Effective date: December 2018

Introduction Grant Thornton LLP (“Grant Thornton” or “we”) is a national professional services firm which provides assurance, tax, financial advisory, and consulting services to private and publicly-traded businesses, government organizations, as well as to individuals (the “Services”). This Privacy Statement outlines our general policy and practices for protecting personal information that we collect through our Web site at www.grantthornton.com and other Web sites (each, a “Site”) that we operate and in connection with the provision of the Services. This Privacy Statement explains the types of information we gather through our Sites and in connection with our Services, how we use that information, and the choices individuals may exercise regarding our use of, and their ability to correct, that information. By submitting personal information to us, you are consenting to use of your personal information (including any disclosures, processing, and transfers of your information to third parties by Grant Thornton) in accordance with this Privacy Statement. Any consent you provide is entirely voluntary. If you do not accept this Privacy Statement, then you should not submit any personal information to Grant Thornton through our Sites or Services.

Grant Thornton participates in the EU- U.S. Privacy Shield and Swiss-U.S. Privacy Shield programs administered by the U.S. Department of Commerce regarding our collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Grant Thornton’s participation in the Privacy Shield programs applies to our collection, use, and retention of any personal information transferred from the European Union, European Economic Area, and Switzerland whether through our Sites or in connection with providing our Services or operating and administering our business. To learn more, please visit www.grantthornton.com/privacy-policy/privacy-shield-notice.aspx.

Notice, Choice and Use In order to use our Sites, you do not need to send us any personal information. You may voluntarily provide us with personal information, such as your name and contact information, by subscribing to publications, registering on the “Log In” page, registering for events (e.g., webcasts, seminars, or conferences), requesting access to specific content, responding to a survey, submitting requests to meet with Grant Thornton representatives or by submitting requests through our “Contact Us” mailboxes. We may use the personal information you submit through the Site to respond to your requests (e.g. send you information about Grant Thornton’s services or events), send you administrative information or notices, send you information about our services, provide a more personalized experience, improve the Site, and for our internal business purposes. If you no longer wish to receive promotional communications from us, you may at any time request that we discontinue sending you such materials by contacting us using the contact information listed below.

We do not seek sensitive personal information on our Sites except where we are required to do so as part of the recruitment process. If you choose to apply for a job through our Sites, we may collect information such as name, address and other contact information, work and educational experience, licenses and certifications, and other personal information. Your decision to submit such information is entirely voluntary. We may use this information to process and evaluate your application for employment and to communicate with you about employment opportunities. We may also retain and use this information to identify, and communicate with you about, future potential employment opportunities with us. If we elect to make an offer of employment, this information may become part of the employee file and may be used for other employment and work-related purposes.

In connection with providing Services, Grant Thornton enters into contracts with its clients that describe the purpose for which information (including personal information) is collected and used. Companies that engage Grant Thornton are responsible for obtaining, as required pursuant to law or regulation, consents from parties that provided the company with their personal information, which will be transferred to and used by Grant Thornton to perform the Services requested. Individuals that engage Grant Thornton will be asked to consent to provide their personal information to us to perform the Services requested.

Our legal basis for processing any personal information provided to us is either that: (i) you have expressly consented to the practices described in this Privacy Statement by voluntarily providing your personal information to Grant Thornton, or (ii) such processing is necessary for the performance of a contract where Grant Thornton has been engaged to provide Services.

We do not use profiling or make any decisions based solely on the automated processing of your personal information. We retain personal information for only so long as necessary for the intended purpose for which it was collected, unless a longer retention period is required or permitted by law or our document retention policies based on professional standards and best practices. We may also store your name and email address in a customer relationship management tool and use it to manage our relationship with you and/or your company.

Cookies, Tags, Beacons and Similar Technologies As is the case with many commercial Web sites, Grant Thornton automatically logs certain information about user access to the Site, which may include a user’s elections made, content accessed or downloaded, responses to forms and surveys, internet protocol address, browser type, internet service provider, referring/exit pages, operating system, as well as date and time stamps. We use “cookies” which are small data files stored on a user’s computer to enhance your on-line experience when visiting our Sites. The use of “cookies” is common practice for most Web sites; however, most Web browsers include settings that allow users to decline cookies. We or our digital media service providers also use tags, tracking pixels, and beacons to count visitors, to help us better understand the effectiveness of our content and the interests of our users, and to improve the experience on the Sites.

In addition, we use the services of Google Analytics, a web analytics service provided by Google, Inc. (“Google”). This analytical tool uses cookies and similar technologies to help analyze how users use the Sites. For more information about the collection and use of data through Google Analytics, please refer to https://www.google.com/policies/privacy/partners. Google offers the ability to opt out from tracking through Google Analytics cookies; for more information, visit http://tools.google.com/dlpage/gaoptout.

Do Not Track Signals Some Web browsers incorporate a “do-not-track” or similar feature that signals to Web sites with which the browser communicates that a visitor does not want to have his or her online activity tracked. As of the effective date of this Privacy Statement, not all browsers offer a “do-not-track” option and “do-not-track” signals are not yet uniform. For this reason, Grant Thornton does not currently respond to “do-not-track” signals.

Third-party Web Services We at times use Web services from third-parties on this Site to present content within the pages of this Site, e.g. to display videos and social content, to conduct surveys etc. We cannot prevent these Web sites or services from collecting information on your usage of this embedded content and recommend that you review their respective terms of use and privacy policies for further information.

Social Sharing We provide users the capability to share links to our content via social media and email. This capability connects the user directly with their third-party social media sites and email service provider. No personal information, IDs or passwords are made available to or stored by Grant Thornton in connection with this activity. After the content sharing is initiated, all interactions are directly between the user and their respective social media platform or email provider. We recommend reviewing the respective terms of use and privacy policies of your social media sites and email service provider for further information.

