article banner

Privacy policy

Grant Thornton Romania wants to protect the privacy of our clients and all third parties whose data we process in the course of our professional engagements. In the conduct of providing our professional services to clients, we may need to collect and use personal data about their directors, shareholders, partners, trustees, clients or customers or their employees, agents or contractors, which we will hold as a controller under Data Protection Legislation currently in force, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Law no.129/2018 for amending and supplementing the Law No.102/2005 regarding the establishment, organization and functioning of the National Supervisory Authority for Personal Data Processing, and for repealing the Law No 677/ 2001 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data was published on 19 June 2018 in the Official Gazette of Romania No. 503/ 19 June 2018.

Please read the following statement; it will help you to understand how we use your personal data.

About Us

In this privacy statement “we”, “our”, and “us” refers to Grant Thornton, the partnership, and the following legal entities through which we provide our services: Grant Thornton Tax SRL; Grant Thornton Audit SRL; Grant Thornton Consulting SRL and Grant Thornton SRL. The entity that controls your personal data will depend on which entity has been engaged to provide the service to you or our client. You can contact all of these entities using the contact details set out below.

What personal data do we collect?

In the course of carrying out our engagement for our client we may process personal data including your personal identification, name, address, email address, telephone numbers, roles and responsibilities, PPS numbers, details relating to contract of employment, salary information including credits and deductions, tax returns, bank account details, insurance details, invoices and company loan information. We may also process health information and family details if instructed to provide certain services to our client.

While most personal data will be obtained from you directly or from our client, we may also perform background checks as part of our client onboarding procedures and continuous monitoring, and we will engage a third party service provider to assist with such checks.

Why do we process your personal data?

We may process your personal data in connection with our client on-boarding process, which includes background checks, in order to comply with our legal obligations in connection with the Law no. 129/2019 on Preventing Money Laundering and Terrorist Financing, and as may be further amended and updated from time to time.

We may also process your personal data in connection with the professional services that we provide to our clients. In particular, where we provide audit and/or tax services to our clients we may be the controller of certain personal data that we process in order to undertake that service and meet our contractual and professional obligations.

Our processing of your personal data in these circumstances is also based on our legitimate business interests in performing our engagement, operating our business and complying with internal policies and procedures. We may also be required to process such personal data in order to comply with our legal obligations.

What personal data are you obliged to provide?

If we request information from you for the purposes of carrying out our anti-money laundering due diligence checks and you do not provide that information, we will not be able to provide you or your company with our services.

To whom might we disclose your personal data?

We may engage third party IT providers who may be provided with access to our networks or IT tools.

We may input your name or other identifying information into third party tools which we use to assist with our client on-boarding process and background checks. These providers include Thomson Reuters and Smartsearch.

We may be required to submit returns to National Trade Register Office, National Agency for Fiscal Administration, National health Insurance House or any other state institutions, as applicable, as part of our engagement and to fulfil our professional obligations.

We may be required to provide other audit firms with access to our audit files where they act as group auditors or successor auditors. We may also be requested to provide access to our audit files to potential investors or their advisors.

We may be required in certain circumstances, by law or by Regulations or by Professional Bodies, some of these may be located outside the European Economic Area (EEA), to which we belong, to make reports to regulatory and law enforcement authorities or to such bodies, or to disclose documents or information or take other action, as a result of information received by us or matters which come to our attention during the course of our engagement. We may also be required to provide Regulatory Bodies, Grant Thornton International Limited or Professional Bodies with access to our work papers in order to facilitate monitoring inspections.

Transfers Abroad

In connection with the above we may transfer your personal data outside the EEA, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the EEA. If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or, in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework. Further details of the measures that we have taken in this regard are available by contacting us using the contact details below.

Our retention of your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

You have the right, subject to certain exemptions, to obtain a copy of any personal data we hold about you, to request rectification or erasure of such data, to request restriction of processing or to object to processing, and data portability. If you wish to exercise these rights, please contact us at our registered office:

Registered office address: 4D, Gara Herastrau Str. | Green Court Bucharest – building C | 5th floor | Bucharest | Romania.

Alternatively, contact

You also have the right to complain to the National Supervisory Authority For Personal Data Processing (ANSPDCP – Romania) or any other supervisory authority in the field.


What is a Cookie

A cookie is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on your hard drive. Cookies can't read data off your hard drive or cookie files created by other sites, and do not damage your system.

However, you can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. Web browsers allow you to control cookies stored on your hard drive through the web browser settings. To find out more about cookies, including what cookies have been set and how to manage and delete them, visit

We only use cookies to monitor the performance of our website and to improve user experience.

If you choose not to accept our cookies, some of the features of our site may not work as well as we intend.

Cookies used by the Grant Thornton Romania website

Cookie type Cookie Name Purpose Expiry
Google analytics utma

These cookies are used to monitor the performance of our site. We use the information to help us improve the site. The cookies collect information in an anonymous form, including the number of visits to our site, where visitors have come from to the site and the pages they visited.

To opt out of being tracked by Google Analytics across all websites visit


Youtube preferences PREF
We use YouTube to embed a selection of videos in our Thinking and campaign pages. The embedded videos do not set cookies themselves and can be played with no cookies set. However, if the 'Share' button is clicked YouTube will set cookies. The VISITOR_INFO1_LIVE cookie attempts to estimate your bandwidth and the use_hitbox and PREF cookies increment the 'views' counter on the YouTube video and stores session preferences. These cookies don't gather information that identifies a user. Never
Twitter guest_id We embed a Twitter feed in our Thinking and campaign pages. This cookie is used to identify you to twitter. if you do not have a twitter account or never accessed the website directly then twitter will assign you a unique code to track your visit to the Twitter feed. 2 hours