Data protection information for the KPMG Direct Services Portal of KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG)

Our services are based on trust. For an accounting firm such as KPMG the protection of personal data (data protection) is a primary concern. KPMG observes all applicable data protection laws and continuously strives to improve data protection. KPMG is the controller for processing the personal data on these websites as defined by the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [BDSG].

KPMG Direct Services is a web platform made available by KPMG for web-based services, providing our clients with fast, easily accessible solutions for all essential transformation issues. This particularly also includes our catalogue of services in the area of tax advisory. KPMG Direct Services helps you find suitable services quickly for an array of tasks, clarify their details, and submit a request swiftly.

The following data protection policy is to inform you about how we process personal data on the KPMG Direct Services website of KPMG and about the rights of data subjects.


This privacy statement exclusively applies to the collection, processing and use of personal data in the KPMG Direct Services Portal.

The general data protection policy for processing personal data in the course of our general business activities and services (e.g. assessments/events), which can be commissioned via KPMG Direct Services, can be downloaded here.

1. Who is responsible for data processing on this website?

KPMG Wirtschaftsprüfungsgesellschaft AG
Klingelhöferstr. 18
10785 Berlin

Telefon:  +49 30 2068 - 0
Fax:  +49 30 2068-2000

2. How can the data protection officer be reached?

Either using the postal address provided under item 1 or by E-mail:

3. For what purpose do we process your data on this website and on what legal basis?

KPMG collects and uses personal data for making the website and our information and services available in accordance with Article 6 (1)(a) to (f) of the European General Data Protection Regulation (GDPR), i.e. to the extent permissible under the GDPR or another regulation or if the user (data subject) has given consent to the processing.  Legally standardised data protection contracts are agreed with all service providers which we use as processors pursuant to Article 28 EU GDPR and the service providers first undergo an IT security assessment.

In addition, KPMG processes personal data collected when visiting this website as follows:

a) Log files

Each time our website is visited, log files are automatically saved based on our legitimate interest pursuant to Articles 6 (1)(f) EU GDPR. These log files contain information on the computer visiting our website, e.g. information on the type of browser, the operating system used, the internet service provider, the IP address, date and time of access. It is necessary to store this data in order to be able to make our website available to users for the duration of the visit. We also use this data to optimise our website and to ensure the security of our IT systems. The log file data is deleted as soon as it is no longer required for the specified purposes.

b) Registration for KPMG Direct Services

It is initially possible to use the publicly accessible website of KPMG Direct Services without providing personal data. If you want to use KPMG Direct Services as a client to commission services, it is necessary to register, which requires personal data. On first-time registration, a password-protected personal account and access to the internal pages of KPMG Direct Services are set up. This requires your surname, first name and (business) email address. Registration also requires the provision of company information (e.g. company name, legal form, invoicing address), which usually is not related to a particular person. This information is used for client identification and verification purposes. KPMG collects, stores and processes your personal data for the entire user administration of KPMG Direct Services. On registration, login and use of the user account, the user's IP address and time of

login are also logged. A legitimate interest pursuant to Article 6 (1)(f) EU GDPR is pursued by KPMG for security reasons (e.g. protection against abuse, unauthorised use).

c) Commissioning of services via KPMG Direct Services

When services are commissioned via KPMG Direct Services, the personal data required for the proposal to be submitted and reviewed is processed based on Article 6 (1b) respectively Article 6 (1f) EU GDPR. Further information on data protection for the processing of personal data as part of general business activities and services provided by KPMG that can be commissioned via KPMG Direct Services can be downloaded here. If you would like to commission services from KPMG Direct Services which are not provided by KPMG (e.g. services provided by KPMG Law Rechtsanwaltsgesellschaft mbH), the data will be forwarded to the service provider to the extent necessary.

d) Newsletters, mailings, downloads

We make a wide range of newsletters, mailings and downloads available on KPMG's web pages based on the user's consent pursuant to Article 6 (1)(a) EU GDPR in conjunction with Section 7 (2)(3) of the German Act Against Unfair Competition [UWG] where applicable. We can also send certain information to data subjects by email as permitted by law (Section 7 (3) UWG) depending on the circumstances. Registration for newsletters and mailings on specific topics and download of certain KPMG documents (e.g. studies) requires the user's name and email address. Registration or download also gives KPMG permission to log future visits of our website by a user for that specific person, in order to be able to provide this user with subject-specific information that is targeted to his or her personal interests (e.g. current studies, surveys). To this end, we use a cookie of our service provider Hubspot to log the individual KPMG web pages and topics which a registered user looks at during a visit (see also below under item 3e (3)). After registration for newsletters, mailings or downloads on the KPMG website each user receives confirmation by email sent to the specified email address (so-called double opt-in procedure). Registration is only complete once confirmation has been received via the link provided in this email. Consent to receive newsletters, mailings or downloads once given can be withdrawn at any time via the link at the end of each email or by sending a message to the KPMG mailbox Registrations for newsletters, mailings or downloads are logged on the basis of our legitimate interest to the able to proof a user's consent at any time (Art. 6 (1)(f) EU GDPR). Should you not have used our range of services in any form during a specific year, you will be considered not interested and therefore will be automatically deleted from Hubspot.

