BitaBIZ engages selected sub-processors that may process personal data submitted to BitaBIZ services.
A BitaBIZ sub-processor must meet and comply with EU GDPR regulation regarding the processing of personal data as specified in Article 28 of the GDPR.
If the sub-processor processes personal data outside the EEA, the processing may take place only in full compliance with Chapter V of the GDPR.
Adequacy decision. Personal data may flow outside the EEA if European Commission has decided that the third country or an international organization ensures an adequate level of protection of personal data.
In absence of adequacy decision, the sub-processor must provide appropriate safeguards that include binding on the sub-processor:
- A legally binding and enforceable instrument between public authorities or bodies.
- Binding Corporate Rules approved by the competent supervisory authority
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Approved Codes of Conduct
- Approved certification mechanisms
Statement. BitaBIZ does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data to the USA. Nonetheless, if the sub-processor is processing data in the USA, the sub-processor must comply with EU-U.S. and Swiss-U.S. Privacy Shield Framework and adhere to the security standards they entail.
Sub-processors used by BitaBIZ are listed below. The list may be updated by BitaBIZ from time to time:
BitaBIZ Sub Processor Policy accompanies BitaBIZ Terms & Conditions (System2 25.05.2018).