Effective date: 3.11.2022 (archival versions available at the bottom of this page)
Your privacy is very important to us, which is why we have prepared all the necessary information for you to understand what happens to your personal data when you use our website (site). Please feel welcome to read it!
PS: we did our best to prepare this information in an accessible form for you, avoiding paragraphs and legal jargon 🙂
The policy prepared is intended to help you understand:
- Who are we?
- What data do we collect about you?
- How do we use the data we collect?
- Who do we share the data we collect with?
- How do we store and secure the data we collect?
- How to exercise your rights under GDPR?
- Transfer of data outside the European Economic Area (EEA)
- Other important information concerning your privacy
You leave your personal data with us when you use our products or services or otherwise interact with us (for example, by participating in our events and competitions or by communicating with us), unless in a particular case there applies an alternative policy that provides you with details of the processing in that particular situation. This may occur because we are not able to anticipate all possible scenarios that we may wish to pursue in the future.
For details of how we process your personal data in specific processes, please see the information clauses tab.
Who are we?
We are referred to as the Data Controller – this means that we are responsible for determining the purposes for which we collect and process your personal data and we are obliged to provide you on our websites with all information related to your privacy.
As for the details, below is our Company information:
Grant Thornton Frąckowiak spółka z o. o. sp. k. with the registered seat in Poznań at ul. Abpa Antoniego Baraniaka 88 E (61-131 Poznań), entered into the Register of Entrepreneurs of the National Court Register by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, 8th Trade Division of the National Court Register under the following KRS number: 0000369868, holder of the tax identification number (NIP): 7781476013.
We have also appointed a person in our structures who ensures an appropriate level of privacy for individuals. This person is the Data Protection Officer (DPO) – Marcin Troszak, whom you can contact in any situation in which you need further clarification or are concerned about the security of your data. Contact details for the DPO: firstname.lastname@example.org.
What data do we collect about you?
We collect information about you when you provide it to us yourself when you use our services.
Information you provide to us
We collect information about you when you enter it into our services or otherwise provide it to us directly.
Personal data provided by you through our sites: This includes our websites that we own or operate. We collect data that you submit to these sites, including social media or social networking sites operated by us. For example, you provide us with personal information when you provide feedback or participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events. Another place where you leave your personal data with us on our sites will be when you take part in recruitment and apply for a job.
Information we collect automatically when you use our services
We collect information about you when you use our websites, including when you browse our websites and take certain actions on our websites.
Device and connection information
We collect information about your computer, phone, tablet or other device you use to browse our websites. Through your device, we also collect information regarding your operating system, browser type, IP address, referring page URLs/device IDs, geographic location, age group, and website activity, among other things. We use your IP address and/or your country preferences to provide you with a better experience on our websites.
Cookies and other tracking technologies
How do we use the data we collect?
We use your personal data to:
- Provide the newsletter service to you, which includes sending you commercial information. We send you newsletters when you have given us your consent or we have our legitimate interest to maintain positive business relationships with clients.
- Organise corporate events, that require us to collect your data in order to send you an invitation or enable your participation in the event. In this case, we rely on your consent or fulfilment of our legitimate interest, which we consider to be the desire to establish positive business relationships with clients.
- Carry out other forms of marketing our services, which includes maintaining fan pages, answering your questions and organising promotions and other corporate events – the basis for processing is your consent and/or the necessity of processing your personal data for performance of the agreement and fulfilment of the Controller’s legitimate interest, which should be considered as marketing of the Controller’s own services.
- Carry out the recruitment process, i.e. to collect applications for a given position, to conduct meetings with candidates and to select a candidate who meets the requirements of the offer, on the basis of your consent or actions aimed at concluding a contract with you.
- Security and protection: we use your information to detect, prevent and respond to potential or actual security incidents, to monitor and protect against other malicious or illegal activities on our site.
- Protect our legitimate business and legal interest and to protect our claims, as well as defend ourselves against potential claims; the basis of processing is our legitimate interest of the Controller which we consider as fulfilment of the Controller’s statutory activities.
- Perform profiling, which helps us tailor the information we send to you. In practice, this involves segmenting users of the site based on the data collected on the site, e.g. if you happen to have read an article in a certain content area, we may present you with advertising related to that area. We base this on your activities undertaken on the site, interests, job title, age group and geographical location. The basis for processing is our legitimate interest as the Controller, which we consider as fulfilment of the Controller’s statutory activities.
Who do we share the data we collect with?
Transfer to third parties
Your personal data may be shared with entities entitled to receive them under applicable law, including relevant government authorities.
We also share or entrust your personal data for processing by third parties who help us operate, provide, improve, integrate, customise, support and market our services, among others:
- marketing and event agencies,
- third party consulting or auditing entities,
- subcontractors involved in operating some of our services,
- providers of technical services primarily related to maintenance and delivery of IT systems and websites,
- providers of training, conference and other corporate event organisation services,
- providers of postal services.
Transfer to affiliates
The information we collect is shared with the following affiliates in Poland:
- Grant Thornton Frąckowiak sp. z o.o. sp. k.
- Grant Thornton Legal Maślanko Kancelaria Prawna sp. k.
- Grant Thornton Polska sp. z o.o. sp. k.
- Edisonda sp. z o. o. sp. k.
- Immusec sp. z o. o.
How do we store and secure the data we collect
Information storage and security
We use industry standard technical and organisational measures to secure the information we retain. Although we implement safeguards to protect your information, no security system is 100% safe, so we strive to continually monitor and oversee security levels.
How long do we store information
This varies from process to process. If you would like to see the exact information retention periods, please see the information clauses tab.
How to exercise your rights under GDPR?
Depending on the respective processing activity, you have a corresponding catalogue of rights which you may be entitled to. These include:
a) right of access to the data,
b) right to rectification of the data,
c) right to erasure of the data,
d) right to restrict processing,
e) right to data portability,
d) right to object.
If you wish to exercise the above rights, please write to our Data Protection Officer at email@example.com.
Remember that you also have the right at any time to lodge a complaint against the processing activities carried out by us with the competent supervisory authority. In Poland, the authority is the President of the Data Protection Authority – more information is available here: https://uodo.gov.pl/pl/83/155.
Transfer of data outside the European Economic Area (EEA)
International transfers of the data collected by us
In most cases, your personal data will not be transferred to a third country/international organisation outside the EEA. In case of providing a newsletter service, personal data may be transferred to a third country, including but not limited to the USA. In any such case, we verify the provider to ensure adequate standards of personal data protection and enter into Standard Contractual Clauses with the provider as one of the tools for secure data transfer.
When servicing certain clients, personal data, including the personal data of their employees, may be transferred to another Grant Thornton International affiliate located in a third country. Safeguards for such transfers are the standard contractual clauses that are annexed to the Inter Firm Agreement operated within Grant Thornton International.
Other important privacy information
If you have questions or doubts about how your data will be handled, please direct your enquiry to our Data Protection Officer: firstname.lastname@example.org