6 LIABILITY 6.1 The contracting parties agree that any person concerned who has suffered harm in violation of the obligations of a party or subcontractor covered in point 3 or 11 is entitled to obtain the data exporter compensates for the damage suffered.6.2 Is a person concerned not in a position to assert a right to compensation against the data exporter in accordance with paragraph 1 of this article. , resulting from a breach by the data importer or its subcontractor of one of the obligations covered in point 3 or 11, because the data exporter has legally disappeared, no longer exists or has become insolvent, the data importer agrees that the person concerned can assert rights against the data importer as if he were the data exporter. unless the successor organization has assumed all of the legal obligations of the data exporter by contract or legal form, in which case the person concerned can assert his rights in respect of that entity. The data importer cannot rely on a breach of its obligations by a subcontractor in order to avoid its own liabilities.6.3 If a person concerned is unable to make a claim against the data exporter or data importer covered by paragraphs 1 and 2, resulting in a violation of one of its obligations under paragraphs 3 or 11 , because both the data exporter and the importer of data from subcontractors accept that the person concerned can assert a right against the data subcontractor with respect to its own processing operations, in accordance with the clauses, as if it were the data exporter or the data importer, unless a successor organization has assumed, by contract or by law. , the full legal obligations of the data exporter or data importer. , in this case, the person concerned can assert his rights vis-à-vis that organization. The subcontractor`s liability is limited to its own processing operations under the clauses. 1.1.4 „Data protection laws” are EU data protection laws and, where appropriate, data protection or data protection legislation from another country; Metadata generated by the sensor may include, among other things, a unique identifier by event, time and date, sensor identifiers and customer identifiers, as well as source and destination IP addresses. The unique identifier cannot be assigned to a customer without the need for additional secure access to a logically separate system within Insight systems. Metadata may also contain domain, file or user names, or other metadata associated with analyzed network protocols. These fields may contain personal data based on the customer`s name conventions. When different categories of personal data can be transferred within the group and these different categories are subject to different rules, it is particularly important to identify this data. If the transmission is carried out on a controller-to-processor basis or if the transmission is carried out under the standard contractual clauses under the standard contractual clauses, data identification is mandatory.
The opinion of a group of companies as a single brand feeds the illusion that all companies in the same group are an entity, but legally, the situation is quite different.