article banner

Privacy policy

This Policy provides you with information on the way Grant Thornton [1] acting as a Data Controller, processes and protects the personal data which are gathered lawfully, either by electronic means or in any other way, within the context of a potential provision of products or services, cooperation with third parties such as indicatively clients, subcontractors, suppliers, external associates, candidates/prospective employees’ selection process and/or your visit to our website (“Website”) and for which purposes Grant Thornton processes these personal data.

Given that we process your personal data, your integrity and privacy as a natural person are of crucial importance to us. Therefore, we strive to maintain a high level of protection of your personal data in accordance with the applicable legislation.

Grant Thornton, in the context of its compliance with the No.679/2016 European General Data Protection Regulation ("GDPR") and the applicable European and Greek legislation on the protection of personal data ("Applicable Legislation"), had already proceeded from the beginning of the implementation of the GDPR to the creation of a competent team for the protection of personal data (privacy team). In addition, a member of the privacy team has been appointed as a Data Protection Officer (DPO).

What personal data do we collect?

Data required for the submission of requests, enquiries, orders, complaints

When you visit the Website, register or otherwise request information or provision of products or services, order publications or subscriptions, submit an enquiry or complaint, you may provide basic identification personal data and contact information, such as your first and last name, telephone number and e-mail address or other information intentionally submitted by you. We do not request and our intention is not to process any special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation and data relating to criminal convictions and offences or related security measures ("Special categories of data"). Therefore, you are kindly requested to abstain from providing such types of data about you. If you have any questions about whether the provision of such types of data is, or may be, necessary or appropriate for particular purposes, please contact the DPO/privacy team at privacy@gr.gt.com. However, if you choose to provide us with the afore-mentioned data or further data that we do not request, we will process these data as long as they are deemed relevant and limited to what is necessary in relation to the purposes for which they were provided, and as long as a valid legal basis applies, otherwise we will delete them. In any case, the processing performed by us is in accordance with this Policy, the GDPR and the Applicable Legislation.

Data required for the application for a vacancy or/and evaluation of your candidacy

When you apply for a vacant job, we mainly process the following personal information about you: first and last name, e-mail address, telephone number and any information relating to your educational and professional background, as submitted by you in any documents attached, such as CV and cover letter. Kindly note that no Special categories of data are required by you for the purposes of submitting a job application at Grant Thornton. Therefore, you are kindly requested to abstain from providing such types of data about you. If you have any questions about whether the provision of such types of data is, or may be, necessary or appropriate for particular purposes, please contact the DPO/privacy team at privacy@gr.gt.com However, if you choose to provide us with the afore-mentioned data, or further data that we do not request, we will process these data as long as they are deemed relevant and limited to what is necessary in relation to the purposes for which they were provided and as long as a valid legal basis applies, otherwise we will delete them. In any case, the processing performed by us is in accordance with this Policy and the Applicable Legislation.

As part of the evaluation of your candidacy, depending on the vacant job you are applying for, you may be subject to skill tests either physically or online, provided that you have been previously notified of said procedure.

Cookies

What is a Cookie

We collect information about your browsing history and preferences through the use of cookies for the monitoring of the performance of the Website and the personalization of your experience. Cookie is a small piece of data or message that is sent from an organization's web server to your web browser and is then stored on your hard drive. Cookies can't read data off your hard drive or cookie files created by other sites, and do not damage your system.

However, you can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. To find out more about cookies, including what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org. 

If you choose not to accept our cookies, some of the features of the Website may not work as well as we intend. 

The Website uses the following cookies:

Cookie type Cookie Name Purpose
Google analytics

_ga

_gat
_gid
utma
_utmb
_utmc
_utmz

These cookies are used to monitor the performance of our site. We use the information to help us improve the site. The cookies collect information in an anonymous form, including the number of visits to our site, where visitors have come from to the site and the pages they visited.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
.Net cookies

ASP.NET_SessionId

The ASP Session Cookie may be set as part of your online experience if using a site login to enable us to identify you. It only exists for the duration of the browsing session and is deleted afterwards.

CMS Platform cookies

ARRAffinity

 Used to distribute traffic to the website on several servers in order to optimise response times.

CMS Platform cookies

EPi_NumberOfVisits

This is used to track the number of visits to the website

Youtube preferences PREF
use_hitbox
VISITOR_INFO1_LIVE
We use YouTube to embed a selection of videos in our Thinking and campaign pages. The embedded videos do not set cookies themselves and can be played with no cookies set. However, if the 'Share' button is clicked YouTube will set cookies. The VISITOR_INFO1_LIVE cookie attempts to estimate your bandwidth and the use_hitbox and PREF cookies increment the 'views' counter on the YouTube video and stores session preferences. These cookies don't gather information that identifies a user.

URL and IP address

When you visit, navigate or leave the Website, we receive your Internet Protocol (IP) address and your most recently visited URL addresses.

How do we use your personal data?

