search
HomeGo to colt.net

OUR BINDING CORPORATE RULES (BCRS) AND ISO27701 CERTIFICATIONS

hashtag
BINDING CORPORATE RULES AND INTERNATIONAL DATA TRANSFER PRIVACY TOOLS

Binding Corporate Rules (BCRs)

Colt has obtained approval from the European Data Protection Board (EDPB) and the Spanish data protection authority (AEPD) for Colt's EU Controller BCRs and Colt's EU Processor BCRs.

file-pdf
387KB
Colt-EU-Controller-BCRs-2021.pdf
PDF
arrow-up-right-from-squareOpen
file-pdf
371KB
Colt-EU-Processor-BCRs-2021.pdf
PDF
arrow-up-right-from-squareOpen

Such approval decisions can be found on:

Colt has also obtained approval from the UK Information Commissioner's Office (ICO) for Colt's UK Controller BCRs and Colt's UK Processor BCRs.

file-pdf
364KB
Colt-UK-Processor-BCRs-2025.pdf
PDF
arrow-up-right-from-squareOpen
file-pdf
353KB
Colt-UK-Controller-BCRs-2025.pdf
PDF
arrow-up-right-from-squareOpen

Confirmation of such approval can be found on the ICO's website: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/guide-to-binding-corporate-rules/bcr-approvals/bcrs-approved-under-uk-gdpr/arrow-up-right.

Each set of BCRs is legally binding on all Colt entities, ensuring that the entire Colt group of companies adhere to the same standards of privacy and data protection compliance.

hashtag
FREQUENTLY ASKED QUESTIONS

chevron-rightWhat are the Binding Corporate Rules?hashtag

Binding Corporate Rules (BCRs) are a set of internal, legally binding data protection policies adopted by multinational groups of companies to ensure that all of their entities adhere to the same level of privacy and data protection compliance. This allows for the secure and lawful transfer of personal data within the same group of companies across different countries, in particular where a recipient country may have lower levels of statutory protections.

They also offer a more streamlined alternative to complying with applicable transfer mechanisms (e.g., the EU Standard Contract Clauses).

chevron-rightAre the BCRs a privacy compliance tool?hashtag

Yes – in fact, implementing BCRs that are compliant with the EU General Data Protection Regulation (GDPR) and the UK GDPR is the only way to get a company's privacy and data protection practices comprehensively approved by the EU Data Protection Authorities (DPAs) and the UK ICO, respectively.

chevron-rightWhen was Colt awarded the BCRs?hashtag

Both of Colt's EU BCRs were approved by the EDPB on August 2nd, 2021, and subsequently ratified by AEPD on August 16th, 2021, as Colt's Lead DPA.

Both of Colt's UK BCRs were approved by the ICO on February 13th, 2025.

chevron-rightWhy does Colt need both EU BCRs and UK BCRs?hashtag

Following the UK's withdrawal from the EU, it is no longer subject to EU law, including the EU GDPR. Instead, the UK has implemented the UK GDPR, which is closely aligned with the EU GDPR.

This means that EU BCRs, which adhere to the EU GDPR, can no longer apply to transfers of personal data from the UK. As a result, a separate set of UK BCRs that adhere to the UK GDPR is required for such transfers.

chevron-rightWhat does the BCRs imply for Colt?hashtag

Colt's BCRs ensure that all Colt entities are compliant with both the EU GDPR and the UK GDPR, as confirmed by the EDPB, AEPD and ICO. This means that Colt can transfer personal data from its entities in the EEA and UK to those in other jurisdictions in a secure and lawful manner.

This allows Colt to run its business and provide its services effectively, whilst upholding the privacy and data protection rights across the entire Colt group of companies.

chevron-rightAre the BCRs applicable over all Colt entities?hashtag

Yes – all Colt entities are party to each set of BCRs.

Colt's BCRs are also applicable to Colt's employees, ensuring that they comply with the required standards when handling personal data.

chevron-rightHow did Colt obtain approval for its BCRs?hashtag

Colt's EU BCRs were negotiated with 3 EU DPAs, including the Italian DPA, to ensure complete compliance with the EU GDPR. They were subsequently approved by the EDPB on behalf of all EU DPAs, confirming Colt's compliance.

Colt's UK BCRs were similarly negotiated with and approved by the ICO, also confirming Colt's compliance with the UK GDPR.

chevron-rightWhere can you find the official approval of Colt BCR?hashtag

Colt BCR Controller and Processor decisions are published at the European Data Protection Board (EDPB) website:

https://edpb.europa.eu/our-work-tools/accountability-tools/bcr_enarrow-up-right

Spanish Data Protection Authority ("AEPD") website:

https://www.aepd.es/es/documento/ti-00003-2021-resolucion-aprobacion-bcr-responsable-colt.pdfarrow-up-right

hashtag
INDIVIDUAL RIGHTS

Colt shall inform all individuals about how to exercise their rights and ensure that individuals are able to exercise their rights freely. Colt will respond as appropriate to requests to exercise any of the following individual rights:

  • (a) Right of access: Individuals have the right to access a copy of the personal data that has been collected about them (whether held by Colt itself or at its providers), and be provided with information about the processing.

  • (b) Right of rectification: Individuals have the right to rectify any inaccurate or incomplete personal data concerning them (whether held by Colt itself or at its providers), in order to guarantee their accuracy and the appropriate processing thereof.

  • (c) Right of erasure (right to be forgotten): Individuals have the right to the deletion of personal data concerning them.

  • (d) Right to object: Individuals have the right to object to the processing of personal data at any time.

  • (e) Right of restriction: Individuals have the right to restrict the processing of personal data concerning him or her. This means that the processing will be "paused" and the personal data will only be stored.

  • (f) Right of data portability: Individuals have the right to receive personal data concerning them and to have that data transmitted to another controller in a structured, commonly used, machine-readable format.

  • (g) Right to non-automated data processing: Individuals have the right not to be subject to a decision affecting them, where this decision is based on automated data processing of information, including profiles. This includes cases in which Colt uses cookies as a technical tool to evaluate customers and predict their behaviour, performance or preferences, comparing their profile with that of other users or similar customers.

7.10.2 Colt responds to these requests in accordance with the procedure provided by the Individual Rights Policy

hashtag
DOWNLOADABLE ITEMS

hashtag
ISO27701 CERTIFICATION

file-pdf
1MB
PM-741466-001.pdf
PDF
arrow-up-right-from-squareOpen

hashtag
BINDING CORPORATE RULES INFOGRAPHIC

file-pdf
96KB
Colt-BCRS-01.pdf
PDF
arrow-up-right-from-squareOpen

hashtag
COLT BCR CONTROLLER APPROVAL STATEMENT

file-pdf
195KB
Colt-BCR-Controller-Approved.pdf
PDF
arrow-up-right-from-squareOpen

hashtag
COLT BCR PROCESSOR APPROVAL STATEMENT

file-pdf
215KB
Colt-BCR-Processor-Approved.pdf
PDF
arrow-up-right-from-squareOpen

hashtag
DATA PROTECTION COMPLIANCE STATEMENT

file-pdf
2MB
DP-compliance-statement-signed.pdf
PDF
arrow-up-right-from-squareOpen

hashtag
PRIVACY BY DESIGN STATEMENT

file-pdf
3MB
Privacy-by-design-statement-signed.pdf
PDF
arrow-up-right-from-squareOpen
PreviousDATA PRIVACY STATEMENT FOR CANDIDATESNextTERMS & CONDITIONS

Last updated

Was this helpful?