Our business is based on trust. For KPMG as an auditing company, the protection of personal data (data protection) is a high priority. KPMG complies with all applicable data protection laws and also strives to continuously improve data protection. KPMG is responsible for the processing of personal data on this website in accordance with the European Data Protection Basic Regulation (DS-GVO) and the Federal Data Protection Act ("BDSG"). 
With ATLAS, KPMG provides a web platform and web-based services that provide our clients with fast, easily accessible solutions to key transformation issues. This includes above all our web-based assessments. ATLAS helps to quickly find suitable services for tasks, to explain their functionality and to enable a fast application. 

With the following data protection information we inform you about the processing of personal data on the Atlas websites of KPMG as well as about the rights of data subjects. 

This privacy policy applies exclusively to the collection, processing and use of personal data within the framework of the Atlas Portal.

General data protection information on the processing of personal data within the framework of our general business activities and services (e.g. assessments/events) that can be commissioned via Atlas can be accessed here


1. Who is responsible for data processing on these websites? 
KPMG auditing company AG Klingelhöferstr. 1810785 Berlin 
Phone: +49 30 2068 - 0
Fax : +49 30 2068-2000
Email : 

2 How can the Data Protection Officer be reached? 
Either at the postal address mentioned under 1. or by e-mail address: 

3. For what purpose do we process your data on these web pages and on what legal basis? 
KPMG collects and uses personal data for making the website and our information and services available in accordance with Article 6 (1)(a) to (f) of the European General Data Protection Regulation (GDPR), i.e., to the extent permissible under the GDPR or another regulation or if the user (data subject) has given consent to the processing.

In order to fulfil the purposes listed under the abovementioned regulations, these following personal data may be disclosed:

  • Member firms of the global KPMG network (KPMG International)
  • KPMG subsidiaries or associates, e.g. KPMG IT Service GmbH, which operates and manages KPMG's IT infrastructure
  • Where required, authorities, courts or other public agencies in Germany and abroad
  • Further IT service providers and other processors strictly only when required, e.g. hosting, cloud services, public relations (e.g. sending of newsletters, client information, studies)

Legally standardized data protection contracts are agreed with all service providers which we use as processors pursuant to Article 28 EU GDPR and the service providers first undergo an IT security assessment.

Personal data may be transferred to countries outside the European Economic Area (EEA) only if there is an appropriate level of data protection within the meaning of Art. 44 et seqq. GDPR.

Each member firm of KPMG International has undertaken to adhere to the minimum standards of data protection. Their main obligations in this regard are contained in the KPMG Data Protection Guidelines and in the contractual clauses on data protection (Inter Firm Data Transfer Agreement – IFDTA) of KPMG International. The IFDTA includes in particular also all modules from the current EU standard contractual clauses (EU Model Clauses), which were published by the European Commission on June 4, 2021, pursuant to Art. 46 (2) lit. c GDPR. The IFDTA obligates the corresponding KPMG member firms around the world to observe these rules in the case of non-EU/EEA data transfers.

Also in the case of KPMG-external service providers (including the usage of cloud services) outside of the EEA, the appropriate level of data protection required pursuant to EU data protection law is ensured by complying with the requirements set forth under Article 45 et seqq. EU GDPR, normally by agreeing standard data protection clauses (EU model clauses) within the meaning of Article 46 (2)(c) EU GDPR.

