Inter Affiliate Data Transfer Agreement

Data protection authorities in the EEA also authorize the transfer of personal data where information is necessary for the performance of a contract with a person or for the performance of a contract between a transfer agency and a third party from which the person benefits. In some cases, the U.S. company has a direct contractual relationship with the individual. For example, if a company in the U.S. wishes to make stock options available to its EEA employees, certain personal data must be transferred to the United States. The EEA employer could rely on the contractual need to provide the necessary information. This would involve both transfers to the U.S. parent company and a service provider. Similarly, the exchange of information with a service provider to provide services to workers would be covered by the necessary contractual exception. A small and relatively static group of companies could implement an IGA in the usual way, without any specific provision for membership. However, groups will change over time and most groups will want to put in place a mechanism for new businesses that join the group to become parties to the IGA. One way to achieve this is to create a form of membership agreement that a company that meets the qualifying criteria (.

B for example, a subsidiary of an existing party) may sign up to become a contracting party. The lead party or, in some cases, all other parties could also sign any membership agreement. Personal data and contact information such as name, address, email address, title, location, contact information, social profile information, IP address, unique user IDs (. Cookie ides), marketing profiles, login data, location data. 9.1 If a subcontractor breaches its obligations under this Agreement, the subcontractor may temporarily suspend the transfer of personal data to the subcontractor until the breach is corrected or until the contractual relationship for the service contract in question is terminated in accordance with Item 9.2. Therefore, when an EEA company or its employees provide information directly to a U.S. service provider certified in accordance with the Data Protection Shield, the requirement to establish a cross-border transmission mechanism is met with respect to data transmitted by the EEA subsidiary to the U.S.-based service provider. [20] Data importer The data importer is (please briefly indicate your transfer activities) (1) The parties agree that any person concerned who is affected by a breach of the obligations of a party or subprocesser covered by point 3 or point 11 is entitled to compensation from the data exporter for the injury suffered. For intragroup transfers, binding business rules (“BBC”) may be a more robust alternative.