We have modified our Member Code of Conduct and Antitrust Policy & Guidelines. And we and the new GPA Data Protection Policy. To continue in the portal, please read them carefully and accept them.
Note: if you want to read the policies in your language, right click on the text and select translate to "your language"
For any questions or suggestions, please contact GPA University.
gpau@thinkgpa.com
Member Code of Conduct
|
Revision # |
Revision Date |
Change Summary |
|
0.9 |
Jan 16, 2018 |
Initial Draft for Board Review and approval |
|
0.91 |
Mar 1, 2018 |
Revision from final legal review, issued for Board comment |
|
1.0 |
Mar 27, 2018 |
Board Approved for Member Issuance |
|
1.01 |
Nov 5, 2020 |
GPA logo update |
|
2.0 |
June 30, 2021 |
Simplification of select Code language, addition of Introduction section, better reflection of GPA B.V. structure and terminology, update of Core Values, and general reformatting, removal of anti-trust duplication with GPA Anti-Trust Policy. |
The information in this document is deemed confidential and proprietary to the GPA Foundation and GPA B.V., thereby its constituent share (certificate) holding companies (Regional Business Units - RBU’s). In agreeing to and accepting this policy, RBU’s agree to make every effort to ensure that any employees or related parties associated with their companies shall abide by its contents. It is governed by the contractual confidentiality obligations of the GPA B.V. Member Agreement, the GPA Member Code of Conduct. As well as any confidentiality and non-disclosure limitations within a GPA Member’s respective staff employment agreements and/or related policies. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and or pub lication of this material is strictly prohibited, and may not be disclosed or discussed in any form with any 3 rd party without the prior consent of the directors of GPA B.V.
GPA
Community Code of Conduct
This Code of Conduct is common to both the corporate organizational level of any GPA Regional Business Unit (RBU) as a Schedule to the master Member Agreement executed between GPA B.V. and each Regional Business Unit (RBU), as well as individually to each member of the GPA global community through their acknowledgement of the policy within the GPA University platform.
In acknowledging and accepting this Code, RBU’s organizationally commit that the internal practices, policies, strategies, and communications guidelines within their organization do not conflict with this Code, and that compliance to the code will be maintained and managed through conscious and continuous education and advocacy, as well as periodic examination and inspection.
In acknowledging and accepting at an individual level, one commits to personally adhering to the Code, and to holding any individual within the GPA community who they may believe is in breach of the code, accountable and responsible to indeed comply. If one does not understand the meaning, or practical implications of any aspect of this code, one commits to seeking clarification from appropriate and relevant party(s) until fully comfortable with the requirements of the entire code and the ability to meet them.
Notwithstanding, any individual or organizational representative that identifies a potential Code breach will immediately notify relevant RBU or GPA B.V. supervisory/management resource(s), escalating where applicable until individually satisfied the breach has been addressed and/or rectified. Escalation should occur up to and including the Managing Director/CEO of GPA B.V. and/or the GPA Foundation Board.
PREAMBLE
The GPA organization exists as a global enabler of its shareholding Regional Business Units to consistently and efficiently deploy and support communication and collaboration technologies to global customers as those organizations’ strive to drive human efficiency and productivity. Within a culture of community contribution and knowledge sharing, this gives GPA shareholding Business Units and the teams within them the capacity to deliver “better” to customers. It also allows Business Units to regionally enhance their business capability and market leadership positioning, which in turn reflects back upon the excellence reputation of the GPA B.V corporate entity and the entire GPA global community it serves.
This Code offers guidance to GPA community members in all forms regarding GPA’s conduct with respect to the goods and services that GPA - through its Regional Business Units - offers. The Code itself does not contain sanction rules or complaint procedures, rather it simply describes an international understanding of the principles, best practices, and norms of good and desirable conduct that all those within the GPA community (individually or organizationally) are expected to commit to observe – be they morally or within the frameworks established by the relevant Dutch, European, and International legal environments by which the GPA BV organization is bound.
