These clauses are governed by the law of the country in which the data exporter is established, with the exception of laws and rules relating to the processing of personal data by the importer of data pursuant to Clause II, point h), which apply only if the data importer has chosen it in accordance with this clause. 5. Data exports. If (i) European Twitter data is transferred outside the European Economic Area or from a country approved by the European Commission and (ii) you do not have a valid and dependent Privacy Shield certification, In accordance with the Commission`s 2016/1250 enforcement decision on your handling of European Twitter data, you hereafter accept and herely include the Controller to Controller Standard Contractual Clauses 2004 (Set II) (Commission Decision 2004/915/CE) (“C2C SCCs”) with Twitter International Company, the terms of which are included in this agreement. For the purposes of C2CS, Twitter International Company is the data exporter and you are the importer of data and the current legislation of C2C SCCs is the Irish law. Use this model to create a contract with scCs to transfer personal data from an EEA controller to your UK-based company or to your organization that works as a controller. It aims to cover common problems and help micro-enterprises, small and medium-sized enterprises use CSC in simple cases where you don`t need professional advice. What must be included in the agreement depends on the use of a waiver, a derogation or other transfer mechanism to legitimize the transfer of personal data. For some transmission mechanisms, it may be useful to include the mechanism in the agreement itself, for example. B when controller SSCs are used. They should also refer to other relevant agreements. Specific obligations for RGPD processors are listed below and must be reflected in the agreement between the processor and the processor (or the transformer and subprocesser). The European Commission may decide that standard contractual clauses provide sufficient data protection guarantees so that data can be transferred internationally.

6. Sensitive data: the data importer takes additional measures (for example. (B) necessary to protect this sensitive data in accordance with its obligations under Term II. According to the RGPD (as in the old European data protection system), the default position is that EU personal data cannot be transferred or accessed outside the EEA unless certain conditions are met. For example, if the European Commission has made a decision on a suitability for a given country; or if appropriate security measures have been put in place, such as mandatory business rules (C.B), standard contractual clauses (CSR) or Privacy Shield certification; or where exceptions apply to certain situations (narrowly interpreted).