Privacy Policy

KPMG ITS (Hereinafter referred to as ERP Academy, “we”, “us”, “our”) is committed to the protection of your personal data. It is impossible to provide our services without collecting and processing a certain set of your personal data. Their processing should be carried out in accordance with the applicable European and national legislation.

Therefore, with this Privacy policy (hereinafter referred to as the Policy), we would like to inform you why and how we collect and process your personal data and notify you of your rights as subjects of our personal data processed by us.

Who is the personal data controller of your personal information?

The controllers of your personal data is: 

KPMG IT Service OOD, UIC 203572873, having its registered office in 1404, Sofia, at 45/A, Bulgaria Boulevard; E-mail:

Who is the supervisor?

The Supervisory Authority in relation to the processing of personal data by KPMG IT Service is the Bulgarian Commission for Personal Data Protection, address: Bulgaria, 1592, Sofia, “Prof. Tsvetan Lazarov “№2; Telephone: +359 2 91 53 518; Fax: +359 2 91 53 525; e-mail address:, website:

Whose personal data do we collect and process?

For the purposes of running the ERP Academy, we collect personal information about:

  • Visitors/Users of the ERP Academy website
  • Applicants for the ERP Academy (Employment at KPMG IT Service)
  • ERP Academy trainees (Employees at KPMG IT Service)
  • Trainers at ERP Academy

What personal data do we collect?

Personal information we collect when you use/visit the ERP Academy website

The personal information that we collect when you visit our website may include information that you provide voluntarily as well as information collected automatically.

We collect personal information that you provide voluntarily through our Website for example when completing online forms or use our email to contact us. This information may include name, job title and company, contact information, such as email address and telephone number, as well as other personal information that you voluntarily choose to disclose to us. 

If you are visiting our website to apply for the ERP Academy, we may also collect information related to your application. For more information please refer to the section on applicants for the ERP Academy.

When you visit our website, we may collect certain personal information automatically. This information we collect automatically may include information like your IP address, device type, unique device identification number, browser-type, geographic location, pages visited, time and date of visit and other technical information.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some information we collect by using cookies and similar tracking technology. More information may be found in our Cookie Section.

Personal information we collect when you apply for the ERP Academy

In order to review and assess your application for traineeship at the ERP Academy, we collect the following personal data:

  • Name (name and surname)
  • Contact information – E-mail address and phone number
  • CV and motivation information
  • Information about your education
  • Employment background

How do we use this information?

We use this information to assess whether your skills, motivation, education and experience fulfill the requirements set by ERP Academy. 

This information is viewable only to staff members responsible for the trainee recruitment process to perform assessment of the applicant’s suitability, to review evidence for the qualities and qualifications, to contact you for setting up an interview. We may collect further information from you during an interview.

How do we collect your personal information?

We collect personal information about applicants for the ERP Academy from the following sources:

  • Directly from you – when applying for the ERP Academy directly through the academy’s website.
  • From job searching platforms – when applying for the ERP Academy through application publishing platforms, such as
  • From publicly available sources – for example, if you have a professional profile online (e.g. on your current employer’s website, or on a website facilitating professional communication, e.g. LinkedIn); and
  • By reference or word of mouth – for example, through KPMG IT Service’s Reference a Friend policy or through your friends and acquaintances who also applied for the ERP Academy.

What more I need to know?

If you apply for the ERP Academy via our website, we will also collect other personal information through our website. For more details, please refer to the section above on visiting/using the ERP Academy website.

If you are included in our shortlist of successful applicants and admitted to train at the ERP Academy we will collect further details, such as your position at KPMG ITS, your corporate email, etc. For more details please refer to the section below concerning the ERP Academy trainees.

Personal information we collect for selected ERP Academy trainees

In order to include you in the training roster and database of the ERP Academy, we collect various personal data (some of which we may already have from the recruitment procedures), such as:

  • Name (name and surname)
  • Contact information – email address, including KPMG email, personal and/or business phone number 
  • Private and business addresses
  • Photo
  • Date of birth
  • Sex
  • CV and motivation information
  • Academic records 
  • Employment background
  • Work certificates

We will also collect information with regard to the academy training. This information would include data about the progress of your studies, performance assessment, the level of understanding and completion of trainings, success levels, as well as attendance of classes.

As it was (or would be) thoroughly explained if you are amongst the selected trainees, the ERP Academy traineeship initiative is organized for KPMG IT Service’s employees only. Therefore, prior to begin your academy training you should become a KPMG ITS person (if not hired in previous recruitment campaigns). To set up and manage the employment related relation, KPMG ITS will collect, store and process the above mentioned personal details, as well as other details, including as necessary personal identification code, conviction and health status (if applicable), salary details, bank account details and many more. 

