Search
Contact

Privacy policy

Data protection information for websites of KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG LAW)

Our business is based on trust. For KPMG LAW as a law firm, the protection of personal data (data privacy) is a high priority. KPMG LAW complies with all applicable data protection laws and also strives to continuously improve data protection. KPMG LAW is the controller responsible for the processing of personal data on these websites within the meaning of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (“BDSG”).

With the following data protection information we inform about the processing of personal data on the websites of KPMG LAW as well as about the rights of data subjects.

General data protection information on the processing of personal data within the scope of our general business activities and for the purpose of providing legal advice to our clients is available here.

1. who is responsible for data processing on these web pages?

KPMG LAW Rechtsanwaltsgesellschaft mbH
Theodor-Heuss-Straße 5
70174 Stuttgart
Phone: +49 711 781923-400
Fax: +49 711 781923-455
Email: information@kpmg-law.com

2. how can the data protection officer be reached?

Either at the postal address mentioned under 1. or by e-mail (address: de-datenschutz@kpmg.com).

3. for what purpose do we process your data on these websites and on what legal basis? Who is the recipient of the data?

KPMG LAW collects and uses personal data to provide the websites and our content and services in accordance with the provisions of Art. 6 para. 1 a to f DS-GVO, i.e. insofar as the DS-GVO or another legal provision permits this or the user has consented to the processing.

In order to fulfill the purposes listed in this section, personal data may be disclosed to the following recipients:

  • member firms of the global KPMG network (“KPMG International”).
  • subsidiaries or associated companies of KPMG, e.g. KPMG IT Service GmbH, which operates and controls the KPMG IT infrastructure.
  • As far as necessary, authorities, courts or other public bodies at home and abroad.
  • To other IT service providers and other data processors on a strictly purpose-limited basis, such as for hosting, cloud services, and public relations (e.g., sending newsletters, client information, and studies).

Legally standardized data protection contracts are agreed with all service providers that we use on our websites as processors in accordance with Art. 28 EU GDPR, and the service providers are subjected to an appropriate IT security assessment in advance.

Personal data will only be transferred to countries outside the European Economic Area (EEA) if an adequate level of data protection is ensured within the meaning of Art. 44 et seq. of the GDPR.

Each member firm of KPMG International has committed to complying with minimum data protection standards. The key obligations in this regard are set forth in the KPMG Privacy Policy and in KPMG International’s data protection contractual clauses (Inter-Firm Data Transfer Agreement—IFDTA). In particular, the IFDTA also includes all modules of the current EU Standard Contractual Clauses (EU Model Clauses) published by the European Commission on June 4, 2021, pursuant to Article 46(2)(c) of the GDPR. Accordingly, the IFDTA requires KPMG member firms worldwide to comply with these provisions when transferring data outside the EU/EEA.

Even in the case of service providers outside KPMG (including the use of cloud services) located outside the EU/EEA, the adequate level of data protection required under EU data protection law is ensured by compliance with the requirements of Art. 45 et seq. of the EU GDPR—typically through the adoption of the EU Standard Contractual Clauses within the meaning of Article 46(1). 2 lit. c) EU GDPR – ensured.

Specifically, KPMG LAW processes personal data when you visit this website as follows:

a) Log files

Every time you visit our website, data is collected on the basis of our legitimate interest pursuant to Art. 6 para. 1f EU DS-GVO automatically stores so-called log files, which contain information about the computer accessing our websites, e.g. information about the browser type, the operating system used, the Internet service provider, the IP address, date and time of access.

Storage of this data is necessary in order to provide users with our websites for the duration of the session. We also use this data to optimize our websites and to ensure the security of our IT systems. The data from the log files are deleted as soon as they are no longer required for the named purposes.

b) Newsletter, mailings, downloads

On the websites of KPMG LAW, we provide personal data on the basis of the user’s consent pursuant to Art. 6 para. 1a EU DS-GVO, if applicable in conjunction with § 7 para. 2 No. 3 UWG provides a wide range of newsletters, mailings and downloads. Also on the basis of a legal permission according to § 7 para. 3 UWG, we may send certain information to affected parties by e-mail.

To subscribe to topic-specific newsletters and mailings, or to download certain documents (e.g., studies) from KPMG LAW, you must provide your name and email address. After signing up for newsletters, mailings, or downloads on the KPMG LAW websites, each user will receive a confirmation email at the provided email address (known as the double opt-in process). Only after clicking on the link contained in this e-mail is the registration completed.

Consent given to receive newsletters, mailings, or downloads can be revoked at any time by clicking the link at the bottom of each email or by sending a message to de-datenerfassung@kpmg-law.com.

