Binding Corporate Rules
HPE BINDING CORPORATE RULES
HPE has approval from the data protection regulators in the European Economic Area (EEA) Switzerland and pending approval in the UK for its Binding Corporate Rules for Controllers (BCR-C) and Binding Corporate Rules for Processors (BCR-P). By such approval, HPE is able to transfer personal data to other members of the worldwide group in compliance with data protection laws of the EEA and Switzerland. HPE’s BCRs are corporate privacy compliance frameworks made up of binding agreements, business processes and policies, training and guidelines.
BINDING CORPORATE RULES FOR CONTROLLER (BCR-C)
HPE companies process the personal data of employees, contingent workers, contractors, customers and business contacts in order to manage their workforce, business operations and business relationships. HPE companies act as controllers of this personal data as they determine why and how the personal data is used. HPE’s BCR-C allows HPE to transfer this personal data internationally to other members of the worldwide group in compliance with the data protection laws of the EEA, Switzerland and the UK. The HPE BCR Rights Notice provides more information about our commitments and the rights which individuals have under BCR-C.
BINDING CORPORATE RULES FOR PROCESSOR (BCR-P)
HPE companies process the personal data in the course of providing services to our enterprise customers. In this case, our enterprise customer acts as the controller or processor of the data and HPE acts as processor, as we process the data on behalf of the enterprise customer and in accordance with their instructions. For certain services, HPE’s BCR-P can be used by our enterprise customers to ensure that any transfer and processing of personal data by the HPE worldwide group is compliant with the data protection laws of the EEA, Switzerland and the UK. Further information for enterprise customers is included in the FAQs.
HPE Services Subject to BCR-P