Binding Corporate Rules

OSF Digital BCRs

As of October 28, 2021

Binding Corporate Rules (BCRs) are company­-specific, group-wide data protection policies approved by the European Union Data Protection Authorities to facilitate the transfer of personal data from the European Economic Area to other countries. BCRs are based on strict privacy principles established by the European Union Data Protection Authorities and require strict validation from such authorities.

OSF Digital has received approval from the European Union Data Protection Authorities for its Binding Corporate Rules (“OSF Digital Binding Corporate Rules” or “BCRs”).

Applicable BCR Documents


Organization of the Data Protection Community

  • Job Description – Data Protection Officer (DPO)
  • Job Description – Security Manager
  • Job Description – System Security Engineer

List of OSF Entities Bound by the BCRs (OSF subsidiaries)

Services to Which OSF BCRs Apply

Matrix of Internal Roles and Responsibilities

Data Subject Access Request Procedure

Complaint Handling Procedure Where OSF Acts as a Data Processor

Technical and Organizational Security Measures

OSF BCRs Compliance Audit

Registry of Data Processing Operations

BOD Resolution for Binding Corporate Rules

For more information on our privacy policy, please see our Privacy Statement.