article banner

Privacy statement

(update 21/03/2023)

All Belgian companies which are a member of Grant Thornton International Ltd (hereinafter collectively, "Grant Thornton", "we", "us" and "our") understand how important privacy is to you and respect your privacy. 

Please read this privacy statement carefully. We explain in it:

1.     What data we collect

2.     How we collect your data

3.     How we use your data

4.     To whom we transfer your personal data

5.     How long we keep your data

6.     How we secure your data

7.     How to exercise your rights as a data subject

8.     Changes to this privacy statement

1. What data we collect

The categories of personal data we collect may include:

  • Identification data and contact information: surname and first name, user name, address, telephone and/or mobile phone number, e-mail address, national register number, passport number, identity card number, copy of passport or identity card, company number, bis register number, license plate number, etc.
  • Personal details and data on family composition: gender, age, date of birth, place of birth, nationality, immigration status, marital status, marriage or form of cohabitation, names of spouse or partner, names of children, number of children, dependants, date of marriage, date of cohabitation contract, date of divorce, etc.
  • Financial and tax information and data on insurance, contracts and property: bank account numbers, financial resources (income, professional expenses, debts, etc.), mortgages and loans, type of insurance, premiums paid, taxes paid, tax refunds, benefits and dividends received, rights to immovable and movable property, intellectual property rights, share ownership, contractual terms, pre-contractual information, disputes, etc.
  • Images and audio-visual recordings: photos, video clips on our website and social media, etc.
  • Data related to the provision of our products and services and the prospection thereof: offers, invoices, payment details, products and services delivered, contracts, etc.
  • Data related to jobs and employment: job title, career, remuneration, benefits granted, training, diplomas, certificates and licences obtained, specific professional skills, termination conditions, etc.
  • Marketing data and data concerning the use of our website and social media: marketing preferences, opt-in and opt-out requests, participation in events organised by Grant Thornton, posts on the social media applications we operate (facebook, instagram, blogs, forums, etc.), browser type, language preference, IP address, etc.
  • Data related to complaints, requests and their handling.

Furthermore, we may collect personal data of a so-called "sensitive" nature (special categories of data), such as:

  • Health, e.g. a disability or other specific medical condition (allergy, etc.) which we must take into account when the data subject enters our business premises or when we organise a business lunch
  • Political or philosophical convictions, e.g. in the context of social elections, of trade union delegates, due diligence assignments, social law advice, etc. and
  • Criminal data, e.g. traffic fines of our employees, extract from criminal records in the context of assistance with immigration applications, etc.

Our products, services and website are not targeted or tailored to children. Therefore, except possibly from our employees and in the context of specific services to certain customers, we do not collect and store children's personal data in an actively intentional manner.

2. How we collect your data

We collect personal data in various ways, in particular personal data we receive:

  • from the data subject himself/herself
  • from the data subject's employer, for example when our customer or supplier is a company and the data subject is designated by this company as a contact person, when we conduct a due diligence, or when we need to process personal data as part of our services to the data subject's employer
  • from our customers, about their customers, suppliers and other data subjects whose personal data they collect
  • from other parties, e.g. government agencies or the data subject's advisers and other consultants, or when our customer provides information about their family members e.g. as part of our tax or legal services
  • through the data subject's use of our website, social media and other tools
  • publicly available information.

3. How we use your data

The personal data we process always depends on the specific circumstances, e.g. the nature of the service or product we are required to provide, the legal obligations we are subject to, the legitimate interests we have to do so or the specific consent you have given us to do so.

We process your personal data in connection with the scenarios below based on the performance of a contract or/and the pursuit of a legitimate interest:

  • Supply of products or services to our (potential) customers
  • Processing in the context of our own administrative, accounting and corporate law obligations
  • Internal risk analyses, audits, quality and safety control
  • Direct marketing.