Sign-ups for newsletters, mailings, or downloads are logged based on our legitimate interest in being able to verify a user’s registration and consent at any time (Art. 6(1)(f) of the EU GDPR).

c) Contact form

If you would like more information, we have provided contact forms in various sections of our website that you can use to contact us directly. We process the personal data entered here (e.g. name, e-mail address) within the framework of the legal provisions for processing the request in accordance with Art. 6 para. 1b or Art. 6 para. 1f EU GDPR.

d) Customer Relationship Management (CRM) and Relationship Intelligence

KPMG LAW uses various technologies to manage and improve our client relationships:

(1) KPMG LAW uses a CRM system to manage client and business relationships within the global KPMG network. The CRM stores, among other things, contact information (name, email address, phone number, address), type of contact (e.g., client contact, participation in KPMG LAW events), communication and interaction histories related to our service provision (e.g., meetings), company affiliation, and position; this information is accessible to authorized users within the KPMG network. KPMG’s processing of the stored data categories in the CRM may be based on consent (Art. 6(1)(a) GDPR—e.g., newsletter marketing), for the performance of a contract (Art. 6(1)(b) GDPR), and/or on the basis of a legitimate interest in efficient client communication and international cooperation (Art. 6(1)(f) GDPR) in the course of our business activities.

(2) KPMG LAW also uses Relationship Intelligencetools to improve the visualization of client relationships within the global KPMG network, automatically collecting and analyzing data from various internal and external sources to present business-related interactions within the global KPMG network to authorized users at KPMG LAW. Based on metadata and contact information from emails and calendar activities, communications between KPMG employees and external contacts over a period of up to 180 days in the past are visualized. Only the names, time, and type of communication are displayed (in some cases, also in conjunction with publicly available data on the communication participants from professional networks).

This is done in accordance with Article 6(1)(f) of the GDPR, based on KPMG LAW’s legitimate interests in enabling KPMG to provide efficient and targeted client service both in Germany and within the international KPMG network.

e) KPMG “Whistleblowing Hotline”

In compliance with legal requirements (e.g., the Whistleblower Protection Act (HGSchGE) and the Supply Chain Due Diligence Act (LkSG)), KPMG-LAW maintains reporting channels for whistleblowers. The so-called “Whistleblowing Hotline” is structured as an internal reporting office within the meaning of Section 14 of the HGSchGE and also serves as a complaints office within the meaning of Section 8 of the LkSG. The Whistleblowing Hotline may be used by all employees as defined in Section 3(8) of the HGSchGE, as well as by clients, subcontractors, suppliers, and other third parties, including as a complaints office within the meaning of Section 8 of the LkSG. Any personal data collected in this process is processed accordingly on the basis of Art. 6( Processed in accordance with Article 1(c) of the GDPR.

f) Cookies

KPMG LAW uses cookies. A cookie is a text file sent by the web server to the browser that processes information about the website visitor (e.g., IP address), their settings, and the devices they use.

This involves the use of cookies that are essential for the operation of the website (strictly necessary cookies), as well as other cookies that are used, for example, to play videos (functional cookies), to analyze user behavior in order to optimize our offerings (performance cookies), or for marketing purposes (marketing cookies).

The legal basis for data processing through cookies can be either a legitimate interest of KPMG LAW or consent of the user.

KPMG LAW has a legitimate interest in the use of cookies pursuant to Article 6(1)(f) of the GDPR and Section 25(2) of the TDDDG, particularly with regard to the use of strictly necessary cookies. No consent is required for this.

Consent is required for the use of all other types of cookies (e.g., marketing and social media cookies) (Art. 6(1)(a), f of the GDPR & § 25(1) of the TDDDG), which can be given via the cookie banner displayed on our websites.

Further detailed information on the cookies used by KPMG LAW can be found in the KPMG LAW cookie settings, where the selected cookie configuration can also be adjusted by the user at any time.

Note: If you agree to a category, the cookies will be activated immediately or when you reload the website. If you revoke your already granted consent to a category, the cookies set will still remain active until the end of their term. To ensure that these cookies are blocked immediately, you must delete them manually via your browser settings after revoking them.

g) Tracking and analytics tools

KPMG LAW uses third-party tracking and analysis tools on these websites. These use so-called performance cookies, the use of which can be adjusted via the settings options of the respective third-party providers explained below or also in the KPMG LAW cookie settings. The settings can be customized on each page related to the domain.

Data processing is based on your consent (Art. 6(1)(a) of the GDPR) via the cookie consent management system and may be revoked at any time through this system.

In connection with the tracking and marketing technologies described below, the transfer of personal data to third countries—in particular to the United States—cannot always be ruled out. Such transfers are made on the basis of appropriate safeguards in accordance with Art. 44 et seq. of the GDPR, in particular through the conclusion of standard contractual clauses (Art. 46(2)(c) of the GDPR).

KPMG LAW uses the following tracking and analytics tools on these websites:

(1) Google Analytics 4

KPMG uses Google Analytics, a web analytics service provided by Google, Inc. on websites. (“Google”).

Google Analytics uses so-called “cookies,” which are text files stored in the browser that enable an analysis of the user’s use of the website. The information generated by the cookie regarding the use of this website is generally transmitted to a Google server in the United States and stored there. However, by enabling IP anonymization on this website, Google will first truncate the user’s IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. IP anonymization is automatically enabled in Google Analytics. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of these web pages, to compile reports on website activity, and to provide the website operator with other services related to website and internet usage.

