article banner

Privacy notice

This Privacy Notice explains how Grant Thornton Luxembourg (1) (“Grant Thornton Luxembourg”, “we”, “us” or “our”) collects, uses, shares, and otherwise processes your personal data when you browse our website in accordance with applicable data privacy laws and regulations, which include the General Data Protection Regulation 2016/679 (“GDPR”) which is applicable as of 25 May 2018.

We control the ways your personal data are collected via the Grant Thornton Luxembourg website and the purposes for which we use your personal data acting as “data controller” in the context of the GDPR.

(1) Grant Thornton Luxembourg includes the following companies: Grant Thornton Tax & Accounting S.A.; Grant Thornton Audit & Assurance S.A.; Grant Thornton Financial Services S.A.; Grant Thornton Recovery & Reorganisation S.A.; Grant Thornton Advisory S.A.; Grant Thornton Vectis S.A; Tax Consult S.A.; Abax Trust SàRL ; Grant Thornton Technology S.A.

1. Personal data we collect about you

When using the term “personal data” in our Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold.

Personal data that we collect automatically

Some of your information is collected automatically. Thus, when you access our website, we may automatically collect, through log files and cookies, certain information from your device, such as the IP address, the operating system of your device, the pages visited, and the requests made and the day and time of connection. The use of such files allows us to offer you a more consistent experience on the website.   

Cookies

During your visit, a banner appears at the bottom of the screen informing you of the use of cookies when browsing the website. A cookie is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on the hard drive of your device (computer, tablet, mobile, etc.). Some cookies do not collect any personal data but simply ensure smooth and optimal navigation on our website.

The cookie banner provide you with information about the types of cookies and similar technologies we use and how you can control these technologies. It is up to you to make a choice between accepting or refusing the use of optional cookies depending on the services proposed.

Personal data that you provide voluntarily

When you visit our website, make an enquiry, order publications, or request more information, you may be asked to provide some personal data such as your name, address, telephone number, e-mail address and information in relation to materials and communication we send to you electronically.

By providing your information, you expressly agree that your data will be processed by Grant Thornton Luxembourg for the purposes indicated in the section 2 below. If there are other purposes than those indicated in point 2, they will be communicated at the end of each form.

In addition, we collect your data when you contact us directly through any communication channel (e.g., when you send us an e-mail containing a comment or a feedback). We may use social platforms for our own purposes (such as recruitment). Where this is the case, we are the data controller for such activities. We nonetheless encourage you to stay informed of the potential consequences of your online activity by checking the privacy policy of such social platforms. Grant Thornton Luxembourg does not control how social networks use your data for their purposes. Therefore, Grant Thornton Luxembourg cannot be held liable for the privacy practices of such social networks when they process your data for their purposes. 

2. How do we use your personal data

Grant Thornton Luxembourg processes your personal data for the following purposes:

  • Providing you with the information or services you have requested (including sending a commercial offer or a responding to a contact request);
  • Contacting you about various events, including product updates and customer support, or sending you a newsletter
  • Collecting the information enabling us to improve/secure our website and services.

3. Legal basis for data processing

For the purposes explained under point 2.:

  • Pre-contractual obligation (including sending a commercial offer or a response to a contact request) or legitimate interest (keeping your data in our database so we can get in touch with you later;
  • Consent: if you have requested us to send you information about our services or if you have subscribed for receiving our newsletter;
  • Legitimate interest.

4. To whom might we disclose your personal data?

To achieve the purposes listed in point 2, the data is transferred to the following recipients:

  • Internal employees;
  • Employees of other member firms of Grant Thornton
  • Network providers;
  • Other service providers acting as subcontractors and on instruction from Grant Thornton Luxembourg.

In this case, a contract is drawn up between Grant Thornton Luxembourg and the subcontractor in question and appropriate technical and organizational measures are put in place in accordance with Articles 28 and 32 of the GDPR.

When your personal data is transferred (including in the case of remote access) to a country outside the European Union that is not subject to an adequacy decision, appropriate safeguards in accordance with Chapter V of the GDPR are put in place, such as standard contractual clauses adopted and approved by the European Commission.

5. Data retention period

Your personal data is stored by Grant Thornton Luxembourg only for as long as is necessary for the purpose for which we obtained them. The retention period will depend upon several factors, such as the duration of the contract concluded with you, or legal requirements imposed to Grant Thornton Luxembourg.

Whenever we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time by contacting us as indicated below or by clicking the unsubscribe link in the email communication we send you (e.g., Grant Thornton events, product updates, etc.). Please, note that the withdrawal of your consent does not affect the lawfulness of the personal data processing based on consent prior to its withdrawal.

6. Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk so that the processing complies with the GDPR.

These measures must provide for a level of security considered appropriate considering the technical standards and the type of personal data processed but also:

  • The state of the art and implementation costs;
  • The nature, scope, context, and purposes of processing; and
  • The likelihood and severity of the risk to the rights and freedoms of natural persons.

Security requirements are continually evolving, and effective security requires frequent assessment and regular improvement of outdated security measures. We are committed to continuously evaluate, strengthen, and improve the measures we implement.

7. What are your rights regarding your data?

As a natural person, you have several rights regarding your personal data including:

  • The right of access: You can request access to the data concerning you at any time as well as a copy of the data;
  • The right to rectification: You can request at any time that inaccurate or incomplete data be rectified;
  • The right to request the erasure of data: You can request that your data be deleted when, for example, the data is no longer necessary for the purposes for which it was collected or processed;
  • The right to restriction of processing: You can request that Grant Thornton Luxembourg restrict the processing of data if, for example, you question the accuracy of the data concerning you or if you object to the processing of data concerning you;
  • The right to data portability: You have the right to have your data transferred to another data controller in a structured, commonly used and machine-readable format, if the processing is carried out by automated means or if it is based on prior consent;
  • The right to object to processing: You can object to the processing of your data and can withdraw your consent if the processing is based on consent, for example if the data is used for commercial prospecting purposes.

You can exercise your rights by contacting the Data Protection Officer at the address shown below, or email dpo@lu.gt.com

Requests will be dealt with by the DPO and will be responded to within 1 month at the latest, starting from the moment of your identity confirmation. We may extend the time limit by a further 2 months if the request is complex or if we have received a high number of requests.

We may request additional information to help us confirm your identity and to ensure that you respect your right to access the personal data (or to exercise any other of your rights). This is a security measure to ensure the non-disclosure of your personal information to an unauthorized person.

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you are not satisfied with our response, you also have the right to lodge a complaint at any time with the National Commission for Data Protection (“CNPD”), the Luxembourg supervisory authority for data protection issues, or any other competent supervisory authority of an EU member state.

8. Links

Our website contains links to Grant Thornton International member and correspondent firm websites, but this Privacy Notice applies only to personal data collected via the Grant Thornton Luxembourg website and to how Grant Thornton Luxembourg processes personal data. It does not apply to specific member or correspondent firms practicing under the Grant Thornton name. We are not responsible for the privacy practices of other websites.

9. Updates to the Privacy Notice

We keep this Privacy Notice under regular review, and we may change, modify, add, or remove portions from the Privacy Notice at any time. We will post any modifications or changes to this Privacy Notice on our website prior to such changes taking effect.

 

Last update: 15 September 2022