Our treatment of your data and your rights

Information pursuant to Article 13 of the European General Data Protection Regulation (GDPR) and the Liechtenstein and/or Swiss data protection laws applicable to you

These notes on data protection are intended to inform you about how we process your personal data and about your rights. Such rights may originate from Article 13 GDPR or their implementation in Liechtenstein or Swiss data protection legislation.

For legibility purposes, masculine and feminine forms of speech are dispensed with. All references to persons apply equally to both sexes.

1. Who is responsible for the data processing and who can I contact?

Grant Thornton AG
Claridenstrasse 35
P.O. Box 9317
CH-8002 Zurich

Grant Thornton SA
Rue du 31-Décembre 47
CH-1207 Geneva

Grant Thornton SA 
Rue Mauborget 12
CH-1003 Lausanne

Grant Thornton AG 
Bahnhofstrasse 7
9470 Buchs (SG)

Grant Thornton AG
Bahnhofstrasse 15
P.O. Box 663
FL-9494 Schaan

All these companies, as well as Grant Thornton Holding AG, belong to Grant Thornton Switzerland / Liechtenstein. The contact data for questions concerning data protection are:

Switzerland:

Liechtenstein:

Grant Thornton Switzerland / Liechtenstein
Data Protection Contact Switzerland
Claridenstrasse 35
P.O. Box 9317
CH-8027 Zürich

T 0041 43 960 71 71
datenschutz@ch.gt.com

Grant Thornton Switzerland / Liechtenstein
Data Protection Contact Liechtenstein
Bahnhofstrasse 15
P.O. Box 663
FL-9494 Schaan

T 00423 237 42 42
datenschutz@li.gt.com

2. Which sources and data are used?

In principle, the responsible enterprise (hereinafter “we” and “us”) processes the data which it has received from you in connection with your application.

In particular, we process the following data provided by you as applicant:

  • personnel master data (e.g. name, address, contact data of the employee, etc.)
  • data from the CV
  • data from previous employment references
  • private email addresses, subject to prior consent
  • criminal records or other governmental information, certificates, etc.
3. Why do we process your data (purpose of processing) and on what legal basis?

The following information tells you why and on what legal basis we process your data:

3.1. For purposes of the employment relationship (Article 6 Paragraph 1 Point b GDPR)

We process your data to make decisions concerning the establishment of an employment relationship with you.

3.2. On the basis of your consent (Article 6 Paragraph 1 Point a GDPR)

In special cases we ask for your consent to process your personal data. An example of such use is:

  • voluntary benefits (e.g. newsletter concerning future vacancies)

You may at any time revoke such consents with effect for the future. This also applies to declarations of consent which you have given to us prior to the coming into force of the GDPR. Consent is voluntary. If consent is not given, no disadvantages shall arise.

3.3. On the basis of compliance with legal obligations (Article 6 Paragraph 1 Point c GDPR)

We are subject to various statutory and legal requirements which obligate us to process your data. Of relevance here with regard to the pending employment relationship with you are obligations relating to storage, registration, reporting and disclosure as well as independence rules, insofar as these are imposed upon us by national authorities such as tax and employment offices, social insurance institutions and regulatory and supervisory authorities. The purpose is compliance with legal obligations.

4. Who receives my data?

Your data shall only be transferred subject to protection of confidentiality and only insofar as this is permitted on a legal basis.

Your data shall be received by those bodies which need these data to establish and execute our employment relationship with you and to comply with statutory obligations or to perform their respective tasks.

Grant Thornton Holding AG provides services to the responsible enterprise pursuant to item 1 above in the “personnel” sector and is consequently deemed to be a processor within the meaning of Article 28 GDPR.

Furthermore, the following bodies may receive your data:

  • processors appointed by us (Article 28 GDPR) particularly in IT services and applications portal, logistics and printing services sectors, who process your data for us subject to our instructions,
  • public bodies and institutions (e.g. revenue authorities) if there is a statutory or official obligation, and
  • other bodies for which you have given us your consent to transfer data pursuant to an agreement or your consent.
5. For how long will my data be stored?

Should your application lead to no immediate appointment, we are permitted to store your application for an additional 12 months to enable us, if necessary, to re-examine your application in the event of additional vacancies. Furthermore, we are subject to various storage and documentation obligations, in particular arising from the Swiss Code of Obligations and/or the Persons and Companies Act of Liechtenstein, the relevant employment law, additional applicable laws and regulations relating to supervision. The periods of time for storage and/or documentation which are prescribed therein are generally ten years.

The storage period is ultimately also assessed on the basis of the statutory limitation periods, and is generally ten years.

6. Are data transmitted to a third country or to an international organisation?

In connection with the application and appointment process, data may be exchanged between companies within Grant Thornton Switzerland/Liechtenstein in Switzerland and Liechtenstein.

7. Do I have an obligation to make data available?

We need the collected data (cf. item 2 above) to enable us to examine a future employment relationship with you. The collection of additional information shall only be undertaken on the legal basis applicable in the particular circumstances. Without these data we do not consider ourselves to be in a position to be able to examine your application. To this extent we deem the making available of these data to be imperative.

8. What additional data protection rights do I have?

Subject to the relevant statutory prerequisites, you have a right of access (Article 15 GDPR), a right to rectification (Article 16 GDPR), a right to erasure (Article 17 GDPR), a right to restriction of processing (Article 18 GDPR) and a right to data portability (Article 20 GDPR). Furthermore, you have a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR).

9. What rights to object do I have? (Article 21 GDPR)
9.1. Right to object in a particular situation

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 Paragraph 1 Point f GDPR (data processing on the basis of a balancing of interests).

If you file an objection, we shall no longer process your personal data unless we can prove that there are imperative grounds for processing, which merit protection, and which outweigh your interests, rights and freedoms, or the data processing serves the assertion, exercise and defence of legal rights.