Grant Thornton solely requests and processes the personal data that are necessary for the fulfillment of the specified herein, explicit and legitimate purposes, in accordance with the applicable legal basis. In case you do not wish to provide personal data falling under the required fields of the Website, we cannot guarantee you that the respective purpose shall be met.

The applicable legal basis per purpose is one of the following:

  • Our contractual relationship, e.g. for the purposes of provision of the services or products requested, including the management of orders and supplies, etc. or in order to take steps at the request of the data subject prior to entering into a contract e.g. for the purposes of managing a candidate’s job application etc.
  • Your consent, e.g. for the purposes of managing your subscription or registration, or for the use of optional cookies for the purposes of improving your experience and providing you with more personalized services corresponding to your needs and preferences, etc.
  • Compliance with our legal obligations or any applicable regulatory requirements or judicial decisions. This includes the processing of your personal data in cases where we act as data controller in relation to the services we provide to our clients, e.g. in the statutory and/or tax audit or in the provision of tax compliance services. More specifically, we may collect from our client the necessary for the provision of our services personal data of its employees, clients or suppliers or other natural persons (which may include identification, communication, employment and financial personal data) and we may process them as independent data controller abiding by the applicable legislation.
  • Performance of a task carried out in the public interest, such as the processing of your personal data by us as obliged entity for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing before establishing a business relationship or carrying out an occasional transaction with you
  • Our legitimate interests, to the extent that they are not overridden by your interests, rights or freedoms

Grant Thornton's legitimate interests include the following purposes:

  • Monitoring of the performance of the Website for security or other reasons, proper operation of the Website and dissolution of any technical issues
  • Assessment and improvement of the products and services provided
  • Organization of events, seminars, marketing activities and provision to you or your organization of information relating to them, changes within our company and news in areas that we believe are relevant to you in your professional role,
  • Conduct of client and market research or other surveys (including customers’ satisfaction surveys) and management of responses
  • Marketing of our products and services,
  • Statistical purposes, such as research about our visitors' demographics, interests and behavior on an aggregated and anonymous basis
  • When necessary, the establishment or defense of a legal claim.

How long are your data stored?

Grant Thornton takes reasonable measures to store your personal data only for as long as is necessary to fulfil each of the above purposes for which the data were collected, in accordance with any legal, regulatory or internal policy requirements and always abiding by the Applicable Legislation. Indicatively, the following are provided.

In case of contractual relationships, your personal data shall be stored until termination of said contract, unless further storage is provided by law.

In case of unsuccessful job application, your personal data shall be stored until completion of the recruitment process and, up to two more years in case that a new job opportunity comes up. You may ask us to store your personal data for a shorter time period or to delete them immediately by sending an e-mail to privacy@gr.gt.com, according to the procedure described in section “What are your privacy rights?”.

In case of submission of your CV in the context of general interest for working in our company, your personal data shall be stored for up to two years from the submission of your CV, unless you specify a shorter retention time period or declare at any time that you do not wish to retain them further, by sending an e-mail to privacy@gr.gt.com, in accordance with the procedure described in section "What are your privacy rights?". In both above-mentioned cases, the retention of your personal data for a longer time period can only take place if you submit your updated CV and show interest again in working for our company.

Personal data processed on the basis of our legitimate interests shall be stored until you request us to stop using your personal data for said purposes to the extent that Applicable Legislation’s requirements are met. You can submit such a request (opt-out), in accordance with the provisions of the Applicable Legislation, by sending an e-mail to privacy@gr.gt.com, according to the procedure described in section “What are your privacy rights?”.

Personal data that we process for sending newsletters, subscriptions or notifications about other updates are stored until you terminate the subscription or you notify us that you do not wish to receive them anymore, which can be made at any time by sending an e-mail to privacy@gr.gt.com, according to the procedure described in section “What are your privacy rights?”.

You can at any time withdraw your consent (if any), in case the processing is based on it, by sending an e-mail to privacy@gr.gt.com

In the above cases, your data will be immediately erased unless there is a lawful and valid ground for further retention. In any case, you will be informed respectively.

Are your data secured?

We abide by the Applicable Legislation and our privacy policies and we apply reasonable and appropriate technical and organizational security measures to protect your personal data against accidental destruction, loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing, covering any technology infrastructure point. We always secure that solely authorized users have access to your personal data, abiding by confidentiality clauses, on a need to know basis and to the extent necessary in order to fulfil the respective purposes.

We use firewall and other secured systems, advanced electronic identification tools, and where appropriate we apply pseudonymization and encryption of personal data. We abide by internal routines, training and policies covering careful handling of personal data, as well as data minimization, purpose limitation, accuracy, storage limitation and incident management. For your safety, login to the client portal is encrypted through a secure channel.

Login details may not be shared or used by more than one user. In any case, you are personally responsible for not making the login procedure available to unauthorized persons. Each user is responsible for confidentiality and the correctness of login details and other account information. You must inform Grant Thornton immediately in the event of unauthorized access to login details. You are also responsible for using appropriate technologies to prevent your device not being affected by viruses or similar malware.

To whom might we disclose your personal data?

