Effective date: May 2018
Grant Thornton LLP (“Grant Thornton” or “we”) is a national professional services firm which provides assurance, tax, financial advisory, and consulting services to private and publicly-traded businesses, government organizations, as well as to individuals (the “Services”). This Privacy Statement outlines our general policy and practices for protecting personal information that we collect through our Web site at www.grantthornton.com and other Web sites (each, a “Site”) that we operate and in connection with the provision of the Services. This Privacy Statement explains the types of information we gather through our Sites and in connection with our Services, how we use that information, and the choices individuals may exercise regarding our use of, and their ability to correct, that information. By submitting personal information to us, you are consenting to use of your personal information (including any disclosures, processing, and transfers of your information to third parties by Grant Thornton) in accordance with this Privacy Statement. Any consent you provide is entirely voluntary. If you do not accept this Privacy Statement, then you should not submit any personal information to Grant Thornton through our Sites or Services.
Grant Thornton participates in the EU- U.S. Privacy Shield and Swiss-U.S. Privacy Shield programs administered by the U.S. Department of Commerce regarding our collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Grant Thornton’s participation in the Privacy Shield programs applies to our collection, use, and retention of any personal information transferred from the European Union, European Economic Area, and Switzerland whether through our Sites or in connection with providing our Services or operating and administering our business. To learn more, please visit www.grantthornton.com/privacy-policy/privacy-shield-notice.aspx.
Notice, Choice and Use
In order to use our Sites, you do not need to send us any personal information. You may voluntarily provide us with personal information, such as your name and contact information, by subscribing to publications, registering on the “Log In” page, registering for events (e.g., webcasts, seminars, or conferences) or by submitting requests through our “Contact Us” mailboxes. We may use the personal information you submit through the Site to respond to your requests (e.g. send you information about Grant Thornton’s services or events), send you administrative information or notices, send you information about our services, and for our internal business purposes. If you no longer wish to receive promotional communications from us, you may at any time request that we discontinue sending you such materials by contacting us using the contact information listed below.
We do not seek sensitive personal information on our Sites except where we are required to do so as part of the recruitment process. If you choose to apply for a job through our Sites, we may collect information such as name, address and other contact information, work and educational experience, licenses and certifications, and other personal information. Your decision to submit such information is entirely voluntary. We may use this information to process and evaluate your application for employment and to communicate with you about employment opportunities. We may also retain and use this information to identify, and communicate with you about, future potential employment opportunities with us. If we elect to make an offer of employment, this information may become part of the employee file and may be used for other employment and work-related purposes.
In connection with providing Services, Grant Thornton enters into contracts with its clients that describe the purpose for which information (including personal information) is collected and used. Companies that engage Grant Thornton are responsible for obtaining, as required pursuant to law or regulation, consents from parties that provided the company with their personal information, which will be transferred to and used by Grant Thornton to perform the Services requested. Individuals that engage Grant Thornton will be asked to consent to provide their personal information to us to perform the Services requested.
Our legal basis for processing any personal information provided to us is either that: (i) you have expressly consented to the practices described in this Privacy Statement by voluntarily providing your personal information to Grant Thornton, or (ii) such processing is necessary for the performance of a contract where Grant Thornton has been engaged to provide Services.
We do not use profiling or make any decisions based solely on the automated processing of your personal information. We retain personal information for only so long as necessary for the intended purpose for which it was collected, unless a longer retention period is required or permitted by law or our document retention policies based on professional standards and best practices. We may also store your name and email address in a customer relationship management tool and use it to manage our relationship with you and/or your company.
Cookies and Similar Technologies
As is the case with many commercial Web sites, Grant Thornton automatically logs certain information about user access to the Site, which may include a user’s internet protocol address, browser type, internet service provider, referring/exit pages, operating system, as well as date and time stamps. We also use “cookies” which are small data files stored on a user’s computer to enhance your on-line experience when visiting our Sites. The use of “cookies” is common practice for most Web sites; however, most Web browsers include settings that allow users to decline cookies.
Do Not Track Signals
Some Web browsers incorporate a "do-not-track" or similar feature that signals to Web sites with which the browser communicates that a visitor does not want to have his or her online activity tracked. As of the effective date of this Privacy Statement, not all browsers offer a “do-not-track” option and “do-not-track” signals are not yet uniform. For this reason, Grant Thornton does not currently respond to “do-not-track” signals.
Disclosures and Transfers
Grant Thornton will not disclose an individual's personal information to third parties, except as set forth in this Privacy Statement, when we have permission to make the disclosure, or as necessary to fulfill the purpose for which the information was submitted. We also may use or disclose personal information as we believe to be necessary or appropriate (a) under applicable law (including to meet a national security or law enforcement requirement), (b) to comply with legal process or professional standards, (c) to protect our rights, privacy, safety or property and/or those of our affiliates or clients; or (d) in a merger, acquisition or asset sale.
