Installing personal data on a website often results in limited transfer. Restricted transmission is carried out when a person outside the EEA accesses this personal data via the website. This agreement sets out the conditions under which any company that is a member of the Cubiks Group (which acts as head of personal data on behalf of a processing manager) requires another Company that is a member of the Cubiks Group to act as a subprocessor of that personal data. This agreement will be concluded retroactively from May 25, 2018 between The members of the Cubiks Group and will take into account their commitments and mutual benefits. 11 SUB-PROCESSING 11.1 The data importer may not sign any processing carried out on behalf of the data exporter in accordance with the clauses without the prior written consent of the data exporter. If the data importer entrusts its obligations under the clauses with the agreement of the data exporter, it does so only through a written agreement with the subcontractor, which imposes on the subcontractor the same obligations as those imposed on the data importer under the clauses. The subcontractor does not comply with its data protection obligations under such a written agreement. 11.2 The previous written contract between the data importer and the subcontractor also provides for a third-party clause under clause 3 for cases in which the person concerned is unable to claim the damages covered by paragraph 1, paragraph 6, against the data exporter or importer, because they have effectively disappeared or become legally non-existent or insolvent, and no successor organization has contractually or legally assumed the full legal obligations of the data exporter or data importer. Third-party subcontractor`s liability is limited to its own processing operations pursuant to Clauses 11.3, data protection provisions for the sub-treatment of the contract covered by paragraph 1 are governed by the member state`s law in the data exporter.11.4 The data exporter maintains a list of sub-processing contracts concluded in accordance with the clauses and communicated by the data importer in accordance with paragraph 5, d(), and updated at least once a year. The list is subject to the data protection regulator of the data exporter. A CSC within the group would need a few types of rules for the framework document, and I do not understand why this document could not be designed so that CSC would cover several jobs/commissions, by reference the specific information needed to be included in the ScCs calendar/addenda.
If restricted transmission is not covered by appropriate security measures, you should consider the question: Is limited transmission covered by an exception? An updated list of countries with a suitability assessment is available on the European Commission`s data protection website. You should check for changes regularly. Exception 1. Did the person give explicit consent to the restricted transfer? By using the data protection shield for data transfer in the United States (B), the company would like to reallocate to the data processor certain services that involve the processing of personal data. The clauses contain contractual obligations to the data exporter and importer of data, as well as rights for persons whose personal data is transferred.