Last updated 11 May 2022
1. Who are we?
2. What categories of personal data do we collect?
With regard to your application for employment with us or with our clients, we may collect and process the following categories of personal data:
If you are a selected candidate for employment we will request additional personal details as required by the applicable law for the purposes of the employment contract execution.
Special categories of personal information
In the initial stages of the recruitment process, we do not seek to collect special categories personal information from you (this is also known as “sensitive personal information”). Special categories of personal information include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, information concerning health, information concerning a natural person's sex life or sexual orientation.
We may need to collect special categories of personal information from you at a later stage in the recruitment process if local employment law requires us to do so and we, will notify you explicitly of this.
3. How do we collect personal data for recruitment purposes?
4. Why do we need your personal data?
KPMG may use your personal data for any or all of the following purposes:
5. What lawful reasons do we have for processing personal data?
We may rely on the following lawful bases for personal data processing when we collect and use your personal data for recruitment purposes:
KPMG normally does not carry out automated decision-making, including profiling, of personal data in the course of conducting recruitment campaigns for its own needs or for the purposes of delivering recruitment services to its clients. If such is being carried out, KPMG undertakes to provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.
6. Are you obliged to provide your personal data to us?
Providing personal information to us is voluntary, but necessary for the recruiting process. You are under no statutory or contractual obligation to provide your personal information to KPMG during the recruitment process. However, if you do not provide sufficient information we may be unable to consider or process your employment application.
7. Do we share personal data with third parties?
We may share personal data with trusted third parties to help us carry out our business activities and deliver efficient and quality services. These third parties are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of third parties:
8. Do we transfer your personal data outside the European Economic Area?
We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to KPMG International Limited, a private English company limited by guarantee, KPMG member firms, and reputable third party organizations situated inside or outside the EEA when we have a business reason to engage these organizations. Each organization is required to safeguard personal data as either the country where the organization is located is considered an adequate country based on a Decision of the European Commission, or it is obliged by means of contracts we have in place with those organizations outside the EEA, containing standard data protection clauses which are in a form approved by the European Commission.
You may find a complete list of adequate countries here. Upon request we will provide you with additional information about the data protection clauses we use.
9. How long do we retain your personal data?
All documents submitted by and collected from you in the course of the respective recruitment campaign containing your personal data, including but not limited to CVs, certificates, cover letters, test results, etc., will be retained for a period of 6 (six) months upon completion of the campaign in case your application is unsuccessful, unless you have provided consent to keeping your data for future vacancies or further job opportunities. If you provide us with originals or notarized copies of documents during the campaign they will be returned to you within the time limit specified in the previous sentence.
The internal documents created by KPMG with regard to the respective recruitment campaign that may contain your personal data will be retained for a period of 3 (three) years upon completion of the campaign for the purposes of establishment, exercise or defense of legal claims and resolving disputes under the Protection Against Discrimination Act.
Upon your explicit consent KPMG will retain and use your application and supporting documents containing personal data in the course of further recruitment campaigns for a period of 3 (three) years upon submission of your application.
Sometimes KPMG receives personal data from candidates who are interested in working at KPMG without applying for a specific job position, for example by sending a CV to KPMG's official e-mail address or in the course of KPMG's participation in various events (e.g. career days organized by universities and others) in order to promote the activities of the Company and recruit potential staff. In these cases, personal data is processed on the basis of consent given by the job applicant for a period of 3 (three) years upon submission of the application.
All documents that shall be retained on the basis of the Regulation on the terms and conditions for conducting employment intermediation (e.g. contract for intermediation services) will be stored for a period of 5 (years) as required by law.
There are two main types of cookies depending on the period for which they remain stored on your device. On the basis of this criterion, we distinguish between the so called session and persistent cookies.
Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web site’s features.
Further information about managing cookies can be found in your browser's help file or through sites such as www.allaboutcookies.org.
In accordance with applicable legislation in force, whenever we wish to and before we store cookies on your device via our website, you must first grant your consent therefor. There are exceptions to the rule that your consent is needed. These exceptions concern the so called strictly necessary cookies and cookies for functionalities requested directly by you. Information on these may be found below:
Below is a list of the cookies used on our web site for submission and processing of job applications:
To track the visits of one user
To identify an individual user
11. What are your data protection rights and how you can exercise them?
Your data protection rights are highlighted here.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
In case you wish to exercise any of the rights described above, you may use our template form to contact us at 45/A Bulgaria Blvd., Sofia 1404, Bulgaria or at firstname.lastname@example.org.
If you are not satisfied with the response you receive or if you have any concerns in relation to the processing of your personal data from us, you may escalate your concern to our Privacy Liaison by sending an email to email@example.com or to contact him at 45/A Bulgaria Blvd., Sofia 1404, Bulgaria. We will acknowledge your complaint within 14 days and seek to resolve your concern within 3 months of receipt. Where the concern is complex or we have a large volume of concerns, we will notify you that the concern will take longer than one month to resolve, and we will seek to resolve your concern within three months of the concern being first raised.
If you believe that KPMG has not complied with your data protection rights, you always have the right to lodge a complaint with the Commission for Personal Data Protection of the Republic of Bulgaria and to report concerns you may have about our data handling practices at:
Postal address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone number: +359 (2) 91-53-518
Email address: firstname.lastname@example.org
Internet address: www.cpdp.bg
12. What about personal data security?
We have put appropriate technical and organizational security measures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymization, de-identification and anonymization techniques in efforts to further protect personal data.