e) Contact form

To request further information, we will make contact forms available for you at various locations on our website which you can use to contact us directly. We will process the personal data (e.g. name, email address) entered there in accordance with legal provisions for processing the request pursuant to Article 6 (1)(b) or Article 6 (1)(f) EU GDPR.

f) Cookies and analytics

KPMG Direct Services uses so-called cookies for the purposes listed below. A cookie is a text file that is sent from the web server to the browser and processes information about the website visitor (e.g. IP address), his settings and the devices used.

In the table below we have listed the different types of cookies we use on our site:


Strictly necessary cookies


These cookies are essential to ensure that the user can navigate and use certain functions of the website. Without them, essential parts of the website cannot be used. Accordingly, these cookies are always activated. They are only used when you visit our website and are usually deleted when you close your browser. They are also used to call up the optimized website display when accessed with a mobile device, so that, for example, your data volume is not unnecessarily consumed. The cookies also facilitate the page change from http to https, so that the security of the transferred data remains guaranteed.

Functional Cookies

Functional cookies enable the website to store information such as the user name or language selection and to offer the user improved and personalized functions based on this information. The information collected is only evaluated in aggregated form. Since we want to offer you a website that is designed for optimal user-friendliness, we recommend that you activate these cookies. Functional cookies are also used, for example, to activate the functions you desire, such as the playback of videos.

Performance cookies

These cookies collect data about user behavior. On this basis, the website is adjusted to the general user behaviour in terms of content and functionality. The information collected is generally processed in aggregated form, unless a user has expressly consented to a personal evaluation. Performance cookies are only used to improve the performance of the website and to tailor the online experience to the users' needs.

Marketing cookies

Marketing cookies are used to offer content that is more relevant to the user and adapted to his interests. They are also used to measure and control the effectiveness of campaigns. For example, they register whether a user has visited a website or not, and which content has been used. This information is used to create a personal content profile so that only content that is interesting to you is displayed. If you withdraw your consent to marketing cookies, this does not mean that you will see and receive less content as a result. It rather means that the content you see and receive is not tailored to your individual needs.



Social media cookies are used to offer content that is more relevant to the user and adapted to his interests. They are also used to measure and control the effectiveness of campaigns. For example, they register whether a user has visited a website or not, as well as which content has been used. This information is used to create an interest profile so that only content that is interesting to you is displayed. If you opt-out of social media cookies, this does not mean that you will see or receive less content. KPMG Direct Services can use this data to display targeted advertisements outside its website without identifying you as a website visitor.


The legal basis for data processing by cookies is Art. 6 para. 1a, f DSGVO, i.e. the consent of the website visitor or a legitimate interest of KPMG. A legitimate interest in the use of cookies in accordance with Art. 6 para. 1f DSGVO for KPMG Direct Services lies in particular in the use of absolutely necessary cookies (see above).

Further detailed information on the cookies used by KPMG Direct Services can be called up in the cookie settings, where the selected cookie configuration can also be adjusted by the user at any time.

Note: If you agree to a category, the cookies are activated immediately or when the website is reloaded. If you revoke your previously granted consent to a category, the cookies will remain active until the end of their term. To ensure that these cookies are blocked immediately, you must delete them manually via your browser settings. 

KPMG uses the following cookies and analytics tools of third-party providers on these web pages:

(1) Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. ('Google'). Google Analytics uses cookies, i.e. text files that are saved in the browser and allow analysis of use of the website by the user. The information generated by the cookie on use of this website is usually transferred to a Google server in the US and stored there. In the event of activation of IP anonymisation on this website, the user's IP address is first truncated by Google within member states of the European Union or other Contracting Parties of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a server of Google in the US and truncated there. Google will use this information on behalf of the operator of this website to analyse use of these web pages, to compile reports on website activity and to provide further services related to website and internet use for the website operator. The IP address sent by the browser used within the scope of Google Analytics is not combined with other Google data. Each user can prevent the storage of cookies by means of browser settings; moreover, the collection and transmission of data generated by the cookie and relating to use of the website (including your IP address) to Google as well as processing of this data by Google can be prevented by downloading and installing the browser plug-in available at Furthermore, collection by Google Analytics can be prevented through confirmation of the following link. An opt-out cookie is then placed in the user's browser, which prevents future collection of data by Google Analytics when visiting this website: Deactivate Google Analytics Please note also that on this website Google Analytics was expanded by the code 'anonymizeIp' in order to ensure anonymised collection of IP addresses (so-called 'IP masking'). Please visit or for more information on terms of use and data protection.

