Privacy Statement

 

Last Updated: January 10, 2024

 

Table of Contents

 

 

Introduction

 

Grant Thornton LLP and Grant Thornton Advisors LLC (collectively “Grant Thornton” or “we”) is a national professional services firm which provides assurance, tax, financial advisory, and consulting services to private and publicly traded businesses, and government organizations, as well as to individuals (the “Services”). This Privacy Statement outlines our general policy and practices for protecting personal information that we collect through our website at www.grantthornton.com and other websites (each, a “Site”) that we operate and in connection with the provision of the Services. This Privacy Statement explains the types of information we gather through our Sites and in connection with our Services, how we use that information, and the choices individuals may exercise regarding our use of, and their ability to correct, that information. By submitting personal information to us, you are consenting to use of your personal information (including any disclosures, processing, and transfers of your information to third parties by Grant Thornton) in accordance with this Privacy Statement. Any consent you provide is entirely voluntary. If you do not accept this Privacy Statement, then you should not submit any personal information to Grant Thornton through this Site or in connection with any Services.



Grant Thornton and certain subsidiaries participate in the EU-U.S. Data Privacy Framework (“DPF”) and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF  (“Data Privacy Framework”) programs administered by the U.S. Department of Commerce regarding our collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. Grant Thornton’s participation in the Data Privacy Framework programs applies to the collection, use, and retention of any personal information transferred from the European Union, European Economic Area, the United Kingdom, and Switzerland whether through our Sites or in connection with providing our Services or operating and administering our business. To learn more, please visit the EU-U.S. Data Privacy Framework (“DPF”) and the UK Extension to the EU-U.S. DPF and the Swiss-U.S DPF site.

 

 

 

State Specific Privacy

 

Certain states require specific provisions in notices and privacy policies for their residents. Please see the links below for state-specific notices and policy provisions:

 

 

Notice, Choice and Use

 

In order to use this Site, you do not need to send us any personal information. You may voluntarily provide us directly or via our service providers with personal information, such as your name and contact information, by submitting your resume or work history information, subscribing to publications, joining our mailing lists, participating in online surveys or self-assessment tools, registering on the “Log In” page, registering for events (e.g., webcasts, seminars, or conferences), requesting access to specific content, responding to a survey, submitting requests to meet with Grant Thornton representatives or by submitting requests through our “Contact Us” or “Submit RFP” mailboxes. In some instances, we or our service providers using online identification technologies, such as cookies and beacons, may automatically collect certain types of information when you visit our Sites or through the emails we exchange. We may use the personal information you submit to us to respond to your requests, send you information about Grant Thornton’s services or events, send you administrative information or notices, send you information about our services, advertise our services to you on other sites or social media platforms, provide a more personalized experience, improve our Site, and for our internal business purposes. If you no longer wish to receive promotional communications from us, you may at any time request that we discontinue sending you such materials by contacting us using the contact information listed below.

 

We do not seek sensitive personal information on this Site except where we are required to do so as part of the employment recruitment process. If you choose to apply for a job through our Site, we may collect information such as your name, address and other contact information, work and educational experience, licenses and certifications, and other personal information. Your decision to submit such information is entirely voluntary. We may use this information to process and evaluate your application for employment and to communicate with you about employment opportunities. We may also retain and use this information to identify, and communicate with you about, future potential employment opportunities with us. If we elect to make an offer of employment, this information may become part of the employee file and may be used for other employment and work-related purposes.

 

In connection with providing Services, Grant Thornton enters into contracts with its clients that describe the purpose for which information (including personal information) is collected and used. Companies that engage Grant Thornton are responsible for obtaining, as required pursuant to law or regulation, consents from parties that provided the company with their personal information, which will be transferred to and used by Grant Thornton to perform the Services requested. Individuals that engage Grant Thornton will be asked to consent to provide their personal information to us to perform the Services requested.