KPMG ITS may sometimes collect personal information that is viewed as particularly private or sensitive. We may do so if we have an employment law obligation to do so or with the individual’s explicit consent. This information may concern disabilities in view of employment with KPMG ITS so as to provide a suitable working environment. We may also ask you to provide diversity information about your religious beliefs so as to comply with labour law rules concerning leave days during religious holidays. Due to the nature of such information its provision remains purely voluntary so please feel free to share we us if these topics are not welcome. 

For the purposes of personal data processing outside the ERP Academy, you will be provided with a separate notice in your capacity as KPMG ITS person.

How do we use this information?

We use the above information for the purposes of setting up the academy, organizing classes, design appropriate courses, scheduling courses and courses. We will use your details to communicate these organization details with you, as well as to provide relevant information about you to class trainers. We also use the information to track you progress and assess your performance as a trainee. 

How do we collect your personal information? 

We collect personal information about ERP Academy trainees from the following sources:

  • Directly from you – in the course of applying for the ERP Academy directly through the academy’s website, as well as during interviews, post-interview meeting, etc.
  • From job searching platforms – when you have applied for the ERP Academy through application publishing platforms, such as
  • From publicly available sources – for example, if you have a professional profile online (e.g. on your current employer’s website, or on a website facilitating professional communication, e.g. LinkedIn); and

From academy trainers – for example, your trainers’ assessment of your progress, performance evaluations, etc.

Personal information we collect about trainers at the ERP Academy

In order to assess your suitability for hiring you as a trainer at the ERP Academy, we may request personal data for you qualifications, education level, professional experience, etc. We will gather information from you and from publicly available sources e.g. professional networking websites (LinkedIn).

We need this information to assess whether your skills, motivation, education level, qualifications and experience suffice with the requirements set by the ERP Academy.

If you reach us through the ERP Academy via our website, we will also collect other personal information through our website. For more details, please refer to the section above on visiting/using the ERP Academy website.

If we decide to hire you and for the conclusion and performance of a contract with you we will further need you full name, social security status (e.g. as self-employed), bank account details, etc.

Upon entering into a contract with you in the capacity of a trainer, you will be provided with further information concerning the details of your personal data processing, in addition to the information presented in the present policy.

What cookies do we use?

Our website uses cookies to help us improve its functionality, optimise it to suit your preferences and make it easier for you to view it. By using cookies ERP Academy can provide you with user-friendly services that are not possible without them, such as not to enter access data each time you access our Website.

You can prevent the installation of cookies or block them by setting  your  browser to refuse all or some cookies. In addition, already set cookies can be deleted at any time via your internet browser or other software programs. If you choose to disable the cookie setting in the Internet browser you are using, not all features on our website can be fully used.

Please note that there are also mandatory cookies that cannot be excluded if you wish to use our Website.

Are there any other cases when KPMG ITS will collect data about you?

Security measures

We may collect your personal information when you visit KPMG ITS offices, e.g. to registers you as a visitor or via installed video surveillance or other relevant measures that require processing of your data, e.g. for issuing a visitors badge. 

Relevant information regarding the above mentioned processing will be provided in our office at: KPMG ITS Office in Sofia, 1766, Mladost 4 r.a., Business Park Sofia, building 15A, floor 3

Automated decision making, which includes profiling

We do not process your personal data for automated decision making, which includes profiling.

Legal basis for processing:

In summary, we process your personal data on the basis of:

  • Your express consent provided for one or more specific purposes;
  • A contract between you and KPMG IT Service; 
  • Legal obligation provided by law;
  • Legitimate interest;

Our legal basis for collecting and processing the personal information as described in the sections above varies depending on the personal information concerned and the specific context in which we collect it, e.g. visiting our website, applying for the ERP Academy or hiring you as an external trainer.

Under normal circumstances, we will only collect personal information about you only where we have your consent to do so (when you apply for the ERP Academy), where we need the personal information to undertake some actions to conclude or perform a contract with you (for example, when hiring you as a trainer), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g. to track website visits). In some cases, we may also have a legal obligation to process personal information about you, or may need to process personal information in order to exercise, establish or defend legal claims, e.g. for tax reporting purposes when we provide payments for your services as a SAP trainer.

We will strive to inform you and provide additional clarifications when we require personal information from you. We will advise you whether the provision of your personal information is mandatory (e.g. you shall informs us of your employment or self-employment status for tax purposes) or not (as well as the possible consequences if you do not provide your personal information).

If you have any questions or concerns about the legal basis on which we collect and use your personal information for the ERP Academy initiative (including any legitimate interests relied upon), please send an email to

How long are personal data stored?

