Effective January 1, 2023


Virginia Privacy Notice


This Virginia Privacy Notice (“Notice”) supplements the Grant Thornton LLP Privacy Statement (“Privacy Statement”) and contains the disclosures required under the Virginia Consumer Data Protection Act (“VCDPA”). Should this Notice conflict in any way with the Privacy Statement, the terms of this Notice will prevail.


What is Personal Data


For Virginia residents, the term “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal Data does not include de-identified data or publicly available information. All other capitalized terms in this Notice have the same meanings as given them in the Privacy Statement unless otherwise indicated.


Personal Data Rights


For residents of Virginia, the VCDPA provides the following rights regarding your Personal Data:

  • to know whether or not Grant Thornton is processing your Personal Data
  • to access to your Personal Data, including providing copies of what you have provided to us to you
  • to correct inaccuracies in your Personal Data, in some circumstances
  • to delete your Personal Data, in some circumstances
  • to opt out of targeted advertising and sales
  • to opt out of profiling where it has legal or significant effects on you.

When Grant Thornton is in possession of de-identified data, it will take reasonable measures to ensure that such data cannot be associated with a natural person and will not attempt to re-identify the Personal Data.


How to Submit a Rights Request


To submit a rights request, please contact us at,  (877) 282-0109, or complete the web form located here.


We will need to verify your identity in order to respond to a rights request. If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account. If you do not have an account with us, we can request from you two data points of Personal Data to verify your identity.


Opt-out of Targeted Advertising


Grant Thornton uses cookies and other technologies to allow us and third parties to collect certain Personal Data, such as device identifiers and page view information about visitors to the Site. This Personal Data is used for various purposes, including to provide you with customized content and experiences. We may also use your Personal Data to improve our platform and services. For example, we may use your account information to speed up sign-in or access to your favorite products and services. You can read more about our cookies use in our Privacy Statement. You can view a list of those cookies and opt out of use of non-essential cookies via this form: 


Sale of Personal Data


Grant Thornton does not sell your Personal Data. 




We do not use profiling or make any decisions based solely on the automated processing of your Personal Data.


Responses to Requests


Grant Thornton will respond to rights requests as required by applicable law. Once you have submitted a request, we will respond to you within forty-five (45) days. If, for some reason, you do not receive a response within forty-five (45) days of your submitted request, please send an email to as an error may have occurred.


If we cannot verify your identity within the forty-five-day (45) time period, we may deny the request. If necessary, we may take up to an additional forty-five (45) calendar days to respond to a request, for a maximum total of ninety (90) calendar days from the date the request is received; provided that we contact you with an explanation of the reason why we will take more than forty-five (45) days to respond to the request.


In the case of a request to delete Personal Data, we may use a two-step process for online requests to delete where you must first, submit the request to delete and then second, separately confirm that you want your Personal Data deleted.


If we are unable to assist you, we will notify you within forty-five (45) days of the date you submitted the request and provide you with notice and an explanation of the reason why we are not able to fulfill your request, including how to appeal our determination.


Appeal Process


If your request is denied, please send us an email to with the Subject Line “Appeal” and attach the communication from Us explaining why we were unable to fulfill your request as well as your response to the reason we provided for not fulfilling your request. We will respond within sixty (60) days of receipt of your appeal. You may contact the Virginia Attorney General through its website: Contact Info ( regarding any complaints you may have with respect to the exercise of your rights.


Categories of Personal Data Collected


Personal Data collected about you will vary according to our interactions with you and the products and services we offer. Specific types or examples of Personal Data that could be collected by Category are provided below. 




Personal Identifiers


Contact information (such as first and last name, e-mail address, mailing address or phone number), and current employer and job title. Some identifiers are automatically collected information from activity on our Sites, such as browser information, IP address, and browser type.

Commercial Information


Reflects an individual’s commercial activities: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Biometric Information

Includes information such as fingerprints required for employment purposes.

Internet Activity


Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding an individual’s interaction with an internet website application, e-mail or advertisement as well as information provided in web forms.

Audio, Visual


Audio, electronic, visual, or similar information which could include audio and video recordings of individuals.

Professional Employment


Name, address and other contact information, work history, educational experience, licenses and certifications, other professional or employment-related information, employee compensation data, full or partial Social Security number, gender, race, ethnicity, citizenship, veteran and disability status, background checks, and employee financial information.

Education Information

Student name, degrees, transcripts, grade point average and associated information.

