Search
Contact

Privacy policy

Data protection information for websites of KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG LAW)

Our business is based on trust. For KPMG LAW as a law firm, the protection of personal data (data privacy) is a high priority. KPMG LAW complies with all applicable data protection laws and also strives to continuously improve data protection. KPMG LAW is the controller responsible for the processing of personal data on these websites within the meaning of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (“BDSG”).

With the following data protection information we inform about the processing of personal data on the websites of KPMG LAW as well as about the rights of data subjects.

General data protection information on the processing of personal data within the scope of our general business activities and for the purpose of providing legal advice to our clients is available here.

1. who is responsible for data processing on these web pages?

KPMG LAW Rechtsanwaltsgesellschaft mbH
Theodor-Heuss-Straße 5
70174 Stuttgart
Phone: +49 711 781923-400
Fax: +49 711 781923-455
Email: information@kpmg-law.com

2. how can the data protection officer be reached?

Either at the postal address mentioned under 1. or by e-mail (address: de-datenschutz@kpmg.com).

3. for what purpose do we process your data on these websites and on what legal basis? Who is the recipient of the data?

KPMG LAW collects and uses personal data to provide the websites and our content and services in accordance with the provisions of Art. 6 para. 1 a to f DS-GVO, i.e. insofar as the DS-GVO or another legal provision permits this or the user has consented to the processing.

In order to fulfill the purposes listed in this section, personal data may be disclosed to the following recipients:

  • member firms of the global KPMG network (“KPMG International”).
  • subsidiaries or associated companies of KPMG, e.g. KPMG IT Service GmbH, which operates and controls the KPMG IT infrastructure.
  • As far as necessary, authorities, courts or other public bodies at home and abroad.
  • Other IT service providers and other processors strictly for a specific purpose, such as hosting, cloud services, public relations (e.g. sending newsletters, client information, studies).

Legally standardized data protection contracts are agreed with all service providers that we use on our websites as processors in accordance with Art. 28 EU GDPR, and the service providers are subjected to an appropriate IT security assessment in advance.

Personal data will only be transferred to countries outside the European Economic Area (EEA) if an adequate level of data protection is ensured in accordance with Article 44 et seq. of the GDPR.

Each member firm of KPMG International is committed to complying with minimum data protection standards. The main obligations in this regard are contained in the KPMG Data Protection Policy and in the contractual clauses on data protection (Inter-Firm Data Transfer Agreement – IFDTA) of KPMG International. In particular, the IFDTA also contains all modules of the current EU Standard Contractual Clauses (EU Model Clauses), which were adopted by the EU Commission on June 4, 2021 pursuant to Art. 46 para. 2 lit. published in accordance with the GDPR. Accordingly, the IFDTA obliges KPMG member firms worldwide to comply with these regulations for non-EU/EEA data transfers.

Even in the case of service providers outside KPMG (including the use of cloud services) located outside the EU/EEA, the adequate level of data protection required under EU data protection law is ensured by compliance with the requirements of Art. 45 et seq. of the EU GDPR—typically through the adoption of the EU Standard Contractual Clauses within the meaning of Article 46(1). 2 lit. c) EU GDPR – ensured.

Specifically, KPMG LAW processes personal data when you visit this website as follows:

a) Log files

Every time you visit our website, data is collected on the basis of our legitimate interest pursuant to Art. 6 para. 1f. In accordance with the EU GDPR, we automatically store so-called log files that contain information about the computer used to access our websites, such as the browser type, operating system, Internet service provider, IP address, and the date and time of access.

Storage of this data is necessary in order to provide users with our websites for the duration of the session. We also use this data to optimize our websites and to ensure the security of our IT systems. The data from the log files are deleted as soon as they are no longer required for the named purposes.

b) Newsletter, mailings, downloads

On the websites of KPMG LAW, we provide personal data on the basis of the user’s consent pursuant to Art. 6 para. 1a EU DS-GVO, if applicable in conjunction with § 7 para. 2 No. 3 UWG provides a wide range of newsletters, mailings and downloads. Also on the basis of a legal permission according to § 7 para. 3 UWG, we may send certain information to affected parties by e-mail.

To subscribe to topic-specific newsletters and mailings, or to download certain documents (e.g., studies) from KPMG LAW, you must provide your name and email address. After signing up for newsletters, mailings, or downloads on the KPMG LAW websites, each user will receive a confirmation email at the provided email address (known as the double opt-in process). Only after clicking on the link contained in this e-mail is the registration completed.

Consent given to receive newsletters, mailings, or downloads can be revoked at any time by clicking the link at the bottom of each email or by sending a message to de-datenerfassung@kpmg-law.com.