The ERP Academy keeps your personal data for no longer than is necessary to meet the purposes for which this personal data has been collected. Upon expiration of this period, your personal data will be securely deleted, as long as it is no longer required for the conclusion or performance of a contract, for securing court proceedings or if the applicable law explicitly does not require your personal data to be processed for a longer period of time.

Who do we share your personal information with?

We undertake to share your information only amongst employees of KPMG ITS who require your information to perform their job functions, e.g. team leaders in whose team you may be included, relevant hiring managers, administrative staff, etc. on a need-to-know basis, as well as the management officials of both companies. All of the mentioned individuals are under duty of confidentiality in terms of further disclosure of your personal information.

Sometimes we need to share your personal information with our partner organizations. When this is necessary, the ERP Academy complies with all aspects of applicable European and national data protection legislation.

Whenever necessary or required, we share information with:

  • IT services Providers
  • Equipment Providers
  • Lecturers and Exam Providers;
  • Legal Advisors
  • Printing Companies
  • Public authorities of the Republic of Bulgaria (under applicable legislation)
  • Member firms from the KPMG network
  • Banks, insurance companies

Do we transfer your data to countries outside the European Economic Area?

We do not transfer your personal data to countries or territories outside the European Economic Area.

Your Rights:

The General Privacy Protеction Regulation guarantees you a certain set of rights that you may exercise in relation to your personal data processed by us. Specifically, you have:

In brief

The General Data Protection Regulation guarantees you a certain set of rights that you may exercise in relation to your personal data processed by us. In summary, you have the following data protection rights: to access, correct, update or request deletion of your personal information or the restriction of their processing. You may also be entitled to object to the performed processing (when we process data on legitimate interest grounds) or may have the right of data portability.

If you wish to exercise any of your rights, you can do so at any time by contacting us via electronic mail sent to the following email address:

In more detail:

Right to information: You have the right to receive relevant information of our processing of you data, which is actually the purpose of this Policy. However, at any time you may contact us to receive additional information or clarifications on whether and how the ERP Academy process any of your personal data.

The right of access: You have the right to get free information about the nature, volume and way in which the ERP Academy use your personal data, and get a copy of this information. In addition, you have the right to receive information about the recipients of your data, including whether your personal data is being transferred to a country or an international organization located outside the European Union. If such a transfer takes place, you have the right to be informed of the appropriate precaution measures taken to protect your personal information.

Right of Rectification: You may request from us within a reasonable time to supplement and / or correct incomplete, inaccurate or outdated personal data.

Right of Erasure: You may require the deletion of your personal data and we are obliged to delete the personal data without undue delay, unless there is a legitimate legally prescribed reason to deny your request, e.g. when the processing is mandatory under the applicable legislation.

Right to Restriction of Processing: In the event that personal data that we process is inaccurate or obsolete or if you deem our processing unlawful, you have the right to ask us to limit / suspend the processing of such data for a period that allows us to verify the accuracy of the information and correct it accordingly, or until we resolve the matter of the legality of our processing. 

Data portability: This right allows you to get your personal data in a structured, machine-readable format.

You are entitled to data portability only where we process your personal information on the basis of consent or for the conclusion/performance of a contract and provided that the information itself is processed via automated means.

Right of objection: You may object to our processing at any time on grounds relating to your particular situation (applicable when processing your data is done on the basis of a legitimate interest of the ERP Academy or a third party).

Right to withdraw consent: When processing your personal data is based on your consent, you are entitled to withdraw it at any time. This can be done online by contacting us via email: or in our office. Withdrawal of your consent does not affect the legality of the processing prior to the consent withdrawal.

Right to Complain before the Surveillance Authority: If you believe that your privacy and data protection rights have been violated, you have the right to contact the Bulgarian Data Protection Commission. CPDP data is contained at the top of this Policy.

To exercise any of the above rights, you may contact us at any time via or personally at our office. Before we can fulfill your request, we may ask for additional information to verify your identity.

Security of processing

As controllers, we maintain and require from our partners and suppliers appropriate technical and organizational measures to protect and safeguard your personal data processed. 

Changes to this Policy

This Policy was last updated on 20.06.2019. We may change its contents by updating this page to reflect changes in applicable legislation or the ERP Academy privacy practices. However, we will not use your personal data in new ways without your knowledge or consent.

External links

Our website and services may provide links to other websites through direct links or through third party applications. The ERP Academy does not control these sites or their privacy practices, so we recommend that you familiarize yourself with their privacy practices before sharing your personal data with these platforms.

SAP®, SAP HANA®, SAP S/4HANA®, SAP Fiori®, SAP® UI5, SAP NetWeaver® and ABAP® are the trademark(s) or registered trademark(s) of SAP SE or its affiliates in Germany and in several other countries.

Welcome to our website, by continuing, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.