The transmission of personal data to another processor is only permitted if certain conditions apply, as well as for transfers to a data processor outside the EEA. Similarly, the transfer contract must define the legal basis for direct and indirect transfers as well as subsequent transfers. Not all data exports are made between a manager and a subcontractor – some transfers are made to another processing manager or between common processing managers, and some transfers can be made for both processing and the person responsible for the shared use and transfer of personal data by the subcontractor. When a transfer agreement is executed separately with the main service agreement, interaction with the main agreement must be carefully considered. If provisions that would normally be included in a separate delegation contract are indeed included in the main agreement, the broader provisions of the main agreement should be taken into account. 3.5 Each party may, at any time, revise Term 3 after at least 30 days by replacing it with a supplier applicable to standard processor clauses or similar conditions that are parties to an applicable certification system (which is applicable if replaced by a link to this Agreement). Data transmission agreements (whether they are processor controllers, subprocessor processors or another combination of parts) are not new, but with the advent of the RGPD, they get an upgrade and require much greater scrutiny and detail. 3.4 Without prejudice to the universality of point 3.1 above, the entity must reflect, with respect to one of the data processed as part of the company`s performance of its obligations under this agreement: the specific obligations of the RGPD processor are listed below, which must be reflected in the agreement between the responsible transformer and the transformer (or processors and sub-processors). 3.2 The parties acknowledge that, within the meaning of data protection legislation, the customer is the data manager and the company`s company of the information company (the data manager and the data manager have a sense of data protection legislation). What must be included in the agreement depends on the use of a waiver, a derogation or other transfer mechanism to legitimize the transfer of personal data. For some transmission mechanisms, it may be useful to include the mechanism in the agreement itself, for example. B when controller SSCs are used. They should also refer to other relevant agreements.
According to the RGPD (as in the old European data protection system), the default position is that EU personal data cannot be transferred or accessed outside the EEA unless certain conditions are met. For example, if the European Commission has made a decision on a suitability for a given country; or if appropriate security measures have been put in place, such as mandatory business rules (C.B), standard contractual clauses (CSR) or Privacy Shield certification; or where exceptions apply to certain situations (narrowly interpreted).