article banner

Privacy statement – company voluntary arrangements appointments

The Insolvency Practitioner appointed to assist with the company voluntary arrangement (“CVA”) over the company acts as joint controller, with Grant Thornton (NI) LLP, in respect of your personal data.  Both parties have agreed that Grant Thornton (NI) LLP shall be responsible for operating the CVA appointment.  We want to protect the privacy of all parties whose personal data we process in the course of our appointments.

Please read the following statement; it will help you to understand how we use your personal data.

About us

In this privacy statement “we”, “our”, and “us” refers to Grant Thornton (NI) LLP, the legal entity, and the Insolvency Practitioner appointed by the company.

Contact details are set out below.

What personal data do we collect?

In addition to the personal data that we may receive on appointment, we may process the following personal data about you that we receive from third party sources:

  • Contact Details – address, email address and telephone number(s)
  • Personal Identification – copies of official identification (e.g. passport)
  • Employment Records – if you are an employee of the company we may hold your human resources records (e.g. information including name, address, date of birth, length of service, wage, pension, medical certificates)
  • Company Information – including financial statements and accounts for the company (including information about directors remuneration and payment of shareholders dividends and pension funds)
  • Details of Company Assets – details of the assets owned and / or managed by the company, including details of the occupants of properties (as applicable)
  • Details of Property or Finance Leases – which the company is party to

 What are the sources of your personal data?

Personal data may be obtained from you directly.  In addition, personal data may be provided to us by the directors of the company and/or from review of the company records, accounts and files.  Information may also be provided by government agencies, including but not limited to, HMRC. We may also consult publically available records in relation to you or the company over which we are appointed.

Why do we process your personal data?

We process your personal data in order to manage the CVA for the company.  This involves complying with our duties as Nominee / Supervisor of the CVA.

Our processing of your personal data in these circumstances is on the basis that it is necessary for the purposes of pursuing our legitimate interests and the legitimate interests of the company and creditors.  The legitimate interests that we pursue are our interests in performing our appointment and operating our business.  The legitimate interest of the company and the company’s creditors is a proposal that will maximise the creditors interest and allow the company to continue to trade as normal. We may also be required to process your personal data in order to comply with our legal obligations.

To whom might we disclose your personal data?

  • Third Party Software Providers – Vision Blue (Insolvency management software), iManage (document management software)

We may be required in certain circumstances, by law or by regulations or by Professional Bodies, located both within the UK and the European Economic Area (EEA), to make reports to regulatory and law enforcement authorities or to such bodies, or to disclose documents or information or take other action, as a result of information received by us or matters which come to our attention during the course of our engagement. We may also be required to provide Regulatory Bodies, Grant Thornton International Limited or Professional Bodies with access to our work papers in order to facilitate monitoring inspections.

Transfers abroad

We are an all-Ireland firm and therefore data is processed in all offices (ROI/NI) for the legitimate interest to ensure efficient running of the business.

Whilst we store personal data on servers both in Dublin and the UK, in line with the above, we may need to transfer personal data outside the UK. This includes to countries that are not recognised by the Government of the UK as providing an equivalent level of protection for personal data as in the UK (also known as having adequacy). Where we do so, we ensure that appropriate measures are in place to comply with our obligations under data protection legislation. This can include entering into an agreement governing the transfer containing the ‘standard contractual clauses’ (also known as ‘model clauses’) approved for this purpose by the Government of the UK.

Our retention of your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

You have the right, subject to certain exemptions:

  • to obtain a copy of any personal data we hold about you,
  • to request rectification or erasure of such data,
  • to request restriction of processing or to object to processing,
  • and data portability.  


If you wish to exercise these rights, please contact us using the details below.

Our contact details

If you would like to contact us, please write to us or email us using the contact details below:

Registered office address: Grant Thornton (NI) LLP, 12-15 Donegall Square West, Belfast BT1 6JH, Northern Ireland.

Email address:


You also have the right to lodge a complaint with the Information Commissioner’s Office, or another supervisory authority.