Effective date: 1.12.2022 (archival versions available at the bottom of this page)

What will you find in the Privacy Policy?

Your privacy is very important to us, which is why we have prepared all the necessary information for you to understand what happens to your personal data when you use our website (site). Please feel welcome to read it!

PS: we did our best to prepare this information in an accessible form for you, avoiding paragraphs and legal jargon 🙂

The policy prepared is intended to help you understand:

  • Who are we?
  • What data do we collect about you?
  • How do we use the data we collect?
  • Who do we share the data we collect with?
  • How do we store and secure the data we collect?
  • How to exercise your rights under GDPR?
  • Transfer of data outside the European Economic Area (EEA)
  • Other important information concerning your privacy

You leave your personal data with us when you use our products or services or otherwise interact with us (for example, by participating in our events and competitions or by communicating with us), unless in a particular case there applies an alternative policy that provides you with details of the processing in that particular situation. This may occur because we are not able to anticipate all possible scenarios that we may wish to pursue in the future.

For details of how we process your personal data in specific processes, please see the information clauses tab.

Who are we?

We are referred to as the Data Controller – this means that we are responsible for determining the purposes for which we collect and process your personal data and we are obliged to provide you on our websites with all information related to your privacy.

As for the details, below is our Company information:

Grant Thornton Frąckowiak P.S.A. (former: Grant Thornton Frąckowiak Spółka z ograniczoną odpowiedzialnością Spółka komandytowa) with the registered seat in Poznań at ul. Abpa Antoniego Baraniaka 88 E (61-131 Poznań), entered into the Register of Entrepreneurs of the National Court Register by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, 8th Trade Division of the National Court Register under the following KRS number: 0001002536, holder of the tax identification number (NIP): 7781476013. Share capital: 821 998,00 PLN

We have also appointed a person in our structures who ensures an appropriate level of privacy for individuals. This person is the Data Protection Officer (DPO) – Marcin Troszak, whom you can contact in any situation in which you need further clarification or are concerned about the security of your data. Contact details for the DPO: iod@pl.gt.com.

What data do we collect about you?

We collect information about you when you provide it to us yourself when you use our services.

Information you provide to us

We collect information about you when you enter it into our services or otherwise provide it to us directly.

Personal data provided by you through our sites: This includes our websites that we own or operate. We collect data that you submit to these sites, including social media or social networking sites operated by us. For example, you provide us with personal information when you provide feedback or participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events. Another place where you leave your personal data with us on our sites will be when you take part in recruitment and apply for a job.

Information we collect automatically when you use our services

We collect information about you when you use our websites, including when you browse our websites and take certain actions on our websites.

Device and connection information

We collect information about your computer, phone, tablet or other device you use to browse our websites. Through your device, we also collect information regarding your operating system, browser type, IP address, referring page URLs/device IDs, geographic location, age group, and website activity, among other things. We use your IP address and/or your country preferences to provide you with a better experience on our websites.

Cookies and other tracking technologies

We use cookies and other tracking technologies (e.g. Google services: Google Tag Manager, Google Analytics, Youtube and Facebook services: Facebook Pixel) to recognise users and their characteristics. These activities enable carrying out analytical activities, e.g. studying website traffic, as well as marketing activities, e.g. displaying advertisements for you.

How do we use the data we collect?

We use your personal data to:

  • Provide the newsletter service to you, which includes sending you commercial information. We send you newsletters when you have given us your consent or we have our legitimate interest to maintain positive business relationships with clients.
  • Organise corporate events, that require us to collect your data in order to send you an invitation or enable your participation in the event. In this case, we rely on your consent or fulfilment of our legitimate interest, which we consider to be the desire to establish positive business relationships with clients.
  • Carry out other forms of marketing our services, which includes maintaining fan pages, answering your questions and organising promotions and other corporate events – the basis for processing is your consent and/or the necessity of processing your personal data for performance of the agreement and fulfilment of the Controller’s legitimate interest, which should be considered as marketing of the Controller’s own services.
  • Carry out the recruitment process, i.e. to collect applications for a given position, to conduct meetings with candidates and to select a candidate who meets the requirements of the offer, on the basis of your consent or actions aimed at concluding a contract with you.
  • Security and protection: we use your information to detect, prevent and respond to potential or actual security incidents, to monitor and protect against other malicious or illegal activities on our site.
  • Protect our legitimate business and legal interest and to protect our claims, as well as defend ourselves against potential claims; the basis of processing is our legitimate interest of the Controller which we consider as fulfilment of the Controller’s statutory activities.
  • Perform profiling, which helps us tailor the information we send to you. In practice, this involves segmenting users of the site based on the data collected on the site, e.g. if you happen to have read an article in a certain content area, we may present you with advertising related to that area. We base this on your activities undertaken on the site, interests, job title, age group and geographical location. The basis for processing is our legitimate interest as the Controller, which we consider as fulfilment of the Controller’s statutory activities.

Who do we share the data we collect with?

Transfer to third parties

Your personal data may be shared with entities entitled to receive them under applicable law, including relevant government authorities.

