Last updated 11 February, 2019

This Privacy Statement explains how KPMG Oy Ab (“KPMG”, “we” or “us”) collects, uses, and discloses the personal information concerning EEP Africa as a controller and as joint controller with Nordic Development Fund (“NDF”).

This Privacy Statement supplements KPMG’s Privacy statement and NDF’s Privacy policy. Please review them together with this Privacy Statement to learn more about what information we may collect about you and how we use that information.

We are obligated to follow the provisions of the EU General Data Protection Regulation. KPMG is also dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of these fundamental obligations, KPMG is committed to the appropriate protection and use of personal data.

Who is collecting your personal data

KPMG Oy Ab

Address: Töölönlahdenkatu 3, 00100 Helsinki

Telephone: +358 20 760 3000

Email: privacy@kpmg.fi

Nordic Development Fund

Address: P.O. Box 185, FIN-00171 Helsinki

Telephone: +358 10 618 002

Email: dataprotection@ndf.fi

Personal data collected

Generally we collect your personal data from you directly, when you complete a proposal or when you subscribe to our publications or when you use our website.

EEP Africa consists of three types of processing activities:

i. Registration of funding applications; KPMG collects, holds and uses personal data to the purposes of receiving, processing and evaluating funding applications/proposals.

We collect the following personal information: First name, last name, position (job title), name and position of signatory person and primary contact person, post address, e-mail address, tel. / mobile phone number 

ii. EEP Portal user accounts; KPMG collects, holds and uses personal data to the purposes of user access management.

We collect the following personal information: First name, last name, position (job title), name and position of signatory person and primary contact person, post address, e-mail address, tel. / mobile phone number 

iii. Registration of representatives of the organizations who have received a funding decision; KPMG collects, holds and uses personal data to the purposes of funding decision-making and project management.

We collect the personal information described in the first category, i): First name, last name, position (job title), name and position of signatory person and primary contact person, post address, e-mail address, tel. / mobile phone number.

We may also need to collect detailed information for due diligence and regulatory purposes. Personal information we require to meet the legal and regulatory obligations include the following:

  • Identity information including your current and former names, date of birth, country of birth, place of birth, gender, nationality and a copy of your valid passport and/or birth certificate;
  • Occupation and employment information, including details of legal entities you are employed by or affiliated with;
  • Other due diligence information.

KPMG collects always the minimum amount of personal data we need to fulfil our purpose. We make all reasonable efforts to ensure that we only collect and hold the personal data we need.

Legal grounds to collect personal data

The processing of your personal data is necessary in order to perform our obligations under a contract, thus performance of a contract is the legal basis for the processing.

Data security and storage

KPMG has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite KPMG’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.

KPMG uses all reasonable efforts to retain personal data collected from you only for so long as KPMG needs such data in accordance with the purpose for which it was collected or until KPMG is requested to delete it (if earlier). KPMG applies reasonable efforts to assure that inaccurate, incorrect and outdated personal data is deleted or corrected without undue delay.

Your rights

If we process personal information about you, you have rights to that data. Your rights are described in more detailed in KPMG’s general privacy statement (chapter 6).

You can make a request or exercise these rights by contacting KPMG at privacy@kpmg.fi and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

Changes to this statement

KPMG keeps this Privacy Statement under regular review and may modify or amend it from time to time at our discretion. If we make changes, we will record the date of amendment or modification in the Privacy Statement.

Policy questions and enforcement

KPMG is committed to protecting the privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us at privacy@kpmg.fi. You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Statement.

In any event, you always have the right to lodge a complaint with the competent supervisory authority of KPMG in charge of protecting personal information.