Our business is based on trust. For KPMG as an auditing company, the protection of personal data (data protection) is a high priority. KPMG complies with all applicable data protection laws and also strives to continuously improve data protection. KPMG is responsible for the processing of personal data on this website in accordance with the European Data Protection Basic Regulation (DS-GVO) and the Federal Data Protection Act (BDSG). 
With Atlas, KPMG provides a web platform and web-based services that provide our users and clients with fast, easily accessible solutions to key transformation issues. This includes above all our web-based assessments. Atlas helps to quickly find suitable services for tasks, to explain their functionality and to enable a fast application. 

With the following data protection information we inform you about the processing of personal data on the Atlas websites of KPMG as well as about the rights of data subjects. 

This privacy policy applies exclusively to the collection, processing and use of personal data within the framework of the Atlas Portal.
General data protection information on the processing of personal data within the framework of our general business activities and services (e.g. assessments/events) that can be commissioned via Atlas can be accessed here


1. Who is responsible for data processing on these websites? 
KPMG auditing company AG
Heidestr. 58
10557 Berlin 
Phone: +49 30 2068 - 0
Fax : +49 30 2068-2000
Email : 

2 How can the Data Protection Officer be reached? 
Either at the postal address mentioned under 1. or by e-mail address: 

3. For what purpose do we process your data on these web pages and on what legal basis? 
KPMG collects and uses personal data for making the website and our information and services available in accordance with Article 6 (1)(a) to (f) of the European General Data Protection Regulation (GDPR), i.e., to the extent permissible under the GDPR or another regulation or if the user (data subject) has given consent to the processing.

In order to fulfil the purposes listed under the abovementioned regulations, these following personal data may be disclosed:

  • Member firms of the global KPMG network (KPMG International)
  • KPMG subsidiaries or associates, e.g. KPMG IT Service GmbH, which operates and manages KPMG's IT infrastructure
  • Where required, authorities, courts or other public agencies in Germany and abroad
  • Further IT service providers and other processors strictly only when required, e.g. hosting, cloud services, public relations (e.g. sending of newsletters, client information, studies)

Legally standardized data protection contracts are agreed with all service providers which we use as processors pursuant to Article 28 EU GDPR and the service providers first undergo an IT security assessment.

Personal data may be transferred to countries outside the European Economic Area (EEA) only if an adequate level of data protection within the meaning of Article 44 et seq. of the EU General Data Protection Regulation (GDPR) is ensured.

Each member firm of KPMG International has undertaken to adhere to the minimum standards of data protection. Their main obligations in this regard are contained in the KPMG Data Protection Guidelines and in the contractual clauses on data protection (Inter Firm Data Transfer Agreement – IFDTA) of KPMG International. The IFDTA also includes in particular all modules from the current EU standard contractual clauses (EU model clauses), which were published by the European Commission on June 4, 2021, pursuant to Article 46(2)(c) GDPR. The IFDTA obligates KPMG member firms around the world to observe these rules in the case of non-EU/EEA data transfers.

The adequate level of data protection required pursuant to EU data protection law is also ensured in the case of KPMG's external service providers (including the use of cloud services) outside the EU/EEA, by complying with the requirements set forth under Article 45 et seq. GDPR, usually by agreeing standard contractual clauses (within the meaning of Article 46(2)(c) GDPR.

Specifically, KPMG processes personal data when you visit this website as follows:: 

a. log files 
Each time you visit our web pages, log files are automatically saved on the basis of our legitimate interest in accordance with Article 6()(f) GDPR. These log files contain information about the computer accessing our web pages and check the access permissions, e.g., information about the browser type, the operating system used, the Internet service provider, the IP address, date and time of access and the type of service used. 

b. Register with Atlas 
The publicly accessible websites of Atlas can initially be used without providing personal data. If you wish to have access to restricted content (e.g. certain studies) on Atlas or if you wish to commission services as a client, you must register in order to provide personal data. With the first registration a password protected personal account and access to the internal area of Atlas will be set up (Level 1 registration). This requires, among other things, the indication of surname, first name and (business) e-mail address. In order to commission services via Atlas, further information is required for internal review as a client of KPMG (Level 2 registration). This information is used to identify and verify the client and relates to company-specific information (e.g. company name, company form, company address and other information such as capital market orientation, financial supervision), which generally has no personal reference. When registering, logging in and using the user account, the IP address of the user and the time of the respective use are also recorded. KPMG has a legitimate interest pursuant to Art. 6 para. 1 lit. f EU DS-GVO for security reasons (e.g. protection against misuse, unauthorised use). 

