Privacy information for applicants
The way we handle your data, and your rights:
Information according to the European General Data Protection Regulation (referred to below as the “GDPR”) and Liechtenstein and/or Swiss data protection legislation (referred to below as the “DPA”) applicable to you.
This information on privacy tells you how we process your personal data, as well as your rights. These rights may derive from the GDPR, its implementation in Liechtenstein or Swiss data protection legislation.
“Personal data” (also referred to below simply as “data”) refers to all information relating to an identified or identifiable natural person. “Data processing” refers to different things in different contexts, covering all handling of personal data, regardless of the means and processes used, specifically obtaining, storage, use, alteration, disclosure, archiving or destruction of data.
We collect and process personal data to fulfil our business function within a set statutory and contractual framework. The collection, processing and use of personal data are subject to the current provisions of Swiss and, where applicable, European law.
We collect personal data transparently and according to the principles that such collection be reasonable and tied to a specific purpose. Data is processed only to the extent and for as long as necessary for our functions and obligations.
This privacy information is updated as necessary and made available to you. The latest version can always be found at www.grantthornton.ch/informationspflichten.
This privacy information uses gender-neutral language.
1. Who is responsible for data processing, and whom can I contact?
Grant Thornton AG
Claridenstrasse 35
P.O. Box 9317
CH-8002 Zurich
Grant Thornton SA
Rue du 31-Décembre 47
CH-1207 Geneva
Grant Thornton AG
Bahnhofstrasse 7
CH-9470 Buchs (SG)
Grant Thornton AG
Bahnhofstrasse 15
P.O. Box 663
FL-9494 Schaan
ReviTrust Grant Thornton Services Establishment
Bahnhofstrasse 15
P.O. Box 663
FL-9494 Schaan
All of these companies belong to Grant Thornton Switzerland/Liechtenstein. For questions concerning data protection, please contact:
2. What sources and data are used?
In principle, the responsible company in each case (referred to below as “we” or “us”) processes the data that it receives from you in connection with your application.
Specifically, it processes the following data from you as an applicant:
3. Why do we process your data (purpose of processing), and on what legal basis?
The following sections tell you why we process your data, and the legal basis for that processing.
3.1. For purposes relating to the employment relationship (Art. 6 para. 1 let. b GDPR and Art. 31 para. 2 let. a DPA)
We process your data to decide whether or not to enter into an employment relationship with you.
3.2. On the basis of your consent (Art. 6 para. 1 let. a GDPR and Art. 31 para. 1 DPA)
In special cases, we will ask for your consent to process your personal data. An example of this type of use would be:
3.3. To fulfil legal obligations (Art. 6 para. 1 let. c GDPR and Art. 31 para. 1 DPA)
We are subject to a range of statutory and legal requirements that oblige us to process your data. With this in mind, relevant to the future employment relationship with you are the storage, notification, reporting and information obligations imposed on us in dealings with government bodies such as tax and employment offices, social security institutions and regulators, as well as rules on independence. The purpose of processing is to fulfil these legal obligations.
4. Who gets my data?
Your data is disclosed only where confidentiality is maintained, and only to the extent permitted by the relevant basis in law. The third parties we engage are contractually obliged to comply with data protection regulations and to process the data only for the purpose we stipulate.
Your data is passed on to those functions that require it to enter into and conduct the employment relationship with you, to fulfil statutory obligations or to fulfil their individual remits.
Grant Thornton Ltd., Schaan, provides HR-related services to the responsible company (controller) as described in Section 1 above, and thus constitutes the processor in the sense of Art. 28 GDPR and Art. 9 DPA.
The following bodies may also receive your data:
5. How long is my data stored?
We are subject to a variety of retention and documentation obligations that derive in particular from the Swiss Code of Obligations and the Liechtenstein General Civil Code, the employment act for the jurisdiction in question, and other applicable laws and regulatory requirements. These generally require us to retain and/or document your data for ten years.
Ultimately, the length of storage is also determined by statutes of limitations, which are usually also ten years.
6. Is data transmitted to a third country or an international organisation?
As part of the application and appointment process, data may be exchanged between companies within Grant Thornton Switzerland/Liechtenstein in Switzerland and Liechtenstein. Should it be necessary to transmit data to a country that does not have an adequate level of data protection, this is subject to standard contractual clauses or other suitable guarantees.
