This Privacy Notice explains what we do with information that we may hold about you (your "personal data") in the context of your use of our website, available at https://www.grantthornton.global/en/ (the "Website").
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your rights.
For the purpose of applicable data protection legislation, the company responsible for your personal data is Grant Thornton International Ltd ("GTIL", "us" or "we").
We may amend this Privacy Notice from time to time. Please visit this page if you want to stay up-to-date as we will post any changes here.
Your privacy is really important to us. If you are dissatisfied with any aspect of this Privacy Notice or our handling of your personal data, please contact us using the details set out below.
When you visit the Website, make an enquiry through the Website, order publications or request more information, we may collect the following information from you directly:
We do not log your Internet Protocol (IP) address.
IF YOU DO NOT WANT US TO COLLECT ANY OF THE INFORMATION DESCRIBED IN THIS PRIVACY NOTICE, DO NOT USE OUR WEBSITE.
How and why we collect your personal data
The majority of the personal data we hold about you will be collected directly from you. [We also collect some limited technical data (as described above) automatically as a result of your use of the Website.]
We collect, use, and disclose your personal data for a number of reasons, including:
Lawful bases for us processing your personal data
We have set out in the table below the key purposes for which we use your personal data, as well as the types of personal data used and the lawful bases relied upon for that use in accordance with applicable data protection law.
| Why do we hold your data? | What types of data do we hold? | What lawful basis do we rely upon? |
| To enable us to provide and improve the Website | [Analytical data regarding your interaction with the Website] | Legitimate interests, namely it is in our interests to understand how our clients and customers interact with our Website in order to provide them with the best service. |
| To enable us to respond to your enquiries | Name Postal address Email address |
Legitimate interests, namely it is in our interest to satisfy any enquiries received from our customers and clients. |
| To enable us to comply with our legal obligations | As applicable such personal data as we may hold | Necessary for compliance with a legal obligation. |
| To help us to establish, exercise, or defend legal claims. | Name Postal address Email address |
Legitimate interests, namely it is in our interests for us to be able to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them. |
| To enable us to provide you with marketing information | Name Postal address Email address |
Legitimate interests, namely it is in our interests to be able to market our products and services to potential customers. In certain circumstances, we may also seek your consent for marketing activities. In such circumstances, we will provide you with sufficient information so that you can decide whether or not you wish to consent. You have the right to withdraw your consent at any time. |
Who do we share your personal data with?
In general, your personal data is processed exclusively by us and we do not pass on any personal data to third parties unless in the context of our Website and services. Where we do share your personal data, we do so with the following categories of recipients:
Service providers
We may share your personal data with third party service providers who perform functions on our behalf (including website providers, email communications service providers, technical support functions and IT consultants carrying out testing and development work on our business technology systems). We will only share your data with these third party service providers where we have an appropriate data processing agreements (or similar protections) in place and they will not be able to use your data for their own purposes (e.g. for their own marketing purposes).
Related entities
We may disclose your personal data to Grant Thornton member firms.
Regulatory bodies
We may disclose your personal data:
Professional advisors and auditors
We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
Replacement providers
In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If GTIL or substantially all of its assets are acquired by a third party, personal data held by us about our clients/customers/users will be one of the transferred assets.
Otherwise, your data will only be disclosed in special exceptional cases, where we are obligated or entitled to do so by statute or upon binding order from a public authority.
How long do we keep your data for?
We may retain your personal data as long as it remains necessary in relation to the purposes for which we collected the information. When determining the appropriate retention period, we consider the risks of the processing, our contractual, legal, and regulatory obligations, internal data retention policies and our legitimate interests as described in this Privacy Notice.
How do we keep your personal data secure?
We care about protecting your personal data. That is why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your information.
We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
Do we send your personal data overseas?
Your personal data may be transferred outside of the UK and EU to the types of entities described in the section called ‘Who do we share your personal data with?’ above.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the UK and EU where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example by way of an intra-group agreement in place between Grant Thornton group entities or a data transfer agreement with a third party, in each case incorporating appropriate standard contractual clauses adopted by the UK or the EU.
Your rights
You have various rights in relation to the personal data which we hold about you as described below.
To get in touch with us about any of your rights under applicable data protection laws, please use the contact details set out below. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object to and/or restrict processing
You have the right to object to, or restrict our processing of, your personal data in certain circumstances. We will stop such processing unless we can demonstrate compelling legitimate grounds for the processing which overrides your interests or if the processing is necessary for the establishment, exercise or defence of legal claims. You also have the right to object to any direct marketing.
Right to withdraw consent
If we obtain your consent to process your personal data for any activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
Right to access a copy of your data
You have the right to request a copy of the personal data that we hold about you, and request us to modify, update or delete such information. However, you should be aware that where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Right to erasure
You have the right to request that we erase your personal data in certain circumstances. We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you.
Right of data portability
You have the right to transfer your personal data between service providers.
Rights in relation to automated decision making
You have the right not to be subject to a decision based solely on automated processing including profiling which produces legal effects on you or similarly affects you. However please note that we do not use your personal data to make any solely automated decisions about you apart from showing you location-specific content.
Right to complain
You also have the right to complain to your data protection authority.
In the UK, the data protection authority is the Information Commissioner's Office. You can contact them in the following ways:
Links
Our website contains links to Grant Thornton member and correspondent firm websites, but this Privacy Notice applies only to personal data collected via the Website. It does not apply to specific member or correspondent firms practising under the Grant Thornton name. We are not responsible for the privacy practices of these or other sites. We encourage our visitors to be aware when they leave our Website, and to read the privacy notices of other sites (including websites of Grant Thornton member firms) that collect or use your personal data.
Contact us
If you have any questions about this Privacy Notice or our use of your personal data, if you need to report a problem, or if you would like to exercise one of your rights under data protection and privacy laws you can contact us using the following contact details:
Email: gtimarketing@gti.gt.com
Cookies
A cookie is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on your hard drive. Cookies can't read data off your hard drive or cookie files created by other sites, and do not damage your system.
However, you can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. Web browsers allow you to control cookies stored on your hard drive through the web browser settings. To find out more about cookies, including what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.
We only use cookies to monitor the performance of our website and to improve user experience.
If you choose not to accept our cookies, some of the features of our Website may not work as well as we intend.