Privacy Policy

Article 1. Privacy principle

1. The data controller is Grant Thornton Frąckowiak spółka z ograniczoną odpowiedzialnością sp. k. with its registered office in Poznań (61-131), at ul. Abpa Antoniego Baraniaka 88 E, entered into the Register of Entrepreneurs kept by the District Court for Poznań Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS no: 0000369868, holder of NIP [tax ID]: 7781476013.

2. Grant Thornton Frąckowiak spółka z ograniczoną odpowiedzialnością sp. k. as a personal data controller (hereinafter referred to as the “Controller”) places strong emphasis on protecting the privacy and confidentiality of personal data entered by internet users into online forms in the internet service hosted at grantthornton.pl (hereinafter „grantthornton.pl”).

3. The Data Protection Officer is Kacper Rączkowiak available at email address: iod@pl.gt.com.

4. The Controller exercises due care in selecting and applying appropriate technical and organisational measures to safeguard the personal data which are being processed. Full access to databases is only granted to persons duly authorised by the Controller.

5. The Controller secures personal data against unauthorised disclosure, as well as against processing in breach of the applicable legal regulations.

6. Persons visiting grantthornton.pl may browse the web pages at grantthornton.pl without providing their personal data.

Article 2.  The basis for personal data processing

1. Personal data are processed by the Controller in compliance with legal regulations, including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) for the purposes of:

a) providing the newsletter service, which includes sending commercial information, pursuant to the consent given (article 6(1)(a) GDPR);

b) providing answers to queries sent by users to the contact addresses listed on the website (pursuant to article 6(1)(b) GDPR);

c) recruitment and hiring processes, if the user has applied to be included in the recruitment process, in compliance with a legal obligation of the controller and pursuant to the consent given (article 6(1)(a) and (c) GDPR);

d) performance of the contract, when the user has applied to take part in training, conference and participated therein, pursuant to article 6(1)(b) GDPR;

e) compliance with a legal obligation to which the Controller is subject, pursuant to article 6(1)(c) GDPR (e.g. accounting and tax obligations);

f) asserting or securing legal claims (pursuant to article 6(1)(f) GDPR).

2. Users provide their personal data voluntarily, but if they choose not to do so, they may not be able to get the answers to their questions, receive the newsletter, participate in the recruitment process, training or conference, as the case may be.

3. Users should not provide third party personal data to the Controller. If, however, such data are provided, the user shall be understood to represent that they have the relevant consent of the third parties to provide their data to the Controller.

Article 3. The scope of personal data processing

1. The Controller processes the following scope of data provided by the user in the scope of the matter addressed to the Controller.

2. The data provided by users are used to: provide answers to the queries sent, send out the newsletter, including commercial information about the Controller and its products and services, conduct recruitment processes, conduct trainings and conferences, as well as for statistical purposes.

3. The Controller uses the IP addresses obtained during internet connections for technical purposes related to administering servers. Moreover, IP addresses are used to collect general statistical demographic information (e.g. about the region from which the connection is initiated).

Article 4.  Control over personal data processing

1. The user is obliged to provide complete, up-to-date and accurate data.

2. Every user whose personal data are processed by the Controller has the right to access the content concerning them, as well as the right to data rectification, erasure, restriction of processing, right to data portability, right to object to processing pursuant to the Controller’s legitimate interest, right to withdraw consent at any time, without affecting the lawfulness of processing (if based on consent) before its withdrawal.

3. To exercise the rights indicated in the preceding sentence, the user may send an email to iod@pl.gt.com containing the relevant request, as well as the user’s full name and email address.

4. The user has the right to lodge a complaint with a supervisory authority if they decide that their personal data are processed in breach of the GDPR provisions.

Article 5. Providing access to personal data

Access to user data may be provided to entities authorised to obtain them under the applicable legal regulations, including the competent law enforcement bodies. Personal data may be transferred to entities commissioned to process them, that is marketing agencies, entities providing services related to training/conference organisation, partners providing technical support (development and maintenance of IT systems and internet services), the accountancy service provider. Personal data will not be transferred to a third country/international organisation.

Article 6. Storage period and other information concerning data processing

1. Personal data will stored for no longer than is necessary for the purposes for which the personal data were submitted, and afterwards, for a period necessary for asserting or securing any potential legal claims or to fulfill a legal obligation of the Controller (e.g. under tax or accounting regulations).

2. If the user has consented to the use of their personal data for the purposes of the newsletter service, the data will be processed until the consent is withdrawn.

3. The Controller will not carry out personal data processing by automated means.