Skip to main content

/ Binding Corporate Rules for the Processing of Personal Data

Introduction

At Microform, we are committed to protecting the privacy and security of the personal data we process. As part of our commitment, we have established Binding Corporate Rules (BCRs) that govern the transfer of personal data within our company group, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Scope

These BCRs apply to all personal data processed by Microform and its subsidiaries and affiliates worldwide. They cover all types of processing activities, including collection, use, storage, transfer, and deletion of personal data.

Principles for Data Processing

Our BCRs are based on the following key principles:

1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.

2. Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3. Data Minimisation: Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

4. Accuracy: Personal data is accurate and, where necessary, kept up to date.

5. Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

6. Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

7. Accountability: Microform is responsible for, and able to demonstrate compliance with, these principles.

Transfer of Personal Data

Transfers of personal data to third countries are carried out in accordance with applicable data protection laws and our BCRs. The following measures are in place to ensure adequate protection of personal data during such transfers:

 - Adequacy Decisions: Transfers are made to countries that have been recognised by the European Commission as providing an adequate level of data protection.

 - Standard Contractual Clauses: Where necessary, we use standard contractual clauses approved by the European Commission to ensure appropriate data protection safeguards.

 - Binding Corporate Rules: Transfers within our company group are governed by these BCRs, which have been approved by the relevant Data Protection Authority.

Data Subject Rights

Individuals whose personal data is processed by Microform Digital have the following rights:

 - Right to access their personal data

 - Right to rectification of inaccurate or incomplete data

 - Right to erasure of personal data ("right to be forgotten")

 - Right to restriction of processing

 - Right to data portability

 - Right to object to processing

 - Right not to be subject to automated decision-making, including profiling

Implementation and Compliance

We have implemented a comprehensive data protection programme to ensure compliance with these BCRs. This includes training for our employees, regular audits, and monitoring of data processing activities. We also have a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with applicable laws.

Contact Information

If you have any questions or concerns about our BCRs or the processing of your personal data, please contact our Data Protection Officer at: Microform