Lime
· Lime Privacy Policy
For EU, UK, and other international users, this means their personal data including location history may be transferred to a jurisdiction with a different privacy legal framework, and the adequacy of the transfer mechanisms protecting that data is not detailed in the notice.
Canadian users' data may be subject to U.S. legal process and law enforcement access once transferred to the United States, and the protections available under Canadian law may not apply in full to data held in the U.S.
This provision establishes Standard Contractual Clauses as the primary mechanism for cross-border data transfers out of the EEA, which requires that a transfer impact assessment be conducted and documented for organizations subject to GDPR requirements.
International data transfers from the EU require specific legal safeguards and the adequacy of Standard Contractual Clauses as a transfer mechanism has been the subject of ongoing legal scrutiny, meaning the practical protection afforded depends on Databricks' implementation.
International data transfers are a key area of GDPR enforcement and EU users should be aware that their data may be processed in countries with different privacy standards, though Synthesia asserts it uses approved transfer mechanisms.
Intuit
· Intuit Privacy Statement
For EU and UK users, international data transfers require specific legal safeguards, and the adequacy of those safeguards is subject to ongoing regulatory and judicial scrutiny.
Notion
· Notion Privacy Policy
The policy asserts consent to international data transfer based on use of the service, but under GDPR this type of implied consent is generally insufficient as a transfer mechanism; the policy separately references Standard Contractual Clauses for EEA transfers, which is the operationally relevant mechanism for EU users.
The policy states that personal data may be transferred across borders to jurisdictions with different data protection standards, and identifies Standard Contractual Clauses as the primary transfer mechanism for EEA, UK, and Swiss data, which requires ongoing legal validity assessments following the Schrems II ruling.
Adobe
· Adobe Privacy Policy
Users outside the U.S., particularly in the EU, have legal protections governing international data transfers, and the adequacy of those protections depends on the legal mechanisms Adobe uses, such as Standard Contractual Clauses or the EU-U.S. Data Privacy Framework.
Cross-border transfers of personal data from the EEA or UK to the US require a valid transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses; the policy acknowledges transfer but does not specify the legal mechanism used.
For users in the EU, UK, and other jurisdictions with strong data protection laws, transferring personal data to countries without equivalent protections requires specific legal safeguards that the policy does not detail.
For users in the EU, UK, or other jurisdictions with strong data protection laws, transferring data to the US requires specific legal safeguards, and the adequacy of those safeguards has been subject to ongoing legal scrutiny.
Klarna
· Klarna Privacy Policy
When your data is transferred outside the EU or UK, it may be subject to government access or privacy standards that are different from those in your home country, even if contractual protections are in place.
Uber
· Uber Privacy Notice
Cross-border data transfers of EU/EEA driver data to the US and other third countries require valid transfer mechanisms under GDPR Chapter V, and the adequacy and supplementary safeguards supporting SCCs must be documented and available for supervisory authority review, particularly given the volume and sensitivity of the data categories involved.
Roblox
· Roblox Privacy Policy
The policy asserts consent to cross-border data transfers as a basis for transferring data from jurisdictions such as the EU/EEA to the US; under GDPR, reliance on broad consent embedded in a terms of service or privacy policy for international transfers may not satisfy the requirements of a valid transfer mechanism under Chapter V of GDPR, and this provision may require evaluation against the adequacy framework or Article 46 standard contractual clauses.
Cross-border transfers of authentication data to the US are subject to EU privacy rules, and Standard Contractual Clauses are the primary safeguard Cisco uses, but the adequacy of those safeguards depends on implementation and cannot be assumed without verification.
For EU and UK users, data transferred to the US is subject to US surveillance laws and the adequacy of Standard Contractual Clauses as a safeguard depends on Coinbase conducting and maintaining transfer impact assessments documenting risks and mitigations.
Stripe
· Stripe Privacy Policy
This provision establishes the legal mechanisms Stripe relies upon for cross-border data transfers, which are subject to ongoing regulatory review and potential challenge; organizations processing EU or UK personal data through Stripe must confirm these mechanisms remain current and adequate under applicable law.
Okta
· Okta Privacy Policy
EU, UK, and Swiss users' personal data is being transferred to the United States, and the legal validity of that transfer depends on Okta's correct implementation of the current SCCs, which were updated in 2021 and require accompanying transfer impact assessments.
Canva
· Canva Privacy Policy
Cross-border data transfers involving EU personal data require legally adequate safeguards under GDPR. Canva's reliance on Standard Contractual Clauses is a recognized mechanism but requires accompanying Transfer Impact Assessments under post-Schrems II obligations, and compliance with these requirements cannot be verified from policy text alone.
Cursor
· Cursor Privacy Policy
The policy references legally valid transfer mechanisms for EEA and UK data transfers but does not name the specific mechanism (such as Standard Contractual Clauses), which limits the ability of EEA or UK users to evaluate the adequacy of those protections without making a direct inquiry.
Udemy
· Udemy Privacy Policy
The legal mechanism used for cross-border data transfers determines what protections EU and UK users retain when their data is processed in the U.S.; the Data Privacy Framework has been adopted as an adequacy mechanism but remains subject to political and legal developments.
ADP
· ADP Privacy Statement
BCR are a recognized but operationally complex transfer mechanism. If regulators in any country determine that BCR do not provide adequate protection, data transfers relying on them could be suspended, potentially disrupting payroll and HR services.
Figma
· Figma Privacy Policy
EU and UK users' personal data is processed by Figma in the US, and the adequacy of the transfer mechanism used is subject to ongoing regulatory scrutiny, meaning users should understand that their data crosses borders and the legal protections that apply.
EU, UK, and Swiss users should know their data may be transferred to the United States, but Google states it uses legal transfer mechanisms to maintain applicable protections.
Fastly
· Fastly Privacy Policy
Cross-border transfer mechanisms are a significant area of GDPR enforcement, and the adequacy of Standard Contractual Clauses depends on whether the destination country provides essentially equivalent protection. Organizations relying on SCCs may also need to conduct Transfer Impact Assessments.
The policy asserts that consent to cross-border data transfer is established by a user's agreement to the policy itself; whether this mechanism satisfies GDPR Chapter V transfer requirements may require evaluation under applicable law, as the policy separately references use of standard contractual clauses for EEA, Switzerland, and UK users.
For EU and UK users, international data transfers are subject to strict legal requirements under GDPR, and a general website consent embedded in terms of use may not constitute a sufficient legal basis for such transfers under applicable law.
This provision authorizes international transfers of user personal data and asserts that transfer safeguards such as Standard Contractual Clauses are in place, but does not identify specific recipient countries or named third-party recipients for these transfers.
The policy states that personal information may be transferred and processed outside the user's home jurisdiction, including outside Australia, Canada (and Quebec specifically), New Zealand, and the United States, without specifying the legal mechanisms used to authorize those transfers.