We continuously enhance and update our operations with new and revised processes to comply with the latest regulatory requirements.
We have introduced an internal, comprehensive process regarding privacy contracting and international transfers of personal data which is followed by the entire Accelleron group. We also have a set of contractually binding rules regarding how personal data is shared within the Accelleron group itself (please visit the Summary of Accelleron Corporate Rules for more details).
Our Privacy Management Team (in close collaboration with other internal stakeholders, such as business representatives, information security team and country privacy leads) conducts Transfer Impact Assessments (TIAs), in case of transfers of personal data, to:
- map the transfers (identify destination countries, types of data and individuals affected, as well as other actors such as organizations involved in the transfer and further processing of data)
- establish the appropriate transfer compliance mechanism (such as Standard Contractual Clauses recognized under the EU and Swiss data protection law, if necessary, complemented by additional provisions and clauses to comply with other regulatory requirements)
- assess the law and practices of relevant destination countries to ensure that the transfer compliance mechanism is effective
- identify and adopt data protection measures
- to fulfil other requirements, where relevant.
Outcomes of the TIAs are well documented and specific recommendations implemented before transferring personal data. However, with this our efforts do not stop, as we continuously monitor compliance and, when needed, modify our assessments, and react to changing situations (such as with additional supplementary data protection measures or limiting or terminating transfers, if necessary).