Web Identifiers


Automatically collected information from activity on our Sites such as browser information, IP address, browser type, web page visit information (page, duration on page), cookie identifiers, URL of page that a visitor was on before visiting our page, search term used to access web pages on the Sites, device type, operating system, ISP/connection speed, display settings (such as screen size and resolution), IP address (used to approximate location), information visitors provide in forms on our site, ad and link clicks, image or text on site, and whether you downloaded a file, image, or clicked on an ad.


Purposes/Uses for Collection


The purposes or uses of Personal Data collected about you will vary according to our interactions with you and the products and services we offer. Specific purposes or uses of your Personal Data are provided below.


Purpose or Use


Analytics and Personalization          


We may use your Personal Data to count impressions to unique web visitors, to verify positioning and quality of ad impressions, customize your web or other experiences with us. We may use your Personal Data to provide you with customized content and experiences. Your Personal Data may also be used in aggregate form to understand Site usage trends and performance analysis as well as to improve our platform and services. For example, we may use your account information to speed up sign-in or access to your favorite products and services.

Security and Site Functioning


We use Personal Data to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions, attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents to the extent that the use of your Personal Data is reasonably necessary and proportionate for these purposes. Your Personal Data may also be used for IT security and systems diagnostic purposes.

Short Term Use         


Your Personal Data may be used for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interactions with us. Your Personal Data is not disclosed or used to build a profile about you or otherwise alter your experience outside the current interaction with the business.

Providing Services


We may use Personal Data to provide services and support to you or our clients. This support could include facilitating events, conducting surveys, event registration and internal system management or support for internal resources that are leveraged to provide client services. This may also include outreach to further develop our business and services, identify client needs and improvements in service and product delivery. It may also include performance analytics and data subject access request processing.


Your Personal Data may also be used to fulfill a contract for services; to perform pre-engagement activities (proposal development); to enforce our rights arising from any contract, including billing, collections, budgeting as well as for internal business operations.

Applications and Employment


Your Personal Data may also be used to create an account on Grant Thornton’s online job board; to process applications for employment and communicate about employment opportunities; share Grant Thornton alumni news and events; conduct background checks; process payroll; review professional certifications; conduct ethical compliance activities; respond to government requests and subpoenas; and regarding insurance programs and claims.

Marketing and Communications


We may also store your name, email address, and other contact information such as company, title and industry in a customer relationship management tool and use it to manage our relationship with you and/or your company or to market to you. We may also use cookies, to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. We may also use your information to respond to requests; to send information about Grant Thornton’s services or events; to send administrative information or notices; to advertise our services on other websites; or to communicate in connection with an engagement.

Legal and Compliance


We may use your Personal Data for legal compliance purposes, investigation of alleged crimes and to establish, exercise or defend legal rights. We also may use or disclose Personal Data as we believe to be necessary or appropriate (i) under applicable law (including to meet a national security or law enforcement requirement); (ii) to comply with legal process or professional standards; (iii) to protect our rights, privacy, safety or property and/or those of our affiliates or clients; or (iv) in a merger, acquisition or asset sale. We will not transfer the Personal Data you provide to any third parties for their own direct marketing use. Our service providers will disclose an individual’s Personal Data to us when the service provider collects the information on our behalf.


We may use your Personal Data in undertaking internal research for technological development and demonstration. This may include activities to develop our business and services, identify client needs and improvements in service and product delivery.


Disclosures of Your Personal Data


We may disclose your Personal Data to processors as defined under Virginia law and as described in Opt-out of Targeted Advertising (above).


No Discrimination


Grant Thornton will not discriminate against you in the event you exercise any of the aforementioned rights. Specifically, we will not:

  • deny goods or services
  • charge different fees or rates for services
  • provide a different level or quality of services
  • suggest that you will receive different rates for services or services at a different level or quality.


Notice or Privacy Statement Changes


Grant Thornton reserves the right to amend or modify this Notice or the Privacy Statement from time to time. We will post any revised Notices or Privacy Statements on our Site, or a similar website that replaces the Site. By continuing to use any of our Sites, you agree that the terms of this Notice and the Privacy Statement as of the effective date will apply to information previously collected or collected in the future as permitted by law.


Corporate Mailing Address:


Grant Thornton LLP

Privacy Office - Risk, Regulatory & Legal Affairs

171 N. Clark Street, Suite 200

Chicago, IL 60601