“EU Data Protection Act”: (i) before 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Directive”) and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC on the processing of personal data and the protection of privacy in the field of electronic communications and their national implementation (in any case, how it could be amended, replaced or amended). 6.1 Processing sites. ResIOT™ stores and processes UNION data (hereinafter defined) in data centres inside and outside the European Union. All other customer data may be transferred and processed anywhere in the world where the customer, its associates and/or subprocessors perform data processing operations. ResIOT™ will implement appropriate safeguards for the protection of personal data, wherever processed, in accordance with the requirements of data protection legislation. According to Article 28 of the GDPR, the Data Controller and the Data Processor must sign in writing, including in electronic form, a contract for appointment to the position of Controller (DPA). More information in the GDPR article and offline compliance requirements. For the other hypotheses, we can read example 16, example 1 (note 12), opinion 1 2010 of wp29. “Authorized Affiliate” means any subsidiary of the Customer that is entitled to or receives other benefits from the Services in accordance with the Agreement. 6.2 Transfer mechanism: by way of derogation from point 6.1, insofar as ResIOT™ processes or transfers personal data within the meaning of this DPA (directly or by subsequent transmission) of the European Union; of the European Economic Area and/or its Member States and Switzerland (“EU Data”) in countries that do not guarantee an adequate level of data protection in accordance with the data protection legislation in force in those territories, the parties agree that resIOT™ should provide appropriate security safeguards. The first thing to point out is that the essential obligation to appoint controllers has always been as follows: the question then arises as to why (it happened and will be understood again) the persons who, by the 25th, were qualified as independent data controllers on 1 May 2018, and then suddenly claimed their role as controllers (and vice versa), while continuing to perform the same processing activities..