5 To whom we might share your information with
Under certain circumstances stated below (beyond the cases already mentioned above), your personal data might be transmitted to third parties for the purposes mentioned above:
· Personal data is transferred to other companies in our group of companies. Exchanges between different companies of the Aya Data Group, including outside the European Union (“EU”), are based on EU standard data protection clauses and additional technical or organizational safeguards, if necessary.
· Service providers, specifically data processors may receive personal data of our business partners or third parties we interact with that is obligatory for the fulfilment of the respective service.
· Information necessary for the processing of existing contracts may be transferred to customers and suppliers.
· Due to legal obligations to report and provide information, certain personal data will be communicated to relevant authorities.
· If it is necessary for the clarification or prosecution of illegal or abusive incidents or, for the establishment, exercise or defence of legal claims, personal data will be forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties.
· In the eventuality of business restructurings or reorganizations, including financial restructurings, insolvency, Mergers & Acquisitions (M&A) transactions, mergers, acquisitions, spin-offs, joint-ventures, assignments, sale or divestment of companies or parts thereof, any other sale or divestment of business or parts thereof, other business development activities such as in-licensing and out-licensing, personal data may be provided to the buyer, acquiring company, seller, merged companies, licensor, licensee, law firms and other consulting firms, liquidators, banks and other financial institutions, rating agencies and similar organizations. We will always
judiciously consider the need for such transfers and take steps (e.g., anonymization, pseudonymization or aggregation techniques) to reduce the amount of personal data to what is strictly necessary in such cases.
· If you have provided designated recipients (e.g., emergency contacts), personal information will be provided to them under certain circumstances (e.g., emergencies).
When collaborating with service providers and other organizations, legal instruments shall be utilized to ensure your personal data is processed lawfully and stored only as long as necessary. These may happen, for example, using processing agreements according to Art. 28 GDPR or agreements between joint controllers according to Art. 26 GDPR.
Generally, the servers on which we or our service providers store your personal data are located on the territory of the EU. In the course of some processing activities, your personal data may be stored outside the EU or personal data may be accessed by persons performing their activities in countries outside the EU (e.g., annotation staff). Aya Data will ensure an adequate level of personal data protection, inter alia by agreeing on Data Protection Legislation as required by data protection laws, such as model contract clauses approved by the European Commission.
If there is no adequate decision according to Art. 45 GDPR for these countries, legal instruments are used that also ensure the confidentiality, integrity and availability of the (your) personal data. This includes in particular the signing of the so-called EU standard data protection clauses according to Art. 46 (2) c GDPR.