Binding Corporate Rules

OSF Digital BCRs

As of March 25, 2024

The Binding Corporate Rules, or BCRs, serve as personalized, organization-wide data protection policies, validated by the European Union Data Protection Authorities. These policies are designed for the secure transfer of personal data from the European Economic Area to various countries. Upholding rigorous privacy principles outlined by the authorities, BCRs demand stringent data transfer processes. We're delighted to share that OSF Digital obtained EU approval for its BCRs on
December 6, 2023, proving our commitment to enforcing robust data protection practices.

By implementing the BCRs, we ensure a consistent and high standard of data protection across our global operations, for every affiliate. This not only fortifies our commitment to safeguarding sensitive information but also fosters trust among our clients, partners, and stakeholders.

BCRs serve as a testament to our dedication to privacy compliance, positioning OSF Digital as a reliable and responsible custodian of personal data.

Our BCRs are officially listed on the EDPB's global website.

Here is the final decision as issued by the authorities: ANSPDCP 0000106/06-12-2023.

Applicable BCR Documents

Services to Which OSF BCRs Apply

Matrix of Internal Roles and Responsibilities

Data Subject Access Request Procedure

Complaint Handling Procedure Where OSF Acts as a Data Processor

Technical and Organizational Security Measures

OSF BCRs Compliance Audit

OSF Processor BCRs

For more information on our privacy policy, please see our Privacy Statement.