 

Our legal basis for processing any personal information provided to us is either that (i) you have expressly consented to the practices described in this Privacy Statement by voluntarily providing your personal information to Grant Thornton; (ii) such processing is necessary for the performance of a contract where Grant Thornton has been engaged to provide Services; (iii) to meet legal, regulatory or professional standards obligations; or (iv) to perform activities in furtherance of our lawful and legitimate interests. Examples of such lawful and legitimate interests for use of data in our possession or control include conducting internal administrative activities, marketing our Services, analyzing our marketing efforts, and enhancing and personalizing a visitor’s experience on our Sites.

 

We do not use profiling or make any decisions based solely on the automated processing of your personal information. We retain personal information for only so long as necessary for the intended purpose for which it was collected, unless a longer retention period is required or permitted by law or our document retention policies based on professional standards and best practices. We may also store your name, email address, and other contact information such as company, title and industry in a customer relationship management tool and use it to manage our relationship with you and/or your company.

 

 

 

Site Logging and IP Addresses

 

As is the case with many commercial websites, Grant Thornton automatically logs certain information about visitor access to a Site, which may include a visitor’s internet protocol address, browser type, language, internet service provider, pages and content viewed, referring/exit pages, and/or operating system, as well as date and time stamps. A visitor’s IP address may be used for IT security and systems diagnostic purposes. It may also be used in aggregate form to understand Site usage trends and performance analysis.

 

 

 

Cookies

 

We use “cookies” which are small data files stored on a visitor’s computer or internet-enabled device that serve a number of purposes such as enhancing your on-line experience when visiting our Sites by remembering elections made, content accessed or downloaded, and responses to forms and surveys. The use of “cookies” is common practice for most websites; however, most web browsers include settings that allow users to decline cookies.

 

We show a cookie banner on some of our Sites to inform visitors that we use cookies and similar tracking technologies to personalize content we display based on your preferences, provide social media features like sharing pages to your networks, analyze our Sites’ performance, and advertise our services to you. We share information our trackers collect with partners who help us with these use cases.

 

If you do not accept our cookies, you may not be able to fully experience some of our Site’s functionality. After you finish browsing our Sites, it is possible for you to delete cookies from your system if you choose to do so.

Further information about managing cookies can be found in your browser’s help file or through sites such as www.allaboutcookies.org or www.cookiecentral.com.

 

Types of Cookies Used

 

There are two basic categories of cookies, namely, first party and third party. They are both served to the user. First party cookies are directly served by Grant Thornton, while third party cookies are served on behalf of Grant Thornton by a third party (e.g., Adobe Analytics, Marketo).

 

On our Sites, we use five different types of cookies that we describe more in details below. The first is an essential or strictly necessary cookie. It’s a cookie that is necessary for the Site to function and cannot be switched off in our systems. These cookies are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Site will then not work properly. These cookies do not store any personally identifiable information.

 

We also have performance cookies that allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our Site and will not be able to monitor its performance.

 

In addition, we use functionality cookies that enable the Site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.

 

Finally, we have advertising cookies, which may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.

 

The list below details the types of cookies used on our Sites:

Manage your tracking preferences:  


 

First Party Cookies

Category/Purpose

Function 

Expiration

__cf_bm

Targeting/Advertising

This is a Marketo cookie

End of session

__sharethis_cookie_test__

Targeting/Advertising

Tracks which pages are being shared and by whom

End of session

__utmzzses

Targeting/Advertising

Used for advertising/tracking with Google Analytics

End of session

_fbp

Targeting/Advertising

Stores and tracks visits across websites

3 months

_ga

Performance

Google Universal Analytics cookie used to distinguish unique users

2 years

_gclxxxx

Performance

Google conversion tracking cookie

3 months

_gid

Performance

Google Universal Analytics cookie used to store and update a unique value for each page visited