Understanding GPA global diversity, deviation from this code may be justified is specific circumstances, however the individual or organization is required to immediately – in advance wherever possible – present and justify to GPA B.V. management the basis of the need for the deviation, and allow a validation, approval, and management process to be undertaken.
CORE VALUES
All members of the GPA global community agree in any and all actions taken to uphold and be guided by GPA Core Values as defined below, independent of whether such actions are specifically defined by this Code of Conduct.
GPA Core Values are:
• Passion: It’s what drives us all to being and doing ‘better” tomorrow - just because! The stuff one does that makes us “forget to eat or poop!” It’s what creates positive change and inspires others. It’s what’s at the core of the leaders that have driven our organization to where we are today, and what will drive us to what we should be tomorrow.
• Community: We embrace concept of an elevated familial community bond within the organization that ensures a level of selfless trust and support within that goes above and beyond just “doing business with” one another.
• Teamwork: Not only representative of the “Collaboration” market we are in, but also understanding that the sum of the GPA whole is far greater than the sum of its parts, and only through working together as a collective team can we achieve our individual and group potential. We celebrate our unique collaborative culture in combination with the independence our RBU’s maintain as a result of our progressive organizational structure and business model.
• Trust: Only by leveraging empathy & emotional intelligence, and ensuring an absolute commitment to transparency & honesty at all times - to the GPA organization itself, to fellow GPA community peers, and to our valued industry partners - can we ensure the foundation of “trust” critical for us to fulfill our organizational goals.
• Contribution: We can only exist , let alone grow and prosper based upon the contributions of our collective global resources, selfless contribution by individuals and RBU’s to share their time, knowledge, and intellectual property in the name of the greater good. We also recognise that the path of contribution and participation brings both tangible and intangible long term benefit to those who invest their time and energies in furthering the interests of the global organization.
• Diversity: Not only do we appreciate and celebrate the cultural, geographical, and other diversity that exists across the GPA, but we put this at the very heart of our value proposition and delivery methodology. We learn and expand our own personal maturity and perspective as well as driving our professional success as a result of the diverse global community we are all a part of.
• Fun: We all work hard, but we are a “People First” organization. It’s not only important to enjoy and celebrate the ride, but doing so will get us there better and faster!
GPA community members whether individually, and/or collectively, by participating within the community assume the obligation to:
1. embrace and accept all GPA community members in a manner free of bias, embracing the inherent diversity of race, ethnicity, age, gender, sexual orientation, religion, disability, marital status, and/or any other diversities inherent with and critical to the very essence of the GPA organization;
2. ensure adherence to the law at all times. Specifically, given the global nature of the GPA organization, commit to compliance to any relevant anti-corruption, anti-trust, and data privacy laws applicable relevant to the jurisdiction within which one operates, as well as to any laws understood to apply to and/or articulated by GPA B.V. or any GPA RBU within their respective region(s) and jurisdiction(s);
3. demonstrate a commitment to excellence in all aspects of one’s profession, consistently striving to create an ethical climate within one’s relevant RBU, the GPA organization globally, and the broader community of clients and partners we collectively serve.
4. be socially responsible, always choosing technological or other operational decisions that protect the public safety and health of society and the environment, and in any case meet all relevant legal requirements and obligations;
5. understand the spirit of collegiality, knowledge share, trust, and unity toward and between GPA RBU’s specifically and community members generally; key concepts at the very core of GPA’s existence, value proposition, and success;
6. individually, and through leadership within the organization(s) and team(s) one operates within, conduct oneself in an open, honest and reliable manner that reflects favorably on and supports the dignity and good reputation of the industry, GPA B.V., and the global GPA community.
7. be committed to personal reliability and accountability in one’s own performance and actions, thereby building a foundation of honesty and trustworthiness in all relationships;
8. honor business agreements made, and act consistently within agreed terms;
9. avoid any compromise of professional judgment by entering into any situation with a potential perceived or real conflict of interest;
10. maintain reasonable, timely, and responsive communication regarding goods or services rendered. “Reasonable and timely” means of the nature which is agreed upon with the relevant parties (customers, peer business units, vendor partners, or other) in accordance with applicable law, or in the absence of either, the timeframe that is generally understood given the nature and topic of the communication, and in light of the past and present business relationship.
