Data Processing Agreement Intercompany

I write to ask for standard contractual clauses (CCS). Where there is a company in the group (the European company that is responsible for processing) that has processing tasks by a non-European unit (for example. B a British company after Brexit as a processor with another company, i.e. an IT subcontractor), and a set of intragroup CSC, the European Unit (controller) and the BRITISH unit (transformer) must be associated with each subcontractor. When a piece of work enters CSC, are intragroup CCS sufficient? 1.1.8.2 the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); Please complete the form below with an overview of data processing activities within Cubiks GroupData Exporter The data exporter is (please briefly indicate your activities relevant to the transfer) Data protection does not recognize any group of companies. It treats all legal persons in the group as third parties. The rules for sharing and processing data therefore apply between companies within a group that would apply to external third parties. In a group structure, it inevitably becomes an interdependence. Employees may be employed by one company, computers and computer equipment considered “in the possession” of another for accounting purposes. In these scenarios, the employer and the owner of the computer equipment provide IT services to other companies in the group. In particular in the financial services sector, regulation implies that some companies may only engage in limited activities that may not include the employment of staff or the possession of computer equipment, and a service company has been created to fulfill the role of the employer, thus creating a more complex group structure. 6 LIABILITY 6.1 The contracting parties agree that any person concerned who has suffered harm in violation of the obligations of a party or subcontractor covered in point 3 or 11 is entitled to obtain the data exporter compensates for the damage suffered.6.2 Is a person concerned not in a position to assert a right to compensation against the data exporter in accordance with paragraph 1 of this article. , resulting from a breach by the data importer or its subcontractor of one of the obligations covered in point 3 or 11, because the data exporter has legally disappeared, no longer exists or has become insolvent, the data importer agrees that the person concerned can assert rights against the data importer as if he were the data exporter.

unless the successor organization has assumed all of the legal obligations of the data exporter by contract or legal form, in which case the person concerned can assert his rights in respect of that entity. The data importer cannot rely on a breach of its obligations by a subcontractor in order to avoid its own liabilities.6.3 If a person concerned is unable to make a claim against the data exporter or data importer covered by paragraphs 1 and 2, resulting in a violation of one of its obligations under paragraphs 3 or 11 , because both the data exporter and the importer of data from subcontractors accept that the person concerned can assert a right against the data subcontractor with respect to its own processing operations, in accordance with the clauses, as if it were the data exporter or the data importer, unless a successor organization has assumed, by contract or by law. , the full legal obligations of the data exporter or data importer. , in this case, the person concerned can assert his rights vis-à-vis that organization.

Comments are closed.