Grant Thornton may use third-party service providers to provide administrative or operational support to Grant Thornton. Such entities may be located within or outside the United States and, depending upon the services, they may have access to personal information in connection with their services. We require all such service providers to protect the information we entrust to them and to use such information only as necessary to provide services to us.
Additionally, Grant Thornton may disclose and transfer personal information to resource service providers and to other member firms of Grant Thornton International Ltd., or within Grant Thornton. Grant Thornton may also disclose and transfer personal information to GT US Shared Services Center India Private Limited (“GTSSC”) and/or the Grant Thornton Knowledge and Capability Center India Private Limited (“KCC”), our affiliates located in Bangalore, India.
The transfers described above may result in data passing from one jurisdiction to another, including to and from the United States, and possibly other countries outside of the European Economic Area, some of which may not have been deemed by the European Commission to ensure an adequate level of protection for personal information.
Accordingly, the level of safeguards and legal protections provided in such other non-European countries may not be as stringent as those under European data protection standards or the privacy laws of some other countries, possibly including your home jurisdiction. Please see our Privacy Shield Notice for further information.
This Privacy Statement does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any Web site or service to which the Site links. The inclusion of a link on the Site does not imply endorsement of the linked site or service by us or by our affiliates.
The security of your personal information is important to us. We seek to use reasonable physical (e.g. key card office entry, locking doors), technical (e.g. password protection, network firewalls, laptop encryption, authentication mechanisms), and administrative safeguards (e.g. confidentiality agreements, training, procedures that limit access to and use of data) to protect the information we process. However, no method of transferring data over the Internet or storing electronic data is completely secure. Therefore, while we strive to use reasonable and appropriate means to protect your personal information, we cannot guarantee absolute security.
We process personal information only in ways compatible with the purpose for which it was collected, as subsequently authorized by the individual, or as otherwise permitted by applicable law. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
Access and Correction
If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. We may limit or deny access to personal information where providing such access would be unreasonably burdensome or inappropriate under the circumstances. All requests to access or change personal information will be handled in accordance with applicable legal requirements.
Visitors who choose to register with this Site may correct and update their user profiles or unsubscribe from certain communications at any time. Visitors who would like to access or change their profiles or would like to request a copy of their personal information should contact us at firstname.lastname@example.org.
In addition, if you are a resident of the European Union, you may have certain rights under European data protection law with respect to your personal information, including the right to request access to, correct, amend, delete, limit the use of, or withdraw your consent for the processing of your personal information. You also may have the right to receive a copy of your personal information in a commonly used and machine-readable format and to transmit such information to another controller.
To request deletion of, access to or to make changes to information, or to otherwise exercise any of your rights in this paragraph, please send us an email at email@example.com. Grant Thornton will take steps to address your request to the extent consistent with and permitted by laws, regulations and professional standards applicable to Grant Thornton and our own internal policies. If you are a client and request that we delete or limit the use of your personal information required to perform our Services, we may not be able to complete our engagement.
Enforcement and Dispute Resolution
We will investigate and attempt to resolve complaints and disputes regarding our use and disclosure of personal information in accordance with this Privacy Statement. We encourage interested persons to raise any concerns with us using the contact information below. Any employee who we determine is in violation of our privacy policies will be subject to disciplinary process.
If you are a resident of the European Union and your inquiry with Grant Thornton has not been satisfactorily addressed, or if you believe we are processing your personal information not in accordance with the law or this Privacy Statement, you may file a complaint to the Data Protection Authority in your country of residence.
Merger, Change in Ownership and Other Business Transitions
In the event Grant Thornton goes through a business transition, such as a merger, or the acquisition or sale of all or a portion of its assets, your personal information may be among the assets transferred.
Privacy Statement Changes
Grant Thornton reserves the right to amend or modify this Privacy Statement from time to time. We will post any revised Privacy Statement on this Site, or a similar Web site that replaces this Site. By continuing to use any of our Sites, you agree that the terms of this Privacy Statement as of the effective date will apply to information previously collected or collected in the future as permitted by law.
This Site is not designed for or directed at persons 18 years of age or younger, and we do not intentionally collect information from anyone under the age of 18 through this Site.
How to Contact Us
Questions, comments or complaints about Grant Thornton LLP's Privacy Statement, Privacy Shield certification, or data collection and processing practices can be e-mailed to firstname.lastname@example.org, or by writing to us using the contact details below:
Corporate Mailing Address:
Grant Thornton LLP
Privacy Office - Risk, Regulatory & Legal Affairs
171 N. Clark, Suite 200
Chicago, IL 60601