In addition, KPMG processes personal data when you visit this website as follows: 

a. log files 
Each time you visit our website, so-called log files are automatically saved on the basis of our legitimate interest in accordance with Art. 6 Para. 1f EU DS-GVO. These log files contain information about the computer accessing our website, e.g. information about the browser type, the operating system used, the Internet service provider, the IP address, date and time of access. Storage of this data is necessary in order to make our web pages available to users for the duration of the session. We also use this data to optimize our websites and to ensure the security of our IT systems. The data from the log files are deleted as soon as they are no longer required for the named purposes. 

b. Register with Atlas 
The publicly accessible websites of Atlas can initially be used without providing personal data. If you wish to have access to restricted content (e.g. certain studies) on Atlas or if you wish to commission services as a client, you must register in order to provide personal data. With the first registration a password protected personal account and access to the internal area of Atlas will be set up (Level 1 registration). This requires, among other things, the indication of surname, first name and (business) e-mail address. In order to commission services via Atlas, further information is required for internal review as a client of KPMG (Level 2 registration). This information is used to identify and verify the client and relates to company-specific information (e.g. company name, company form, company address and other information such as capital market orientation, financial supervision), which generally has no personal reference. 
When registering, logging in and using the user account, the IP address of the user and the time of the respective use are also recorded. KPMG has a legitimate interest pursuant to Art. 6 para. 1 lit. f EU DS-GVO for security reasons (e.g. protection against misuse, unauthorised use). 

c. Newsletter, Mailings, Downloads 
On the KPMG websites, we provide a wide range of newsletters, mailings and downloads on the basis of the user's consent in accordance with Art. 6 Para. 1a EU DS-GVO, possibly in conjunction with § 7 Para. 2 No. 3 UWG. Also on the basis of a legal permission according to § 7 Abs. 3 we can send certain information by e-mail to those affected. 
To subscribe to topic-related newsletters and mailings as well as to download certain documents (e.g. studies) from KPMG, you must provide your name and e-mail address. By registering or downloading, KPMG is also granted permission to record future visits of a user to our websites on a personal basis in order to be able to send him or her topic-related information (e.g. current studies, surveys) tailored to the respective interests in a targeted and personal manner. We use a cookie from our service provider Hubspot to record the individual KPMG websites 
and topics that a registered user looks at when visiting them (see also section 3e (3) below). 
After registering for newsletters, mailings or downloads on the KPMG websites, each user receives a confirmation e-mail to the e-mail address provided (so-called double opt-in procedure). Only after clicking on the link contained in this e-mail is the registration completed.
Consents once given to receive newsletters, mailings or downloads may be revoked at any time via a link at the end of any e-mail or by sending a message to KPMG's mailbox 
Registrations for newsletters, mailings or downloads are logged on the basis of our legitimate interest in being able to prove the registration and consent of a user at any time (Art. 6 para. 1 lit. f EU DS-GVO). 
If you have not used our offers in any form during one year, you are not considered interested and will be automatically deleted from Hubspot. 

d. contact form 
To request further information, we provide you with contact forms at various points on our website, which you can use to contact us directly. We process the personal data entered here (e.g. name, e-mail address) within the framework of the statutory provisions for processing the enquiry pursuant to Art. 6 Para. 1b or Art. 6 Para. 1f EU DS-GVO. 

e. Cookies & Analytics 

KPMG uses so-called cookies for the purposes listed below. A cookie is a text file that is sent from the web server to the browser and processes information about the website visitor (e.g. IP address), his settings and the devices used.

In the table below we have listed the different types of cookies we use on our site:

Strictly necessary cookies

These cookies are essential to ensure that the user can navigate and use certain functions of the website. Without them, essential parts of the website cannot be used. Accordingly, these cookies are always activated. They are only used when you visit our website and are usually deleted when you close your browser. They are also used to call up the optimized website display when accessed with a mobile device, so that, for example, your data volume is not unnecessarily consumed. The cookies also facilitate the page change from http to https, so that the security of the transferred data remains guaranteed.

Functional Cookies

Functional cookies enable the website to store information such as the user name or language selection and to offer the user improved and personalized functions based on this information. The information collected is only evaluated in aggregated form.

Since we want to offer you a website that is designed for optimal user-friendliness, we recommend that you activate these cookies. Functional cookies are also used, for example, to activate the functions you desire, such as the playback of videos.