1 day

_mkto_trk

Performance

Marketo tracking cookie

2 years

_uetsid

Targeting/Advertising

Stores and tracks visits across websites

1 day

_uetvid

Targeting/Advertising

Stores and tracks visits across websites

16 days

adEdition

Targeting/Advertising

NBC Universal site chooser cookie

1 day

AMCV_

Targeting/Advertising

Adobe Marketing Cloud cookie stores a unique visitor identifier

2 years

AMCVS_

Targeting/Advertising

Adobe Marketing Cloud cookie stores a unique visitor identifier

End of session

ASP.NET_SessionId

Strictly necessary

Maintains an anonymized user session by the server

End of session

at_check

Functional

Adobe Target cookie checks if cookies are enabled/supported on the browser

End of session

BIGipServerab48web-nginx-app_https

Strictly necessary

Ensures user requests are routed consistently to the correct server

End of session

cuvid

Functionality

Determines unique visitors to the website and it is updated with each page view

End of session

cuvon

Functionality

Signals the last time a visitor viewed a page

End of session

mbox

Functionality

Adobe Target cookie generates dynamic content on the page

2 years

OptanonAlertBoxClosed

Strictly necessary

OneTrust cookie set after visitors have seen the cookie information notice and actively closed the notice down

1 year

OptanonConsent

Strictly necessary

OneTrust cookie storing information about the categories of cookies the website uses and whether visitors have given or withdrawn consent for the use of each category

1 Year

PHPSESSID

Strictly necessary

PHP session cookie

End of session

s_cc

Performance

Adobe Site Catalyst cookie checks to see if cookies are enabled

End of session

test

Strictly necessary

Adobe Analytics cookie checks to see if cookies are enabled

End of session

TEST_AMCV_COOKIE

Performance

Adobe Analytics website tracking

2 years

 

 

 

 

Third Party Cookies

Category/Purpose

Function 

Expiration

anj

Targeting/Advertising

Owned by AppNexus Inc. for advertising services

3 months

at_check

Targeting/Advertising

Owned by Adobe for advertising services

End of session

audience

Targeting/Advertising

Owned by Spotxchange for video advertising services

1 year

BIGipServerab48web-nginx-app_https

Targeting/Advertising

This is a Marketo cookie used for advertising

End of session

BIGipServerPOOL-134.213.193.62-MUNCHKIN-80

Targeting/Advertising

This is a Marketo cookie used for advertising

End of session

browser_id

Targeting/Advertising

LinkedIn cookie embedding slide presentations into websites

5 years

c

Targeting/Advertising

IPONWEB cookie provides real time bidding platform for online advertising

1 year

C

Targeting/Advertising

Adform cookie providing real time bidding platform for online advertising

1 month

cmd

Targeting/Advertising

Contains marketing partner user IDs

1 year

CMID

Targeting/Advertising

Owned by Casale Media for advertising services

1 year

CMPRO

Targeting/Advertising

Owned by Casale Media for advertising services

3 months

CMPS

Targeting/Advertising

Owned by Casale Media for advertising services

3 months

CMTS

Targeting/Advertising

Owned by Casale Media for advertising services

3 months

Consent

Targeting/Advertising

Carries out information about how the user consent

2 years

cusid

Performance

Unique user session identifier to track page visits on the site

30 min

demdex

Targeting/Advertising

Adobe Audience Manager for visitor identification and ID synchronization.

