Privacy
Date of update: May 2024
1. General aspects
KPMG* (hereinafter "KPMG" or "We") understands the importance of protecting the security and confidentiality of your personal data, which is why We are committed to ensuring the legality of our processing by us.
This privacy notice describes how KPMG manages your personal data in accordance with applicable personal data protection legislation, including Regulation EU 2016/679 ("GDPR"), and what your rights are under the law regarding the processing of personal data in the context of the recruitment process.
We collect and process several categories of personal data from our candidates and potential trainees (hereinafter "You") which, in accordance with applicable data protection legislation, qualifies us as the controller of such personal data.
This privacy notice applies to all candidates who opt for the positions available at KPMG or internships and describes our policies and practices regarding our collection and use of your personal data, as well as your rights regarding such data.
Specifically, You will find below information about:
2. The personal data that are the object of processing, how We collect them and on what legal basis and for what purpose
2.1. Purpose and basis of data processing
  1. For the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract [article 6 paragraph 1 letter b) of the GDPR] we process:
    • Personal data necessary for your eligibility assessment (such as studies, accreditations, skills etc.);
    • Personal data necessary for the conclusion of the individual employment contract (such as identity data, health data regarding work ability and/or potential restrictions etc.);
  2. For the fulfillment of a legal obligation [article 6 paragraph 1 letter c) of the GDPR], we process:
    • Personal data necessary for complying with any legal obligations incumbent on KPMG as an employer (such as criminal record, health data regarding work ability and/or potential restrictions and fiscal record);
  3. For the fulfillment of the purposes of KPMG’s legitimate interests [article 6 paragraph 1 letter f) of the GDPR], we process:
    • Personal data that we request from you additionally in our recruitment process to establish your fitness within the KPMG employee profile as well as any other information necessary to ensure the most suitable conditions for your future job such as preferences, hobbies, etc.);
    • Criminal records, referrals available within public databases regarding your company holdings and your capacity as director/administrator, verification of possible situations of personal bankruptcy, checks on professional reputation carried out from public sources, in order to implement the proper framework for managing the potential risk, according to our professional, integrity and ethical standards.
    • All the documents and personal information you provided to us during recruitment and selection process, for safeguarding the Controller's right of defense
  4. We also have processing activities based on your consent [according to Article 6 paragraph (1) letter a) of the GDPR], when it comes to:
    • Retaining your personal data for in subsequent specific recruitments, according to specific consent provided within the platform Talent Lyft **, in case you applied for a job position directly on our website on Careers page.
    You could withdraw your consent anytime in Talent Lyft platform, by accessing the confirmation e-mail you received when you applied for a job.
    • Referrals to professional and personal conduct from your former employers, which will be subject to your consent based on a distinct form which will be submitted to you as a different form, within pre-onboarding process.
2.2. Description of the personal data We process
Within KPMG, We collect and process any of the following personal information:
  1. For the screening, testing and recruiting processes - CV/biography/cover letter information: the information included in the application, in your CV and / or biography as well as any other relevant information You choose to provide to us in this context, such as your name and first name, image/ photography , address, email address, telephone number, previous employers professional qualifications, recommendations, analysis of professional evolution and competencies, trainings/ courses, department changes, details on performance and ability to meet requirements, personal skills, hobbies, etc.
  2. Company holdings and your capacity as director/administrator within a company, possible situations of personal bankruptcy, professional reputation, carried out from public sources;
  3. For the pre-onboarding process - copy of the ID card/passport, copy of the relevant diplomas, copy of the birth certificate, copy of the marriage/divorce certificate, copy of the relevant work permits, medical information related to the work ability (as per the labor medicine requirements), IBAN account number, criminal record, details (name, Personal Identification Number) of the persons in care, certificate from the former employer attesting the social contributions, certificate from the former employer attesting the overall work experience.