11. truthfully and accurately provide information as may be requested by GPA B.V. corporate staffing to maintain the accuracy of consolidated information at a global organizational level; www.thinkgpa.com
12. only use, communicate, share, or distribute in the manner allowed, any GPA proprietary or confidential information which may be acquired by virtue of one’s representative capacity within the GPA Community;
13. respect GPA’s copyright and trademark interests, and only use GPA logos, trademarks, and copyrighted materials in the manners expressly authorized by GPA B.V.;
14. not use the GPA name or logo in communications in such a way that leads others to believe the communication originates from or has been approved by GPA B.V. corporate management or leadership when it has not;
15. not speak on behalf of or act with the authority of GPA when in fact such authority (for instance, as a Board Member, Committee Member, or another representative capacity) has not been given;
16. promptly respond to all GPA inquiries regarding any Code related matter, cooperate in any related Code related proceedings, make a good faith effort to resolve all such matters, and conform to any Code related determinations;
17. refrain from unwelcome physical contact, sexual comments, stories and jokes, repeated and unwanted social invitations and/or sexual advances, sending sexually explicit messages or images, or any other verbal or non-verbal sexually suggestive activities;
18. refrain from discrimination, harassment and bullying in any form – verbal, physical, or visual;
19. understand that when attending events, interacting with or delivering services to customers, communicating with vendors, or any other 3rd party interaction that relates to GPA related activities, that one represents not only one’s personal brand, but also that of each and every GPA RBU organization, and the GPA global brand;
20. offer the same level of respect, effort, commitment, and thought to actions and decisions that may have an impact upon peers across the entire GPA organization and community as one would undertake relative to one’s own regional RBU organization;
21. exhibit constructiveness and cooperation in all working relationships, to the best of one’s abilities and knowledge, and pledge to be truthful and accurate in all of what one says, does, and writes;
22. strive to seek and utilise financial, human capital or other related resources within GPA and its RBU’s as efficiently as collectively possible, ensuring any requests of peer RBU’s or individual community peers are made with an eye to overall community good as opposed to any selfish personal or regional interest;
23. not reveal facts, data or information obtained in connection with services rendered without the prior consent of the relevant individual or corporate parties except as authorized or required by law;
24. not misrepresent or permit misrepresentation of one’s own or one’s associates' academic or professional qualifications, nor exaggerate any degree of responsibility for any work conducted. Undertake only those assignments for which one is competent by way of education, training, and experience. www.thinkgpa.com
25. reinforce GPA’s culture and community commitment to continuous improvement and learning by a willingness to be proven wrong, admitting and accepting responsibility for errors, and by refraining from distorting facts or redirecting responsibility to justify decisions or actions;
26. at all times and in all scenarios, have due regard for the physical environment and for public safety, health, and well-being. If one’s judgment is overruled under circumstances in which one feels the safety, health, property or welfare of the one’s peers, or the public may be endangered, provide appropriate escalation and awareness to relevant supervisory, management or regulatory resources as applicable.
___________________________________________________________________________________________________________________________________
Anti-Trust and Anti-Competition Policy
|
Revision # |
Revision Date |
Change Summary |
|
0.9 |
Jan 16, 2018 |
Initial Draft for Board Review and approval |
|
0.91 |
Mar 01, 2018 |
Revision from final legal review, issued for Board comment |
|
1.0 |
Mar 27, 2018 |
Board Approved for Member release |
|
1.1 |
Nov 5, 2020 |
GPA logo update |
|
2.0 |
May 4th, 2021 |
Simplification of policy language, and better reflection of GPA B.V. structure and terminology. |
The information in this document is deemed confidential and proprietary to the GPA Foundation and GPA B.V., thereby its constituent share (certificate) holding companies (Regional Business Units - RBU's). In agreeing to and accepting this policy, RBU's agree to make every effort to ensure that any employees or related parties associated with their companies shall abide by its contents. It is governed by the contractual confidentiality obligations of the GPA B.V. Member Agreement, the GPA Member Code of Conduct. As well as any confidentiality and non-disclosure limitations within a GPA Member's respective staff employment agreements and/or related policies. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and or publication of this material is strictly prohibited, and may not be disclosed or discussed in any form with any 3rd party without the prior consent of the directors of GPA B.V.