6 months

dpm

Targeting/Advertising

Adobe Audience Manager cookie used for targeted marketing

6 months

eud

Targeting/Advertising

Contains marketing partner user IDs

1 year

euds

Targeting/Advertising

Delivers targeted advertising across our Sites

End of session

everest_g_v2

Targeting/Advertising

Owned by Adobe for advertising services

1 year

everest_session_v2

Targeting/Advertising

Owned by Adobe for advertising services

End of session

geoEdition

Targeting/Advertising

This is a NBC Universal site chooser cookie

1 day

IDE

Targeting/Advertising

Doubleclick cookie providing real time bidding platform for online advertising

1 year

LiveBall

Targeting/Advertising

This is a LiveBall cookie for advertising

1 year

mt_misc

Targeting/Advertising

This is a MediaMath Inc. cookie providing digital advertising

1 month

muid

Targeting/Advertising

Syncs across different Microsoft domains, allowing user tracking

1 year

rud

Targeting/Advertising

Optimizes the ads display based on user behavior

1 year

ruds

Targeting/Advertising

Optimizes the ads display based on user behavior

End of session

test_cookie

Targeting/Advertising

Doubleclick cookie providing real time bidding platform for online advertising

End of session

tuuid

Targeting/Advertising

IPONWEB cookie provides real time bidding platform for online advertising

1 year

tuuid_lu

Targeting/Advertising

IPONWEB cookie provides real time bidding platform for online advertising

1 year

uuid

Targeting/Advertising

This is a MediaMath Inc. cookie providing digital advertising

1 year

uuid2

Targeting/Advertising

Owned by AppNexus Inc. for advertising services

3 months

pxrc

Targeting/Advertising

Owned by LiveRamp Holdings, Inc. for advertising services

3 months

rlas3

Targeting/Advertising

Owned by LiveRamp Holdings, Inc. for advertising services

1 year

 

 

Google Analytics

 

We use the services of Google Analytics, a web analytics service provided by Google, Inc. (“Google”). This analytical tool uses cookies and other similar technologies to help analyze how visitors use the Sites. Our Site offers the ability to turn off tracking cookies. For more information about the collection and use of data through Google Analytics, please refer to https://www.google.com/policies/privacy/partners. Google offers the ability to opt -out from tracking through Google Analytics cookies. For more information, please visit https://tools.google.com/dlpage/gaoptout. Google has developed the Google Analytics Opt-out Browser Add-on to provide website visitors with more choice on how their data is collected by Google Analytics. The add-on communicates with Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services. You can also opt out of Google Analytics by declining cookies for advertising and performance.

 

 

 

Adobe Analytics


We use the services of Adobe Analytics, a web analytics service provided by Adobe, Inc. This analytical tool uses cookies and other similar technologies to help analyze how visitors use the Sites. Our Site offers the ability to turn off tracking cookies (advertising, performance and functional), including Adobe Analytics. Adobe Analytics cookies collect the following data: web pages within a Site; name of web page; time spent on page; time of day; cookie IDs; URL of page that a visitor was on before visiting our page; search term used to access web pages on the Sites; browser type; device type; operating system; ISP/connection speed; display settings (such as screen size and resolution); IP address (used to approximate location); information visitors provide in forms on our Site; whether visitors clicked on an ad; whether visitors clicked on a link, image or text on the Site; whether visitors downloaded a file, image, etc.; and ad campaign success rates.

 

 

 

Web Beacons

 

We or our digital media service providers also use web beacons; a small transparent image also referred to as a tracking pixel to help us better understand the effectiveness of our content and advertisement, the interests of our visitors, and to improve visitor experience on the Sites. These beacons allow us to determine which visitors have come to this Site after viewing an advertisement we have served on third party websites. We also work with such third parties to collect data so that we can determine the effectiveness of our ads and serve ads targeted to your interests. The use of web beacons does not provide us with any personal information, and we do not use this technology to access your personal information. It is used only to compile aggregated data about visitors to this Site.

Web beacons do not place information on your device but may work in conjunction with cookies to monitor activity. You have the option to render some web beacons unusable by rejecting their associated cookies (advertising, performance and functional). The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded.

 

 

 

Email Communications

 

In some of our newsletters and other email communications, we may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge visitor interest and to enhance future visitor experiences.

If you do not wish us to confirm whether you have opened, clicked on, or forwarded our communications, you will need to unsubscribe, as it is not possible for us to send these emails without tracking enabled. Registered subscribers can update their communication preferences at any time by following the instructions in the individual email communications you receive from us.

 

 

 

Do Not Track Signals

 

Some web browsers incorporate a “do-not-track” or similar feature that signals to websites with which the browser communicates that a visitor does not want to have their online activity tracked. If you have enabled a legally recognized browser-based opt out preference signal (e.g. Global Privacy Control) on your browser, Grant Thornton will recognize this preference according to and the extent required by applicable law. 

