Grant Thornton and certain subsidiaries (Grant Thornton Financial Advisors LLC) participate in the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework and the UK Data Privacy Extension programs administered by the U.S. Department of Commerce regarding our collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. Grant Thornton’s participation in the Data Privacy Framework programs applies to the collection, use, and retention of any personal information transferred from the European Union, European Economic Area, the United Kingdom, and Switzerland whether through our Sites or in connection with providing our Services or operating and administering our business. To learn more, please visit the Data Privacy Framework site.
Grant Thornton LLP and its subsidiary Grant Thornton Financial Advisors (collectively, “Grant Thornton” for purposes of this Notice) comply with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. Grant Thornton has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability, and the 16 Supplemental Principles (collectively, Data Privacy Framework Supplemental Principles”).
Grant Thornton’s participation in the Data Privacy Framework is subject to the investigatory and enforcement powers of the Federal Trade Commission and other U.S. authorized statutory bodies as applicable.
Grant Thornton’s adherence to the Data Privacy Framework Principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.
Personal Information collected about you will vary according to our interactions with you and the products and services we offer. Specific types or examples of Personal Information that could be collected by category are provided below.
Category of Personal Information | Purpose of collection | Category of third parties to whom data is potentially disclosed |
Personal identifiers: contact information (such as first and last name, e-mail address, mailing address or phone number), and current employer and job title | To respond to requests; to send information about Grant Thornton’s services or events; to send administrative information or notices; to advertise our services on other websites; to communicate in connection with an engagement | Service providers; service providers for marketing services; our affiliates in Bengaluru, India; other member firms of GTIL |
Education and professional information: name, address and other contact information, work history, educational experience, licenses, and certifications, other professional or employment-related information, full or partial Social Security number, gender, race, ethnicity, citizenship, veteran, and disability status | To create an account on Grant Thornton’s online job board; to process applications for employment and communicate about employment opportunities; to evaluate information for employment opportunities | Service providers; our affiliates in Bengaluru, India; background check vendors |
Audio, visual: This category would include audio and video recordings and surveillance | Employment and security | Service providers for providing audio/visual services; law enforcement authorities |
Internet activity: automatically collected information from activity on our Sites such as browser information, IP address, and browser type | To personalize content on our Sites; to track activity on and technical performance of our Sites; to evaluate our marketing efforts; to improve our Sites | Service providers for providing internet services; service providers for marketing services |
Personal identifiers: personal information collected while providing services and in connection with pre-engagement activities | To fulfill a contract for services; to perform pre-engagement activities; to enforce our rights arising from any contract, including billing and collections | Service providers; our affiliates in Bengaluru, India; other member firms of GTIL |
Grant Thornton’s participation in the Data Privacy Framework program applies to all personal information that we receive from the European Union, European Economic Area, the United Kingdom and Switzerland. Grant Thornton collects and receives personal information from the European Union, the United Kingdom and Switzerland in connection with client engagements for audit, tax and advisory services. We also collect and receive personal information related to employees from other member firms of Grant Thornton International Ltd. seeking employment or internship opportunities with us. We may also collect personal information from individuals located in the European Union, the United Kingdom and Switzerland who voluntarily provide such information through Grant Thornton’s Web sites in connection with applying for job openings or subscribing to events or media alerts. Please see the Privacy Statement on our external Web site at https://www.grantthornton.com/privacy-policy for more information.
As described in the Data Privacy Framework Principles, Grant Thornton also has certain responsibilities related to personal information that it receives under the Privacy Framework and subsequently transfers to a third party. In particular, Grant Thornton remains responsible and liable under the Data Privacy Framework Principles if third party agents that Grant Thornton engages to process personal information on our behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless we prove that Grant Thornton is not responsible for the event giving rise to the damage. The Federal Trade Commission has jurisdiction over Grant Thornton’s compliance with the representations made in this notice and the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework frameworks.
Individuals have the right to access their personal information, or correct, amend or delete such information where it is inaccurate or processed unlawfully, and also to opt out of disclosures to third parties who do not process personal information as part of the purpose for which personal information was collected or subsequently authorized or and any uses that are materially difference from the original purpose of collection as described in the Data Framework Principles. To exercise these rights, please email us at privacy.questions@us.gt.com.
Grant Thornton is committed to responding to any inquiries and resolving any complaints about your privacy and our collection or use of your personal information. Individuals with inquiries or complaints should first contact Grant Thornton by email at privacy.questions@us.gt.com.
Grant Thornton is further committed to referring unresolved privacy complaints to JAMS, an alternative dispute resolution provider. The services of JAMS are provided at no cost to you. Please visit EU-US Data Privacy Framework | JAMS Mediation, Arbitration, ADR Services (jamsadr.com) for more information or file a complaint. With respect to any human resources data collected under the Data Privacy Framework, Grant Thornton will cooperate with the appropriate EU Data Protection Authorities and the Swiss Federal Data Protection Commissioner, as applicable, during the investigation and resolution of complaints. As further explained in the Data Privacy Framework Principles, a binding arbitration option will also be made available to you in order to address complaints not resolved by any other means.
This policy may be amended or modified from time to time consistent with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, please visit dataprivacyframework.gov To view Grant Thornton’s certification, please visit Participant Search (dataprivacyframework.gov)