7. Am I required to provide data?
We need the data we collect (see Section 2 above) to consider a future employment relationship with you. Further data is collected only on the relevant legal basis in each case. Without this data, we are unable to consider your application. With that in mind, we regard it as mandatory that you provide data for this purpose.
8. What other data privacy rights do I have?
Under the individual statutory requirements you have the right to information about the data we hold (Art. 15 GDPR and Art. 25 DPA), to its rectification (Art. 16 GDPR and Art. 32 para. 1 DPA), to its erasure (Art. 17 GDPR and Art. 32 para. 2 let. c DPA), to restrict its processing (Art. 18 GDPR and Art. 32 para 2 let. a DPA) and to data portability (Art. 20 GDPR and Art. 28 DPA). You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR and Art. 32 DPA).
9. What rights do I have to object? (Art. 21 GDPR and Art. 32 DPA)
For reasons arising from your personal situation, you have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 let. f GDPR (processing on the basis of a weighing of interests), and Art. 31 para. 2 DPA.
Should you object, we will cease to process your personal data, unless we are able to demonstrate imperative legitimate reasons for that processing that override your interests, rights and freedoms, or that processing serves the assertion, execution or defence of legal claims.
10. How is my data protected?
We have appropriate technical and organisational security measures in place to protect your personal data from unauthorised access and misuse. These include IT and network security solutions, physical access restrictions, the encryption of data carriers and transmissions, policies, training and controls.
The way we handle your data, and your rights:
Information according to the European General Data Protection Regulation (referred to below as the “GDPR”) and Liechtenstein and/or Swiss data protection legislation (referred to below as the “DPA”) applicable to you.
This information on privacy tells you how we process your personal data, as well as your rights. These rights may derive from the GDPR, its implementation in Liechtenstein or Swiss data protection legislation.
“Personal data” (also referred to below simply as “data”) refers to all information relating to an identified or identifiable natural person. “Data processing” refers to different things in different contexts, covering all handling of personal data, regardless of the means and processes used, specifically obtaining, storage, use, alteration, disclosure, archiving or destruction of data.
We collect and process personal data to fulfil our business function within a set statutory and contractual framework. The collection, processing and use of personal data are subject to the current provisions of Swiss and, where applicable, European law.
We collect personal data transparently and according to the principles that such collection be reasonable and tied to a specific purpose. Data is processed only to the extent and for as long as necessary for our functions and obligations.
This privacy information is updated as necessary and made available to you. The latest version can always be found at www.grantthornton.ch/informationspflichten.
This privacy information uses gender-neutral language.
1. Who is responsible for data processing, and whom can I contact?
Grant Thornton AG
Claridenstrasse 35
P.O. Box 9317
CH-8002 Zurich
Grant Thornton SA
Rue du 31-Décembre 47
CH-1207 Geneva
Grant Thornton AG
Bahnhofstrasse 7
CH-9470 Buchs (SG)
Grant Thornton AG
Bahnhofstrasse 15
P.O. Box 663
FL-9494 Schaan
ReviTrust Grant Thornton Services Establishment
Bahnhofstrasse 15
P.O. Box 663
FL-9494 Schaan
All of these companies belong to Grant Thornton Switzerland/Liechtenstein. For questions concerning data protection, please contact:
| Grant Thornton Switzerland/Liechtenstein Data protection contact for Switzerland Claridenstrasse 35 P.O. Box 9317 CH-8002 Zurich T 0041 960 71 71 E datenschutz@ch.gt.com | Grant Thornton Switzerland/Liechtenstein Data protection contact for Liechtenstein Bahnhofstrasse 15 P.O. Box 663 FL-9494 Schaan T 00423 237 42 42 E datenschutz@li.gt.com |
2. What sources and data are used?
In principle, the responsible company in each case (referred to below as “we” or “us”) processes the data that it receives from you in connection with your application.
Specifically, it processes the following data from you as an applicant:
- Basic personal data such as your name, address, contact data, etc.
- Communication data
- Data from your CV
- Data from earlier professional references, etc.