We also share or entrust your personal data for processing by third parties who help us operate, provide, improve, integrate, customise, support and market our services, among others:

  • marketing and event agencies,
  • third party consulting or auditing entities,
  • subcontractors involved in operating some of our services,
  • providers of technical services primarily related to maintenance and delivery of IT systems and websites,
  • providers of training, conference and other corporate event organisation services,
  • providers of postal services.

Transfer to affiliates

The information we collect is shared with the following affiliates in Poland:

  • Grant Thornton Frąckowiak P.S.A.
  • Grant Thornton Legal Maślanko Kancelaria Prawna sp. k.
  • Grant Thornton Polska P.S.A.
  • Edisonda P.S.A.
  • Grant Thornton Technology Sp. z o.o.

How do we store and secure the data we collect

Information storage and security

We use industry standard technical and organisational measures to secure the information we retain. Although we implement safeguards to protect your information, no security system is 100% safe, so we strive to continually monitor and oversee security levels.

How long do we store information

This varies from process to process. If you would like to see the exact information retention periods, please see the information clauses tab.

How to exercise your rights under GDPR?

Depending on the respective processing activity, you have a corresponding catalogue of rights which you may be entitled to. These include:
a) right of access to the data,
b) right to rectification of the data,
c) right to erasure of the data,
d) right to restrict processing,
e) right to data portability,
d) right to object.

If you wish to exercise the above rights, please write to our Data Protection Officer at iod@pl.gt.com.

Remember that you also have the right at any time to lodge a complaint against the processing activities carried out by us with the competent supervisory authority. In Poland, the authority is the President of the Data Protection Authority – more information is available here: https://uodo.gov.pl/pl/83/155.

Transfer of data outside the European Economic Area (EEA)

International transfers of the data collected by us

In most cases, your personal data will not be transferred to a third country/international organisation outside the EEA. In case of providing a newsletter service, personal data may be transferred to a third country, including but not limited to the USA. In any such case, we verify the provider to ensure adequate standards of personal data protection and enter into Standard Contractual Clauses with the provider as one of the tools for secure data transfer.

When servicing certain clients, personal data, including the personal data of their employees, may be transferred to another Grant Thornton International affiliate located in a third country. Safeguards for such transfers are the standard contractual clauses that are annexed to the Inter Firm Agreement operated within Grant Thornton International.

Other important privacy information

Amendments to our Privacy Policy

We may amend our Privacy Policy in certain circumstances. We will publish any amendments on this website and, if the modifications are significant, we will provide a more prominent notice. We will also keep previous versions of the Privacy Policy in the archives for reference.

Contact us

If you have questions or doubts about how your data will be handled, please direct your enquiry to our Data Protection Officer: iod@pl.gt.com

Cookies Policy

Our website uses information saved using cookie files and other tracking technologies, i.e. IT data stored on the devices which you use to browse the websites. These cookies enable recognising your device and displaying the website accordingly, in accordance with your individual preferences.

Using the website without changing the cookie settings displayed when you access the website means that cookies will be stored on your terminal device. You can change your cookie settings at any time in your web browser or via the mechanism available on our “Cookie Settings” page.

Types of cookies used

Our website uses the following cookies:

  1. essential: necessary for proper functioning of the website – files processed on the basis of the controller’s legitimate interest (Article 6 par. 1 letter f of GDPR);
  2. analytical: allowing studying website traffic, learning our users’ preferences, analysing their behaviours on the website and enabling interactions with external networks and platforms – files processed on the basis of the user’s voluntary consent (Article 6 par. 1 letter a of GDPR);
  3. marketing: allowing tailoring of the advertisements and content displayed to our users’ preferences and carrying out personalised marketing campaigns – files processed on the basis of the user’s voluntary consent (Article 6 par. 1 letter a of GDPR).

Cookie files storage period

The cookies used by our website are stored in accordance with the information below:

Type / source Name Description
Grant Thornton cookies-accepted, hideCookiesInfo, hideModal, pll_language Related to the operation of the site and compliance with the information obligation. The first two store information about whether the user accepted or closed the notice about cookies and Privacy Policy. hideModal indicates whether the newsletter signup window was closed and should not be displayed again. pll_language stores information about language preferences.
Google Analytics / Google Tag Manager _ga, _git, _gat, __utma, __utmb, __utmc, __utmz, __utmv, __utmt Used for analytical and marketing purposes. These cookies store statistical information about how the user interacts with the site (e.g. duration of visit, source of traffic, anonymous identification of the visitor and their browser / device). To block these cookies from being added in your browser, you can use the official Google extension: http://tools.google.com/dlpage/gaoptout
Google / YouTube GPS, PREF, VISITOR_INFO1_LIVE, YSC, SID, APISID, HSID, SAPISID, SSID, LOGIN_INFO Used for functional / analytical purposes. These cookies store information including the user’s preferences and settings (e.g. language) and enable view count for videos embedded on the website.
Facebook _fbc, _fbp, act, c_user, datr, fr, presence, sb, spin, wd, xs Used for analytical / marketing purposes. The information stored includes encrypted Facebook user ID and browser ID. It enables us to personalise our Facebook ads to match your interests. We are currently using the Facebook pixel on the site you are on, as well as on the recruitment websites poligonaudytorow.pl and poligondoradcow.pl


Our website uses Google Analytics – detailed information on how Google uses the data collected during the use of our partners’ websites and applications is available at: www.google.com/policies/privacy/partners/