Performance cookies

These cookies collect data about user behavior. On this basis, the website is adjusted to the general user behaviour in terms of content and functionality. The information collected is generally processed in aggregated form, unless a user has expressly consented to a personal evaluation. Performance cookies are only used to improve the performance of the website and to tailor the online experience to the users' needs. 

Marketing cookies

Marketing cookies are used to offer content that is more relevant to the user and adapted to his interests. They are also used to measure and control the effectiveness of campaigns. For example, they register whether a user has visited a website or not, and which content has been used. This information is used to create a personal content profile so that only content that is interesting to you is displayed. If you withdraw your consent to marketing cookies, this does not mean that you will see and receive less content as a result. It rather means that the content you see and receive is not tailored to your individual needs.

Social media cookies are used to offer content that is more relevant to the user and adapted to his interests. They are also used to measure and control the effectiveness of campaigns. For example, they register whether a user has visited a website or not, as well as which content has been used. This information is used to create an interest profile so that only content that is interesting to you is displayed. 

The legal basis for data processing by cookies is Art. 6 para. 1a, f DSGVO, i.e. the consent of the website visitor or a legitimate interest of KPMG. A legitimate interest in the use of cookies in accordance with Art. 6 para. 1f DSGVO for KPMG lies in particular in the use of absolutely necessary cookies (see above).

Further detailed information on the cookies used by KPMG can be called up in the cookie settings, where the selected cookie configuration can also be adjusted by the user at any time.

Note: If you agree to a category, the cookies are activated immediately or when the website is reloaded. If you revoke your previously granted consent to a category, the cookies will remain active until the end of their term. To ensure that these cookies are blocked immediately, you must delete them manually via your browser settings.  

KPMG uses the following third-party cookies and analytics tools on these websites in detail:

(1) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ('Google').
Google Analytics uses cookies, i.e. text files that are saved in the browser and allow analysis of use of the website by the user. The information generated by the cookie on use of this website is usually transferred to a Google server in the US and stored there. In the event of activation of IP anonymisation on this website, the user's IP address is first truncated by Google within member states of the European Union or other Contracting Parties of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a server of Google in the US and truncated there. Google will use this information on behalf of the operator of this website to analyse use of these web pages, to compile reports on website activity and to provide further services related to website and internet use for the website operator.
The IP address sent by the browser used within the scope of Google Analytics is not combined with other Google data.
Each user can prevent the storage of cookies by means of browser settings; moreover, the collection and transmission of data generated by the cookie and relating to use of the website (including your IP address) to Google as well as processing of this data by Google can be prevented by downloading and installing the browser plug-in available at
Furthermore, collection by Google Analytics can be prevented through confirmation of the following link.
Please note also that on this website Google Analytics was expanded by the code 'anonymizeIp' in order to ensure anonymised collection of IP addresses (so-called 'IP masking').
Please visit or for more information on terms of use and data protection.

(2) Conversion Tracking
On these web pages, further tools from third parties are used, which collect data for analysis, marketing and optimisation purposes in order to improve marketing measures and our web page. The data collected are used to link advertising contacts and clicks on advertisements with the subsequent use of these websites. In this way, it can be determined whether Internet users who have seen advertisements visit this website and which services they are interested in. The collected data can also be used to deliver advertisements based on your interests. For this purpose, pseudonymous online identification numbers (Online ID) such as Cookie IDs, IP addresses, Device IDs, Advertising ID / IDFA (e.g. on Android or Apple smartphones) are used. The data collected will not be used to personally identify users of this website or app without your consent. If you do not wish for your data to be recorded as described, you can object as described below, also in relation to the respective provider.

