Personal Data Protection Statement

“We” or “Grant Thornton” means the following companies: Grant Thornton Czech Republic s.r.o., tax ID (IČO) 08168733, Grant Thornton Advisory k.s., IČO 19083076, Grant Thornton Audit s.r.o., IČO 08061017, Grant Thornton Appraisal services a.s., IČO 27599582, and GT Legal, advokátní kancelář, s.r.o., IČO 08464715, all with registered office at Pujmanové 1753/10a, Nusle, 140 00 Praha 4.

We undertake to take every precaution to prevent the misuse of the personal data provided to us. We will only process personal data where there are legal grounds for personal data processing. We endeavour to keep personal data as secure as possible. For this purpose, we have put in place a number of technical and organisational precautions to protect personal data from unauthorised or unlawful processing and from accidental loss, destruction or damage.

Grant Thornton may obtain your personal data in a number of ways. First, there are personal data that you provide to us directly, whether in connection with entering into and performing a contract, sending marketing communications or obtaining an offer of employment. We may also collect your personal data in connection with the provision of our services to your employer or service provider, for example in the course of an audit, bookkeeping or payroll agenda for your employer. Finally, we also obtain personal data from publicly available sources (public registers, social networks, etc.).

The term ‘personal data’ means any data relating to a natural person that directly or indirectly identify him or her, such as name, birth registration number, location data or network identifier. Personal data are also one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person.

Personal data also include special categories of personal data, from which it is possible to infer:

  • racial or ethnic origin
  • political attitudes
  • religious or philosophical beliefs
  • trade union membership
  • genetic data
  • biometric data
  • physical or mental health situation
  • sex life or sexual orientation

Personal data also include data on criminal convictions and offences.


In the first place, we process personal data of clients – natural persons for the purpose of providing professional services, and only to the extent strictly necessary in connection with the services provided.

In connection with the provision of professional services, we also process personal data of natural persons, who are not our direct clients, but are in some way involved in or subject to the provision of professional services (e.g. employees, members of elected bodies, customers, suppliers or other contractual partners of our clients).

Most of the personal data we process for the purpose of providing services is voluntarily provided to us directly by clients. This includes in particular the following information:

  • basic data, such as your name, the name of the company you work for, your function and your relationship to the person concerned;
  • contact information, such as your postal address, email address and telephone numbers;
  • financial information, e.g. payment details;
  • other personal data about you or third parties that are provided to us for the purposes of our services.

We use the information you provide for the following purposes:

  • performance of a contract on provision of services;
  • protection of the data controller’s legal claims based on the controller’s legitimate interest in defending his own rights;
  • meeting regulatory obligations;
  • offering other services of the controller based on legitimate interest consisting in the promotion of his own services.

Please note that in cases, where this is necessary for the performance of a contract or the requirements of the law (e.g. in connection with the provision of payroll accounting services), we may also process special personal data, such as trade union membership, data on occupational injury or illness, etc.

Job applicants

In connection with job vacancies at Grant Thornton, we collect information about job applicants. The personal data processed are in particular name and surname, date of birth, nationality, acquired titles, detailed contact information including permanent address, email, telephone number, achieved education and work experience, practical training and part-time jobs, current job position, knowledge and skills, requirements of the job demanded and other related optional entries relating to education, work experience and other things related to the performance of the job.

Based on the personal data processed, we match candidates to specific vacant positions at Grant Thornton that are suitable for them. Relevant information is passed on to the relevant managers and recruiters, who decide whether to invite the candidate for an interview. If a candidate is invited to the interview (or equivalent) stage of the process, we subsequently collect additional information, including interview notes, assessment results, feedback and offer details.

Recruitment tools and websites are accompanied by separate privacy statements, which explain why and how the relevant data are collected and processed. Users of these tools and websites are advised to read the relevant versions of the specific privacy statements carefully.

Legal grounds for processing personal data of job applicants:

  • explicit consent of the applicant;
  • performance of the contract or for the implementation of measures taken prior to the entering in the contract at the request of the data subject;
  • our legitimate interest in attracting the interest, finding and recruiting talented professionals;
  • our legitimate interest in the processing and administration of applications for employment with Grant Thornton, including the screening and selection of candidates;
  • our legitimate interest in employing successful candidates and verifying relevant information prior to employment;
  • our legitimate interest in the administration of our career website (including the performing of statistical - analyses);
  • fulfilling statutory or regulatory obligations (when carrying out checks to verify applicants’ fitness for work).

Website visitors

Grant Thornton undertakes to do everything in order to ensure protection of personal data and the privacy of the users of its websites. In order to prevent unauthorised access to the personal data acquired, their revelation and unintentional use, we act in compliance with the respective technical and organisational regulations on personal data protection. Grant Thornton cannot rule out the possibility of data misuse, because the Internet remains an unpredictable medium despite safety precautions and communication protocols.