c. Newsletter, Mailings, Downloads 
On the KPMG websites, we provide a wide range of newsletters, mailings and downloads on the basis of the user's consent in accordance with Art. 6 Para. 1a EU DS-GVO, possibly in conjunction with § 7 Para. 2 No. 3 UWG. Also on the basis of a legal permission according to § 7 Abs. 3 we can send certain information by e-mail to those affected. 
To register for topical newsletters and mailings as well as to download certain documents (e.g., studies) of KPMG, you must provide your name and e-mail address. When a user registers or downloads documents, they also give KPMG their consent to log their personal data for future visits to our web pages in order to be able to send them topical information (e.g., current studies, surveys) tailored to the respective interests in a targeted and personal manner. We use a cookie from our service provider Hubspot to log the individual KPMG web pages and topics that a registered user views when visiting them (see also section 3e (3) below). 
After registering for newsletters, mailings or to download documents on the KPMG web pages, each user receives a confirmation e-mail sent to the e-mail address provided (double opt-in process). The link contained in this e-mail must be clicked on to complete the registration process.
Once consent is given to receive newsletters, mailings or download documents, it may be withdrawn at any time via a link at the end of any e-mail or by sending a message to KPMG's mailbox at 
Registrations for newsletters, mailings or to download documents are logged on the basis of our legitimate interest in being able to document the registration and consent of a user at any time (Article 6(1)(f) GDPR). If you have not used our services in any way, shape or form over the course of a year, you will be deemed not interested and will be automatically deleted from Hubspot. 

d. contact form 
To request further information, we provide you with contact forms at various points on our website, which you can use to contact us directly. We process the personal data entered here (e.g. name, e-mail address) within the framework of the statutory provisions for processing the enquiry pursuant to Art. 6 Para. 1b or Art. 6 Para. 1f EU DS-GVO. 

e. Cookies & Analytics 

KPMG uses so-called cookies for the purposes listed below. A cookie is a text file that is sent from the web server to the browser and processes information about the website visitor (e.g. IP address), his settings and the devices used.

In the table below we have listed the different types of cookies we use on our site:

Strictly necessary cookies

These cookies are essential to ensure that the user can navigate and use certain functions of the website. Without them, essential parts of the website cannot be used. Accordingly, these cookies are always activated. They are only used when you visit our website and are usually deleted when you close your browser. They are also used to call up the optimized website display when accessed with a mobile device, so that, for example, your data volume is not unnecessarily consumed. The cookies also facilitate the page change from http to https, so that the security of the transferred data remains guaranteed.

Functional cookies

Functional cookies enable the website to store information such as the user name or language selection and to offer the user improved and personalized functions based on this information. The information collected is only evaluated in aggregated form.
Since we want to offer you a website that is designed for optimal user-friendliness, we recommend that you activate these cookies. Functional cookies are also used, for example, to activate the functions you desire, such as the playback of videos.

Performance cookies

These cookies collect data about user behavior. On this basis, the website is adjusted to the general user behaviour in terms of content and functionality. The information collected is generally processed in aggregated form, unless a user has expressly consented to a personal evaluation. Performance cookies are only used to improve the performance of the website and to tailor the online experience to the users' needs. 

Marketing cookies

Marketing cookies are used to offer content that is more relevant to the user and adapted to his interests. They are also used to measure and control the effectiveness of campaigns. For example, they register whether a user has visited a website or not, and which content has been used. This information is used to create a personal content profile so that only content that is interesting to you is displayed. If you withdraw your consent to marketing cookies, this does not mean that you will see and receive less content as a result. It rather means that the content you see and receive is not tailored to your individual needs.
Social media cookies
Social media cookies are used to offer content that is more relevant to the user and adapted to his interests. They are also used to measure and control the effectiveness of campaigns. For example, they register whether a user has visited a website or not, as well as which content has been used. This information is used to create an interest profile so that only content that is interesting to you is displayed. 
If you opt-out of social media cookies, this does not mean that you will see or receive less content. KPMG can use this data to display targeted advertisements outside its website without identifying you as a website visitor.

The legal basis for data processing by cookies is Art. 6 para. 1a, f DSGVO, i.e. the consent of the website visitor or a legitimate interest of KPMG. A legitimate interest in the use of cookies in accordance with Art. 6 para. 1f DSGVO for KPMG lies in particular in the use of absolutely necessary cookies (see above).

Further detailed information on the cookies used by KPMG can be called up in the cookie settings, where the selected cookie configuration can also be adjusted by the user at any time.

Note: If you agree to a category, the cookies are activated immediately or when the website is reloaded. If you revoke your previously granted consent to a category, the cookies will remain active until the end of their term. To ensure that these cookies are blocked immediately, you must delete them manually via your browser settings.  