Sign-ups for newsletters, mailings, or downloads are logged based on our legitimate interest in being able to verify a user’s registration and consent at any time (Art. 6(1)(f) of the EU GDPR).

c) Contact form

If you would like more information, we have provided contact forms in various sections of our website that you can use to contact us directly. We process the personal data entered here (e.g. name, e-mail address) within the framework of the legal provisions for processing the request in accordance with Art. 6 para. 1b or Art. 6 para. 1f EU GDPR.

d) Customer Relationship Management (CRM) and Relationship Intelligence

(1) KPMG LAW uses a CRM system to manage client and business relationships within the global KPMG network. The CRM stores, among other things, contact information (name, email address, phone number, address), type of contact (e.g., client contact, participation in KPMG LAW events), communication and interaction histories related to our service provision (e.g., meetings), company affiliation, and position, and are accessible to authorized users within the KPMG network. The processing of the stored data categories by KPMG in the CRM may be based on consent (Art. 6(1)(a) GDPR—e.g., newsletter marketing), for the performance of a contract (Art. 6(1)(b) GDPR), and/or on the basis of a legitimate interest in efficient client communication and international cooperation (Art. 6(1)(f) GDPR) in the course of our business activities.

(2) KPMG LAW also uses relationship intelligence tools to better visualize client relationships within the global KPMG network, automatically collecting and analyzing data from various internal and external sources to identify business-related interactions among authorized users within the global KPMGnetwork. In doing so, communications between KPMG employees and external contacts over a period of up to 180 days in the past are visualized based on metadata and contact information from emails and calendar activities. Only the names, time, and type of communication are displayed (in some cases also in conjunction with publicly available data on the communication participants from professional networks).

This is done in accordance with Article 6(1)(f) of the GDPR on the basis of KPMG LAW’s legitimate interests in enabling KPMG to provide efficient and targeted client services both in Germany and within the international KPMG network.

e) KPMG “Whistleblowing Hotline”

In compliance with legal requirements (e.g., the Whistleblower Protection Act (HGSchGE) and the Supply Chain Due Diligence Act (LkSG)), KPMG LAW maintains reporting channels for whistleblowers. The so-called “Whistleblowing Hotline” is structured as an internal reporting office within the meaning of Section 14 of the HGSchGE and simultaneously serves as a complaints office within the meaning of Section 8 of the LkSG. The whistleblowing hotline can be called by all employees within the meaning of § 3 para. 8 HGSchGE, but also by clients, subcontractors, suppliers, and other third parties, and may also be used as a complaint office within the meaning of § 8 LkSG. Any personal data collected in this context will be processed in accordance with Art. 6(1) 1 lit. processed in accordance with Article 6 of the GDPR.

f) Cookies

KPMG LAW uses cookies. A cookie is a text file sent by the web server to the browser that processes information about the website visitor (e.g., IP address), their settings, and the devices they use.

This involves the use of cookies that are essential for the operation of the website (strictly necessary cookies), but also other cookies that are used, for example, to play videos (functional cookies), to analyze user behavior in order to optimize our services (performance cookies), or for marketing purposes (marketing cookies).

The legal basis for data processing through cookies can be either a legitimate interest of KPMG LAW or consent of the user.

A legitimate interest for KPMG LAW to use cookies pursuant to Art. 6 para. Article 1f of the GDPR and Section 25(2) of the TDDDG apply in particular to the use of strictly necessary cookies. No consent is required for this.

Consent is required for the use of all other types of cookies (e.g., marketing and social media cookies) (Art. 6(1)(a), f GDPR & § 25(1) TDDDG), which can be given via the cookie banner displayed on our websites.

Further detailed information on the cookies used by KPMG LAW can be found in the KPMG LAW cookie settings, where the selected cookie configuration can also be adjusted by the user at any time.

Note: If you agree to a category, the cookies will be activated immediately or when you reload the website. If you revoke your already granted consent to a category, the cookies set will still remain active until the end of their term. To ensure that these cookies are blocked immediately, you must delete them manually via your browser settings after revoking them.

g) Tracking and analytics tools

KPMG LAW uses third-party tracking and analysis tools on these websites. These use so-called performance cookies, the use of which can be adjusted via the settings options of the respective third-party providers explained below or also in the KPMG LAW cookie settings. The settings can be customized on each page related to the domain.

KPMG LAW uses the following tracking and analytics tools on these websites:

(1) Google Analytics

KPMG uses Google Analytics, a web analytics service provided by Google, Inc. on websites. (“Google”).

Google Analytics uses “cookies”, which are text files placed on your browser, to help the website analyze how users use the site. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. However, by enabling IP anonymization on this website, Google will truncate the user’s IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. IP anonymization is automatically enabled by default in Google Analytics. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of these web pages, to compile reports on website activity, and to provide the website operator with other services related to website and internet usage.

The IP address transmitted by the browser used as part of Google Analytics is not merged with other Google data.

We further point out that on this website Google Analytics has been extended by the code “anonymizeIp” to ensure anonymized collection of IP addresses (so-called IP masking).

