Privacy policy

This privacy policy describes our policies on the collection and processing personal data of visitors to this website.

Valid as of 2nd February 2023.

Principles

Grant Thornton Digital respects your privacy and is committed to keeping your personal data, which it acquired through its online data system, secure and will not transfer it to any third party or use it for other purposes without your permission. Our website is does not transmit any personal data to us during your visit, unless you send us a request using one of our web forms. Grant Thornton Digital undertakes to make every effort to ensure the protection of personal data and privacy of users of its website and its web forms.

We reserve the right to transfer your data to our partners in the Grant Thornton International network if this is necessary to answer your query. Your personal data will only be stored for the period, necessary for the purpose for which it is transferred and for as long as is necessary to comply with this privacy statement and in accordance with the law.

As certain links of the company’s online data system direct to external websites, which are not directly related to our company, we do not assume any liability for data protection on these websites.

Description of data controller

Grant Thornton Digital Kft. (referred as "Controller"). The Controller does not designate a data protection officer.

• Registered office: H-1134 Budapest, Dévai utca 26-28. (Dévai Center). ép.
• Postal address: 1134 Budapest, Dévai utca 26-28. (Dévai Center). ép.
• Company registration number: 01-09-395385
• E-mail: office@hu.gt.com
• Phone: +36 1 455 2000
• Website: https://www.gtds.hu

Online offer

The Controller has created web forms in order to allow visitors to submit requests for proposals. The Controller processes the following data for the purpose of contacting and liaising with the data subject:

• personal name
• company name
• e-mail address
• phone number

Pursuant to Article 6 (1) b) of the GDPR, processing is lawful if necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

If no contract is concluded after the request was submitted, the data will be deleted within 1 year. If the contact data are also recorded in a contract concluded between the parties, the data will be kept for 8 years after the termination of the legal relationship, in accordance with the accounting rules on the retention of contracts.

Business contact details are collected and stored in the Microsoft Forms service of Microsoft, "Microsoft". In some of our campaigns we collect contact details on Instanst Forms of Facebook, "Meta". The data provided for us in that way are transferred to the infrastructures managed by Microsoft or Meta.

• Click here to learn more on the privacy policy of Microsoft
• Click here to learn more on the privacy policy of Meta

In the course of data processing, the Controller does not disclose the contact data to third parties, only employees and our partners in the Grant Thornton International network involved in the preparation and subject matter of the contracts may know them; this is a proportionate restriction regarding the contact data. Data is processed only as strictly necessary.

Cookies

Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google").

We recommend that you accept “cookies” to make full use of certain features of the website. A “cookie” is a small piece of text containing personalised information that is stored on the data subject’s computer by the data subject’s browser. The purpose of cookies is to help us recognise returning visitors, to implement customised visitor functions and to process user logins (identification, authentication).

The data processing is carried out for statistical purposes only, in order to enhance the user experience by using the website traffic data; the Controller stores the data as statistical data, they do not know any personal data. In transferring the data collected, Google applies the General Terms and Conditions for the transfer of personal data relating to online advertising and measurement outside Europe. To find out more about Google Analytics, please visit the following website: https://support.google.com/analytics#topic=3544906

Access to data

The personal data provided by the data subject may only be disclosed to the Controller’s senior manager and designated staff and, where necessary, to a data processor. The Controller stores the personal data provided by the data subject on servers located at the Controller’s headquarters, guarded by 24/7 security.

The Controller uses data processors for the following data processing tasks:

• for liaising and the preparation of proposals and contracts it is Grant Thornton Consulting Ltd. (H-1134 Budapest, Dévai u. 26-28, Dévai center ép.).

Also, the Controller uses Google (Analytics, Microsoft (Forms) and Meta (Facebook) to process personal data. Unless otherwise stated in the service-specific privacy notice, the Controller responsible for the processing of data depends on the place of residence of the data subject.

Other than the above, the Controller only discloses personal data to other persons or public bodies and authorities in cases specified by law.

Rights related to data processing

The data subject may, at any time, request information in writing from the Controller in order to be informed by the Controller:

• what personal data,
• what is the purpose of data processing,
• what is the source of data,
• for how long are the data kept,
• to whom, when, under what legal provisions,
• and to which personal data the Controller granted access or transferred the personal data.
The Controller shall comply with the data subject’s request within a maximum of 30 days by electronic letter sent to the contact details provided.
1. The data subject may, at any time, request in writing that the Controller modify any of their personal data. Controller shall grant the request within a maximum of 30 days and shall notify the data subject accordingly.
2. The data subject may request the erasure of their personal data in writing from the Controller. The Controller shall reject the erasure request if the law or an internal regulation obliges the Controller to continue to store the personal data. However, in the absence of such an obligation, the Controller shall comply with the data subject’s request within a maximum of 30 days and shall notify the data subject accordingly.
3. The data subject may request the blocking of their personal data in writing from the Controller, stating the reason. The blocking lasts for as long as the reason indicated by the data subject makes it necessary to store the data. In this case, the Controller will continue to store the personal data until the authority or court requests it, after which the data will be deleted.
4. The data subject shall have the right to receive personal data concerning them which they have provided to a Controller and the right to transmit such data to another Controller. Controller shall grant the request within a maximum of 30 days and shall notify the data subject accordingly.
5. The data subject may object in writing to the processing of personal data if the Controller would transfer or use the personal data for direct marketing, public opinion polls or scientific research. The data subject may not object to the Controller’s disclosure of their personal data to the authority in the course of an ongoing authority procedure.