Anti-Trust and Anti-Competition Policy
This Policy is common to both the organizational level of any GPA Regional Business Unit (RBU) as a Schedule related to the master Member Agreement executed between GPA B.V. and each Regional Business Unit (RBU), and individually to each member of the GPA global community through their acknowledgement of the policy within the GPA University platform.
In acknowledging and accepting this Code, RBU's organizationally commit that the internal practices, policies, strategies, and communications guidelines within their organization do not conflict with this Policy, and that compliance to such will be maintained and managed through conscious education and advocacy, and periodic examination and inspection.
In acknowledging and accepting at an individual level, one commits to personally adhering to the Policy , and to holding any individual within the GPA community who they may believe is in breach of the code, accountable and responsible to indeed comply. If one does not understand the meaning, or practical implications of any aspect of this Policy, one commits to seeking clarification from appropriate and relevant party(s) until fully comfortable with the requirements of the entire Policy and the ability to meet them.
Notwithstanding, any individual or organizational representative identifies a potential Policy breach that may be illegal, will immediately notify a relevant RBU or GPA B.V. supervisory/management resource until satisfied the breach has been rectified. Escalation should occur up to and including the Managing Director/CEO of GPA B.V. and/or the GPA Foundation Board if necessary.
Preamble
As members and shareholders of a progressive multinational organization in the form of GPA B.V., we collectively understand the potential for Antitrust related concerns and compliance. Indeed collectively our goal is to encourage, not to restrict, competition and thereby progression and maturation of and within the global Audio Visual and Unified Communications industry.
As a core principle, individual GPA RBU's are not considered to be competitive among each other . This is by purpose and intent as a core to the GPA organization's inherent structure. GPA exists to benefit those consuming GPA and thereby RBU goods and services by setting acceptable standards for inter-RBU activity and alignment. However, for the purpose of Antitrust legislation, any company that is active in the same product/service market is deemed to be a competitor. Given there are instances where multiple GPA RBU's are active in the same geographic market, this does mean that in some circumstances a GPA RBU could be considered to be a competitor to another GPA RBU , and would need to govern themselves accordingly in their actions relative to any potentially competitive opportunity.
To minimize the possibility of any party within the GPA community breaching Antitrust laws, in accepting and acknowledging this policy community members individually, and RBU's organizationally, agree to conduct themselves and their associated business operations and behaviors in accordance with this Policy. This includes, but is not limited to, any and all meetings, events & gatherings , and business engagements facilitated by or through the GPA organization and community that occur between representatives of multiple different GPA Regional Business Units (RBU's). The policy applies not only to in-person communication, but also to electronic and telephonic communication via any GPA facilitated, owned, or controlled forum.
GPA Structure
RBU's invest in GPA and thereby contract to operate within the organization with a recognition that the use of other GPA RBU's to deliver in markets in which they are not represented or present is a "better (more effective and efficient) delivery model than trying to deliver such projects remotely . GPA provides a platform for GPA RBU's to cooperate and align in order to be compete with the other third party collaboration technology providers offering integrated solutions and services at global scale. Alignment between GPA RBU's allows development of aligned customer pursuit strategies relative competing against other market competitors, and is thereby likely to offer a procompetitive market benefit only. On this basis and justification, we do not generally consider GPA RBU's as competitors to each other.
To further support this, the selection strategy for GPA RBU' s is specifically constructed to avoid significant competitive crossovers in the domestic markets each RBU operates within, further minimizing the likelihood of multiple GPA RBU's pursuing a common customer for the same in region business.
however
For the purpose of this Antitrust Policy, and Antitrust laws generally, any company that is active in offering the same product(s)/service(s) within the same market may be deemed to be a competitor. This means that in some circumstances a GPA RBU could be considered to be a competitor of a peer RBU, and any action (either by practice, agreement, or decision) taken to eliminate, restrict or control competition is an infringement of antitrust rules.
