Privacy statement: European Privacy Addendum
Updated 24 June 2025
This European Privacy Addendum (“Addendum”) supplements the Grant Thornton Privacy Statement (“Privacy Statement”).
Grant Thornton respects the rights to privacy established under GDPR (“General Data Protection Regulation”) and applicable data protection laws has established a data privacy framework designed protect the privacy of individuals whose personal data is processed by Grant Thornton, including those who engage our services and those who view or interact with our website, www.grantthornton.ie.
This privacy statement is intended to inform users of our website and individuals who are resident in the European Economic Area ("EEA") and the United Kingdom ("UK") (together, "Europe") about how your information, including personal data (as defined below), will be processed by Grant Thornton and/or on its behalf by its third party service providers.
We will process your personal data when:
- you access or use our sites;
- you, or the organisation with which you are connected, are a potential client of our services; or
- you have engaged with, or subscribed to, our newsletters or other marketing communications or initiatives.
We are required to give you the information in this Addendum, including to inform you about your data protection rights, under the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”); and the EU GDPR as amended and incorporated into the UK's European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together, "European Data Protection Laws").
We are committed to protecting your privacy. You should read this Addendum fully to understand the basis upon which we process your personal data, how we use it and to whom it will be disclosed. Additionally, details about our use of personal data in relation to professional engagements are available in our privacy statement: professional engagements.
All capitalised terms have the same meaning given to them in the Privacy Statement or this Addendum. In the event of a conflict between this Addendum and the Privacy Statement, this Addendum will prevail to the extent that you are resident in Europe.
Who is responsible for your personal data?
References to Grant Thornton (including, "we", "us", "our" and "Grant Thornton Group") in this Addendum refer to the following entities, each of whom are part of a global alternative practices structure: Grant Thornton Advisors LLC, Grant Thornton LLP, Grant Thornton Corporate Finance Limited, Grant Thornton Ireland and/or their affiliates and subsidiaries.
Each of these entities are joint controllers and have an arrangement in place to ensure that your data protection rights are protected. For more details about these entities see 'Who we are: joint controllers'.
In some instances, these entities may be independent controllers of your personal data under European Data Protection Laws.
If you have any questions about how we use your personal data or to exercise your data protection rights (as set out in this Addendum), please contact us at Data Protection Team, Grant Thornton Ireland, 13-18 City Quay, Dublin 2, Ireland or dataprivacy@ie.gt.com.
What is personal data?
Under GDPR, the term “personal data” means any information relating to an identified or identifiable living natural person.
It can include information about you that can identify an individual, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors.
How and why do we use your personal data?
Personal data processed about you will vary according to our interactions and relationship with you, including services we offer (and the nature of our engagements).
The table below explains our processing activities, one or more of which may be apply to you. Please note that the personal data listed is non-exhaustive.
Types of personal data | Legal basis | Data source | Purpose of processing | Recipients |
---|---|---|---|---|
First and last name, email address, mailing address or phone number, and current employer and role/job title (“Contact Information”).
|
|
|
|
|
Contact information
|
|
|
|
|
Contact Information and information confirming your identity and status within a company, (e.g., director / beneficial owner), your responsibilities, PPSN, identify verification documents, tax information, and/or other information you provide to us.
|
For further details please see our privacy statement: professional engagements.
|
|
|
|
Contact Information and details about your contact preferences (e.g., areas of interest) and information relating to your subscription to, receipt of or interest in any of our mailing lists or newsletters, or registration to access any of our restricted content.
Publicly available personal data such as name, employer and job title and /or position
|
|
|
|
|
Automatically collected information from your activity on our sites such as browser information, IP address, and browser type.
|
Please see below for further details on cookies.
|
|
|
|
Contact Information or other personal data
|
|
|
|
|
Contact Information or other personal data
|
|
|
|
|
Contact Information and other personal data
|
|
|
|
|
Name, contact information, employment history and educational background, details of current immigration status and other information which you volunteer on your curriculum vitae or application
|
|
|
|
|
Note:
When we process personal data based on our legitimate interests, we ensure that we consider and balance any potential impact on the rights of data subjects under European Data Protection Laws.
We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have appropriate consent or are otherwise required or permitted by law). Grant Thornton acknowledges data subjects’ rights under European Data Protection Laws when we process your personal data on this basis.
For more information on exercising your data protection rights please see ‘Your Data Protection Rights’.
Data retention
We will only process your personal data for as long as is needed or as permitted based on the purpose(s) for which it was obtained and in accordance with applicable law. The criteria used to determine our retention periods include:
- the nature and length of our ongoing relationship with you and provide you/your organisation services;
- whether there is a legal obligation under applicable laws or a requirement under professional standards to which we are subject; and
- whether retention is advisable considering our legal position (such as with respect to statutes of limitations, litigation, or regulatory investigations).
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you would like to find out more about our retention of your personal data, please contact us by e-mailing dataprivacy@ie.gt.com.
Unsubscribe and consent preferences
When you have consented receive any marketing material from us, we include an unsubscribe button in our communications, so you can opt out of receiving such communications or adjust your marketing consent preferences at any time by clicking on the unsubscribe link provided in our communications or e-mailing us at dataprivacy@ie.gt.com.
Automated decision-making
We do not use profiling or make any decisions based solely on the automated processing of your personal information.
