Some of our external third parties may either be based outside of the EEA or may transfer personal data as part of their processing outside of the EEA in accordance with this section.
If your personal data is transferred out of the EEA, we will ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
In addition to the above, our external third parties may transfer personal data outside of the EEA to its group companies under a set of rules that will protect the transfer of your personal data between its group of companies. These rules are called “binding corporate rules”. For further details, see European Commission: Binding corporate rules.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.