Updated 24 February 2023

Grant Thornton Bermuda respects the right to privacy and wants to protect the privacy of those who view or interact with our website, www.grantthornton.bm

Please read the following statement; it will help you to understand how we use the personal data that you may provide to us through the use of our website. Information on how we use personal data in relation to professional engagements can be found here.

Please note that we may update this privacy statement from time to time. We will include a review date at the top of the page so you will know when we make changes.

About Us 

In this privacy statement “we”, “our”, and “us” refers to Grant Thornton Bermuda. Grant Thornton Bermuda is part of Grant Thornton Ireland and is one of several partnerships under Irish Law trading as Grant Thornton and the following legal entities: Grant Thornton (NI) LLP; Grant Thornton Financial & Taxation Consultants Limited; Grant Thornton Business Advisory Services Limited; Grant Thornton Corporate Finance Limited; Grant Thornton Consulting Limited; Grant Thornton Financial Counselling Limited; Grant Thornton Debt Solutions Limited; Grant Thornton Pensioner Trustees Limited; Grant Thornton Limited (Isle of Man),Grant Thornton (Gibraltar) Limited and Grant Thornton Bermuda.

What personal data do we collect? 

We collect personal data such as your name, address, telephone number and e-mail address when you submit an enquiry (either through the enquiry form or directly to an individual in Grant Thornton Bermuda), when you subscribe to or submit an interest in our newsletters and publications, when you request additional information or when you want to enter any competitions or promotions organised by us.

From time to time, we may also collect some publicly available personal data such as name, employer and job title and /or position about individuals who interact with the content or publications on our website for example, when an individual shares a Grant Thornton Bermuda publication or article via a social media platform.

When you submit an interest in working for Grant Thornton Bermuda through our online platform or directly to an individual within Grant Thornton Bermuda, we collect personal data such as name, contact details, employment history and educational background, details of current immigration status and other information which you volunteer on your curriculum vitae or application in order for us to consider your application for a position with us as the first step in the recruitment process.

We also use cookies to collect data about visitors to our website (for example information on browsing patterns) in accordance with our cookie policy. Please read our cookie policy below to find out more specific information about what cookies are, how you can control the use of cookies on our website and what cookies are used on our website.

All IP addresses of users of this website are anonymised within Google Analytics as soon as technically feasible at the earliest possible stage of the collection network.

In accordance with section 7 of PIPA, 'sensitive personal information', and Article 9 GDPR, ‘special category data’ both mean 'any personal information relating to an individual’s place of origin, race, colour, national or ethnic origin, sex, sexual orientation, sexual life, marital status, physical or mental disability, physical or mental health, family status, religious beliefs, political opinions, trade union membership, biometric information or genetic information'. Such personal data will not be processed on this website.

What is our legal basis for processing this personal data?

The legal basis for processing personal data through the use of our website is our legitimate business interests.

These legitimate interests include:

  • Providing you with access to our website;
  • Promoting, marketing and monitoring the performance of our business and services;
  • The administration and organisation of our services;
  • Monitoring and improving the performance of our website; and
  • Promoting the career opportunities and managing the recruitment process within Grant Thornton Bermuda.

When you receive any marketing material from us, we include an unsubscribe button in our communications, so you can opt out of receiving such communications at any time. 

How do we use your personal data? 

We may use your personal data to respond to your enquiries, send you newsletters and publications to which you may have subscribed, send event invitations, provide you with additional information as requested and to include you in any competitions or promotions organised by us.

When you apply for a position with Grant Thornton Bermuda, we will process the personal data you provide to us in order to consider your application for a position with us as the first step in the recruitment process. 

We will use your personal data in a lawful and fair manner and only for the purposes for which it is collected or for purposes that are related to those specific purposes. We will ensure that personal data is adequate, relevant and not excessive in relation to the purposes for which it is used. We will ensure that any personal information used is accurate and kept up to date to the extent necessary for the purposes of use.

If and when you leave Grant Thornton and should you wish to be included, we may also process your information to help us maintain an engaged alumni community with the Firm thereafter.

To whom might we disclose your personal data?

We may need to disclose your personal data to third party service providers such as IT service providers who may be provided with access to our networks or IT tools.

We may disclose personal data with our client relationship management system provider. They may only process this data for the purpose of providing us with their services.

We may also pass your personal data to Grant Thornton member firms or to other suppliers and service providers to whom we outsource support services. 

Transfers Abroad

In connection with the above, as Grant Thornton Bermuda forms part of Grant Thornton Ireland, personal data may be transferred to offices within the Firm but which are based outside of the EEA or Bermuda in compliance with the Firm’s Data Protection and Privacy policies and the firm’s regulatory obligations under GDPR and Bermuda's Personal Information Protection Act 2016 (as amended) ("PIPA").

Prior to making a data transfer to third parties outside of Bermuda, Grant Thornton Bermuda will assess the level of protection provided by the overseas third party for that personal information, including considering the level of protection afforded by the law applicable to such overseas party. 

For any data transfers from Grant Thornton Bermuda to third parties based within the EEA, personal data may be transferred without additional safeguards as EEA jurisdictions have been recognised by Bermuda as providing for an equivalent level of protection for personal data as is provided for in Bermuda.

For any data transfers from Grant Thornton Bermuda, which forms part of Grant Thornton Ireland, to third parties based outside the EEA, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer to ensure that the overseas third party provides a comparable level of protection. 

Notwithstanding, Grant Thornton Bermuda may transfer personal information to an overseas third party for use by that overseas party on behalf of Grant Thornton Bermuda or for the overseas third party's own business purposes if:

  • The transfer is necessary for the establishment, exercise or defence of legal rights; or
  • Grant Thornton Bermuda assesses all the circumstances surrounding the transfer and reasonable considers the transfer is small-scale, occasional and unlikely to prejudice the rights of an individual.

Further details of the measures that we have taken in this regard are available by contacting us using the contact details below.

How long will we hold your personal data? 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Please see our cookie policy for details on how long we store information collected by cookies.


This is the website of Grant Thornton Bermuda, a practicing, trading organisation that delivers services. Grant Thornton Bermuda forms part of Grant Thornton Ireland, which is a member firm of GTIL. GTIL and its member firms are not a worldwide partnership. GTIL and each member firm of GTIL is a separate legal entity.

Our website contains links to Grant Thornton member and correspondent firm websites, but this privacy statement applies only to personal data collected via websites operated by Grant Thornton Ireland and to how Grant Thornton Ireland processes the personal data collected via these websites. It does not apply to specific member or correspondent firms practising under the Grant Thornton name.

Our website may also contain links to other sites and certain social media platforms.

We are not responsible for the privacy practices of these or other sites. We encourage our visitors to be aware when they leave our website, and to read the privacy statement of other sites that collect or use personal data.


Unfortunately, no data transmission over the Internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of your personal data. 

Grant Thornton Bermuda has put in place appropriate security safeguards to ensure the security of personal data against the risk of loss, unauthorised access, destruction, use, modification or disclosure or other misuse. Grant Thornton Bermuda has put in place procedures to deal with any suspected data security breaches and will notify you and the Privacy Commissioner or any other relevant regulator of a suspected breach where Grant Thornton Bermuda has a legal obligation to do so. Grant Thornton Bermuda will provide to the Privacy Commissioner a notice that describes the nature of the breach, the likely consequence for that individual and the measures taken and to be taken by us to address the breach.

Your Rights 

Grant Thornton Bermuda recognises that individuals have specific rights conferred on them by PIPA, including:

  1. the right to access personal information about the individual in the custody or under the control of Grant Thornton Bermuda;
  2. the right to be informed about the purposes for which personal information has been and is being used by Grant Thornton Bermuda;
  3. the right to know the names of the persons or types of persons to whom and circumstances in which the personal information has been and is being disclosed;
  4. the right to make a written request to Grant Thornton Bermuda to correct an error or omission in any of the personal information which is under the control of Grant Thornton Bermuda;
  5. the right to request Grant Thornton Bermuda to cease, or not to begin, using personal information for the purposes of advertising, marketing or public relations or where the use of personal information is likely to cause substantial damage or substantial distress to the individual or to another individual;
  6. the right to request that Grant Thornton Bermuda erase or destroy personal information about the individual where that personal information is no longer relevant for the purposes of its use;
  7. the right to restrict the processing of the individual's personal information;
  8. the right to be informed of a personal information breach (unless the breach is unlikely to be prejudicial); and
  9. the right to complain to the Privacy Commissioner.

As mentioned above in parts (a) – (c) individuals have the right to access their own personal information and receive information about its use. Unless it is reasonable in all the circumstances under parts (a) – (c) above to provide access, Grant Thornton Bermuda may refuse the request in accordance with Section 17(2) of PIPA, or shall not provide access in accordance with Section 17(3) of PIPA.