 

 

 

Third-Party Web Services

 

We at times use web services from third parties on this Site to present content within the pages of this Site, e.g., to display videos and social content, to conduct surveys, etc. We cannot prevent these web services from collecting information on your usage of this embedded content and recommend that you review their respective terms of use and privacy policies for further information.

 

 

 

Social Sharing

 

We provide visitors the capability to share links to our content via social media and email. This capability connects the visitor directly with their third party social media sites and email service provider. No personal information, IDs or passwords are made available to or stored by Grant Thornton in connection with this activity. After the content sharing is initiated, all interactions are directly between the user and their respective social media platform or email provider. We recommend reviewing the respective terms of use and privacy policies of your social media sites and email service provider for further information.

 

 

 

Form Auto Fills

 

We auto fill form fields for your convenience on return visits. Once you have submitted a form field on a previous visit such as your first name, we will automatically fill your first name on forms when you return to our Site. This only works if you are on the same device, using the same browser, if you accepted cookies, and have not cleared your cookies since the prior visit. No personal information, IDs or passwords are ever stored and auto filled.

 

We provide visitors the convenience of auto filling website forms with their contact information from LinkedIn. Use of auto filling forms is voluntary and only provides Grant Thornton with the basic contact information requested in the form. No other personal information, IDs or passwords are made available to or stored by Grant Thornton in connection with this activity. We recommend reviewing the LinkedIn privacy policy for further information at www.linkedin.com/legal/privacy-policy.

 

 

 

Disclosures and Transfers

 

Grant Thornton will not disclose an individual’s personal information to third parties, except as set forth in this Privacy Statement, when we have permission to make the disclosure, to advertise our services to you on other sites or social media platforms, or as necessary to fulfill the purpose for which the information was submitted. We also may use or disclose personal information as we believe to be necessary or appropriate (i) under applicable law (including to meet a national security or law enforcement requirement); (ii) to comply with legal process or professional standards; (iii) to protect our rights, privacy, safety, or property and/or those of our affiliates or clients; or (iv) in a merger, acquisition, or asset sale. We will not transfer the personal information you provide to any third parties for their own direct marketing use. Our service providers will disclose an individual’s personal information to us when the service provider collects the information on our behalf.

 

Grant Thornton may be a “data controller” in relation to job applicants, personnel, and firm alumni, from which the following personal information may be collected: resume details (work experience, academic and professional details, etc.), personal information necessary to administer employment benefits and retirement plans, and other personal information to administer, maintain or support the future, current and/or past employment relationship with the firm. Grant Thornton may also be a “data controller” in relationship to certain client engagements depending upon the nature of the services. A “data controller” is defined as a business that determines the purposes for which, and the means by which, personal information is processed in accordance with laws, regulations, professional standards, and contractual obligations.

 

Grant Thornton may use third-party service providers to provide administrative, marketing, or operational services to Grant Thornton. Such entities may be located within or outside the United States and, depending upon the services, they may have access to personal information in connection with their services. We require all such service providers to protect the information we entrust to them and to use such information only as necessary to provide services to us.

 

Additionally, Grant Thornton may disclose and transfer personal information to resource service providers and to other member firms of Grant Thornton International Ltd. (“GTIL”), or within Grant Thornton. Grant Thornton may also disclose and transfer personal information to GT US Shared Services Center India Private Limited and/or the Grant Thornton Knowledge and Capability Center India Private Limited, our affiliates located in Bengaluru and Kolkata, India.

 

The transfers described above may result in data passing from one jurisdiction to another, including to and from the United States, and possibly other countries outside of the European Economic Area, some of which may not have been deemed by the European Commission to ensure an adequate level of protection for personal information.

 

Accordingly, the level of safeguards and legal protections provided in such other non-European countries may not be as stringent as those under European data protection standards or the privacy laws of some other countries, possibly including your home jurisdiction. Please see our Data Privacy Framework Notice for further information.

