Ti | = | Article 47 - {_Binding_corporate_rules} |
1.0.sec | = | The competent {_supervisory_authority} shall approve {_binding_corporate_rules} in accordance with the consistency mechanism set out in Article 63, provided that they: |
1.1.sec | = | are legally binding and apply to and are enforced by every member concerned of the {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity, including their employees; |
1.2.sec | = | expressly confer enforceable rights on {_data_subjects} with regard to the {_processing} of their {_personal_data}; and |
1.3.sec | = | fulfil the requirements laid down in paragraph 2. |
1. | = | [G/Z/ol-a/s3] |
2.0.sec | = | The {_binding_corporate_rules} referred to in paragraph 1 shall specify at least: |
2.1.sec | = | the structure and contact details of the {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity and of each of its members; |
2.2.sec | = | the data transfers or set of transfers, including the categories of {_personal_data}, the type of {_processing} and its purposes, the type of {_data_subjects} affected and the identification of the third country or countries in question; |
2.3.sec | = | their legally binding nature, both internally and externally; |
2.4.sec | = | the application of the general data protection principles, in particular purpose limitation, data minimisation, limited storage periods, data quality, data protection by design and by default, legal basis for {_processing}, {_processing} of special categories of {_personal_data}, measures to ensure data security, and the requirements in respect of onward transfers to bodies not bound by the {_binding_corporate_rules}; |
2.5.sec | = | the rights of {_data_subjects} in regard to {_processing} and the means to exercise those rights, including the right not to be subject to decisions based solely on automated {_processing}, including {_profiling} in accordance with Article 22, the right to lodge a complaint with the competent {_supervisory_authority} and before the competent courts of the Member States in accordance with Article 79, and to obtain redress and, where appropriate, compensation for a breach of the {_binding_corporate_rules}; |
2.6.sec | = | the acceptance by the {_controller} or {_processor} established on the territory of a Member State of liability for any breaches of the {_binding_corporate_rules} by any member concerned not established in the Union; the {_controller} or the {_processor} shall be exempt from that liability, in whole or in part, only if it proves that that member is not responsible for the event giving rise to the damage; |
2.7.sec | = | how the information on the {_binding_corporate_rules}, in particular on the provisions referred to in points (d), (e) and (f) of this paragraph is provided to the {_data_subjects} in addition to Articles 13 and 14; |
2.8.sec | = | the tasks of any data protection officer designated in accordance with Article 37 or any other person or entity in charge of the monitoring compliance with the {_binding_corporate_rules} within the {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity, as well as monitoring training and complaint-handling; |
2.9.sec | = | the complaint procedures; |
2.10.sec | = | the mechanisms within the {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity for ensuring the verification of compliance with the {_binding_corporate_rules}. Such mechanisms shall include data protection audits and methods for ensuring corrective actions to protect the rights of the {_data_subject}. Results of such verification should be communicated to the person or entity referred under point (h) and to the board of the controlling undertaking of a {_group_of_undertakings}, or of the group of {_enterprise}s engaged in a joint economic activity, and should be available upon request to the competent {_supervisory_authority}; |
2.11.sec | = | the mechanisms for reporting and recording changes to the rules and reporting those changes to the {_supervisory_authority}; |
2.12.sec | = | the cooperation mechanism with the {_supervisory_authority} to ensure compliance by any member of the {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity, in particular by making available to the {_supervisory_authority} the results of verifications of the measures referred to in point (j); |
2.13.sec | = | the mechanisms for reporting to the competent {_supervisory_authority} any legal requirements to which a member of the {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity is subject in a third country which are likely to have a substantial adverse effect on the guarantees provided by the {_binding_corporate_rules}; and |
2.14.sec | = | the appropriate data protection training to personnel having permanent or regular access to {_personal_data}. |
2. | = | [G/Z/ol-a/s14] |
3.sec | = | The Commission may specify the format and procedures for the exchange of information between {_controllers}, {_processors} and {_supervisory_authorities} for {_binding_corporate_rules} within the meaning of this Article. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 93(2). |
= | [G/Z/ol/s3] | |