The integrity and privacy of our website’s visitors are of crucial importance to us and we strive to maintain a high level of protection of your personal data, in accordance with the applicable law.
This Policy includes information on how Grant Thornton SA ("Grant Thornton") processes and protects personal data which are collected on its website (“Website”) and for what purposes we use such personal data. Grant Thornton is the controller of the processing of personal data that takes place while visiting or using the available services or functionality of the Website.
What personal data do we collect?
Data required for the submission of requests, enquiries, orders, complaints
When you visit the Website, register, request information or provision of products or services, order publications or subscriptions, submit an enquiry or complaint, you may provide basic identification personal data and contact information, such as your first and last name, telephone number and e-mail address or other information intentionally submitted by you. We do not request and our intention is not to process any special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation and data relating to criminal convictions and offences or related security measures ("Special categories of data"). Therefore, you are kindly requested to abstain from providing such types of information about you. However, if you choose to provide us with such information, we will assume that you want us to process these data based on your consent, in accordance with this Policy and no. 679/2016 European General Data Protection Regulation (hereinafter the “GDPR”) and the applicable Greek and European legislation for the protection of personal data (hereinafter the «Applicable Legislation»).
Data required for the application for a vacancy or/and evaluation of your candidacy
When you apply for a vacant job, we mainly process the following personal information about you: first and last name, e-mail address, telephone number and any information relating to your educational and professional background, as submitted by you in any documents attached, such as CV and cover letter. Kindly note that no Special categories of data are required by you for the purposes of submitting a job application at Grant Thornton. Therefore, you are kindly requested to abstain from providing such types of information about you. However, if you choose to provide us with such information, or further information we do not request, we will assume that you want us to process these data based on your consent, in accordance with this Policy and the Applicable Legislation.
As part of the evaluation of your candidacy, depending on the vacant job you are applying for, you may be subject to skill tests either physically or online, provided that you have been previously notified of said procedure.
What is a Cookie
However, you can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. To find out more about cookies, including what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.
If you choose not to accept our cookies, some of the features of the Website may not work as well as we intend.
The Website uses the following cookies:
|Cookie type||Cookie Name||Purpose|
These cookies are used to monitor the performance of our site. We use the information to help us improve the site. The cookies collect information in an anonymous form, including the number of visits to our site, where visitors have come from to the site and the pages they visited.To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
The ASP Session Cookie may be set as part of your online experience if using a site login to enable us to identify you. It only exists for the duration of the browsing session and is deleted afterwards.
|CMS Platform cookies||
Used to distribute traffic to the website on several servers in order to optimise response times.
|CMS Platform cookies||
This is used to track the number of visits to the website
|We use YouTube to embed a selection of videos in our Thinking and campaign pages. The embedded videos do not set cookies themselves and can be played with no cookies set. However, if the 'Share' button is clicked YouTube will set cookies. The VISITOR_INFO1_LIVE cookie attempts to estimate your bandwidth and the use_hitbox and PREF cookies increment the 'views' counter on the YouTube video and stores session preferences. These cookies don't gather information that identifies a user.|
URL and IP address
When you visit, navigate or leave the Website, we receive your Internet Protocol (IP) address and your most recently visited URL addresses.
How do we use your personal data?
Grant Thornton solely requests and processes the personal data that are necessary for the fulfillment of the specified herein, explicit and legitimate purposes, in accordance with the applicable legal basis. In case you do not wish to provide personal data falling under the required fields of the Website, we cannot guarantee you that the respective purpose shall be met.
The applicable legal basis per purpose is one of the following:
- Our contractual relationship, e.g. for the purposes of provision of the services or products requested, including the management of orders and supplies, etc.
- Compliance with our legal obligations or any applicable regulatory requirements or judicial decisions
- Performance of a task carried out in the public interest, such as the processing of your personal data by us as obliged entity for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing before establishing a business relationship or carrying out an occasional transaction with you
- Our legitimate interests, to the extent that they are not overridden by your interests, rights or freedoms
Grant Thornton's legitimate interests include the following purposes:
- Monitoring of the performance of the Website for security or other reasons, proper operation of the Website and dissolution of any technical issues
- Assessment and improvement of the products and services provided
- Review of your performance on interviews or skill tests to which you have been subject within the context of the evaluation of your candidacy,
- Communication with Website’s visitors following submission of a request or complaint
- Providing you or your organization with information relating to our events, seminars, marketing activities, changes within our company and news in areas that we believe are relevant to you in your professional role
- Conduct of client and market research or other surveys (including customers’ satisfaction surveys) and management of responses
- Marketing of our products and services
- Statistical purposes, such as research about our visitors' demographics, interests and behavior on an aggregated and anonymous basis
- When necessary, the establishment or defense of a legal claim
How long are your data stored?
Grant Thornton takes reasonable measures to store your personal data only for as long as is necessary to fulfil each of the above purposes for which the data were collected, in accordance with any legal, regulatory or internal policy requirements. In case of contractual relationships, your personal data shall be stored until termination of said contract, unless further storage is provided by law.
In case of unsuccessful job application, your personal data shall be stored until completion of the recruitment process and, up to two more years.