Regarding special categories of personal data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs or union membership, genetic data, biometric data, sexual orientation data, We hereby ask You to not provide such data, which is not required in the recruitment process.
However, in cases where the applicable standards or law expressly provides as above mentioned, KPMG may request information on criminal offenses and convictions and health data, by requesting the candidate to submit a criminal record and information on work ability.
2.3. Data collection source
  1. Directly from You when (i) You use our Career Website to apply, (ii) You send us your application by e-mail to mycareer@kpmg.ro, (iii) in person at our headquarters, or (iv) during presentation and promotion sessions of the company.
  2. Indirectly from third parties, such as recruitment agencies and/or public sources (e.g. Linkedin, Bestjobs, Ejobs, Hipo, Trade Register, etc.)
  3. From our KPMG employees through our referral program;
  4. From reference check conducted with your former employers;
First, We will process the data described in chapter 2.2. for recruiting staff, for establishing your identity and eligibility, when We identify possible collaboration opportunities, assessing the qualification of applicants for a position within KPMG, organizing interviews, verifying the knowledge needed to fill certain positions and establishing the conditions of the job offer.
Once you have accepted our offer, you will be asked to provide required documents that are necessary for us to conclude the employment contract as per the paragraph 2.2 point 3, mentioned above.
3. Disclosure of personal data
3.1. Disclosure of data within the KPMG Group
Your personal data collected in the context of the recruitment process may be transferred between the entities KPMG Moldova and Romania if We consider that this is in our legitimate interest for internal administrative purposes. Access to your personal data is limited only to those employees who need that information for professional purposes, and may include your potential superiors and other persons appointed by them to perform certain tasks, as well as employees from human resources departments, corporate services, legal, IT, security and financial.
In the specific situation where within the description of the job we post is indicated that the role shall be for the benefit of other KPMG Member Firms outside Romania, some personal data like name and surname, image, your CV or professional competences might be shared with those ultimate beneficiary.
3.2 Disclosure of data to third parties
As a general rule, We exclude the disclosure of personal data to third parties. As an exception, your data will be processed by third parties, who may have the capacity of data processors, such as providers of human resources services, legal services, IT services, integrating platforms. They are carefully selected and in addition are contractually bound, in accordance with Article 28 of GDPR.
We will share the necessary part of your personal data only to the extent necessary and only to the following categories of third parties:
  1. other entities such as regulators, accountants, auditors, lawyers or other external experts, if their activity requires this information;
  2. our Clients, in case the role you applied for, shall be accommodated for the benefit one/more of our Clients;
  3. companies that provide us with products and services, such as:
    • human resources services, for example pre-employment checks;
    • recruitment agencies;
    • IT system providers and related support service providers, including email archiving, telecommunications service providers, backup and disaster recovery, computer security services; other outsourced service providers, such as off-premises storage and cloud storage service providers;
    • Adopto Tech D.o.o, external provider which provides access to recruitment management services through an online platform called Talentlyft;
    • TestGorilla B.V., external provider which provides access to cognitive and psychometric tests as part of the recruitment process;
    • Talmundo B.V, external provider for an online platform used for pre-onboarding process.
  4. universities and other educational institutions (e.g. Bucharest Academy of Economic Studies), in the case of candidates taking part in apprenticeship.
We will also disclose your personal data to third parties in the following situations:
  1. If You request or give us your consent in this regard;
  2. If persons who can prove that they have the legal authority to act on your behalf request this;
  3. If We have an obligation to disclose your personal data in order to comply with a legal obligation, any legal request from the competent authorities of the state, and as may become necessary to meet certain requirements of national security or enforcement law or to prevent certain illegal activities;
  4. To respond to any claims, to protect our rights or those of a third party, to protect the safety of any person or to prevent any illegal activity; or
  5. To protect the rights, property or ensure safety of KPMG, its employees, customers, suppliers or others.
3.3 The transfer of personal data abroad
We also generally mention that we will not transfer your data outside the European Union/European Economic Area.