As part of Google Analytics, we also use the Google Signals extension, which enables tracking across multiple devices. For this purpose, Google uses the data of users who are logged into a Google service at the same time as visiting a website and who have activated the “personalized advertising” option in their Google account settings(https://adssettings.google.com/authenticated). Google Signals is also only used with IP anonymization enabled.

More information on terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/, respectively.

(2) Google Remarketing

This website uses Google Remarketing technology from Google Inc. (“Google”).

For this purpose, cookies are placed on your computer, which third-party providers, including Google, use to record which of our websites have been visited with your browser. With the help of this information, our advertisements can then be presented to you at a later time on other websites, e.g. within the scope of Google search or on websites of the Google network. For more information about Google’s privacy practices and how remarketing works, please see Google’s Privacy Policy. Here, too, you can deactivate the storage of cookies through the settings of your browser and/or object to the collection in the context of Google Remarketing through the Google ad settings.

(3) Evaluation of calls to the job advertisements

Our website uses features provided by Kanzlei-Job.de, Königsteiner Straße 6a, 65812 Bad Soden.
When you view our job postings, a connection is established between your browser and the servers of Kanzlei-Job.de. In the process, data is transferred to Kanzlei-Job.de. The content is integrated via an iFrame.

Kanzlei-Job.de logs various user data for analysis purposes and for the provision of functions. Cookies are used for this purpose. These are small text files to store specific user data. This data enables Kanzlei-Job.de to analyze how its website is used. The data is stored on Kanzlei-Job.de servers in Germany and is not passed on to third parties. Furthermore, all data and especially the IP address are stored only in abbreviated and anonymized form. Only the first two IP blocks are stored (e.g. 192.168.x.x). The remaining two will be cut. This means that no conclusion can be drawn about your identity. Learn more at https://www.kanzlei-job.de/datenschutz.

(4) Use of JavaScript and counting pixels (web beacons)

KPMG LAW uses a JavaScript and tracking pixel to evaluate website visits. JavaScript is embedded in all KPMG LAW websites. The JavaScript collects various pieces of information about the visitor’s computer (e.g., IP address, time the page was accessed, browser type, and the presence of cookies previously set by the same server). These data are transmitted to KPMG LAW via tracking pixels.

You have the option to disable JavaScript calls in your browser. In addition, you can disable tracking pixels by rejecting or disabling the cookies associated with them.

(5) Use of Hubspot

KPMG LAW uses HubSpot, a service of HubSpot Inc. for analysis purposes on its websites.

In doing so, so-called “web beacons” are used and also “cookies” are set, which are stored on your computer and which enable an analysis of your use of the website by us. HubSpot analyzes the collected information (e.g., IP address, geographic location, browser type, duration of the visit, and pages viewed) on behalf of KPMG LAW to generate reports on visits to KPMG LAW and the pages viewed.

If, as in para. As shown in 3b, when users subscribe to the KPMG LAW email newsletter or download studies and other documents, we can use HubSpot to link a user’s visits to KPMG LAW websites with their personal information (primarily name/email address) based on the consent provided, thereby recording this information as personal data and informing users individually and in a targeted manner about their preferred topics.

If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by making the appropriate browser settings (see section 3b above).

For more information on how HubSpot works, please refer to HubSpot Inc.’s Privacy Policy. available at: http://legal.hubspot.com/de/privacy-policy.

(6) Locating service

Our website can determine the geographic location of your device. We collect this information solely to provide you with information that may be of interest to you based on your geographic location.

The use of applications for smartphones and tablet computers (so-called apps) provided by KPMG LAW is evaluated using transmitted device identifiers (device ID). The evaluation is anonymous; KPMG LAW cannot draw any conclusions about the device user.

(7) How long is data stored?

Unless expressly stated otherwise, KPMG LAW will retain personal data for as long as it is necessary to carry out the purposes set out above. This is subject to statutory retention obligations. KPMG LAW employees are required to regularly review the length of time personal data is stored and to delete it when necessary.

(8) What data protection rights do data subjects have?

Data subjects have the right to access information pursuant to Article 15 of the EU GDPR regarding the processing of their personal data by KPMG LAW (including, among other things, the purpose of the processing, any recipients, and the expected duration of storage), the right to rectification of inaccurate data (Art. 16 EU GDPR), erasure (Art. 17 EU GDPR), restriction of processing, and data portability of the data provided (Art. 18, 20 EU GDPR), as well as the right to object to the use of your data for marketing purposes and to processing based on KPMG LAW’s legitimate interests (Art. 21 EU GDPR).

Consent that has been granted may generally be revoked at any time with respect to KPMG LAW, effective for the future. In order to safeguard these rights, any data subject may contact KPMG LAW’s data protection officer (see section 2). In addition, there is also a right of appeal to a data protection supervisory authority. Data subjects may address their complaint to the authority of their place of residence, but in principle also to any other data protection supervisory authority.

 
Fields of work
Locations
Position
Language

KPMG Law

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll