Services

Advisory

Dynamic organisations need a broad range of advisory services to support their ambition and growth.

Consulting
The Grant Thornton FS Consulting team have a wealth of experience across a wide range of issues. From banks to insurance companies, the FS Consulting team have branched into all areas of Financial Services. Our FS Consulting team can help you with an array of issues, and guide you through the journey.
Corporate Finance
Grant Thornton’s Corporate Finance team has built up a vast range of experience providing a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
Financial Accounting and Advisory Services (FAAS)
Our team of experts here at Grant Thornton is committed to providing best-in-class solutions to help our clients effectively overcome the hurdles associated with complex regulatory compliance requirements, especially when entering new markets.
Financial Crime (AML)
Protect your business from financial crime with expert AML solutions.
Forensic Accounting
Resolve disputes, uncover fraud and protect your business with expert forensic accounting, investigations and digital forensics support.
Internal Audit & Control Assurance
Strengthen governance, enhance controls, and ensure compliance with expert internal audit and assurance services.
IT Risk Assurance and Advisory
Ensure IT compliance, mitigate risks, and enhance governance with expert IT risk assurance and advisory services.
Risk Advisory
Our Risk Advisory team delivers innovative solutions and strategic insights for the Financial Services sector, addressing disruptive forces, regulatory changes, and emerging trends to enhance risk management and foster competitive advantage.
Sustainability Desk
Grant Thornton’s team of experts provides a wide range of sustainability solutions, combining our knowledge of sustainability with our deep experience in providing professional services.

Audit

The Grant Thornton Audit team offers that expertise and knowledge along with a horizontal approach to solving clients’ problems and queries. Clients get access...

See Overview

Tax

Given Bermuda's very attractive tax incentives for overseas investors, our team can advise on all matters relating to expatriate and international taxes. We...

See Overview

Privacy notice: Bermuda Privacy Notice Addendum

Updated 25 August 2025

This Bermuda Privacy Notice Addendum (“Addendum”) supplements the Grant Thornton Privacy Statement (“Privacy Statement”).

Grant Thornton respects the rights to privacy established under the Personal Information Protection Act, 2016 (as amended) (“PIPA”) and applicable data protection laws has established a data privacy framework designed to protect the privacy of individuals whose personal information is used by Grant Thornton, including those who engage our services and those who view or interact with our website, www.grantthornton.bm.

This privacy notice is intended to inform users of our website and individuals who are resident in Bermuda about how your information, including personal information (as defined below), will be used by Grant Thornton and/or on its behalf by its third party service providers.

We will use your personal information when:

you access or use our sites;
you, or the organisation with which you are connected, are a potential client of our services; or
you have engaged with, or subscribed to, our newsletters or other marketing communications or initiatives.

We are required to give you the information in this Addendum, including to inform you about your individual rights, under the Personal Information Protection Act, 2016 (as amended) (“PIPA”) and applicable data protection laws.

We are committed to protecting your privacy. You should read this Addendum fully to understand the basis upon which we use your personal information and to whom it will be disclosed. Additionally, details about our use of personal information in relation to professional engagements are available in our privacy statement: professional engagements.

All capitalised terms have the same meaning given to them in the Privacy Statement or this Addendum. In the event of a conflict between this Addendum and the Privacy Statement, this Addendum will prevail.

Who is responsible for your personal information?

References to Grant Thornton (including, "we", "us", "our" and "Grant Thornton Group") in this Addendum refer to the following entities, each of whom are part of a global alternative practices structure: Grant Thornton Advisors LLC, Grant Thornton LLP, Grant Thornton Corporate Finance Limited, Grant Thornton Ireland, Grant Thornton (Bermuda) Limited, Grant Thornton Advisory (Bermuda) Limited and/or their affiliates and subsidiaries.

Each of these entities are organisations which have joint responsibility for your personal information and have an arrangement in place to ensure that your individual privacy rights are protected. For more details about these entities see 'Who we are: Responsible Organisations'.

In some instances, these entities may be independent organisations responsible for your personal information under PIPA and applicable data protection laws.

If you have any questions about how we use your personal information or to exercise your individual rights (as set out in this Addendum), please contact the Firm Privacy Officer at dataprivacy@ie.gt.com or provide by hand to Grant Thornton Bermuda to the attention of the Privacy Officer.

What is personal information?

Under PIPA, the term “personal information” means any information relating to an identified or identifiable natural person.

It can include information about you that can identify an individual, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors.

How and why do we use your personal information?

Personal information used about you will vary according to our interactions and relationship with you, including services we offer (and the nature of our engagements).

The table below explains our purposes of using your personal information, one or more of which may be apply to you. Please note that the personal information listed is non-exhaustive.

Types of personal information	Data source	Purpose of using your personal information	Recipients
First and last name, email address, mailing address or phone number, and current employer and role/job title (“Contact Information”).	Directly or indirectly from you, prospective clients, or their agents.	To respond and manage any communications you send to us as a prospective client (e.g., when you email us or contact us via the site). To record your details in our systems as a prospective client.	Service providers, including marketing services; our affiliates in India and other entities in the Grant Thornton Group.
Contact information	Directly from you. Directly or indirectly from clients or their agents.	To respond to individual or client requests. To provide, improve or maintain our services. To send administrative information or notices. To communicate in connection with a client or potential client engagement. To keep records associated with our services (including, associated communications, records, etc.). To prevent, detect and respond to actual or potential fraudulent or other activities.	Service providers, including marketing services; our affiliates in India and other entities of the Grant Thornton Group.
Contact Information and information confirming your identity and status within a company, (e.g., director / beneficial owner), your responsibilities, social insurance number, identify verification documents, tax information, and/or other information you provide to us.	Directly from you. Directly or indirectly from our clients or their agents collected while providing services and in connection with pre- engagement activities.	To initiate, onboard and fulfil a contract for services. To order to perform services. To perform pre-engagement activities. To conduct client due diligence, background checks, KYC checks and background checks (where required by professional standards, law, or regulation). To comply with our professional standards, legal and regulatory obligations. To manage and administer our business relationship with you. To keep records associated with our services (including, associated communications, records, etc.). To enforce our rights arising from any contract, including billing and collections.	Service providers, our affiliates in India, other entities of the Grant Thornton Group.
Contact Information and details about your contact preferences (e.g., areas of interest) and information relating to your subscription to, receipt of or interest in any of our mailing lists or newsletters, or registration to access any of our restricted content. Publicly available personal information such as name, employer and job title and /or position	Directly or indirectly from you, including through your engagement with advertisements on platforms such as LinkedIn. Directly or indirectly from our clients or their agents.	To invite you to meetings, events, webinars, conferences, seminars, online surveys, or self-assessment tools. To promote our services. To develop and maintain our relationship with you and/or your organisation. To engage with you by sending you our newsletters, industry, market updates & insights, when you have engaged with us, or you are a client representative. To assess your participation in, reception of, interest in, or engagement with our marketing activities, materials we send you and our events (e.g., newsletter, surveys, conferences).	Service providers of marketing, social media, audio/visual or related services.
Automatically collected information from your activity on our sites such as browser information, IP address, and browser type.	Indirectly from you through our sites, cookies, and other tracking technologies.	To personalise content on our sites. To track activity on and technical performance of our sites. To evaluate our marketing efforts; to improve our sites. All IP addresses of users of this website are anonymised within Google Analytics as soon as technically feasible at the earliest possible stage of the collection network.	Service providers for providing internet services. Service providers for marketing services (e.g., site visitor insight solutions).
Contact Information or other personal information	Directly or indirectly from you. Directly or indirectly from our clients or their agents.	To establish, defend or exercise our legal rights and any legal proceedings or out-of-court proceedings which may arise.	Service providers; our affiliates in India and other entities of the Grant Thornton Group.
Contact Information or other personal information	Directly or indirectly from you. Directly or indirectly from our clients or their agents.	To respond and manage any valid legal or individual rights requests from you and any steps relating to same.	Service providers; our affiliates in India and other entities of the Grant Thornton Group.
Contact Information and other personal information	Directly or indirectly from you. Directly or indirectly from our clients or their agents.	To manage a relevant business transition, acquisition or sale of all or a portion of our assets.	Service providers; our affiliates in India and other entities of the Grant Thornton Group, interested parties in transaction.
Name, contact information, employment history and educational background, details of current immigration status and other information which you volunteer on your curriculum vitae or application	Directly or indirectly from you. Directly or indirectly from our clients or their agents.	To manage your application for a position with us as the first step in the recruitment process.	Service providers; our affiliates in India and other entities of the Grant Thornton Group.

Note:

We will use your personal information in a lawful and fair manner and only for the purposes for which it is collected or for purposes that are related to those specific purposes.

We will ensure that personal information is adequate, relevant and not excessive in relation to the purposes for which it is used. We will ensure that any personal information used is accurate and kept up to date to the extent necessary and practicable for the purposes of use.

We will not use your personal information for activities where our interests are overridden by the impact on you (unless we have appropriate consent or are otherwise required or permitted by law). Grant Thornton acknowledges individuals’ rights under PIPA when we use your personal information on this basis.

For more information on exercising your data protection rights please see ‘Your Rights’.

Data retention

We will only use your personal information for as long as is needed or as permitted based on the purpose(s) for which it was obtained and in accordance with applicable law. The criteria used to determine our retention periods include:

the nature and length of our ongoing relationship with you and provide you/your organisation services;
whether there is a legal obligation under applicable laws or a requirement under professional standards to which we are subject; and
whether retention is advisable considering our legal position (such as with respect to statutes of limitations, litigation, or regulatory investigations).

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you would like to find out more about our retention of your personal information, please contact us by e-mailing dataprivacy@ie.gt.com.

Unsubscribe and consent preferences

When you have consented receive any marketing material from us, we include an unsubscribe button in our communications, so you can opt out of receiving such communications or adjust your marketing consent preferences at any time by clicking on the unsubscribe link provided in our communications or e-mailing us at dataprivacy@ie.gt.com.

Automated decision-making

We do not use profiling or make any decisions based solely on the automated use of your personal information.

International data transfers

To facilitate our global operations, certain of our services and sites are provided from the United States and other locations.

If you are resident in Bermuda, we may share, transfer or store personal information outside your country of residence to certain recipients (mainly our affiliates and external service providers) in the United States, India, and other countries which we deem appropriate from time to time.

Where the laws and practices in these countries may not have equivalent data protection and privacy rules to those under PIPA, we will protect your personal information in accordance with this Addendum and our Privacy Statement.

Where these transfers of personal information occur, we ensure that a transfer mechanism and appropriate safeguards are in place to protect your personal information:

For transfers (including, onward transfers) of personal information within the Grant Thornton Group to affiliates in the United States where your personal information is stored within the European Economic Area (“EEA”), we rely on the EU-US Data Privacy Framework and the UK-US Data Privacy Framework (UK and Gibraltar), as operated by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (“DPF”), and to view our certification, please visit dataprivacyframework.gov. Please also visit our dedicated webpage for more information about our participation in the DPF: Data privacy framework.
For transfers (including, onward transfers) of your personal information within the Grant Thornton Group to affiliates based in other, non-EEA countries we will transfer and use your data in accordance with PIPA and GDPR requirements.
For transfers (including, onward transfers) of your personal information within the Grant Thornton Group to affiliates based in other, non-EEA countries and where an appropriate data transfer adequacy decision has not been approved by the EU Commission, we rely on the EU Standard Contractual Clauses ("SCCs") or the UK Addendum to the EU SCCs (e.g., India and Bermuda).
For transfers (including, onward transfers) of personal information to external providers, we rely on the DPF, the EU SCCs, UK Addendum, or adequacy decisions of the European Commission.

If you would like to find out more about any transfers relating to your personal information, please contact us by e-mailing dataprivacy@ie.gt.com.

Security

We have appropriate security safeguards to ensure the security of personal information against the risk of loss, unauthorised access, destruction, use, modification or disclosure or other misuse.

We have procedures to deal with any suspected breaches of security and will notify you and the Privacy Commissioner or any other relevant regulator of a suspected breach of security where we have a legal obligation to do so.

We will provide to the Privacy Commissioner, or other relevant regulator, a notice that describes the nature of the breach, the likely consequences for that individual and the measures taken and to be taken by us to address the breach.

Your rights

We recognise that individuals have specific rights conferred on them by PIPA, which are explained in the table below:

Rights of Individuals	Further information
Right of access	You have the right to access personal information about the individual in the custody or under the control of Grant Thornton.
Right to be informed	You have the right to be informed about the purposes for which personal information has been and is being used by Grant Thornton and the right to know the names of the persons or types of persons to whom and circumstances in which the personal information has been and is being disclosed.
Right to rectification	You have the right to make a written request to Grant Thornton to correct an error or omission in any of the personal information which is under the control of Grant Thornton.
Right to erasure	You have the right to request that Grant Thornton erase or destroy personal information about the individual where that personal information is no longer relevant for the purposes of its use.
Right to cease using of personal information	You have the right to request Grant Thornton Bermuda to cease, or not to begin, using personal information for the purposes of advertising, marketing or public relations or where the use of personal information is likely to cause substantial damage or substantial distress to the individual or to another individual.
Right to be informed of a personal information breach	You have the right to be informed of a personal information breach (unless the breach is unlikely to be prejudicial).
Right to complaint	You have the right to complain to the Privacy Commissioner.

In acknowledgment of individual rights, we are cognisant of our professional, legal, and regulatory obligations and duties which may result in certain limitations on the extent to which we are required to comply with specific rights requests, subject to restrictions as set out under PIPA.

If you become aware that information we maintain about you is inaccurate, or if you would like to update or review your information, you may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate.

We may limit or deny access to personal information where providing such access would be unreasonably burdensome or inappropriate under the circumstances. All requests to change personal information will be handled in accordance with applicable legal requirements. If you would like to change your information you should contact us at dataprivacy@ie.gt.com.

Procedure for making an access request for personal information

In order to obtain a copy or examine personal information an individual (the "Applicant") must make the request in writing to Grant Thornton and which can be provided in email to the Privacy Officer at dataprivacy@ie.gt.com or be provided by hand to Grant Thornton Bermuda to the attention of the Privacy Officer.

Grant Thornton will promptly acknowledge the request in writing and inform the Applicant if any further information is required to complete the request. A copy of the personal information must be provided within a 45-day deadline, or we may extend the period by no more than 30 days (or as permitted by the Privacy Commissioner) where a considerable amount of personal information is requested and the request would interfere with the operations of Grant Thornton, or more time is needed to consult with a third party. Grant Thornton shall inform the Applicant in writing of any extension and the expected time of response.

Grant Thornton may charge the Applicant a fee for access to the personal information, and such fee will be determined by Grant Thornton, except where such request results in the correction of an error or omission in the personal information about the Applicant that is under the control of Grant Thornton.

Procedure for making a request under rights of individuals

We will take steps to address your request to the extent consistent with and permitted by laws, regulations and professional standards applicable to us and our own internal policies.

Privacy Officer details

Louise Barry, Head of Risk, 13-18 City Quay, Dublin 2, Ireland, dataprivacy@ie.gt.com

Addendum changes

We reserve the right to amend or modify this Addendum from time to time. We will post any revised Addendum on this site, or a similar website that replaces this site.

By continuing to use any of our sites, you acknowledge the terms of this Addendum and the Privacy Statement as of the effective date will apply to information, including personal information, previously collected, or collected in the future as permitted by applicable law.

Who we are: Responsible Organisations

References to "Grant Thornton" in this Addendum refer to the brand name under which the Grant Thornton member firms operate the business, provide services to (prospective) clients and/or refers to one or more member firms, as the context requires. The below joint controllers practice as an alternative practice structure:

Joint Controllers
Grant Thornton LLP is a licensed independent CPA firm that provides attest services to clients. Address: 171 N. Clark Street, Suite 200, Chicago, IL, 60601, United States.
Grant Thornton Advisors LLC provides tax and business consulting services to clients. Address: 171 N. Clark Street, Suite 200, Chicago, IL, 60601, United States.
Grant Thornton Corporate Finance Limited provides tax and business consulting services to clients. Address: 13-18 City Quay, Dublin 2, Dublin, Ireland.
Grant Thornton Ireland provides audit services to clients. Address: 13-18 City Quay, Dublin 2, Dublin, Ireland.
Grant Thornton (Bermuda) Limited provides audit services to clients. Address: Atlantic House, 11 Par La Ville Road, Hamilton, HM 11, Bermuda.
Grant Thornton Advisory (Bermuda) Limited provides tax and business consulting services to clients. Address: Atlantic House, 11 Par La Ville Road, Hamilton, HM 11, Bermuda.