article banner

Privacy statement


Last Modified June 23 2021

At Grant Thornton, we are committed to protecting personal data and fair and transparent processing, and to safeguarding the confidentiality of the personal, business and financial information we collect and use to deliver our services and run our business operations.

Who we are

This privacy statement applies to Grant Thornton LLP, Grant Thornton Limited, Grant Thornton Corporate Finance Inc. CapServCo Limited Partnership, and their respective affiliates in Canada (collectively, "Grant Thornton", "we" or "our").

About our privacy statement

This privacy statement applies to Grant Thornton services, operations, and websites. It will help you to understand what personal data we collect and how we use and disclose personal data from individuals, clients, suppliers or others when we provide services and conduct our business. It also informs you of your rights regarding this use and disclosure, and how you may correct that data.  We will only use personal data for the purposes described in this privacy statement or as stated at the point of collection. Our privacy statement conforms to the standards required by applicable privacy legislation.

We update this privacy statement from time to time without notice. It is current as at the date indicated at the top of this statement.

What is personal data?

Personal data is any data that is identifiable with you, as an individual. This personal data may include, but is not limited, to your name and mailing address, telephone number, email address, Internet Protocol (“IP”) address, age, gender, marital status, health information, financial status, government issued ID numbers, credit card information and credit history. Personal data does not include your business contact information (business title, business address or business telephone number in your capacity as an employee of an organization).

What kinds of personal data do we collect and how do we obtain consent?

Grant Thornton collects your personal data by fair and lawful means to assist you in understanding our offerings, applying for employment with us, and using our services. We collect personal data directly from you or indirectly from third party sources as otherwise permitted by applicable law.  For example, we may collect personal data from you when you visit our offices, when preparing your tax return, when you visit our website, complete online forms or surveys, register for one of our events, or submit a job application to our careers site. Additionally, we may provide services to your employer or service provider who shares your data with us to perform a service. Finally, we may collect personal data from publicly available sources.

Occasionally, you may voluntarily provide us with unsolicited personal data (for example, by voluntarily disclosing it through our website when completing forms to contact us or subscribing to a newsletter). If you choose to provide any sensitive personal data in this manner, you acknowledge your consent to the collection and processing of this data.

The following is a non-exhaustive list of situations in which we collect personal data, with some examples of what is collected:

  • Contact information, such as your name, title, role, employer, telephone, email address, and mailing address
  • Visitor information when you attend at our offices or events, such as your name, company, and person you visited at our offices and events
  • Personal employee information – in the performance of services to business clients (see Services information)
  • Mandate information, such as information about the services you have requested or the matters that you are involved in
  • Services information, any information that you provide or that we generate as part of our services, such as  social insurance and business numbers, financial, spousal and dependent, beneficiary, residency and other information relevant to providing tax, estate planning, and business planning, tax-related information when we are providing tax or financial advisory services; employee information, including salaries and benefits, when we are conducting restructuring services and management advisory services; customer and vendor information when we are conducting an audit or assisting with information technology implementation
  • Public profiles, such as information that you have made public such as on LinkedIn, on your business card, in online directories or on your company’s website
  • Communications, such as the content of your emails, voicemails, survey or feedback responses, comments on our sites, and other communications with us (if they are considered work product, this would not be considered personal data)  
  • Communication preferences and interests, such as when you subscribe to receive our newsletters, updates, or other materials
  • Recruitment information, such as CVs, references, and other information you may provide if you apply for employment or an internship, or that we collect as part of our recruitment activities
  • Background check information, such as credit checks, criminal records checks, economic and other sanctions checks, credential checks and other background information
  • Statement on the privacy of minors: We do not knowingly collect personal information from children under the age of 14 except as may be necessary in the course of a client engagement. Our websites and marketing materials are for the use of individuals who have reached the age of majority in their province or country of residence
What automated data collection methods do we use?

When you visit our websites, we collect certain personal data automatically from you to provide you with a personalized experience and give you access to products and services that are most relevant to you. Our electronic marketing activities are in accordance with applicable legislation, including Canada’s Anti-Spam Legislation (“CASL”).