Cookies and their use on our websites

What are cookie files?

Cookies are files that save website settings. Websites store cookies in the devices that users use for access to the Internet, in order to be able to identify them later and save their settings. Cookies enable websites to identify devices, if users have visited them already; more advanced applications may use cookies to adjust individual settings. Storing of cookies is managed only by the browser used by the user. It is possible to limit or deactivate storing of cookie files as needed.

What do cookie files serve for?

Cookies are necessary for smooth provision of online services; without them the most common electronic services would be impossible. Cookie files facilitate and accelerate interaction between users and websites.

By using cookies, websites are able to register user preferences, which enables us to adjust websites to our users for the most efficient and pleasant use. There are many reasons for using cookies. They are used for storing data about websites (details about website adjustment), to support provision of online services (e.g. webstores), they also help us collect statistics about users, their preferences, the number of website visits etc. They help us estimate the efficiency of our websites in this way. 


List of cookies on our websites

  1. cookie PHPSESSID -, which is used to remember the login to the CMS.
  2. CSRF protection SameSite -, which serves for protection of login to the CMS.
  3. GA Google Analytics

If you do not wish to be monitored using the Google Analytics service, click here.

  1. cookie PHPSESSID -, which serves for remembering and login to the CMS.
  2. CSRF protection SameSite -, which serves for protection of login to the CMS.
  3. GA Google Analytics, which serves for analytical and marketing purposes.
  4., which serves for analytical and marketing purposes.

  1. GA Google Analytics, which serves for analytical and marketing purposes.

The cookie files used by our website do not collect personal data that would enable your personal identification and they cannot harm your computer, tablet or smartphone. Cookies support the functioning of our websites and help us understand, which specific pieces of information are the most beneficial for users.

Legal grounds for processing personal data of visitors to our website:

  • our legitimate interest in providing you with information and services in an efficient manner and in ensuring that our activities are effective and in accordance with the law;
  • our legitimate interest in the development and improvement of our website and your user experience.


In the Customer Relationship Management (CRM) system we keep contact details of former, current and potential clients and people who are their employees or who work with them. The CRM system is used by Grant Thornton, among other things, to support marketing activities.  Newsletters, marketing materials, as well as offers of training and other events are sent to those in the system.

  • Name, function, postal address, e-mail address, telephone number, in some cases also language and gender;

Grant Thornton does not intentionally collect any sensitive data, except when you provide it to us in connection with your participation in our events (for example, special dietary requirements based on your religion or food allergies).

If you no longer wish to receive any Grant Thornton publications, your contact information will be kept on the unsubscribe list.

Legal grounds for contact data processing:

  • express consent of the person, who provided the contact information to us;
  • our legitimate interest in providing services to our clients.


Period of personal data processing

In accordance with the applicable procedures, we retain personal data only for as long as necessary for the purposes stated in the section “Purpose of personal data processing”. Please note that retention periods vary between jurisdictions and are set in accordance with local regulatory and professional requirements.

In order to meet the professional and legal requirements of our business and to be able to establish, exercise or defend our legal rights, as well as for archival and historical purposes, we retain the relevant data for a significant period of time.

Recipients of personal data

Grant Thornton processes personal data manually as well as automatically. Personal data may also be processed by third parties, suppliers of information, accounting and other systems. We only work with suppliers and third-party service providers that ensure protection of personal data.

Your personal data may be further transferred to public authorities to the extent appropriate to the scope of the services provided.

Your rights

In connection with the processing of your personal data, you have the right to request from the controller access to, rectification or erasure of, or restriction of processing of, your personal data, and you may object to processing, as well as having the right to data portability, in the cases and under the conditions set out in the General Data Protection Regulation.

You also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection.

address Pplk. Sochora 27 170 00 Praha 7

telephone +420 234 665 111


data box ID: qkbaa2n

Transfers of personal data to third countries

If required by the purpose of the contract, personal data will be transferred for processing to third countries, subject to the conditions and safeguards of the GDPR and the adoption of appropriate measures. It will be ensured that data subjects are provided with the necessary data on request.

We may change and update this Privacy Statement in certain circumstances. We therefore recommend that you visit this website in your own interest and make sure that you are always up to date with its content.


The personal data provided are secured by standard procedures and technologies. Grant Thornton warrants that it regularly checks that the system is free from vulnerabilities and has not been subject to attack and uses such security measures, as may reasonably be required from the controller to prevent unauthorised access to the personal data provided and which, having regard to the current state of technology, provide adequate security. The security precautions adopted are then regularly updated.


If necessary, please contact us at