In order to meet your requests or our business needs or in order to adequately provide our services, we may transfer your personal data to third parties solely if it is required by law or contract and only where it is legitimate to do so. In any case, we transfer only the personal data that are necessary for the fulfillment of the respective purposes and we secure the confidentiality of your personal data. Indicatively, we may transfer your personal data to the following categories of recipients:

  1. Public authorities, courts, law enforcement agencies, regulatory bodies, including any data privacy, security or similar audits, in compliance with applicable laws or following a request for information
  2. Various suppliers or service providers, such as systems hosting, IT support, external consultants, etc. We transfer your personal data to them only if they meet our high standards on data processing and provided that we have entered into a written data protection agreement with them. Indicatively, it is noted that for the sound conduct of our clients’ acceptance procedures, our company may transfer your personal data to ICAP S.A. In any case, a Data Processing and Protection Agreement has been entered into between our company and ICAP S.A. which applies both when ICAP S.A. acts as a Data Controller and when ICAP S.A. acts as a Data Processor. For further details regarding the processing of your personal data by ICAP S.A. and the exercise of your legal rights when ICAP S.A. acts as a Data Controller within the context of its legal interests and for the purpose of assessing your creditworthiness, please consult ICAP S.A.’s Privacy Policy here.
  3. Grant Thornton member firms within EEA, which always abide by global confidentiality and data protection policies
  4. Insurance companies or legal advisors in connection with legal proceedings if necessary for Grant Thornton to exercise its legitimate interests

Within the course of our business operations, we may be required to share your personal data with third parties located outside EEA, such as Grant Thornton member firms outside EEA or other third parties outside EEA. Indicatively, your personal data may be transferred to service providers for hosting of servers or IT applications support, to our global network in compliance with Grant Thornton global policies or within the context of surveys or audits, to non-EEA regulatory bodies or agencies, etc.

We will proceed with said transfers provided that we are confident that the level of protection applied to your data will be similar as within EEA. Transfers of personal data within Grant Thornton network will be based on interfirm standard contractual clauses. Transfers outside of the network, will be based on standard contractual clauses or other adequate safeguards, in compliance with applicable law.

What are your privacy rights?

You are entitled to exercise the following rights, in accordance with the provisions of the Applicable Legislation: 

  1. Request access to and obtain a copy of your personal data processed by us
  2. Amend / update your personal data if they are inaccurate or incomplete or request said amendment
  3. Request erasure of your personal data, in cases provided by the Applicable Legislation (right to be forgotten)
  4. Request restriction of your personal data, in cases provided by the Applicable Legislation
  5. Request to receive your personal data in a structured, commonly used and machine-readable format and transmit them to another data controller in cases provided by the Applicable Legislation (right to data portability). This applies in particular to natural persons, who are Grant Thornton’s clients and wish to have their accounting or other material transferred in order to use it elsewhere,
  6. Object to the processing of your personal data performed by us, in cases provided by the Applicable Legislation,
  7. Lodge a complaint with the Greek Data Protection Authority at the following contact details:

Address: Kifissias 1-3, 115 23 Athens, Greece
Telephone: +30-210 6475600
Fax: +30-210 6475628
E-mail: complaints@dpa.gr

You can exercise the rights 1 to 6 above by submitting your request directly to privacy@gr.gt.com or, for your convenience, by filling out the form that can be found here and sending it to us via e-mail to privacy@gr.gt.com or via registered letter to the postal address of our company, as provided in the afore-mentioned form. We inform you that your request will be reviewed and followed up by the DPO/privacy team and we will make all reasonable efforts to reply to you as soon as possible, and in any case within the time frames provided by applicable law and professional standards.

What else should you know?

The Website may contain links or references to external websites provided and maintained by the global organization that Grant Thornton is a member of (Grant Thornton International Ltd), another member firm or a third party. Grant Thornton is not responsible for privacy issues on websites provided and maintained by another party. Should you wish to visit any said website, you are highly encouraged to read the respective privacy policy of each third party.

Grant Thornton uses reasonable endeavors to ensure that your personal data are always accurate and up to date. This means that from time to time, we will ask you to tell us if there are any changes to your personal data.

This Policy may be modified periodically in order to reflect amendments in our privacy practices or legal requirements. In such cases, you will be able to check the most updated version at the Website. Thus, you are encouraged to visit the Website on a regular basis.

Grant Thornton shall not collect or store personal data of children less than 15 years old. If Grant Thornton finds out that such data have been collected, it shall erase them immediately, unless such data have been provided following the consent of the holder of parental responsibility over the child.

Contact us

If you have any questions or concerns about this Policy or in case you need more information about your rights and how to exercise them, please contact the DPO / privacy team of our company at privacy@gr.gt.com or at the following postal address: 58 Katehaki Av., 11525, Athens.

[1] “Grant Thornton”, “we”, “us” and “our” refers to “Grant Thornton Chartered Accountants and Management Consultants Societe Anonyme” and “Grant Thornton Tax and Business Advisory Solutions Societe Anonyme”.