they contain important information regarding your rights and obligations with respect to your access and use of the Platform, including but not limited to various limitations, exemptions and exclusions.
By accessing or using the Platform, you enter into legal agreement with KPMG and state that you have read, understand, and agree to be bound by the following Terms in their entirety, when youaccess or use the Platform, apply for employment with us or with our clients and register as a freelancer.
2. The Platform
2.1. Accessing and/or using the Platform, you are able to:
2.2. Technical requirements to use the Platform:
You can use the Platform via Internet-enabled computer/mobile device with one of following browsers:
Technical factors such as bandwidth, network configurations, and computer browser settings can affect the speed and accessibility of the Platform. KPMG does not guarantee the continuous, uninterrupted or error-free operability and availability of the Platform, or compatibility with your computer browser or any other part of your computing systems.
KPMG cannot guarantee that the Platform is invulnerable to hacking or other unauthorized access by third parties or any other form of malicious attacks. You acknowledge that transmission of information and/or documents over the Internet is not entirely secure and there is always the possibility of unauthorized interception by third parties. In any case, KPMG undertakes the necessary measures to ensure the security of your data as is and as far as required by applicable laws.
3. Candidate Portal
When using our Platform, you represent and warrant that you have reached the age of majority in the jurisdiction in which you reside, and that you are in any event at least 18 years old. In any case, please consider that should you become a selected candidate you may only be hired and commence work upon fulfilment of any and all requirements of applicable legislation, incl. on minimum age for employment, issuance of relevant permits from authorities, etc.
4. Your obligations
You agree that you will not:
You shall not commit any other act or omission that may be considered an infringement of the present Terms and rules of good faith and/or duty of care and/or that may cause any damage to KPMG ITS, including damage to its name and good reputation.
You also agree to:
You acknowledge that access to and use of the Platform may be suspended or limited at any time and that the content posted on the Platform may not be recoverable. You are fully responsible for retaining copies of all content and documents uploaded on the Platform. KPMG has and undertakes no responsibility for recovering or providing to you any content or documents uploaded on Platform, nor shall it assume any liability for that matter.
If you do not comply with these Terms (or if KPMG has reasonable grounds to suspect or investigates suspected non-compliance), KPMG may suspend or terminate your access to the Platform or take any other steps KPMG considers appropriate.
5. Limitation of liability
Using or accessing the Platform you declare that KPMG is not liable for:
To the extent permitted by applicable law, KPMG disclaims for itself and its suppliers, all warranties and liability for any damage and remedies whether direct, indirect or consequential, or for any loss of profit, contracts, data, goodwill or other similar losses arising from the use of the Platform. You are solely responsible for all use you make of the Platform and of the content posted on the Platform.
7. Dispute resolution and governing law
These Terms shall be governed by and construed in accordance with the laws of the Republic of Bulgaria, and you agree to the exclusive jurisdiction of the courts of the Republic of Bulgaria to settle any disputes which may arise out of your use of the Platform.
8. How to contact us?
If you have any further queries with regard to the Platform or these Terms, please send an email to email@example.com.
If your request is linked to the processing of your data, please send an email to: firstname.lastname@example.org.