International data protection

In the course of globalization and international orientation, companies record data flows at home and abroad. International data exchange requires special procedures and processes to ensure that data transfer abroad is smooth and legally compliant. In particular, data flows to foreign group companies require close scrutiny.

Thanks to our many years of working for group companies, you can benefit from our experience with customized concepts for international data traffic.

Contractually regulating the protection of personal data abroad too

Due to the nature of their business activities, companies are often required to transfer employee or customer data abroad. In particular, top management based in the USA or Asia, for example, often request the transfer of personal data or commission services abroad.

German and European data protection law has special requirements for these cases, as a lower level of protection for personal data is assumed in countries outside the EU. Depending on the classification of the respective country as "domestic", "foreign" or "third country", different paths must be taken to regulate a data transfer in compliance with data protection law.

Legal solutions

[Translate to English:]

If the planned data transfer is to an "unsafe" third country, the following solutions are offered:

Use of standard contractual clauses of the EU Commission
Existence of Binding Corporate Rules (BCR = binding corporate rules)
Submission of Safe Harbor certification from companies based in the USA

Checking the permissibility of data transfer and practical implementation

In order to check the permissibility of the planned data transfer, we compile all relevant decision criteria with you, which may include

Classification of the country receiving the data
the category of data, whether there are any special types of personal data
the purpose of the processing
the protection of the interests of the data subject
Determination of the controller
Determination of the "data exporting" body
the question of data transfer or processing by order

After the case-related examination, we can show you possible solutions. We will discuss with you what we consider to be the most effective solution and provide you with the necessary contractual documents and forms.
Together with you, we coordinate the implementation in order to enable the data transfer in accordance with German and European data protection regulations.

Download information as PDF

Name	Purpose	Lifetime	Type	Provider
`CookieConsent`	Saves your consent to using cookies.	1 year	HTML	Website
`fe_typo_user`	Assigns your browser to a session on the server.	session	HTTP	Website
`PHPSESSID`	Temporary cookies which is required by PHP to temporarily store data.	session	HTTP	Website
`__cfduid`	missing translation: trackingobject.__cfduid.desc	30 missing translation: duration.days-session	HTTP	Cloudflare/ report-uri.com

Name	Purpose	Lifetime	Type	Provider
`_pk_id`	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
`_pk_ref`	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
`_pk_ses`	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
`_pk_cvar`	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
`MATOMO_SESSID`	Temporary cookies which is set when the Matomo Out-out is used.	session	HTTP	Matomo
`_pk_testcookie`	missing translation: trackingobject._pk_testcookie.desc	session	HTML	Matomo