21
Transfer of Personal Data from the EU/ EEA to a Third Country
15.1 Transfer outside the Mercedes-Benz Group
Group Companies may only transfer personal data from the EU/ EEA to
third parties outside of the EU/EEA (including granting access from a
third country) if:
the third country provides an adequate level of data protection
recognized by the EU Commission, or
the transfer is subject to the EU standard contractual clauses. It is
the responsibility of the Group Company, if needed with the help
of the third party, to assess whether the level of protection
required by EU law is respected in the third country, in order to
determine if the guarantees provided by the EU standard
contractual clauses can be complied with in practice. If this is not
the case, the third party must implement supplementary
measures to ensure an essentially equivalent level of protection
as provided in the EU/ EEA, or
further appropriate safeguards as defined by Article 46 (2) of the
GDPR are in place, or
on an exceptional basis (i.e. only where it is impossible to
implement the above measures), a derogation for specific
situations applies (e.g. the transfer is necessary for the
establishment, exercise or defence of legal claims).
15.2 Transfer within the Mercedes-Benz Group
Before transferring personal data to a Group Company outside of the
EU/EEA, the Group Companies must assess whether the laws and
practices in the third country prevent them from fulfilling their
obligations under this Policy. If necessary, supplementary contractual,
technical or organisational safeguards must be implemented by the
Group Company in a third country to ensure an essentially equivalent
level of protection as provided in the EU/ EEA.
The specific circumstances of the transfer (especially categories of data,
means of transfer, further transfer to a third party) as well as the laws
and practices applicable to the Group Company in the third country,
including those requiring the disclosure of data to public authorities or
authorising access by such authorities, must be taken into account.
The Group Companies document the assessment of Section 15.1 and
15.2 and make it available to the competent supervisory authority on
request. Furthermore, the Group Companies make the assessment and
the results transparent to all other Group Companies so that the
identified supplementary measures could be applied in case the same
type of transfers is carried out by any other Group Company or, where
effective supplementary measures could not be put in place, the
transfers at stake will be suspended or ended. Provisions established by
Mercedes-Benz Group AG for performing this assessment (such as tools,
instructions on the performance of an evaluation) must be observed