- Private email addresses, if you consent
- Extract from the register of convictions and other official information, confirmations, etc.
3. Why do we process your data (purpose of processing), and on what legal basis?
The following sections tell you why we process your data, and the legal basis for that processing.
3.1. For purposes relating to the employment relationship (Art. 6 para. 1 let. b GDPR and Art. 31 para. 2 let. a DPA)
We process your data to decide whether or not to enter into an employment relationship with you.
3.2. On the basis of your consent (Art. 6 para. 1 let. a GDPR and Art. 31 para. 1 DPA)
In special cases, we will ask for your consent to process your personal data. An example of this type of use would be:
- Optional additional services, such as a newsletter about future vacancies
3.3. To fulfil legal obligations (Art. 6 para. 1 let. c GDPR and Art. 31 para. 1 DPA)
We are subject to a range of statutory and legal requirements that oblige us to process your data. With this in mind, relevant to the future employment relationship with you are the storage, notification, reporting and information obligations imposed on us in dealings with government bodies such as tax and employment offices, social security institutions and regulators, as well as rules on independence. The purpose of processing is to fulfil these legal obligations.
4. Who gets my data?
Your data is disclosed only where confidentiality is maintained, and only to the extent permitted by the relevant basis in law. The third parties we engage are contractually obliged to comply with data protection regulations and to process the data only for the purpose we stipulate.
Your data is passed on to those functions that require it to enter into and conduct the employment relationship with you, to fulfil statutory obligations or to fulfil their individual remits.
Grant Thornton Ltd., Schaan, provides HR-related services to the responsible company (controller) as described in Section 1 above, and thus constitutes the processor in the sense of Art. 28 GDPR and Art. 9 DPA.
The following bodies may also receive your data:
- Processors engaged by us (Art. 28 GDPR and Art. 9 DPA), especially in the fields of IT services and application portal, logistics and printing services, that process your data and are bound by our instructions
- Public bodies and institutions (e.g. financial authorities) where there is a statutory or official obligation
- Other bodies for which you have given your permission for data transmission in individual cases under the terms of an agreement or your consent
5. How long is my data stored?
We are subject to a variety of retention and documentation obligations that derive in particular from the Swiss Code of Obligations and the Liechtenstein General Civil Code, the employment act for the jurisdiction in question, and other applicable laws and regulatory requirements. These generally require us to retain and/or document your data for ten years.
Ultimately, the length of storage is also determined by statutes of limitations, which are usually also ten years.
6. Is data transmitted to a third country or an international organisation?
As part of the application and appointment process, data may be exchanged between companies within Grant Thornton Switzerland/Liechtenstein in Switzerland and Liechtenstein. Should it be necessary to transmit data to a country that does not have an adequate level of data protection, this is subject to standard contractual clauses or other suitable guarantees.
7. Am I required to provide data?
We need the data we collect (see Section 2 above) to consider a future employment relationship with you. Further data is collected only on the relevant legal basis in each case. Without this data, we are unable to consider your application. With that in mind, we regard it as mandatory that you provide data for this purpose.
8. What other data privacy rights do I have?
Under the individual statutory requirements you have the right to information about the data we hold (Art. 15 GDPR and Art. 25 DPA), to its rectification (Art. 16 GDPR and Art. 32 para. 1 DPA), to its erasure (Art. 17 GDPR and Art. 32 para. 2 let. c DPA), to restrict its processing (Art. 18 GDPR and Art. 32 para 2 let. a DPA) and to data portability (Art. 20 GDPR and Art. 28 DPA). You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR and Art. 32 DPA).
9. What rights do I have to object? (Art. 21 GDPR and Art. 32 DPA)
For reasons arising from your personal situation, you have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 let. f GDPR (processing on the basis of a weighing of interests), and Art. 31 para. 2 DPA.
Should you object, we will cease to process your personal data, unless we are able to demonstrate imperative legitimate reasons for that processing that override your interests, rights and freedoms, or that processing serves the assertion, execution or defence of legal claims.
10. How is my data protected?
We have appropriate technical and organisational security measures in place to protect your personal data from unauthorised access and misuse. These include IT and network security solutions, physical access restrictions, the encryption of data carriers and transmissions, policies, training and controls.