Privacy issues with an asset deal?
I often accompany startups in so-called asset deals. In principle, contracts are mentioned, for example, in which an online project, a computer game or other rights and content is sold to another party, without- only – the change of the shareholders of the corporation operating the project being changed. This is often the case, for example, when a limited liability company operates more than one project and therefore does not want to sell the entire corporation.
In addition to various aspects of company law as well as tax law, full compliance with copyright and trademark law is also required. The problems arising from data protection law are readily forgotten. This is the case, for example, if user data is also to be purchased, so that the purchaser does not just buy an empty shell. If the GTC was not carefully designed here in advance, this can also make an asset deal quite impossible. But even with good terms and conditions, there are some requirements to consider.
The Conference of Independent Data Protection Supervisors of the Confederation and the
Countries agreed on a catalogue of case groups that are
Balancing of interests in accordance with Article 6(6) 1 set 1 lit. f i.V.m. Abs. 4 GDPR on an asset
deal must be taken into account.
The case groups are:
1. Customer data for current contracts
In this case, the transfer of the contract requires a civil approval from the customer or
of the customer.
2. Existing customers without current contracts and last contractual relationship older
than 3 years
Data from existing customers where the last active
contractual relationship more than 3 years ago, are subject to an acquisition
Represents a restriction on processing. Although this data may be transmitted,
but can only be used because of statutory retention periods.
3. customer data in the event of advanced contract initiation; Existing customers without current contracts and last contractual relationship younger than 3 years
Data of such customers are available in accordance with Article 6(4) of the 1 set 1 lit. (f) to transmit the GDPR by means of the opt-out (opt-out model) with a sufficiently reasonable period of opposition. However, bank data are excluded from the transfer by means of a solution to the opposition and can only be transmitted with the express consent of the customer.
4. Customer data in case of open claims
The transfer of outstanding claims against customers is governed by civil law in accordance with Section 398 et seq. BGB and constitutes an assignment of claims. In this
related data may be sent by the assignor to the assignee, based on Art. 1 set 1 lit. f) GDPR.
5. Customer data of a special category in accordance with Article 9(4) 1 GDPR
Such data may only be provided by means of informed consent in accordance with Article 9(3) of the 2 lit.
(a) Article 7 GDPR.
Even if the decision was not co-sponsored by the Berlin Commissioner for Data Protection and Freedom of Information and the Saxon Data Protection Supervisor, the listing certainly makes sense in order to clarify in advance of negotiations what everything is thought of. must be carried out. In principle, the contractual details should only be worked out with experienced help. Game developers, software providers or other service providers are welcome to request my contact form without obligation, so that we can find out the costs of advice and the sensible procedure.
