Safeguarding the privacy and security of personal information is a top priority for VVL Systems in our data driven-economy.
VVL’s BCR Policy is incorporated into a corporate wide policy, requiring all VVL entities, employees and third party providers to comply with and respect the BCR Policy which is governing the collection, use, access, storage and transfer of personal data among VVL entities and third-party sub-processors worldwide.
The BCR Policy applies to all personal data of past, current and potential employees, customers, resellers, suppliers, service providers and other third parties wherever it is collected and used in conjunction with VVL business activities and the administration of employment.
VVL will apply the BCR Policy universally in all cases where VVL processes personal data, whether the personal data relates to European individuals or not.
How does the BCR Policy apply to VVL and what are the benefits for our Customers?
European data protection law, in particular the General Data Protection Regulation (“GDPR”), prohibits the transfer of EU personal data to countries outside Europe (defined as the EEA (namely the EU Member States plus Norway, Iceland and Liechtenstein), and Switzerland), that do not ensure an adequate level of data protection. Some of the countries in which VVL operates are not regarded by European data protection authorities as providing an adequate level of data protection. Having the BCR in place allows VVL to transfer personal data in accordance with European data protection laws in any country in the world.
Being an alternative to the Privacy Shield and the EU Model Clauses, the BCR allows our Customers to contractually rely on our Processor BCR Policy to transfer their personal data to VVL in a safe manner and in accordance with European data protection laws, in any locations where VVL does business. The BCR requirements are indeed contractually flowed down to our subcontractors, so that Customer’s personal data are covered throughout the chain of subcontractors.
How does the BCR Policy apply to VVL Systems?
The BCR Policy describes the standards that VVL members (“Group Members”) must apply when they transfer personal data internationally, whether to other Group Members or to external service providers, and whether Group Members are transferring personal information for their own purposes or when providing services to a third party controller. The content of the BCR Policy is available below (“BCR Policy”) in several languages.
All Group Members have signed the BCR Intra-Group Agreement (“IGA”) and are therefore bound to comply with the BCR Policy.
If you have any questions regarding the provisions of the BCR Policy, your rights under the BCR Policy or any other data protection issues, you can contact VVL at the address below who will either deal with the matter or forward it to the appropriate person or department within VVL. To learn more about the BCR framework, please visit the European Commission website.