With this in mind, the following are specifically defined as core principles to GPA operations in order to preclude any anticompetitive harm:
Each GPA RBU remains an independent business entity bound to operate within the laws of their region(s).
GPA B.V, nor any GPA RBU shall ask any other RBU to breach any regional laws in their respective region(s) even if such actions may be legal in their own region.
No GPA RBU is obligated to accept any business opportunity referred by GPA B.V. or another RBU, be that on the basis of the scope of work, cost model, contractual structure, or any other related consideration proposed.
GPA B.V, nor any GPA RBU will bind another RBU to any contract, pricing, or otherwise without the express permission of that RBU.
No GPA RBU is restricted from engaging in a business partnership with any other 3rd party organization, be that a single company or a broader consortium or alliance, in the pursuit of any business opportunity. However , in such instances they are expected to exclude themselves from any competitive offer or customer pursuit effort being developed by GPA B.V. or any other GPA RBU to ensure there is no perceived or real common awareness of the respective strategies (pricing or otherwise) and thereby a potential conflict of interest and resulting anticompetitive harm to the customer.
Commitments
It is necessary that all GPA related meetings and activities take place in conformity with antitrust law, and that any situation from which collusive conduct, concerted action or anti-competitive activity could be fairly inferred is prevented.
GPA B.V. requires directors and management of GPA B.V. itself, and GPA RBU's, to have a proper understanding of antitrust law, and to promote determinations regarding their company policies to create awareness amongst its employees and directors regarding their responsibility pursuant to antitrust law, and to ensure compliance thereof.
Specific to GPA related RBU's, or more generally regarding or with any 3rd party within the industry, employees or directors of any GPA RBU shall seek to avoid ANY collusive (formal or informal) discussion, consultation, consideration, conduct, decisions and agreements (each in the broadest sense) with any employee or director of an RBU Peer (or indeed any competitor), related to strategic information and/or the market behavior of their own or another party unless objectively necessary and relevant within a cooperation within the framework of a GPA customer project or program related cooperation concerning the following (non-exhaustive) topics:
specific prices or price policy;
specific conditions under which business is done with individual buyers;
specific profits achieved or profit margins;
market shares;
the substance of a tender for a specific order or the intention to submit a tender or not;
the willingness to supply solely to specific customers or areas or to produce solely specific types of products ;
the will/willingness not to supply to a specific buyer or not purchase from a specific supplier;
the intention not to mutually compete with another competitor in future;
the utterance of detrimental comments on suppliers, distributors or buyers.
Might an employee or director of a GPA RBU hesitate as to the question whether any (formal or informal) discussion, consultation, consideration, conduct, decisions and agreements (each in the most broadest sense) within the context of GPA is contrary to antitrust law, then he or she should consult a supervisory/management resource until satisfied they understand any limitations or risk and can act accordingly. Such requests for advice should occur up to and including the Managing Director/CEO of GPA B.V. if necessary.
Acknowledgement
In acknowledging and accepting this Antitrust Policy, I individually, or as a duly authorized representative to bind my GPA RBU organizationally, agree to:
fully adhere to this Antitrust Policy and its content;
respect all applicable national and European antitrust laws and regulations, and will warn GPA B.V. Executive Management or the GPA Foundation Board if necessary if I suspect that national and/or European antitrust law might not be, or is not being complied with in any manner within GPA or by a GPA RBU(s);
be responsible for, and will ensure visibility and awareness of this policy across its employees and relevant third parties within its organizations who are, or are likely to be involved in GPA related activities or opportunities;
not engage in any activity or discussion for the purpose of bringing about any understanding or agreement among any party within GPA B.V. or the GPA RBU community to: raise, lower, or stabilize prices, regulate production, allocate markets, encourage boycotts, foster unfair trade practices, assist monopolization, engage in any standardization which will injure competitors, or violate relevant antitrust laws;
take whatever remedial action and timely any relevant business process(es) improvement necessary when instances of failing or error are discovered to avoid similar failings or errors in the future.