The IP address transmitted by the browser used as part of Google Analytics is not merged with other Google data.

As part of Google Analytics, we also use the Google Signals extension, which enables tracking across multiple devices. For this purpose, Google uses the data of users who are logged into a Google service at the same time as visiting a website and who have activated the “personalized advertising” option in their Google account settings(https://adssettings.google.com/authenticated). Google Signals is also only used with IP anonymization enabled.

More information on terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/, respectively.

(2) Google Floodlight

KPMG uses tracking pixels from Google Floodlight, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to analyze website visits.

For this purpose, cookies are placed on your computer, which third-party providers, including Google, use to record which of our websites have been visited with your browser. With the help of this information, our advertisements can then be presented to you at a later time on other websites, e.g. within the scope of Google search or on websites of the Google network.

For more information about Google Floodlight and Google’s Privacy Policy, visit http://www.google.com/privacy/ads/.

(3) Evaluation of calls to the job advertisements

Our website uses features provided by Kanzlei-Job.de, Königsteiner Straße 6a, 65812 Bad Soden.
When you view our job postings, a connection is established between your browser and the servers of Kanzlei-Job.de. In the process, data is transferred to Kanzlei-Job.de. The content is integrated via an iFrame.

Kanzlei-Job.de logs various user data for analysis purposes and for the provision of functions. Cookies are used for this purpose. These are small text files to store specific user data. This data enables Kanzlei-Job.de to analyze how its website is used. The data is stored on Kanzlei-Job.de servers in Germany and is not passed on to third parties. Furthermore, all data and especially the IP address are stored only in abbreviated and anonymized form. Only the first two IP blocks are stored (e.g. 192.168.x.x). The remaining two will be cut. This means that no conclusion can be drawn about your identity. Learn more at https://www.kanzlei-job.de/datenschutz.

(4) Use of JavaScript and counting pixels (web beacons)

KPMG LAW uses JavaScript and tracking pixels to analyze website visits. The JavaScript is embedded in all KPMG LAW web pages. The JavaScript collects various pieces of information about the visitor’s computer (e.g., IP address, the time the page was accessed, the browser type, and the presence of cookies previously set by the same server). This data is transmitted to KPMG LAW via tracking pixels.

You have the option to disable JavaScript calls in your browser. In addition, you can disable tracking pixels by rejecting or disabling the cookies associated with them.

(5) Use of Hubspot

KPMG LAW uses HubSpot, a service of HubSpot Inc. for analysis purposes on its websites.

In doing so, so-called “web beacons” are used and also “cookies” are set, which are stored on your computer and which enable an analysis of your use of the website by us. HubSpot analyzes the collected information (e.g., IP address, geographic location, browser type, duration of the visit, and pages viewed) on behalf of KPMG LAW to generate reports on visits to KPMG LAW and the pages viewed.

If, as described in Section 3b, a user subscribes to KPMG LAW email newsletters and downloads studies or other documents, we can use HubSpot to link a user’s visits to KPMG LAW websites with their personal information (primarily name/email address) based on the consent you have provided, thereby recording this information as personal data and providing users with individualized, targeted information on their preferred topics.

If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by making the appropriate browser settings (see section 3b above).

For more information on how HubSpot works, please refer to HubSpot Inc.’s Privacy Policy. available at: http://legal.hubspot.com/de/privacy-policy.

(6) Locating service

Our website can determine the geographic location of your device. We collect this information solely to provide you with information that may be of interest to you based on your geographic location.

The use of applications for smartphones and tablet computers (so-called apps) provided by KPMG LAW is evaluated using transmitted device identifiers (device ID). The evaluation is anonymous; KPMG LAW cannot draw any conclusions about the device user.

(7) How long is data stored?

Unless expressly stated otherwise, KPMG LAW will retain personal data for as long as it is necessary to carry out the purposes set out above. This is subject to statutory retention obligations. KPMG LAW employees are required to regularly review the length of time personal data is stored and to delete it when necessary.

(8) What data protection rights do data subjects have?

Data subjects have the right to access information pursuant to Article 15 of the EU GDPR regarding the processing of their personal data by KPMG LAW (including, among other things, the purpose of the processing, any recipients, and the expected duration of storage), the right to rectification of inaccurate data (Art. 16 EU GDPR), erasure (Art. 17 EU GDPR), restriction of processing, and data portability of the data provided (Art. 18, 20 EU GDPR), as well as the right to object to the use of your data for marketing purposes and to processing based on KPMG LAW’s legitimate interests (Art. 21 EU GDPR).

Consent that has been granted may generally be revoked at any time with respect to KPMG LAW, effective for the future. In order to safeguard these rights, any data subject may contact KPMG LAW’s data protection officer (see section 2). In addition, there is also a right of appeal to a data protection supervisory authority. Data subjects may address their complaint to the authority of their place of residence, but in principle also to any other data protection supervisory authority.

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll