meet legitimate purposes and if both BUs comply with this Policy, which may include additional requirements established as part of ECCO’s Personal Data Compliance Programme. 2.4.2 Processing by external data processors When external data processors (e.g. IT service providers, marketing and media agencies, payroll providers, HR service providers etc.) are processing personal data on behalf of ECCO, the BU using the data processor shall ensure that (a)the external data processors are providing sufficient guarantees to implement appropriate technical and organisational data protection measures governing the processing to be carried out, and that (b)contracts containing effective data protection provisions are signed with all external data processors. ECCO’s Legal Department shall ensure that relevant templates for contractual provisions are in place and if needed assist the BU with the review and negotiation of data protection provisions. 2.5 Respecting Data Subjects’ Rights ECCO acknowledges and respects that data subjects might have certain rights established by law, including the rights to access their Personal Data; and to have incorrect or inadequate personal data rectified, or to object to unlawful processing of personal data. Any request from a data subject concerning the use of their rights should be aligned and coordinated with the Group Privacy Officer, unless otherwise directed in a separate policy or procedure approved by the Group Privacy Officer. 2.6 Appointment of Group Privacy Officers, Local Data Protection Officers & Data Protection Coordinators 2.6.1 Group Privacy Officer The ECCO Group shall appoint a Group Privacy Officer, who shall be responsible for the development, implementation, and maintenance of ECCO’s Personal Data Compliance Programme cf. section 2.7 below. ECCO’s Group Privacy Officer shall have the rights and obligations specified here. The Group Privacy Officer shall ensure that the roles and responsibilities between the Group Privacy Officer and the Local DPOs and the Data Protection Coordinators are clearly aligned and coordinated. 2.6.2 Local Data Protection Coordinators All BUs shall appoint a Data Protection Coordinator, who shall be the main contact person for the Group Privacy Officer in all matters related to the protection of personal data. The Data Protection Coordinator shall support the development, implementation, maintenance, and monitoring of ECCO’s Personal Data Compliance Programme. The Coordinators may have additional functions and may represent multiple BUs, provided that it is consistent with the purposes of the appointment of local Data Protection Coordinators. The Group Privacy Officer shall be informed about all locally appointed Data Protection Coordinators. 2.6.3 Local Data Protection Officers In certain countries, it is a legal requirement for businesses to have locally appointed data protection officers (Local DPOs), 56
Download PDF file
Cookie policy