(2) Conversion Tracking

On these web pages, further tools from third parties are used, which collect data for analysis, marketing and optimisation purposes in order to improve marketing measures and our web page. The data collected are used to link advertising contacts and clicks on advertisements with the subsequent use of these websites. In this way, it can be determined whether Internet users who have seen advertisements visit this website and which services they are interested in. The collected data can also be used to deliver advertisements based on your interests. For this purpose,

pseudonymous online identification numbers (Online ID) such as Cookie IDs, IP addresses, Device IDs, Advertising ID / IDFA (e.g. on Android or Apple smartphones) are used. The data collected will not be used to personally identify users of this website or app without your consent. If you do not wish for your data to be recorded as described, you can object as described below, also in relation to the respective provider.

We currently use tools from the following providers:

- “Adform” of Adform A/S Wildersgade 10B, sal. 1 DK-1408 Copenhagen, Denmark. Under the following link you will find an explanation of how you can deactivate data collection on your computer or mobile device by Adform:

- “The Trade Desk” of The UK Trade Desk Ltd. (Co. No. 8539108), 11th Floor Whitefriars Lewins Mead, Bristol, BS1 2NT. Under the following link you will find an explanation of how to disable data collection on your computer or mobile device:

- “Display & Video 360” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Under the following link you will find an explanation of how to disable data collection on your computer or mobile device:

- “Amazon Advertising Platform” of Amazon Online Germany GmbH, Marcel-Breuer-Straße 12, 80807 Munich, Germany. Under the following link you have the possibility to deactivate the data collection by Amazon on your computer or mobile device. To do this, activate the checkbox “Opt Out” in the displayed list under “Amazon Ad System”:

- “Google AdWords”. As Google AdWords customer, we also use Google Conversion Tracking, an analysis service of Google. Under the following link you have the possibility to deactivate the data collection by Google on your computer or mobile device:

(3) Use of Hubspot

KPMG uses Hubspot, a service provided by Hubspot Inc., on its web pages for analysis purposes. This involves the use of 'web beacons' as well as cookies, which are stored on your computer and which allow us to analyse your use of the website. Hubspot analyses the collected information (e.g. IP address, geographic location, type of browser, duration of visit and pages accessed) on behalf of KPMG in order to generate reports on visits and the visited KPMG pages.

If, as presented in item 3b, KPMG email news is subscribed and studies as well as other documents are received, with Hubspot, we can link a user's visits to KPMG websites also to personal information (mainly name/email address) based on consent, and thereby collect them for particular persons and inform users individually in a targeted manner on preferred topics. If collection via Hubspot is not desired in general, the storage of cookies can be prevented at any time through browser settings (see above under item 3c). Further information on how Hubspot works can be found in the privacy statement of Hubspot Inc., which can be retrieved at:

4. How long will data be stored?

Unless otherwise explicitly stated, KPMG stores personal data for as long as necessary for the above-mentioned purposes. This is subject to the statutory retention obligations. KPMG employees are instructed to regularly check the duration of storage of personal data and to delete these if necessary.

5. What data protection rights do data subjects have?

Data subjects are afforded rights of access pursuant to Article 15 EU GDPR regarding the processing of their personal data by KPMG (also regarding the purpose of processing, any possible recipients and the expected duration of the storage of data), rights to rectify incorrect data (Art. 16 EU GDPR), rights to erasure (Art. 17 EU GDPR), rights to restriction of processing and the data portability of the data provided (Art. 18, 20 EU GDPR) and the right to object against the use of their data for marketing purposes and based on a legitimate interest (Art. 21 EU GDPR). Any consent given to KPMG can be revoked at any time with future effect. In order to safeguard these rights any data subject can contact the KPMG data protection officer (see item 2). Furthermore, they also have the right to complain to a data protection supervisory authority. Data subjects can lodge their complaint with the competent data protection supervisory authority in their place of residence or with any other data protection supervisory authority.