Document Summary

Privacy Shield Invalidation (Schrems II)

Download PDF
Our approach to security and privacyOur approach to security and privacy
Back to Trust Center

International transfers of personal data

Our commitment to data protection

For more information about our commitment to international compliance with applicable data protection laws, please refer to our GDPR and Beyond page.

Contractual safeguards

Our standard Data Processing Addendum (‘DPA’) includes Standard Contractual Clauses (‘SCCs’) to safeguard transfers from the EU/EEA and UK to countries or territories not recognised under applicable data protection law as providing an adequate level of protection for personal data (‘third countries’). 

Our data privacy team can also work with customers in other jurisdictions to modify or add to these transfer mechanisms if necessary.

We also ensure that we have appropriate DPAs in place with all our sub-processors. For more information about our sub-processor review process, please visit our page about sub-processors of customer data.

Technical and organisational measures

We have implemented appropriate technical and organisational measures (‘TOMs’) to ensure a level of security appropriate to the risk for all data processing activities, including international data transfers.

These TOMs are aligned with ISO 27001 and 27701 standards and are summarised in Annex II of our DPA.

For more information about how we safeguard information assets against misuse, abuse or compromise, please visit our Trust Center and read our Security and Privacy FAQ and Whitepaper.

Transfer impact assessments

Please note, we conduct and regularly review transfer impact assessments (‘TIAs’) to ensure our contractual safeguards and TOMs are adequate.

Looking for something else?

Our approach to security and privacy

Visit our Trust Center to learn more about the security and privacy practices that safeguard our information assets, and those of our customers, against misuse, abuse or compromise.

Trust Center