Effective January 1, 2023
Virginia Privacy Notice
This Virginia Privacy Notice (“Notice”) supplements the Grant Thornton LLP Privacy Statement (“Privacy Statement”) and contains the disclosures required under the Virginia Consumer Data Protection Act (“VCDPA”). Should this Notice conflict in any way with the Privacy Statement, the terms of this Notice will prevail.
What is Personal Data
For Virginia residents, the term “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal Data does not include de-identified data or publicly available information. All other capitalized terms in this Notice have the same meanings as given them in the Privacy Statement unless otherwise indicated.
Personal Data Rights
For residents of Virginia, the VCDPA provides the following rights regarding your Personal Data:
- to know whether or not Grant Thornton is processing your Personal Data
- to access to your Personal Data, including providing copies of what you have provided to us to you
- to correct inaccuracies in your Personal Data, in some circumstances
- to delete your Personal Data, in some circumstances
- to opt out of targeted advertising and sales
- to opt out of profiling where it has legal or significant effects on you.
When Grant Thornton is in possession of de-identified data, it will take reasonable measures to ensure that such data cannot be associated with a natural person and will not attempt to re-identify the Personal Data.
How to Submit a Rights Request
We will need to verify your identity in order to respond to a rights request. If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account. If you do not have an account with us, we can request from you two data points of Personal Data to verify your identity.
Opt-out of Targeted Advertising
Sale of Personal Data
Grant Thornton does not sell your Personal Data.
We do not use profiling or make any decisions based solely on the automated processing of your Personal Data.
Responses to Requests
Grant Thornton will respond to rights requests as required by applicable law. Once you have submitted a request, we will respond to you within forty-five (45) days. If, for some reason, you do not receive a response within forty-five (45) days of your submitted request, please send an email to firstname.lastname@example.org as an error may have occurred.
If we cannot verify your identity within the forty-five-day (45) time period, we may deny the request. If necessary, we may take up to an additional forty-five (45) calendar days to respond to a request, for a maximum total of ninety (90) calendar days from the date the request is received; provided that we contact you with an explanation of the reason why we will take more than forty-five (45) days to respond to the request.
In the case of a request to delete Personal Data, we may use a two-step process for online requests to delete where you must first, submit the request to delete and then second, separately confirm that you want your Personal Data deleted.
If we are unable to assist you, we will notify you within forty-five (45) days of the date you submitted the request and provide you with notice and an explanation of the reason why we are not able to fulfill your request, including how to appeal our determination.
If your request is denied, please send us an email to email@example.com with the Subject Line “Appeal” and attach the communication from Us explaining why we were unable to fulfill your request as well as your response to the reason we provided for not fulfilling your request. We will respond within sixty (60) days of receipt of your appeal. You may contact the Virginia Attorney General through its website: Contact Info (state.va.us) regarding any complaints you may have with respect to the exercise of your rights.
Categories of Personal Data Collected
Personal Data collected about you will vary according to our interactions with you and the products and services we offer. Specific types or examples of Personal Data that could be collected by Category are provided below.
Contact information (such as first and last name, e-mail address, mailing address or phone number), and current employer and job title. Some identifiers are automatically collected information from activity on our Sites, such as browser information, IP address, and browser type.
Reflects an individual’s commercial activities: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Includes information such as fingerprints required for employment purposes.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding an individual’s interaction with an internet website application, e-mail or advertisement as well as information provided in web forms.
Audio, electronic, visual, or similar information which could include audio and video recordings of individuals.
Name, address and other contact information, work history, educational experience, licenses and certifications, other professional or employment-related information, employee compensation data, full or partial Social Security number, gender, race, ethnicity, citizenship, veteran and disability status, background checks, and employee financial information.
Student name, degrees, transcripts, grade point average and associated information.
Automatically collected information from activity on our Sites such as browser information, IP address, browser type, web page visit information (page, duration on page), cookie identifiers, URL of page that a visitor was on before visiting our page, search term used to access web pages on the Sites, device type, operating system, ISP/connection speed, display settings (such as screen size and resolution), IP address (used to approximate location), information visitors provide in forms on our site, ad and link clicks, image or text on site, and whether you downloaded a file, image, or clicked on an ad.
Purposes/Uses for Collection
The purposes or uses of Personal Data collected about you will vary according to our interactions with you and the products and services we offer. Specific purposes or uses of your Personal Data are provided below.
Purpose or Use
Analytics and Personalization
We may use your Personal Data to count impressions to unique web visitors, to verify positioning and quality of ad impressions, customize your web or other experiences with us. We may use your Personal Data to provide you with customized content and experiences. Your Personal Data may also be used in aggregate form to understand Site usage trends and performance analysis as well as to improve our platform and services. For example, we may use your account information to speed up sign-in or access to your favorite products and services.
Security and Site Functioning
We use Personal Data to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions, attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents to the extent that the use of your Personal Data is reasonably necessary and proportionate for these purposes. Your Personal Data may also be used for IT security and systems diagnostic purposes.
Short Term Use
Your Personal Data may be used for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interactions with us. Your Personal Data is not disclosed or used to build a profile about you or otherwise alter your experience outside the current interaction with the business.
We may use Personal Data to provide services and support to you or our clients. This support could include facilitating events, conducting surveys, event registration and internal system management or support for internal resources that are leveraged to provide client services. This may also include outreach to further develop our business and services, identify client needs and improvements in service and product delivery. It may also include performance analytics and data subject access request processing.
Your Personal Data may also be used to fulfill a contract for services; to perform pre-engagement activities (proposal development); to enforce our rights arising from any contract, including billing, collections, budgeting as well as for internal business operations.
Applications and Employment
Your Personal Data may also be used to create an account on Grant Thornton’s online job board; to process applications for employment and communicate about employment opportunities; share Grant Thornton alumni news and events; conduct background checks; process payroll; review professional certifications; conduct ethical compliance activities; respond to government requests and subpoenas; and regarding insurance programs and claims.
Marketing and Communications
Legal and Compliance
We may use your Personal Data for legal compliance purposes, investigation of alleged crimes and to establish, exercise or defend legal rights. We also may use or disclose Personal Data as we believe to be necessary or appropriate (i) under applicable law (including to meet a national security or law enforcement requirement); (ii) to comply with legal process or professional standards; (iii) to protect our rights, privacy, safety or property and/or those of our affiliates or clients; or (iv) in a merger, acquisition or asset sale. We will not transfer the Personal Data you provide to any third parties for their own direct marketing use. Our service providers will disclose an individual’s Personal Data to us when the service provider collects the information on our behalf.
We may use your Personal Data in undertaking internal research for technological development and demonstration. This may include activities to develop our business and services, identify client needs and improvements in service and product delivery.
Disclosures of Your Personal Data
We may disclose your Personal Data to processors as defined under Virginia law and as described in Opt-out of Targeted Advertising (above).
Grant Thornton will not discriminate against you in the event you exercise any of the aforementioned rights. Specifically, we will not:
- deny goods or services
- charge different fees or rates for services
- provide a different level or quality of services
- suggest that you will receive different rates for services or services at a different level or quality.
Notice or Privacy Statement Changes
Grant Thornton reserves the right to amend or modify this Notice or the Privacy Statement from time to time. We will post any revised Notices or Privacy Statements on our Site, or a similar website that replaces the Site. By continuing to use any of our Sites, you agree that the terms of this Notice and the Privacy Statement as of the effective date will apply to information previously collected or collected in the future as permitted by law.
Corporate Mailing Address:
Grant Thornton LLP
Privacy Office - Risk, Regulatory & Legal Affairs
171 N. Clark Street, Suite 200
Chicago, IL 60601