In case of possible data transfer, we shall ensure it will be only if an adequate level of personal data protection is recognized by a European Commission for the recipient country. In the absence of such a decision issued by the European Commission, KPMG shall transfer personal data to a third country only if adequate safeguards according to the law are provided in order to protect personal data.

KPMG may be contacted to obtain additional information on the safeguards offered for the protection of personal data in case of any transfer of data to countries outside European Economic Area, through a written request to do so.
3.4. Limitations related to the use of personal data by recipients
Third parties to whom We may make your personal information available pursuant to paragraphs 3.1, 3.2 and 3.3 above are limited (by applicable law or by a contract between KPMG and a third party) to how we may process your personal data for the specific purposes We have identified. We will always ensure that any third parties to whom We voluntarily disclose your personal information are subject to confidentiality and security obligations according to applicable law (for the avoidance of doubt, this may not apply where the disclosure is not our decision).
Term of retention of your personal data
Your personal data is kept only for as long as is necessary to fulfill the purposes for which the information is processed.
Currently, your personal data are kept for the following periods that We consider reasonably necessary:
  1. We will retain CVs and personal data submitted to us via Talent Lyft until the recruitment process for the job you applied is ended, or We will keep the data according to your express consent , for future recruitment processes;
  2. We will retain CVs, personal data, interview notes, cognitive and psychometric test results for short listed candidates who participate to at least one interview, for a maximum 3 years term, for safeguarding our right to defense in Court;
  3. Personal data for the candidates who become employees, shall be retainedin Talmundo platform for 3 months starting the offer processing in TalentLyft;
  4. The personal data of the candidates who become employees are kept as part of the employees' data, within the personnel file and subject to our policy regarding retention of employees' data.
Retention terms are also subject to any potential requests received from you, for exercising your data protection rights as a data subject, including withdraw of your consent. In these cases your personal data will be retained for maximum 3 years from the date of the final reply, as proof that We have provided you with comprehensive information according to legal requirements.
4. Your rights in relation to the personal data provided
4.1. We also inform you that you have the following rights, to the extent permitted by GDPR, in connection with your personal data that you have provided to us, respectively:
  1. the right of access to your personal data;
  2. the right to rectification of personal data;
  3. the right to delete personal data;
  4. the right to restrict the processing of personal data;
  5. the right to oppose the processing of personal data;
  6. the right to portability of personal data;
  7. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects the data subject to a significant extent according to art. 22 of the GDPR. We mention that your data are not processed for the purpose of taking a decision based exclusively on automatic processing, which would produce effects from those mentioned in art. 22 of the GDPR.
Also, to exercise the above rights, and for any information regarding the protection of your personal data, you can send a written request by e-mail to: dataprotection-office@kpmg.com. Upon receipt of your request, KPMG will provide You with a response free of charge and without undue delay, and no later than one month after receipt of your request.
4.2. More information about these rights, as well as how you can exercise them, can be found in our Privacy Statement, available on our website, by accessing the following link: https://home.kpmg/ro/en/home/misc/privacy.html.
5. Changes regarding the information note
This information note may be updated whenever we deem it necessary. Any changes made to this information note will be posted on the privacy page of the current website.

The following KPMG entities are incorporated in Romania, and headquartered in Bucharest, District 1, 89A București-Ploiești Road,:


  • KPMG Romania S.R.L.
  • KPMG Audit S.R.L.
  • KPMG Tax S.R.L.
  • KPMG Advisory S.R.L.
  • KPMG Business Tax Services S.R.L.
  • KPMG Restructuring S.P.R.L.
  • KPMG Delivery Center S.R.L.
  • KPMG Foundation
  • KPMG Accounting and Payroll Services S.R.L.
  • KPMG Legal through TONCESCU and Associates of S.P.A.R.L.

** Talent Lyft is an integrated solution for recruitment process, offered by external provider Adopto Tech D.o.o

Our story
Open for talent
Life at KPMG
Find your career
Privacy

©2025 KPMG România SRL, a Romanian limited liability company and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.