This document details how we will treat your personal data.
KPMG Acceleris Limited (“KPMG Acceleris”), a company registered in England & Wales under company number 08817319, will hold any personal information provided to it in confidence and in accordance with The General Data Protection Regulation (GDPR) (EU) 2016/679 (a regulation in EU law on data protection and privacy for all individuals within the European Union) and other applicable data protection legislation.
For the avoidance of doubt, any reference within this policy to “KPMG Acceleris”, should be construed as collectively meaning any KPMG Acceleris branded company, now or in the future.
What is personal data?
Personal data is any information relating to an identifiable person, who can be directly or indirectly identified by reference to such data. Such information includes, name, email address, mailing address.
KPMG Acceleris will ensure the lawful processing of your personal data. Below we will explain;
the types of information we collect about you;
● how we collect and use it
● who we might share it with
● the steps we’ll take to make sure it stays private and secure;
● and your rights to your information.
If you have any questions on this policy you can call us on 01942 356655 or email us on firstname.lastname@example.org or write to the address below and we will respond to you.
Who we are
Under GDPR, KPMG Acceleris is the data controller and processor of personal data for the purposes of its business. The data controller is responsible for deciding how your information is used and ensuring it is private and secure.
How do we collect personal data?
Directly. We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us with their business card(s), complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, visit our offices or for recruitment purposes. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients:
● Public sources -- Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, government intelligence and crime prevention agencies and internet searches.
● Business clients -- Our business clients may engage us to perform professional services which involves sharing personal data they control as part of that engagement.
● Recruitment services -- We may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.
● Data subscription services – We may obtain business personal data from external data providers to reach out to prospective new clients.
What lawful reasons do we have for processing personal data?
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
● Contract – We may process personal data in order to perform our contractual obligations owed to (or to enter into a contract with) the relevant individuals.
● Consent - We may rely on your freely given consent at the time you provided your personal data to us.
● Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These may include:
● Delivering services to our clients – To deliver the professional services our clients have engaged us to provide including information on new products and services.
● Direct marketing – To conduct and analyse our marketing activities. To deliver timely market insights and speciality knowledge including tailor-made online experience we believe is welcomed by our business clients, subscribers and individuals who have interacted with us.
● Monitor our IT systems - Prevent fraud or criminal activity and protect our IT systems.
● Corporate responsibility - Comply with our corporate and corporate social responsibility commitments.
● Legal obligations – We may process personal data in order to meet our legal and regulatory obligations or mandates.
● Public Interest – We may process personal data in order to perform a specific task in the public interest or in the exercise of official authority vested in us.
● Vital Interests – We may process personal data to protect the vital interests of the individual or another natural person.
Why do we need personal data?
We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
● Providing professional advice and delivering reports relating to corporate finance advisory services.
● Promoting our professional services, products and capabilities to existing and prospective business clients.
● Sending invitations and providing access to guests attending our events and webinars or our sponsored events.
● Administering, maintaining and ensuring the security of our information systems, applications and websites.
● Seeking qualified candidates, and forwarding candidate career inquiries to our recruitment team, which may be governed by different privacy terms and policies.
● Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
● Complying with legal and regulatory obligations relating to anti-money laundering, terrorist financing, fraud and other forms of financial crime.
● Compiling health and safety data (directly or indirectly) following an incident or accident. Indirect data can take many forms including an incident report, first aider report, witness statements and CCTV footage.
Who we can share your information with
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:
● group companies (including KPMG LLP and its member firms) where necessary for administrative purposes and to provide professional services to our clients (e.g., when providing services involving advice from KPMG);
● Parties that support us as we provide our services (e.g. providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
● Professional advisers, including lawyers, auditors and insurers.
● A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of our business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
● Parties that support as with anti-money laundering, client conflicts and independence checks.
● Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation.
● Health government bodies and external service providers (health, facilities, estate management) to assess, monitor and control the spread of infectious diseases.
● Payment, marketing and recruitment services providers.
KPMG Acceleris will not transfer the personal information you provide to any third parties for their own direct marketing use.
How long we will keep your information
We will keep your information for as long as you have a relationship with us. After the relationship ends, we will keep it where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, or for other reasons e.g. fighting fraud and financial crime, and responding to requests from regulators.
Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these purposes, we retain such personal data for seven years.
Transferring your information overseas
We store personal data on servers located in the UK and EEA. We may transfer personal data to third party organisations situated inside or outside the UK and EEA when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
What about personal data security?
We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.
If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Do we link to other websites?
Our websites may contain links to other sites that are not governed by this Privacy Notice. Please review the destination websites’ privacy notices before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
You have a number of rights relating to the personal information we hold about you. These are set out in more detail below:
You can request a copy of the personal information that we hold about you. This is known as a ‘Data Subject Access Request’.
We make every effort to hold accurate data about you. Should you be aware that our information is incorrect, please inform us and we shall rectify the matter.
You have the right to request for your personal information to be erased if we no longer have a lawful basis for keeping your information.
● Right to object
If you do not agree we have a legitimate interest to process your personal data, you have the right to object to this processing.
If you have given us your consent to use personal information, you may withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
● Data portability
In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
● Right to complain to a supervisory authority
If you are dissatisfied with our use or management of your personal information, you have the right to complain to an EU Data Protection Supervisory Authority. If you are dissatisfied with our use or management of your personal information in the UK, you have the right to complain to the Information Commissioner’s Office (ICO) and you can contact them via their website: www.ico.org.uk or by post to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Any and all requests will be fully reviewed by KPMG Acceleris and responded to, with appropriate actions taken, normally within one month.
For any more information or if you wish to complain, please contact the Compliance Officer at:Address:
KPMG Acceleris Limited, No. 1 Circle Square, 3 Symphony Park, Manchester, M1 7FS.
Tel: 01942 356655
Do we change this Privacy Notice?
We regularly review this Privacy Notice and will post any updates to it on this webpage. This Privacy Notice was last updated on 30/06/2023.