China
of its effective date, submit the signed contract and a corresponding PIA to the local CAC office. (3) Certification The certification mechanism applies to Personal Data Processors that meet the same thresholds as those under the SCC mechanism. Notably, this route offers a more practical and accessible option for overseas entities without a presence in China, which have faced challenges in complying with other cross-border transfer mechanisms under the PIPL. 5.6.2. Exempted transfers Despite the three mechanisms outlined above, certain cross-border data transfers are exempt from these requirements. For instance, transfers conducted under international treaties to which China is a party, or those necessary for fulfilling contracts involving individuals, as well as lawful cross- border human resources management, may be exempt. Rights and Duties of Data Providers/Principals 6.1. Rights and remedies 6.1.1. Right to be informed, right to make decisions, and right to restrict or refuse processing Data subjects have the right to be informed about the processing of their personal data and to make decisions regarding such processing.
They also have the right to restrict or refuse the processing of their personal data by others. 6.1.2. Right to access and copy Data subjects have the right to request access to and obtain copies of their personal data from the data processor. 6.1.3. Right to data portability Where technically feasible and in accordance with conditions prescribed by the CAC, data subjects have the right to request the transfer of their personal data to a designated data processor. The original data processor must provide the means for such transfer where the legal requirements are met. 6.1.4. Right to rectification and supplementation If a data subject discovers that their personal data is inaccurate or incomplete, they have the right to request correction or supplementation. The processor must make the necessary changes in a timely manner upon verification. 6.1.5. Right to deletion Data subjects have the right to request the deletion of their personal data under circumstances prescribed by law, such as where the processing purpose has been fulfilled, consent has been withdrawn, or the data has been unlawfully processed.
www.llinkslaw.com
Made with FlippingBook - PDF hosting