We currently use tools from the following providers:

- “Adform” of Adform A/S Wildersgade 10B, sal. 1 DK-1408 Copenhagen, Denmark. Under the following link you will find an explanation of how you can deactivate data collection on your computer or mobile device by Adform:

- “The Trade Desk” of The UK Trade Desk Ltd. (Co. No. 8539108), 11th Floor Whitefriars Lewins Mead, Bristol, BS1 2NT. Under the following link you will find an explanation of how to disable data collection on your computer or mobile device:

- “Display & Video 360” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Under the following link you will find an explanation of how to disable data collection on your computer or mobile device:

- “Amazon Advertising Platform” of Amazon Online Germany GmbH, Marcel-Breuer-Straße 12, 80807 Munich, Germany. Under the following link you have the possibility to deactivate the data collection by Amazon on your computer or mobile device. To do this, activate the checkbox “Opt Out” in the displayed list under “Amazon Ad System”:

- “Google AdWords”. As Google AdWords customer, we also use Google Conversion Tracking, an analysis service of Google. Under the following link you have the possibility to deactivate the data collection by Google on your computer or mobile device:

(3) Use of Hubspot
KPMG uses Hubspot, a service of Hubspot Inc., on its websites for analysis purposes.
Here so-called "Web Beacons" are used and also "Cookies" are set, which are stored on your computer and which enable an analysis of your use of the website by us. Hubspot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of KPMG in order to generate reports on the visit and pages viewed by KPMG. 
If, as described in section 3b, you subscribe to KPMG e-mail news and receive studies and other documents, Hubspot allows us to link a user's visits to KPMG websites to his or her personal details (above all, name and e-mail address) on the basis of his or her consent, thus enabling us to record his or her personal details and inform users individually and specifically about preferred topics. 
If Hubspot generally does not wish cookies to be recorded, they can be prevented from being saved at any time by making the appropriate browser settings (see section 3c above). 

Further information about the functionality of Hubspot can be found in the Hubspot Inc. privacy policy at: 

(4) Sitefinity Insights
KPMG uses Sitefinity Insights on the Atlas websites. Sitefinity Insights is an online marketing service of Telerik Inc. 201 Jones Rd, 2nd Floor, Waltham, MA 02451, USA, which enables users to present personalized contents and supports KPMG in analyzing and optimizing our websites. These include especially activities carried out by visitors on our websites using a web browser, e.g. visiting the contacts page, sending a web form, registering as a user or downloading a whitepaper using an IP address from the user's device as well as browser metadata, such a user agent string, version, language, time zone and similar information. User data are processed after receiving approval, which can be granted by means of the cookie settings. Should collection through Sitefinity Insights not be desired, the storage of cookies can be prevented at any time through browser or cookie settings (see above under item 3c). Further information on the functionality of Sitefinity Insights can be found in Telerik Inc.'s privacy statement, which is available at: Personal data collected, processed, and stored by Sitefinity Insight - Sitefinity CMS Administration (

4. How long is data stored? 
Unless expressly stated otherwise, KPMG will retain personal information for as long as is necessary to carry out the purposes set out above. This is subject to the statutory retention obligations. KPMG employees are instructed to regularly check the duration of the storage of personal data and, if necessary, to delete it. 

5. What data protection rights do data subjects have? 
Data subjects have the right to information pursuant to Art. 15 EU DS-GVO on the processing of their personal data by KPMG (including the purpose of the processing, any recipients and the expected duration of storage), the right to correction of incorrect data (Art. 16 EU DS-GVO), deletion (Art. 15 EU DS-GVO), and the right to demand the correction of incorrect data (Art. 15 EU DS-GVO). 17 EU DS-GVO), restriction of the processing and transferability of the data submitted (Art. 18, 20 EU DS-GVO) as well as the right to object to their use for marketing purposes and on the basis of processing based on a legitimate interest of KPMG (Art. 21 EU DS-GVO). Once consent has been given, it can in principle be revoked vis-à-vis KPMG at any time with effect for the future. In order to safeguard these rights, anyone concerned can contact KPMG's data protection officer (see section 2). There is also a right of appeal to a data protection supervisory authority. Affected parties can address their complaints to the authority of their place of residence, but in principle also to any other data protection supervisory authority.