KPMG uses the following third-party cookies and analytics tools on these websites in detail:

(1) Google Analytics 4
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored by the browser and enable the behavior of users on the website to be analyzed. As a rule, the information about the use of the website generated by the cookies is transferred to and stored on Google's servers in the USA. However, by activating the IP anonymization feature on this website, the IP address of users within the member states of the European Union or another signatory to the Agreement on the European Economic Area will first be truncated by Google. The IP anonymization feature in Google Analytics is enabled by default. Only in exceptional cases will the full IP address be transmitted to one of Google's servers in the USA before being truncated. Google will use this information on behalf of the operator of this website for the purpose of evaluating the use of these web pages in order to compile reports on website activity and to provide the website operator with other services relating to the use of the website and the Internet. The IP address transmitted by the browser in connection with Google Analytics is not merged with any other Google data. Please note that the "anonymizeIp" code has been added to Google Analytics on this website to ensure that IP addresses are collected anonymously (IP masking). For more information about the terms of use and data privacy, visit or

(2) Google AdWords Conversion Tracking
As a Google AdWords customer, we also use Google Conversion Tracking, an analysis tool provided by Google. When you click on a Google ad, Google stores what is known as a conversion cookie on your computer. These cookies expire after a maximum of 90 days and are not used for personal identification. If, after this cookie is stored on your device, you visit certain pages of ours that have a conversion tracking tag and the cookie has not yet expired, we and Google can recognize that someone who clicked on a particular ad was redirected to our site. With the help of the conversion cookie, we receive conversion statistics, e.g., about the total number of users who clicked on one of our Google ads and were redirected to one of our pages with a conversion tracking tag. This does not provide us with any information that can be used to personally identify users. Furthermore, each AdWords customer receives a unique cookie. Cookies that are set when you click on one of our AdWords ads can therefore not be recorded and tracked by websites of other AdWords customers.

(3) Use of Hubspot
KPMG uses Hubspot, a service of Hubspot Inc., on its websites for analysis purposes. Here so-called "Web Beacons" are used and also "Cookies" are set, which are stored on your computer and which enable an analysis of your use of the website by us. Hubspot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of KPMG in order to generate reports on the visit and pages viewed by KPMG. If, as described in section 3b, you subscribe to KPMG e-mail news and receive studies and other documents, Hubspot allows us to link a user's visits to KPMG websites to his or her personal details (above all, name and e-mail address) on the basis of his or her consent, thus enabling us to record his or her personal details and inform users individually and specifically about preferred topics.  If Hubspot generally does not wish cookies to be recorded, they can be prevented from being saved at any time by making the appropriate browser settings (see section 3c above). Further information about the functionality of Hubspot can be found in the Hubspot Inc. privacy policy at:

(4) Sitefinity Insights
KPMG uses Sitefinity Insights on the Atlas websites. Sitefinity Insights is an online marketing service of Telerik Inc. 201 Jones Rd, 2nd Floor, Waltham, MA 02451, USA, which enables users to present personalized contents and supports KPMG in analyzing and optimizing our websites. These include especially activities carried out by visitors on our websites using a web browser, e.g. visiting the contacts page, sending a web form, registering as a user or downloading a whitepaper using an IP address from the user's device as well as browser metadata, such a user agent string, version, language, time zone and similar information. User data are processed after receiving approval, which can be granted by means of the cookie settings. Should collection through Sitefinity Insights not be desired, the storage of cookies can be prevented at any time through browser or cookie settings (see above under item 3c). Further information on the functionality of Sitefinity Insights can be found in Telerik Inc.'s privacy statement, which is available at: Personal data collected, processed, and stored by Sitefinity Insight - Sitefinity CMS Administration (

4. How long is data stored? 
Unless expressly stated otherwise, KPMG will retain personal information for as long as is necessary to carry out the purposes set out above. This is subject to the statutory retention obligations. KPMG employees are instructed to regularly check the length of time personal data is stored and, if necessary, to delete it. 

5. What data protection rights do data subjects have? 
Data subjects have the right to access information pursuant to Article 15 GDPR on the processing of their personal data by KPMG (including the purpose of the processing, any recipients and the expected duration of storage), the right to rectification of incorrect data (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing and data portability (Articles 18, 20 GDPR) as well as the right to object to their use for marketing purposes and to processing based on a legitimate interest of KPMG (Article 21 GDPR) Once consent has been given, it can in principle be withdrawn by giving notice to KPMG at any time with effect for the future. In order to safeguard these rights, data subjects can contact KPMG's data protection officer (see section 2). There is also a right to lodge a complaint with a data protection supervisory authority. Affected parties can address their complaints to the authority of their place of residence, but in principle also to any other data protection supervisory authority.