Persons affected Personal data provided relates to the following categories of persons (please specify) the processing of personal data and evaluation services that help recruit, develop and evaluate the staff of the treatment group. Online assessments can be used for profiling to assess the suitability of candidates for a role. Keep in mind that the Court of Justice .dem advised to confirm the validity of the standard contractual clauses (SCCs) as a means of legitimising EEA transfers to third countries. However, the ICA also found that TRANSFERs based on CSC are only valid if CSC`s provisions are actually complied with by the “data importer.” It is up to the data exporter to verify this on a case-by-case basis. In other words, the burden of proving that the local importer is materially complying with CSC`s obligations is imposed on the export data manager. This means that the data exporter must assess, among other things, the risk that its data recipients will be forced to transmit personal data to national security authorities. 11 SUB-PROCESSING 11.1 The data importer may not sign any processing carried out on behalf of the data exporter in accordance with the clauses without the prior written consent of the data exporter. If the data importer entrusts its obligations under the clauses with the agreement of the data exporter, it does so only through a written agreement with the subcontractor, which imposes on the subcontractor the same obligations as those imposed on the data importer under the clauses. If the subcontractor fails to meet its data protection obligations under such a written agreement, the data importer is fully liable to the data exporter for the performance of the subcontractor`s obligations under this agreement.11.2 The previous written contract between the data importer and the subcontractor also provides for a third-party-recipient clause. , pursuant to Clause 3, if the person concerned cannot assert the right to compensation under paragraph 1. of Clause 6 against the data exporter or importer because it has actually disappeared or no longer exists or has become insolvent and no successor entity has assumed, contractually or by law, all the legal obligations of the data exporter or data importer. This liability of the subcontractor is limited to its own processing operations in accordance with the clauses.11.3.
The data protection provisions relating to contract sub-processing covered by paragraph 1 are governed by the law of the Member State in which the data exporter is established.11.4 The data exporter maintains a list of sub-processing agreements concluded in accordance with the clauses and communicated by the data importer in accordance with paragraph 5 j). updated at least once a year. The list is subject to the data protection regulator of the data exporter. Second, where transfers are made on the basis of the processing managers, the parties may include contractual restrictions on the rights of the beneficiaries and assign compliance responsibilities. While the RGPD does not require that all transmissions from controllers to processing managers are not subject to contractual rules and do not specify the content of these rules, regulatory guidelines suggest that, in some cases, such rules may be necessary to comply with general data protection principles (e.g. B this somewhat outdated code of conduct of the British ICO, which we are currently reviewing). Are you improving your key concept as part of an intra-transfer transfer agreement as part of a DSD compliance? Date of the agreement is absolutely some online training programs as your name of 28 local requirements to our customers on transfers and the DSDR group will be a specific check.