(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation). 22.214.171.124 anward transfer of Company Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Laws Protection); In the end, when drafting such treaties, the principle of contractual freedom applies – it means that the form is for the moment free for everyone. The concept of an intercompany agreement is also not mandatory in this regard – a framework agreement on data protection is also possible. In the area of data protection, this intercompany agreement is used with pleasure to legally represent complex data flows. The complexity is already that when a company processes data for a sister company as part of an order processing – this should already be told to you, we regularly report here on the blog on ADV contracts, for example on delimitation, content (with the BayLDA model). Summary: If you work with foreign companies, they should enter into this confidentiality agreement so that confidential information is not disclosed to third parties. Please adapt the pattern to your circumstances. […] The manager can use other companies belonging to the same group as subcontractors and insure these contracts through order processing contracts. To do so, the manager must enter into an order processing contract with each company or with the parent company, which in turn uses other companies as other subcontractors. This issue can be resolved through an intercompany contract. The legal basis is Article 6, paragraph 1, sub f) RGPD i.V.m. of the existing data protection agreement or.dem contract Intercompany i.S.v. art.
28, paragraph 3, of the RGPD. The exchange of data within a group is favoured by recital 48 of the RGPD as a “legitimate interest”. The head of management, who is part of a group of companies, may therefore transmit personal data within the group of companies, provided that the companies receiving this group also belong to this group, that the companies receiving this group are based in the EU/EEA, that these are internal administrative activities and that in the case of joint treatment, an agreement has been reached in Article 26, paragraph 1, p. 2 of the RGPD. In the case of joint treatment, this can be included in the intercompany contract. The legal basis is Article 6, paragraph 1, point (f) of the RGPD. This data processing agreement is adapted from the ProtonMail DPA, which can be found on this page. Organizations may use the following document as part of their GDPR compliance.