This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Grant Thornton group of entities
Edisonda provides digital transformation services and is a part of Grant Thornton International Ltd. Member companies operate within the Grant Thornton International Ltd (GTIL) structure, under the wings of the international Grant Thornton company. Those companies provide auditing, tax, advisory or consulting services to their clients. Member organizations are present in more than 130 countries and employ about 58,000 employees.
GTIL is an international umbrella entity organized as a private limited liability company registered in England and Wales. GTIL does not provide services in its own name or services in general. Each member company is a separate legal entity that provides services and is responsible for its own acts and omissions.
GTIL is an international umbrella entity organized as a private limited liability company registered in England and Wales. GTIL does not provide services in its own name or services in general. Each member company is a separate legal entity that provides services and is responsible for its own acts and omissions.
From a data protection perspective, this means that sharing and entrustment of data between member organizations, as well as between a member organization and Grant Thornton International may occur. Each sharing, entrustment, transfer of data is analyzed in terms of legality both in terms of national laws specific to the member organization and international laws.
Polish member organizations that provide services under the Grant Thornton name are:
- Grant Thornton Polska P.S.A.
- Grant Thornton Frąckowiak P.S.A.
- Grant Thornton Legal Maślanko sp. K
Under the umbrella of the Grant Thornton brand in Poland, in addition to Edisonda Sp. z o.o., operates also:
- Immusec sp. z o.o. – a company providing cyber security services
With regard to the transfer of data outside the European Economic Area, i.e. to GTIL group entities, data transfer occurs in relation to the sharing of data between independent controllers of personal data (mostly in case of exchange of data of the organization’s employees in connection with ongoing communication).
It also refers to the entrustment of processors and sub-processors, under concluded data processing agreements including standard contractual clauses that guarantee the security of the transfer in accordance with the EU Commission Implementing Decision 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.
In addition, the transfer of data to a third country is subject to a systematic assessment of the risks of transfer and ensuring of technical measures safeguarding the transfer.
In case of Polish companies both sharing and entrusting of personal data occurs.
Sharing can take place on the basis of internal administrative purposes, a consent obtained from the data subject for such sharing, and on the basis of applicable law (e.g., the Act on Statutory Auditors). According to Recital 48 of the GDPR, controllers that are part of a group of companies or institutions affiliated with a central entity may have a legitimate interest in transferring personal data within the group of companies for internal administrative purposes, which also applies to the processing of personal data of customers or employees. E.g. intra-group reporting is considered as “administrative purposes.”
In the context of employees’ personal data, the President of the PDPO indicates that internal administrative purposes may mainly concern activities related to the employment relationship (posting, recruitment, statistics). It is assumed that administrative purposes should be understood as any activities directly related to the employment relationship, such as the transfer of an employee to another location, including the posting of an employee for a certain period of time to work in another company within the group, activities related to the development of the employee – organizing training, approving the amount of remuneration, or keeping statistics on employment in the group, as well as the recruitment of employees. Fundamental rights and freedoms of the data subject requiring protection of personal data overrule the legitimate interests of the employer and limit the abovementioned purposes.
The companies provide services to each other, including:
- sublease of office space and office maintenance;
- legal and compliance support including personal data protection;
- recruitment and employment and payroll services;
- review and audit of financial statements;
- marketing support related to the promotion of Grant Thornton entities;
- equipment rental;
- provision of IT services.
This means that the data of our clients and/or employees may be transferred (entrusted or shared) between the aforementioned companies for the purpose of handling contracts for the provision of the aforementioned services.
We transparently inform you of the basis for processing your personal data in our information clauses. In addition, you can always contact our Data Protection Officer directly by email: iod@edisonda.pl to ask to what extent we process and share or entrust your personal data.