We have a legitimate interest in processing personal data of our customers or contact persons of our customers for the purpose of sending, by electronic means, advertising messages, newsletters, invitations to commercial events and the like, provided they relate to similar products and services. However, you have the right to object to it at any time, without prejudice to the lawfulness of processing based on legitimate interest before your exercise of right. See section 7 for more information: How to exercise your rights as a data subject.

In some cases, we have a legal obligation to process certain personal data in order to carry out our independence checks, for example:

  • As an employer, our obligations include collecting certain information, such as the national registration number, marital status and family situation of our employees and, where appropriate, passing it on to the competent public authorities;
  • In the context of our professional activities, we have an obligation to collect certain information concerning our customers, their management and their stakeholders and, if applicable, to pass it on to the competent public authorities, e.g. the identification obligation under anti-money laundering and anti-fraud legislation.

We process the following data on the basis of your consent:

  • Direct Marketing: with your consent, we process your e-mail address and/or telephone number for marketing purposes.
  • Cookie: we use essential cookie data when you navigate the website, and with your consent we use non-essential cookie data for marketing and analytics purposes. You can find more information about our use of cookies in our cookie policy.

You have the right to withdraw your consent at any time, without prejudice to the lawfulness of processing based on consent before your withdrawal. See section 7 for more information: How to exercise your rights as a data subject.

4. To whom do we disclose your personal data?

As we are part of a global network, your personal data may be processed or accessed in the country/region where you use our products and services or in other countries/regions where Grant Thornton (incl. Grant Thornton International Ltd. and its members), its service providers, processors, consultants, commercial partners, or inspection services of governmental and judicial authorities are present.

If there is no European Commission adequacy decision for the destination country, we will use appropriate safeguards, as described in Article 46 of the GDPR, when transferring personal data, and such transfers and technical and organisational security measures will be documented in accordance with Article 30 of the GDPR. For example, we use standard contractual clauses to protect the transfer of personal data to countries outside the European Economic Area (EEA), thus insuring that an equivalent level of data protection applies to your personal data even if EU data protection law is not directly applicable.

5. How long we keep your data

We will retain your personal data for no longer than necessary for the above purposes, unless an extension of the retention period is required or permitted by law. The retention period may vary by application case, product and service. We determine the retention period by considering the following points:

  • the time required to retain personal data for business purposes, including the provision of products and services
  • maintaining related transaction and business records
  • monitoring and improving the performance and quality of products and services
  • ensuring the security of systems, products and services
  • handling possible queries or complaints from customers or other stakeholders
  • the requirements of laws, contracts and other data retention guidelines
  • industry standards for retention periods
  • etc.

6. How we secure your data

We do everything we can to protect your data in the best possible way. We have a framework of policies, procedures and trainings in place to guarantee professional confidentiality, data protection, confidentiality and security. We use various security technologies and measures to ensure your privacy. In addition, we repeatedly review and evaluate these technologies and measures to keep your data safe.

7. How to exercise your rights as a data subject

Depending on the processing and the legal basis, as a data subject you have a number of possibilities to keep control over your personal data:

  • right to access your data
  • right to amend your data
  • right to object to the processing of your personal data
  • right to restrict data processing
  • right to have your data erased
  • right to withdraw your previously given consent
  • right to transfer your data
  • right to lodge complaints with the competent data protection authority.

We should point out to you that these rights are not always absolute, that in certain circumstances we are entitled or even required by law to further process your personal data and that we may therefore not always be able to comply (fully) with your request. In such cases, we will inform you accordingly.

You may exercise these rights free of charge, except in cases of abuse and in which case we are entitled to charge an administration fee to comply with your request.

If in our relationship with our customer, from whom we received your data as a data subject, we act only as a processor, we will inform you accordingly and you should address your request to exercise your rights to our customer.

For all questions relating to the exercise of your rights, please contact:

8. Changes to this privacy statement

In connection with the further development of our website, products and services, as well as changes in applicable legislation, we may update this privacy statement. We therefore recommend that you read this privacy statement again from time to time. You can find the most recent version of this privacy statement on our website at any time.