In specifically accepting on behalf of a GPA RBU, as a duly authorized representative to bind my GPA RBU organizationally, I commit my RBU organization to ;
indemnify GPA B.V, its Board and the Board of the GPA Foundation, and all GPA B.V. staff-members from all fines and third-party claims which relate to an infringement of competition law committed by my RBU;
operate with sufficient transparency as to the names, geographic locations, and partner affiliations of any related companies the RBU I represent maintains a financial or controlling interest, so as to avoid misleading others (GPA B.V., GPA RBU's, customers, or third parties) regarding GPA's identities, to the extent that it will not harm the legitimate competitive and proprietary interests of our businesses .
___________________________________________________________________________________________________________________________________
The information in this document is deemed confidential and proprietary to GPA Foundation and GPA B.V., thereby its constituent share (certificate) holding companies (Regional Business Units - RBU's). In agreeing to and accepting this policy, RBU's agree to make every effort to ensure that any employees or related parties associated with their companies shall abide by its contents. It is governed by the contractual confidentiality obligations of GPA B.V. Membership Agreement, GPA Member Code of Conduct. As well as any confidentiality and non-disclosure limitations within a GPA Member's respective staff employment agreements and/or related policies. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and or publication of this material is strictly prohibited, and may not be disclosed or discussed in any form with any 3rd party without the prior consent of the directors of GPA B.V.
www.thinkgpa.com
GPA
Data Privacy & Protection Policy
This policy applies to the policies and procedures associated with the processing (storage, handling, distribution, sharing, etc.) of personal data by GPA B.V. (GPA) and/or GPA Regional Business Units ("RBU's"). This includes personal data related to individuals within these respective organizations, and to the personal data of 3rd parties such as customers that will be processed by GPA or its RBU's.
GPA B.V. as an organization is strongly committed to protecting personal data in our mandate to facilitate and deliver services to GPA B.V. and GPA RBU customers (collectively GPA customers) on a global scale. It is understood that RBU's collect and processes personal data of customers through our global customer relationship management system or otherwise, and may in turn share personal data with or receive personal data from GPA and/or other RBU's.
Given GPA B.V. is a Dutch registered entity and thereby subject to European Union (EU) data privacy law in the form of the GDPR, meaning that any sharing of personal data that is facilitated through GPA B.V. in any form must comply to the GDPR. While many GPA RBU's are also EU based and thereby must comply to the GDPR. Other RBU's, whether within the EU or outside may also have other/additional national privacy laws and regulations to which they must comply to within their own country. Some RBU's are located in countries that do not have laws that provide specific protection for personal data, however, in such situations these RBU's are expected to comply with this Data Privacy & Protection Policy in any instance where their activities engage GPA or other GPA RBU's. Where any national regulations exceed the requirements of this policy, the relevant RBU is responsible for creating awareness of and managing compliance to any such additional requirements among any RBU's or GPA corporate personnel who may be required to understand and comply to them.
There are several supporting documents to this policy that either underpin the policy itself, and/or are practical outward facing documents that reflect the commitments made within the master policy. Each of these documents are referenced below, with copies attached for general reference as Appendices to this policy document, however given the potential for ongoing change, current copies should always be referred to within the GPA Intranet.
Appendix 1: Standing GPA Inter-RBU Data Sub-Processor Agreement
Appendix 1a: Standing GPA Inter-RBU Data Processor Agreement
Appendix 2: GPA Externally Published Privacy Policy
Appendix 3: GPA GDPR Factsheet
Appendix 4: GPA GDPR Checklist & Activity Flowchart
Appendix 5: FAQ
Appendix 6: GPA Data Processing Agreement Template
Appendix 7: GPA Sub Data Processing Agreement Template
As per 25 May 2018 the General Data Protection Regulation (GDPR) has come into force. This European regulation aims to further harmonize data protection regulations in the European Union (EU) and to further safeguard the level of privacy of its citizens. Although many RBU's are located within the EU, GPA is subject to the European privacy laws, and thereby even if the data processing does not take place in the EU, any personal data related to any person who resides in the EU shared directly or indirectly between RBU's as
www.thinkgpa.com
a result of GPA platforms, processes, or workflows, must comply with the GDPR, and GPA's GDPR policies.