 

 

 

Third-Party Sites

 

This Privacy Statement does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Site links. The inclusion of a link on our Site does not imply endorsement of the linked site or service by us or by our affiliates.

 

 

 

Data Security

 

The security of your personal information is important to us. We seek to use reasonable physical (e.g., key card office entry, locking doors), technical (e.g., password protection, network firewalls, laptop encryption, authentication mechanisms), and administrative safeguards (e.g., confidentiality agreements, training, procedures that limit access to and use of data) to protect the information we process. However, no method of transferring data over the Internet or storing electronic data is completely secure. Therefore, while we strive to use reasonable and appropriate means to protect your personal information, we cannot guarantee absolute security.

 

 

 

Data Integrity

 

We process personal information only in ways compatible with the purpose for which it was collected, as subsequently authorized by the individual, or as otherwise permitted by applicable law. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable regarding its intended use.

 

 

 

Access and Correction

 

If an individual becomes aware that information we maintain about that individual is inaccurate or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. We may limit or deny access to personal information where providing such access would be unreasonably burdensome or inappropriate under the circumstances. All requests to access or change personal information will be handled in accordance with applicable legal requirements.

 

Visitors who choose to register with this Site may correct and update their user profiles or unsubscribe from certain communications at any time. Visitors who would like to access or change their profiles should contact us at webrequests@us.gt.com.

In addition, if you are a resident of Europe, you may have certain rights under European data protection law with respect to your personal information, including the right to request access to, correct, amend, delete, limit the use of, or withdraw your consent for the processing of your personal information. You also may have the right to receive a copy of your personal information in a commonly used and machine-readable format and to transmit such information to another controller.

 

To request deletion of, access to or to make changes to information, or to otherwise exercise any of your rights in this paragraph, please send us an email at privacy.questions@us.gt.com. Grant Thornton will take steps to address your request to the extent consistent with and permitted by laws, regulations, and professional standards applicable to Grant Thornton and our own internal policies. If you are a client and request that we delete or limit the use of your personal information required to perform our Services, we may not be able to complete our engagement.


 

 

Enforcement and Dispute Resolution

 

We will investigate and attempt to resolve complaints and disputes regarding our use and disclosure of personal information in accordance with this Privacy Statement. We encourage interested persons to raise any concerns with us using the contact information below. Any employee who we determine is in violation of our privacy policies will be subject to disciplinary process.

If you are a resident of Europe and your inquiry with Grant Thornton has not been satisfactorily addressed, or if you believe we are processing your personal information not in accordance with applicable law or this Privacy Statement, you may file a complaint to the Data Protection Authority in your country of residence. 

 

 

 

Merger, Change in Ownership and Other Business Transitions

 

In the event Grant Thornton goes through a business transition, such as a merger, or the acquisition or sale of all or a portion of its assets, your personal information may be among the assets transferred.

 

 

 

Privacy Statement Changes

 

Grant Thornton reserves the right to amend or modify this Privacy Statement from time to time. We will post any revised Privacy Statement on this Site, or a similar website that replaces this Site. By continuing to use any of our Sites, you agree that the terms of this Privacy Statement as of the effective date will apply to information previously collected or collected in the future as permitted by law.

 

 

 

Minors

 

This Site is not designed for or directed at persons 18 years of age or younger, and we do not intentionally collect information from anyone under the age of 18 through this Site.

 

 

 

How to Contact Us

 

Questions, comments or complaints about Grant Thornton’s Privacy Statement, Privacy Shield certification, or data collection and processing practices can be e-mailed to privacy.questions@us.gt.com, or (877) 282-0109 by writing to us using the contact details below:

 

Corporate Mailing Address: Grant Thornton
Privacy Office - Risk, Regulatory & Legal Affairs
171 N. Clark Street, Suite 200
Chicago, IL 60601

 

Corporate Mailing Address:

 

Grant Thornton

Privacy Office - Risk, Regulatory & Legal Affairs

171 N. Clark Street, Suite 200

Chicago, IL 60601