brunostefanutti Created: Feb 15, 2019 Last commented: Feb 18, 2019

Extra Ue personal data

Hello; I'm a little bit confused about this scenario in terms of GDPR application: the company A owns the company B, wich is located in USA; the company B serves not only lot of USA B2B customers called D1, D2, D3,....but these B2B customers offer a "tailored" service for final customers C1, C2,C3,...... In other words, Ci are customers of Di but NOT direct customers of B. All customers are in USA (B, C, D). The data collected are processed by the mother company in Italy A that, finally, delivers the product to B and, finally, B will deliver to D wich will deliver to C. Suppose the data are quite sensitive because we are working about tailored suits. Is not clear in this scenario the roles of processors, controller and the role of information about personal data. Kind regards and thank you. Bruno

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Feb 18, 2019

Answer:

Based on the description you provide of the companies, the companies D seem to be the data controllers as they decide what measurements to take in order to provide a suit to the final customer and although not important on its own, companies D are the ones in contact and collecting the personal data from the final customers.
All the other companies A and B will be acting as processors. Company B will be a processor of companies D and company A will be a sub-processor of company B.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 15, 2019

Feb 18, 2019

Expert Advice Community