Our Binding Corporate Rules (BCRs) and ISO27701 Certifications

Data Privacy Hub

A picture representing connections in between locations, mapped over a city

Explore other pages:

Binding Corporate Rules
Data Privacy Statement
Cookies Policy
Individual Rights
Goals & Company Policy

Binding Corporate Rules and International Data Transfer Privacy Tools

Binding Corporate Rules (BCRs)

Colt has obtained approval from the European Data Protection Board (EDPB) and the Spanish data protection authority (AEPD) for:

Colt’s EU Controller BCRs, which can be found here and
Colt’s EU Processor BCRs, which can be found here

Such approval decisions can be found on:

the EDPB’s website: https://edpb.europa.eu/our-work-tools/accountability-tools/bcr_en; and
the AEPD’s website: https://www.aepd.es/es/documento/ti-00003-2021-resolucion-aprobacion-bcr-responsable-colt.pdf.

Colt has also obtained approval from the UK Information Commissioner’s Office (ICO) for:

Colt’s UK Controller BCRs, which can be found here and
Colt’s UK Processor BCRs, which can be found here

Confirmation of such approval can be found on the ICO’s website: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/guide-to-binding-corporate-rules/bcr-approvals/bcrs-approved-under-uk-gdpr/.

Each set of BCRs is legally binding on all Colt entities, ensuring that the entire Colt group of companies adhere to the same standards of privacy and data protection compliance.

Frequently asked questions

What are the Binding Corporate Rules?

Binding Corporate Rules (BCRs) are a set of internal, legally binding data protection policies adopted by multinational groups of companies to ensure that all of their entities adhere to the same level of privacy and data protection compliance. This allows for the secure and lawful transfer of personal data within the same group of companies across different countries, in particular where a recipient country may have lower levels of statutory protections.

They also offer a more streamlined alternative to complying with applicable transfer mechanisms (e.g., the EU Standard Contract Clauses).

Are the BCRs a privacy compliance tool?

When was Colt awarded the BCRs?

Why does Colt need both EU BCRs and UK BCRs?

Following the UK’s withdrawal from the EU, it is no longer subject to EU law, including the EU GDPR. Instead, the UK has implemented the UK GDPR, which is closely aligned with the EU GDPR.

This means that EU BCRs, which adhere to the EU GDPR, can no longer apply to transfers of personal data from the UK. As a result, a separate set of UK BCRs that adhere to the UK GDPR is required for such transfers.

What does the BCRs imply for Colt?

Colt’s BCRs ensure that all Colt entities are compliant with both the EU GDPR and the UK GDPR, as confirmed by the EDPB, AEPD and ICO. This means that Colt can transfer personal data from its entities in the EEA and UK to those in other jurisdictions in a secure and lawful manner.

This allows Colt to run its business and provide its services effectively, whilst upholding the privacy and data protection rights across the entire Colt group of companies.

Are the BCRs applicable over all Colt entities?

How did Colt obtain approval for its BCRs?

Where can you find the official approval of Colt BCR?

Individual rights

Colt shall inform all individuals about how to exercise their rights and ensure that individuals are able to exercise their rights freely. Colt will respond as appropriate to requests to exercise any of the following individual rights:

(a) Right of access: Individuals have the right to access a copy of the personal data that has been collected about them (whether held by Colt itself or at its providers), and be provided with information about the processing.

(b) Right of rectification: Individuals have the right to rectify any inaccurate or incomplete personal data concerning them (whether held by Colt itself or at its providers), in order to guarantee their accuracy and the appropriate processing thereof.

(c) Right of erasure (right to be forgotten): Individuals have the right to the deletion of personal data concerning them.

(d) Right to object: Individuals have the right to object to the processing of personal data at any time.

(e) Right of restriction: Individuals have the right to restrict the processing of personal data concerning him or her. This means that the processing will be "paused" and the personal data will only be stored.

(f) Right of data portability: Individuals have the right to receive personal data concerning them and to have that data transmitted to another controller in a structured, commonly used, machine-readable format.

(g) Right to non-automated data processing: Individuals have the right not to be subject to a decision affecting them, where this decision is based on automated data processing of information, including profiles. This includes cases in which Colt uses cookies as a technical tool to evaluate customers and predict their behaviour, performance or preferences, comparing their profile with that of other users or similar customers.

7.10.2 Colt responds to these requests in accordance with the procedure provided by the Individual Rights Policy

Downloadable items

ISO27701 Certification

Binding Corporate Rules Infographic

Colt BCR Controller Approval Statement

Colt BCR Processor Approval Statement

Data Protection Compliance Statement

Privacy by Design Statement

Questions? We're here to help.

Speak with one of specialists today. We’re here to offer advice, provide further information and to answer any queries you may have.

Get support

We are pleased to confirm that your site can be reached by Colt Fibre Network.

Step 1 of 4

Is there a particular Colt solution you are interested in?
- Networking services
- Capital Markets
- Cloud connectivity
- Communications
- UC + Contact Centres
- Other

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Back

Our Binding Corporate Rules (BCRs) and ISO27701 Certifications

Data Privacy Hub

Explore other pages:

Binding Corporate Rules and International Data Transfer Privacy Tools

Frequently asked questions

Downloadable items

ISO27701 Certification

Binding Corporate Rules Infographic

Colt BCR Controller Approval Statement

Colt BCR Processor Approval Statement

Data Protection Compliance Statement

Privacy by Design Statement

Questions? We're here to help.