SCC Generator
Standard contractual clauses (SCC‘s) for data transfers to a country with an inadequate level of data protection based on standard contractual clauses
For controllers or processors in the EU/EEA (or otherwise subject to the GDPR) and from Switzerland to controllers or processors established outside the EU/EEA (or otherwise subject to the GDPR) and Switzerland, the European Commission issued on 4 June 2021 new standard contractual clauses under the GDPR.
On the 27 August 2021, the FDPIC recognized these standard contractual clauses for the transfer of personal data to third countries applicable for Switzerland as well. However, the FDPIC does not accept these standard contractual clauses unconditionally; if necessary, these SCC will still need to be adapted and/or supplemented when they are applied. The SCC are new divided in four modules.
This generator will help you chose the right module and make basic adjustments. Keep in mind, for a more detailed and tailored version, we will be happy to assist you personally.
You are 3 steps away to generate your personal SCC
Start
Questionnaire
Fill in the following forms
Download
Receive your SCCs via e-mail
Customize
You want to have your SCCs tailored to you, then contact us
Please register or log in to fill out the form. After registration or login please refresh this page and continue with step 2.
Please select below the assigned module from step 2. After answering and submitting the form below, you will receive an e-mail with a link to download your SCC.
Please keep in mind, that this is an automatic generated document and does not replace legal consultation. We do not take any liability arising from this SCC. For a tailored and detailed customized SCC, as well for help with the Appendix of the SCC, we will gladly assist you personally. You can contact us anytime.
If you do not see the following form, please register or log in.
Please select below the assigned module from step 2. After answering and submitting the form below, you will receive an e-mail with a link to download your SCC.
Please keep in mind, that this is an automatic generated document and does not replace legal consultation. We do not take any liability arising from this SCC. For a tailored and detailed customized SCC, as well for help with the Appendix of the SCC, we will gladly assist you personally. You can contact us anytime.
If you do not see the form, please register or log in.
| Link | List of third countries with adequate data protection according to the FDPIC or according to the European Commission |
| Exporter | You are sending personal data into a third country. |
| Importer | You are receiving personal data from a third country. |
| Controller | Controls the procedures and purpose of data usage; the one to dictate how and why data is going to be used by the organization |
| Processor | Processes any data that the data controller gives them; processor does not own the data that they process, nor do they control it. This means that the data processor will not be able to change the purpose and the means in which the data is used |
| Countries with third party beneficiary right | According to Clause 3 of the SCC country laws should allow data subjects (as third parties) to invoke and enforce the standard contractual clauses. |
| Clause 13: Territorial scope of application in accordance with Art. 3 Para. 2 GDPR | Processing of personal data, where data subjects are in the EU but the processor or controller is not established in the EU and the processing activities are related to: the offering of goods or services, irrespective of whether a payment oft he data subject is required, to such data subjects in the Union or the monitoring of their behavior as far as their behavior takes place within the Union. |
| With representative Art. 27 Para. 1 GDPR | Where Art. 3 Para. 2 applies, the controller or the processor shall designate in writing a representative in the Union. |
| Without representative Art. 27 Para. 2 GDPR | The obligation of designating a representative in the EU does not apply to processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Art. 9 Para. 1 GDPR or processing of personal data relating to criminal convictions and offences referred to in Art. 10 GDPR, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or to a public authority or body. |
| Sub-processor | An entity engaged by a processor who agrees to receive from the processor personal data exclusively intended for the processing activities to be carried out as part of the services. |