Form Auto Fills We provide users the convenience of auto filling Web site forms with their contact information from LinkedIn. Auto filling forms is voluntary and only provides Grant Thornton with the basic contact information requested in the form. No other personal information, IDs or passwords are made available to or stored by Grant Thornton in connection with this activity. We recommend reviewing the LinkedIn privacy policy for further information at https://www.linkedin.com/legal/privacy-policy.

Disclosures and Transfers Grant Thornton will not disclose an individual’s personal information to third parties, except as set forth in this Privacy Statement, when we have permission to make the disclosure, or as necessary to fulfill the purpose for which the information was submitted. We also may use or disclose personal information as we believe to be necessary or appropriate (a) under applicable law (including to meet a national security or law enforcement requirement), (b) to comply with legal process or professional standards, (c) to protect our rights, privacy, safety or property and/or those of our affiliates or clients; or (d) in a merger, acquisition or asset sale.

Grant Thornton may use third-party service providers to provide administrative or operational support to Grant Thornton. Such entities may be located within or outside the United States and, depending upon the services, they may have access to personal information in connection with their services. We require all such service providers to protect the information we entrust to them and to use such information only as necessary to provide services to us.

Additionally, Grant Thornton may disclose and transfer personal information to resource service providers and to other member firms of Grant Thornton International Ltd., or within Grant Thornton. Grant Thornton may also disclose and transfer personal information to GT US Shared Services Center India Private Limited (“GTSSC”) and/or the Grant Thornton Knowledge and Capability Center India Private Limited (“KCC”), our affiliates located in Bangalore, India.

The transfers described above may result in data passing from one jurisdiction to another, including to and from the United States, and possibly other countries outside of the European Economic Area, some of which may not have been deemed by the European Commission to ensure an adequate level of protection for personal information.

Accordingly, the level of safeguards and legal protections provided in such other non-European countries may not be as stringent as those under European data protection standards or the privacy laws of some other countries, possibly including your home jurisdiction. Please see our Privacy Shield Notice for further information.

Third-Party Sites This Privacy Statement does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any Web site or service to which the Site links. The inclusion of a link on the Site does not imply endorsement of the linked site or service by us or by our affiliates.

Data Security The security of your personal information is important to us. We seek to use reasonable physical (e.g. key card office entry, locking doors), technical (e.g. password protection, network firewalls, laptop encryption, authentication mechanisms), and administrative safeguards (e.g. confidentiality agreements, training, procedures that limit access to and use of data) to protect the information we process. However, no method of transferring data over the Internet or storing electronic data is completely secure. Therefore, while we strive to use reasonable and appropriate means to protect your personal information, we cannot guarantee absolute security.

Data Integrity We process personal information only in ways compatible with the purpose for which it was collected, as subsequently authorized by the individual, or as otherwise permitted by applicable law. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Access and Correction If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. We may limit or deny access to personal information where providing such access would be unreasonably burdensome or inappropriate under the circumstances. All requests to access or change personal information will be handled in accordance with applicable legal requirements.

Visitors who choose to register with this Site may correct and update their user profiles or unsubscribe from certain communications at any time. Visitors who would like to access or change their profiles or would like to request a copy of their personal information should contact us at webrequests@us.gt.com.

In addition, if you are a resident of the European Union, you may have certain rights under European data protection law with respect to your personal information, including the right to request access to, correct, amend, delete, limit the use of, or withdraw your consent for the processing of your personal information. You also may have the right to receive a copy of your personal information in a commonly used and machine-readable format and to transmit such information to another controller.

To request deletion of, access to or to make changes to information, or to otherwise exercise any of your rights in this paragraph, please send us an email at privacy.questions@us.gt.com. Grant Thornton will take steps to address your request to the extent consistent with and permitted by laws, regulations and professional standards applicable to Grant Thornton and our own internal policies. If you are a client and request that we delete or limit the use of your personal information required to perform our Services, we may not be able to complete our engagement.

Enforcement and Dispute Resolution We will investigate and attempt to resolve complaints and disputes regarding our use and disclosure of personal information in accordance with this Privacy Statement. We encourage interested persons to raise any concerns with us using the contact information below. Any employee who we determine is in violation of our privacy policies will be subject to disciplinary process.

If you are a resident of the European Union and your inquiry with Grant Thornton has not been satisfactorily addressed, or if you believe we are processing your personal information not in accordance with the law or this Privacy Statement, you may file a complaint to the Data Protection Authority in your country of residence.

Merger, Change in Ownership and Other Business Transitions In the event Grant Thornton goes through a business transition, such as a merger, or the acquisition or sale of all or a portion of its assets, your personal information may be among the assets transferred.

Privacy Statement Changes Grant Thornton reserves the right to amend or modify this Privacy Statement from time to time. We will post any revised Privacy Statement on this Site, or a similar Web site that replaces this Site. By continuing to use any of our Sites, you agree that the terms of this Privacy Statement as of the effective date will apply to information previously collected or collected in the future as permitted by law.

Minors This Site is not designed for or directed at persons 18 years of age or younger, and we do not intentionally collect information from anyone under the age of 18 through this Site.

How to Contact Us Questions, comments or complaints about Grant Thornton LLP’s Privacy Statement, Privacy Shield certification, or data collection and processing practices can be e-mailed to privacy.questions@us.gt.com, or by writing to us using the contact details below:

Corporate Mailing Address: Grant Thornton LLP
Privacy Office - Risk, Regulatory & Legal Affairs
171 N. Clark, Suite 200
Chicago, IL 60601