International data transfers
To facilitate our global operations, certain of our services and sites are provided from the United States and other locations.
If you are resident in Europe, we may share, transfer or store personal data outside your country of residence (i.e., outside Europe) to certain recipients (mainly our affiliates and external service providers) in the United States, India, and other countries which we deem appropriate from time to time.
Where the laws and practices in these countries may not have equivalent data protection and privacy rules to those under European Data Protection Laws, we will protect your personal data in accordance with this Addendum and our Privacy Statement.
Where these transfers of personal data occur, we ensure that a transfer mechanism and appropriate safeguards are in place to protect your personal data:
- For transfers (including, onward transfers) of personal data within the Grant Thornton Group to affiliates in the United States, we rely on the EU-US Data Privacy Framework and the UK-US Data Privacy Framework (UK and Gibraltar), as operated by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (“DPF”), and to view our certification, please visit dataprivacyframework.gov. Please also visit our dedicated webpage for more information about our participation in the DPF: Data privacy framework.
- For transfers (including, onward transfers) of your personal data within the Grant Thornton Group to affiliates based in other, non-EEA countries we will transfer and process your data in accordance with GDPR requirements.
- For transfers (including, onward transfers) of your personal data within the Grant Thornton Group to affiliates based in other, non-EEA countries and where an appropriate data transfer adequacy decision has not been approved by the EU Commission, we rely on the EU Standard Contractual Clauses ("SCCs") or the UK Addendum to the EU SCCs (e.g., India and Bermuda).
- For transfers (including, onward transfers) of personal data to external providers, we rely on the DPF, the EU SCCs, UK Addendum, or adequacy decisions of the European Commission.
If you would like to find out more about any transfers relating to your personal data, please contact us by e-mailing dataprivacy@ie.gt.com.
Your data protection rights
As a resident within the EEA, you are permitted to exercise a number of data protection rights under European Data Protection Laws, which are explained in the table below:
Data protection right | Further information |
---|---|
Right of access
|
You have the right to request a copy of the personal data held by us about you and to access the personal data which we hold about you.
|
Right to object
|
You have a right to object at any time to the processing of your personal data where we process your personal data on the legal basis of pursuing our legitimate interests.
|
Right to rectification
|
You have the right to have any inaccurate personal data which we hold about you updated or corrected.
|
Right to erasure
|
In certain circumstances, you may also have your personal data deleted. For example, if you exercise your right to object and we do not have an overriding legitimate interest to continue processing your personal data or if we no longer require your personal data for the purposes as set out in this Addendum.
|
Right to restriction of processing
|
You have the right to ask us to restrict processing your personal data in certain circumstances, including if you believe that the personal data that we hold about you is inaccurate or if our use of your personal data is unlawful.
|
Right to data portability
|
You may request us to provide you with your personal data which you have given Grant Thornton in a structured, commonly used, and machine-readable format where our processing is based on performance of a contract or consent.
|
Right to object to automated decision-making, including profiling
|
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning Data Subjects or similarly significantly affects them. Please note that we do not use profiling or make any decisions based solely on the automated processing of your personal data.
|
In acknowledgment of data subject rights, we are cognisant of our professional, legal, and regulatory obligations and duties which may result in certain limitations on the extent to which we are required to comply with specific rights requests, subject to restrictions as set out under European Data Protection Laws.
If you become aware that information we maintain about you is inaccurate, or if you would like to update or review your information, you may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate.
We may limit or deny access to personal information where providing such access would be unreasonably burdensome or inappropriate under the circumstances. All requests to change personal information will be handled in accordance with applicable legal requirements. If you would like to change your information you should contact us at dataprivacy@ie.gt.com.
How to submit a rights request, complaint or question
To submit a rights request, complaint or question or to have an Authorised Agent submit a rights request, complaint, or question on your behalf where permitted by applicable law, please contact us at dataprivacy@ie.gt.com or submit a request to Data Protection Team, 13-18 City Quay, Dublin 2, Ireland.
We may request that you provide proof of your identity for security reasons and to prevent the unauthorised disclosure or misuse of personal data. If, after contacting us, you are still not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.
Addendum changes
We reserve the right to amend or modify this Addendum from time to time. We will post any revised Addendum on this site, or a similar website that replaces this site.
By continuing to use any of our sites, you acknowledge the terms of this Addendum and the Privacy Statement as of the effective date will apply to information, including personal data, previously collected, or collected in the future as permitted by applicable law.
Who we are: Joint Controllers
References to "Grant Thornton" in this Addendum refer to the brand name under which the Grant Thornton member firms operate the business, provide services to (prospective) clients and/or refers to one or more member firms, as the context requires. The below joint controllers practice as an alternative practice structure:
Joint Controllers |
---|
Grant Thornton LLP is a licensed independent CPA firm that provides attest services to clients.
Address: 171 N. Clark Street, Suite 200, Chicago, IL, 60601, United States.
|
Grant Thornton Advisors LLC provides tax and business consulting services to clients.
Address: 171 N. Clark Street, Suite 200, Chicago, IL, 60601, United States.
|
Grant Thornton Corporate Finance Limited provides tax and business consulting services to clients.
Address: 13-18 City Quay, Dublin 2, Dublin, Ireland.
|
Grant Thornton Ireland provides audit services to clients.
Address: 13-18 City Quay, Dublin 2, Dublin, Ireland.
|