We may collect personal data from your device using cookies and web beacons. Cookies collect data such as your IP address, pixel ID, device type, unique device identification number, browser type, operating system, broad geographic location (e.g., country or city-level location) and other technical data is collected this way. We also collect data about how your device has interacted with our site, including the pages accessed, current URL, time you visited the site and links clicked. Collecting this data enables us to better understand the visitors who come to our site, where they come from and what content on our site is of interest to them. We use this data for our internal analytics purposes, and to improve the quality and relevance of our site to our visitors.

How do we use your data?

How do we use your data?

At Grant Thornton, we use your personal data for the following purposes:

  • To provide tax, audit, advisory and other professional services to our clients
  • To administer our client and supplier relationships and maintain contractual relations
  • To complete conflict checks and independence compliance
  • For accounting and tax purposes 
  • To comply with our legal and regulatory obligations
  • To allow you to safely and securely visit our offices and use our facilities and network
  • To communicate with you across multiple platforms and devices (voice, email, mobile, etc.)
  • For marketing and business development purposes such as:
    • To market our services to you and help you understand our service offerings
    • To educate you on specific matters of interest to you in relation to our services
    • To offer and host events and provide marketing communications
    • To ensure the effective and efficient management of our websites and enrich your browsing experience
    • To analyze data related to visitors to our websites
    • To develop and/or improve our business and services to meet the needs of current and future clients
  • To administer business transactions such as procurement, accounts payable and receivable
  • To analyze the skills and competencies of job applicants, and to execute recruitment activities
  • To establish, exercise or defend legal rights
  • To protect our technology infrastructure and the security of our data
  • To monitor and enforce compliance with terms of use, and conduct quality and risk reviews
  • Where required and permissible by law, we may retain some data for historical or archival purposes
How do we share, transfer or disclose your data?

Grant Thornton operates offices across Canada, providing services to clients in Canada and many other jurisdictions either through direct engagement, or by assisting with engagements from other Grant Thornton International Ltd. member firms (“Grant Thornton Member Firms”). Where engagements with our clients span more than one jurisdiction, certain information may need to be accessed by Grant Thornton Member Firms. Personal data is stored primarily in Canada; however, your personal data may be transferred to and stored outside the country in which you are located and would be subject to the laws of the jurisdiction in which it is held. This may include countries with laws that have not necessarily been determined to provide an adequate level of protection for the processing of personal data under the laws of the EU or other jurisdictions. We take appropriate security and legal precautions to safeguard the safety and integrity of personal data that is transferred within our organization.

We also transfer or disclose the personal data we collect to external service providers who are engaged by us to support our services and internal operations. Whenever possible, we require our service providers to store data within Canada. We use third-party service providers that maintain a comparable level of data protection that we would be obliged to provide ourselves for the data, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.

How do we protect your data?

Grant Thornton protects the confidentiality and security of data it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security can be provided upon request.

How do we keep your data accurate?

We strive to maintain data in our systems and processes and ensure they are accurate and up to date. It’s important that you inform us when your personal data and contact information changes. Please provide current up to date information to the Grant Thornton colleague who normally assists you.

How long do we keep personal data?

Data retention periods vary by jurisdiction and are set in accordance with local regulatory and professional standards requirements. We will keep your data for as long as it is required to perform any of the purposes described in this privacy statement, to meet our professional obligations, and any legal requirements. All data are disposed of in accordance with applicable laws and regulatory requirements.

What rights do you have for managing your personal data?

Subject to applicable laws, you have the following rights to retain control of how your data is collected, used and processed.

  • Access: you have the right to ask if we have collected data about you and to obtain access to that information. If you wish to exercise this right, please send a written request to our Chief Privacy Officer (details found below).
  • Corrections: you have the right to ask us to correct any incomplete or inaccurate personal data we hold about you.
  • Withdrawing Consent: you have the right to ask us to stop collecting, using, or sharing your personal data in some cases. You can unsubscribe from any of our electronic marketing communications using the unsubscribe links provided.
  • Complaints: you have the right to make a complaint to our Chief Privacy Officer about our compliance with applicable privacy laws. You also have the right to make a complaint to the applicable regulatory body administering data protection and privacy legislation.

The easiest way for you to exercise your rights is to make these requests directly to our Chief Privacy Officer at the following address:

Chief Privacy Officer
Grant Thornton LLP
20th Floor
200 King Street West
Toronto, Ontario
M5H 3T4