Grant Thornton and certain subsidiaries (Grant Thornton Financial Advisors LLC) participate in the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework programs administered by the U.S. Department of Commerce regarding our collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. Grant Thornton’s participation in the Data Privacy Framework programs applies to the collection, use, and retention of any personal information transferred from the European Union, European Economic Area, the United Kingdom, and Switzerland whether through our Sites or in connection with providing our Services or operating and administering our business. To learn more, please visit the Data Privacy Framework site.
Grant Thornton LLP and its subsidiary Grant Thornton Financial Advisors (collectively, “Grant Thornton” for purposes of this Notice) comply with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. Grant Thornton has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability, and the 16 Supplemental Principles (collectively, Data Privacy Framework Supplemental Principles”).
Grant Thornton’s participation in the Data Privacy Framework is subject to the investigatory and enforcement powers of the Federal Trade Commission and other U.S. authorized statutory bodies as applicable.
Grant Thornton’s adherence to the Data Privacy Framework Principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.
Personal Information collected about you will vary according to our interactions with you and the products and services we offer. Specific types or examples of Personal Information that could be collected by category are provided below.
Category of Personal Information
Purpose of collection
Category of third parties to whom data is potentially disclosed
Personal identifiers: contact information (such as first and last name, e-mail address, mailing address or phone number), and current employer and job title
To respond to requests; to send information about Grant Thornton’s services or events; to send administrative information or notices; to advertise our services on other websites; to communicate in connection with an engagement
Service providers; service providers for marketing services; our affiliates in Bengaluru, India; other member firms of GTIL
Education and professional information: name, address and other contact information, work history, educational experience, licenses, and certifications, other professional or employment-related information, full or partial Social Security number, gender, race, ethnicity, citizenship, veteran, and disability status
To create an account on Grant Thornton’s online job board; to process applications for employment and communicate about employment opportunities; to evaluate information for employment opportunities
Service providers; our affiliates in Bengaluru, India; background check vendors
Audio, visual: This category would include audio and video recordings and surveillance
Employment and security
Service providers for providing audio/visual services; law enforcement authorities
Internet activity: automatically collected information from activity on our Sites such as browser information, IP address, and browser type
To personalize content on our Sites; to track activity on and technical performance of our Sites; to evaluate our marketing efforts; to improve our Sites
Service providers for providing internet services; service providers for marketing services
Personal identifiers: personal information collected while providing services and in connection with pre-engagement activities
To fulfill a contract for services; to perform pre-engagement activities; to enforce our rights arising from any contract, including billing and collections
Service providers; our affiliates in Bengaluru, India; other member firms of GTIL
Grant Thornton’s participation in the Data Privacy Framework program applies to all personal information that we receive from the European Union, European Economic Area, the United Kingdom and Switzerland. Grant Thornton collects and receives personal information from the European Union, the United Kingdom and Switzerland in connection with client engagements for audit, tax and advisory services. We also collect and receive personal information related to employees from other member firms of Grant Thornton International Ltd. seeking employment or internship opportunities with us. We may also collect personal information from individuals located in the European Union, the United Kingdom and Switzerland who voluntarily provide such information through Grant Thornton’s Web sites in connection with applying for job openings or subscribing to events or media alerts. Please see the Privacy Statement on our external Web site at https://www.grantthornton.com/privacy-policy for more information.
As described in the Data Privacy Framework Principles, Grant Thornton also has certain responsibilities related to personal information that it receives under the Privacy Framework and subsequently transfers to a third party. In particular, Grant Thornton remains responsible and liable under the Data Privacy Framework Principles if third party agents that Grant Thornton engages to process personal information on our behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless we prove that Grant Thornton is not responsible for the event giving rise to the damage. The Federal Trade Commission has jurisdiction over Grant Thornton’s compliance with the representations made in this notice and the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework frameworks.
Individuals have the right to access their personal information, or correct, amend or delete such information where it is inaccurate or processed unlawfully, and also to opt out of disclosures to third parties who do not process personal information as part of the purpose for which personal information was collected or subsequently authorized or and any uses that are materially difference from the original purpose of collection as described in the Data Framework Principles. To exercise these rights, please email us at firstname.lastname@example.org.
Grant Thornton is committed to responding to any inquiries and resolving any complaints about your privacy and our collection or use of your personal information. Individuals with inquiries or complaints should first contact Grant Thornton by email at email@example.com.
Grant Thornton is further committed to referring unresolved privacy complaints to JAMS, an alternative dispute resolution provider. The services of JAMS are provided at no cost to you. Please visit EU-US Data Privacy Framework | JAMS Mediation, Arbitration, ADR Services (jamsadr.com) for more information or file a complaint. With respect to any human resources data collected under the Data Privacy Framework, Grant Thornton will cooperate with the appropriate EU Data Protection Authorities and the Swiss Federal Data Protection Commissioner, as applicable, during the investigation and resolution of complaints. As further explained in the Data Privacy Framework Principles, a binding arbitration option will also be made available to you in order to address complaints not resolved by any other means.
This policy may be amended or modified from time to time consistent with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, please visit dataprivacyframework.gov To view Grant Thornton’s certification, please visit Participant Search (dataprivacyframework.gov)