Grant Thornton Bermuda may refuse to provide access to personal information on the following grounds, where the personal information:

  1. is subject to legal privilege;
  2. would reveal confidential information of Grant Thornton Bermuda or of a third party that is of a commercial nature and it is not unreasonable to withhold the information;
  3. is being used for a current disciplinary or criminal investigation or legal proceedings, and refusal does not prejudice the right of the individual to receive a fair hearing;
  4. was used by a mediator or arbitrator, or was created in the conduct of a mediation or arbitration for which the mediator or arbitrator was appointed by the court or by an agreement; or
  5. the disclosure of the personal information would reveal intentions of Grant Thornton Bermuda in relation to any negotiations with the individual to the extent that the provision of access would be likely to prejudice those negotiations.

Unless it is reasonable in all circumstances to provide access, Grant Thornton Bermuda must not provide access to personal information where the disclosure of personal information:

  1. could reasonably be expected to threaten the life or security of an individual;
  2. would reveal personal information about another individual; or
  3. would reveal the identity of an individual who has in confidence provided an opinion about another individual and the individual providing the opinion does not consent to the disclosure of their identity.

Grant Thornton Bermuda may consider providing an individual with their personal information where it can reasonably redact information and provide the personal information to the individual who requested it.

Procedure for Making a Subject Access Request

In order to obtain a copy or examine personal information an individual (the "Applicant") must make the request in writing to Grant Thornton Bermuda and which can be provided in email to the Privacy Officer at [dataprivacy@ie.gt.com] or be provided by hand to Grant Thornton Bermuda to the attention to the Privacy Officer.

Grant Thornton Bermuda will promptly acknowledge the request in writing and inform the Applicant if any further information is required to complete the request. A copy of the personal information must be provided within a 45 day deadline, or we may extend the period by no more than 30 days (or as permitted by the Privacy Commissioner) where a considerable amount of personal information is requested and the request would interfere with the operations of Grant Thornton Bermuda, or more time is needed to consult with a third party. Grant Thornton Bermuda shall inform the Applicant in writing of any extension and the expected time of response.

Grant Thornton Bermuda may charge the Applicant a fee for access to the personal information, and such fee will determined by Grant Thornton Bermuda, except where such request results in the correction of an error or omission in the personal information about the Applicant that is under the control of Grant Thornton Bermuda.

Procedure for Making a Data Rights Request

If you become aware that information we maintain about you is inaccurate, or if you would like to update or review your information, you may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. We may limit or deny access to personal information where providing such access would be unreasonably burdensome or inappropriate under the circumstances. All requests to change personal information will be handled in accordance with applicable legal requirements. If you would like to change your information you should contact the Firm Data Protection Officer.

We will take steps to address your request to the extent consistent with and permitted by laws, regulations and professional standards applicable to us and our own internal policies.

Cookie Policy 

What is a Cookie?

A cookie is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on your hard drive. Cookies can't read data off your hard drive or cookie files created by other sites, and do not damage your system.

How to control the use of cookies on this website?

You can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. Web browsers allow you to control cookies stored on your hard drive through the web browser settings. To find out more about cookies, including what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

We only use cookies to monitor the performance of our website and to improve user experience.

If you choose not to accept, some or all of our cookies, some of the features of our site may not work as well as we intend.

Cookies used by the Grant Thornton Ireland website

Cookie Name




1 Week

Google Analytics uses these cookies, based on recent searches and interactions, to customise ads on Google websites.


2 Years

We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.


Deleted when you close your browser

This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.


24 hours

Used to distinguish users.


10 min

Aggregate analysis of website visitors


10 min

Aggregate analysis of website visitors


12 Months from Last Visit

Google Analytics - Keeps track of site usage and anonymous user information


2 Years

Used by Google Analytics to identify, track and persist individual sessions with your device.


2 Years

We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.


2 Years

We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.


2 Years

We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.


17 days

Aggregate analysis of website visitors


Expires after session

This cookie is used to register the user’s session.


2 Years

We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.



Used if you are using the Number of visits personalisation criterion. This cookie will not be set if you remove it from all of your visitor groups.


1 Year

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.


This cookie is deleted when you close your browser.

This is a session cookie sent to the web browser and issued when you open the browser and then go to a website that implements ASP.NET session state.


1 Year Persists the Clarity User ID and preferences, unique to that site is attributed to the same user ID.


1 Day

Connects multiple page views by a user into a single Clarity session recording.


1 Year

Identifies the first-time Clarity saw this user on any site using Clarity.


10 minutes

Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn't use ANID and so this is always set to 0.


7 Days

Indicates whether to refresh MUID.


1 Year and 24 Days

Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.


Expires after session

Used in synchronizing the MUID across Microsoft domains.