Personal data processed on the basis of our legitimate interests shall be stored until you request us to stop using your personal data for said purposes. You can submit such a request (opt-out), in accordance with the provisions of the Applicable Legislation, via firstname.lastname@example.org.
Personal data that we process for sending newsletters, subscriptions or notifications about other updates are stored until you terminate the subscription or you notify us that you do not wish to receive them anymore, which can be made at any time via email@example.com.
In the above cases, your data will be immediately erased unless further retention is required by law or other legal ground.
Are your data secured?
We abide by the Applicable Legislation and our privacy policies and we apply reasonable and appropriate technical and organizational security measures to protect your personal data against accidental destruction, loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing, covering any technology infrastructure point. We always secure that solely authorized users have access to your personal data, abiding by confidentiality clauses, on a need to know basis and to the extent necessary in order to fulfil the respective purposes.
We use firewall and other secured systems, advanced electronic identification tools, and where appropriate we apply pseudonymization and encryption of personal data. We abide by internal routines, training and policies covering careful handling of personal data, as well as data minimization, purpose limitation, accuracy, storage limitation and incident management. For your safety, login to the client portal is encrypted through a secure channel.
Login details may not be shared or used by more than one user. In any case, you are personally responsible for not making the login procedure available to unauthorized persons. Each user is responsible for confidentiality and the correctness of login details and other account information. You must inform Grant Thornton immediately in the event of unauthorized access to login details. You are also responsible for using appropriate technologies to prevent your device not being affected by viruses or similar malware.
To whom might we disclose your personal data?
In order to meet your requests or our business needs or in order to adequately provide our services, we may transfer your personal data to third parties solely if it is required by law or contract and only where it is legitimate to do so. In any case, we transfer only the personal data that are necessary for the fulfillment of the respective purposes and we secure the confidentiality of your personal data. Indicatively, we may transfer your personal data to the following categories of recipients:
- Public authorities, courts, law enforcement agencies, regulatory bodies, in compliance with applicable laws or following a request for information
- Various suppliers or service providers, such as systems hosting, IT support, external consultants, etc. We transfer your personal data to them only if they meet our high standards on data processing and provided that we have entered into a written data protection agreement with them
- Grant Thornton member firms within EEA, which always abide by global confidentiality and data protection policies
- Insurance companies or legal advisors in connection with legal proceedings if necessary for Grant Thornton to exercise its legitimate interests
Within the course of our business operations, we may be required to share your personal data with third parties located outside EEA, such as Grant Thornton member firms outside EEA or other third parties outside EEA. Indicatively, your personal data may be transferred to service providers for hosting of servers or IT applications support, to our global network in compliance with Grant Thornton global policies, to non-EEA regulatory bodies or agencies, etc.
We will proceed with said transfers provided that we are confident that the level of protection applied to your data will be similar as within EEA. Transfers of personal data within Grant Thornton network will be based on interfirm agreements. Transfers outside of the network, will be based on standard clause transfer agreements or other adequate safeguards, in compliance with applicable law.
What are your privacy rights?
You are entitled to exercise the following rights, in accordance with the provisions of the Applicable Legislation:
- Request access to and obtain a copy of your personal data processed by us
- Amend / update your personal data if they are inaccurate or incomplete or request said amendment
- Request erasure of your personal data, in cases provided by the Applicable Legislation (right to be forgotten)
- Request restriction of your personal data, in cases provided by the Applicable Legislation
- Request to receive your personal data in a structured, commonly used and machine-readable format and transmit them to another data controller in cases provided by the Applicable Legislation (right to data portability). This applies in particular to natural persons, who are Grant Thornton’s clients and wish to have their accounting or other material transferred in order to use it elsewhere,
- Object to the processing of your personal data performed by us, in cases provided by the Applicable Legislation,
- Lodge a complaint with the Greek Data Protection Authority at the following contact details:
Address: Kifissias 1-3, 115 23 Athens, Greece
Telephone: +30-210 6475600
Fax: +30-210 6475628
You can submit a request or exercise the rights 1 to 6 above by contacting firstname.lastname@example.org and we will make all reasonable efforts to reply to you / comply with your request as soon as possible, and in any case within the time frames provided by applicable law and professional standards.
What else should you know?
Grant Thornton uses reasonable endeavors to ensure that your personal data are always accurate and up to date. This means that from time to time, we will ask you to tell us if there are any changes to your personal data. If you find out that the personal data we hold about you are incorrect or incomplete, please contact us immediately and we will correct them.
This Policy may be modified periodically in order to reflect amendments in our privacy practices or legal requirements. In such cases, you will be able to check the most updated version at the Website. Thus, you are encouraged to visit the Website on a regular basis.
Grant Thornton shall not collect or store personal data of children less than 16 years old. If Grant Thornton finds out that such data have been collected, it shall erase them immediately, unless such data have been provided following the consent of the holder of parental responsibility over the child.
If you have any questions or concerns about this Policy or in case you need more information about your rights and how to exercise them, please contact us at email@example.com or at the following postal address: 56, Zefirou str., 17564, Paleo Faliro, Athens.