To do so, RBU's shall at all times behave in compliance with the following:
GPA Data Processing and Sub-Processing Agreements
A Data Processing Agreement (DPA) is a legally binding document to be entered into between a Data Controller and a Data Processor. In article 28(3) GDPR it is stated that a DPA is a requirement if a controller wants to let a processor process their personal data. The article also states which information must be a part of the DPA.
A Sub-Processor is a third-party data processor engaged by a Data Processor who has or will have access to or process personal data from a Data Controller. In order to use a Sub- Processor, the Processor needs to have the Controller's written permission. The terms regarding the usage of a Sub-Processor can be regulated between the Controller and Processor in their DPA. If the Controller has approved the usage of a Sub-Processor, the Processor needs to establish a contract between him and the Sub-Processor that meets the requirements of a DPA in article 28(3) GDPR, typically referred to as a Data Sub- Processor agreement. This provides authorization to any subcontract party to process personal data provided to it by the primary Data Processor within the terms agreed between that primary Data Processor and the Data Controller.
In order to avoid the need to have Data Processor, and Data Sub-processor agreements to be executed by and between each RBU for each and every customer, an RBU's acceptance of this policy as a schedule of the GPA Member Agreement enacts the standing Data Sub-Processor Agreement (Appendix 1) referenced within this policy document between the RBU and all other RBU's, as well as between the RBU and GPA B.V. itself.
www.thinkgpa.com
Additionally, an RBU's acceptance of this policy as a schedule of the GPA Member Agreement also enacts a standing Data Processor Agreement (Appendix 1a) between the RBU and GPA B.V. to enable Data Processing of Personal Data related to an RBU's by any other RBU in the course of fulfilling the professional and related obligations related to GPA activities and operations.
A standard GPA Data Processor Agreement Template (Appendix 6) is also provided, and is intended for use between any RBU (or GPA B.V.) and a Customer. The GPA Data Processor Agreement template addresses the specific nature of the GPA organization, and enables the formal approval of the Data Controller in authorizing all other GPA RBU's and GPA B.V. to act as Sub Data Processors. If the GPA Data Processor Agreement template is not used, it is incumbent upon the executing RBU to ensure that any alternate Data Processor Agreement executed with a Customer incorporates a similar approval for GPA and all other GPA RBU's to be approved as Sub Data Processors. It is also incumbent on the executing RBU to ensure that any conflicting or additional terms or restrictions beyond those addressed in the GPA Data Processor Agreement Template (and thereby Sub Data Processor Agreement) are clearly shared and documented with all relevant GPA parties.
A GPA Data Sub Processor Agreement Template (Appendix 7) is also provided for any instance where an RBU (Or GPA B.V.) intends to contract any third party organization in support of a scope of work to be executed for/with the Data Controller, and to which the Data Controller's data may be shared. In such instances the RBU must execute a Sub Data Processor Agreement with the third party to ensure that the terms of the Data Processor Agreement are passed through to the third party. As with the Data Processor Agreement, if the GPA Sub Data Processor Agreement Template is not used, it is incumbent upon the executing RBU to ensure that all GPA specific terms are incorporated in the alternate agreement.
RBU Policy Acknowledgement Statement
In accepting and acknowledging this GDPR Policy, each RBU undertakes that it will:
www.thinkgpa.com
Should an employee or director of a RBU have concerns that any action of their own or others within GPA, whether accidental or intentional, may be or is contrary to applicable privacy laws, then he or she should seek clarification and/or report this as soon as possible to GPA Management (privacy@thinkgpa.com), and/or to the GPA Foundation Board (board@thinkgpa.com).
Further information regarding GDPR can be found at
www.thinkgpa.com