EU, UK, and Swiss users have strong data protection rights, and the legal mechanisms Dropbox relies on to transfer data to the US have been subject to legal challenge; if those mechanisms were invalidated, data transfer practices would need to change.
International data transfers mean your personal information may be subject to legal frameworks offering different levels of protection than your home country, particularly relevant for EU users whose data is transferred to the US.
EEA and UK users have strong GDPR protections that may not be replicated in the US, and cross-border data transfers require specific legal mechanisms to be lawful under GDPR.
International data transfers mean personal financial and identity data may be processed in countries with different privacy laws, and the adequacy of protection depends on the specific mechanisms used and whether they remain legally valid under current rulings.
If you are in the EU, UK, or Switzerland, your data is transferred to the U.S. under Standard Contractual Clauses, a mechanism whose adequacy has been subject to ongoing legal scrutiny, and you may have fewer legal protections in the destination country.
Your personal data may be processed in countries outside the UK with different levels of data protection, and the adequacy of the safeguards in place determines how well your data is protected internationally.
This provision establishes the legal basis Zendesk asserts for international personal data transfers, engaging GDPR Chapter V requirements and equivalent national frameworks, and is material for EU, UK, and other regulated-jurisdiction customers assessing adequacy of transfer protections.
This provision discloses that personal data may be transferred internationally without specifying the transfer mechanisms used to ensure adequate protection for EU or other regulated transfers. This language is relevant to GDPR Chapter V compliance and may require evaluation of whether Standard Contractual Clauses, adequacy decisions, or other safeguards are in place.
Transfers of personal data from the EU or UK to countries without an adequacy decision require a legal transfer mechanism. The adequacy and implementation of that mechanism determines whether the transfer is lawful and what additional safeguards may be required.
For EU users in particular, relying on use of the service as consent to international data transfer may not satisfy GDPR's requirements for a valid transfer mechanism, as consent alone is generally not considered an adequate legal basis for routine international transfers under GDPR guidance.
For users in the EU, UK, and other jurisdictions with strict data transfer rules, relying on implied consent from platform use as the legal basis for international data transfers may not satisfy applicable legal requirements.
This provision addresses cross-border data transfers, which for EU and UK users require specific transfer mechanisms under GDPR and UK GDPR; the policy's reference to 'appropriate safeguards' without specifying the mechanism (such as standard contractual clauses or adequacy decisions) leaves the specific legal basis for transfers unspecified in the publicly available policy text.
Data transferred internationally may be subject to different legal protections. The use of SCCs is a recognized GDPR transfer mechanism, but transfers to the US remain subject to ongoing legal scrutiny following the Schrems II ruling and evolving EU-US data privacy framework developments.
EU, UK, and Swiss users have their data transferred to the US, a jurisdiction that historically has not met the EU's adequacy standard without specific frameworks; the policy's reference to both DPF and contractual protections suggests a layered approach, but the adequacy of those protections depends on which mechanism is applied and whether it remains legally valid.
For EU, UK, and Swiss users, your data crossing borders to the US triggers specific legal protections. Salesforce's use of the DPF and SCCs is meant to provide those protections, but the legal landscape for transatlantic data transfers has been subject to ongoing legal challenges.
EA
· EA Privacy and Cookie Policy
EU, UK, and Swiss users' data is processed in the US under the DPF framework, which provides specific rights including access to a free dispute resolution mechanism and, as a last resort, binding arbitration.
Egnyte
· Egnyte Privacy Policy
The legal mechanism used for international data transfers affects whether your data is protected under EU standards when it is processed in the United States, and the DPF's long-term legal stability has been subject to ongoing political and legal scrutiny.
DeepL
· DeepL Privacy Policy
Data transfers outside the EEA carry privacy risks if the receiving country has weaker legal protections or government access to data; the adequacy of SCCs as a transfer mechanism has been the subject of significant EU regulatory scrutiny following the Schrems II ruling.
Zoom
· Zoom Privacy Statement
This provision governs how EU, UK, and Swiss users' personal data is legally protected when transferred to Zoom's servers or operations outside those regions. Standard Contractual Clauses are a standard but operationally significant mechanism that requires Zoom to provide contractual data protection commitments.
Unity
· Unity Privacy Policy
International data transfers carry risk because data protection laws in destination countries, particularly the US, may offer weaker protections than GDPR; standard contractual clauses help but require Unity to conduct transfer impact assessments to verify they are effective in practice.
This provision establishes the legal transfer mechanism for cross-border data flows from the EU/EEA, which is a requirement under GDPR Chapter V. Enterprise customers should confirm that executed SCCs are in place and reflect the current 2021 EU Commission SCC templates.
Slack
· Slack Privacy Policy
For EU, UK, and Swiss users, these transfer mechanisms are what legally permits your data to flow to Slack's U.S.-based infrastructure, and their validity is subject to ongoing legal developments at the EU and national level.
The adequacy of international transfer mechanisms is a live regulatory issue; if Zendesk's reliance on the Data Privacy Framework or SCCs is found insufficient, EU and UK users' data could be transferred in ways that regulators consider unlawful, though the DPF is currently an operative adequacy mechanism.
Upwork
· Upwork Privacy Policy
For EU, UK, and Swiss users, the adequacy of the transfer mechanism directly affects whether their personal data receives the same level of protection outside Europe as it does within it. The use of SCCs requires a transfer impact assessment to be conducted and documented.
Strava
· Strava Privacy Policy
EU and UK users' data is processed in the United States, which is subject to US surveillance laws; Standard Contractual Clauses are the primary transfer mechanism but their adequacy has been contested, and users should be aware that their data crosses jurisdictional boundaries.
Cross-border data transfers to the US have been subject to significant legal scrutiny in Europe, and the adequacy of Standard Contractual Clauses depends on additional safeguards and transfer impact assessments that the notice does not detail.
International data transfers to countries without equivalent data protection laws create risk that your data may be subject to different legal standards, including potential government access regimes, once it leaves the EU/EEA.
Garmin
· Garmin Privacy Statement
Standard Contractual Clauses are the primary mechanism used to legally authorize EU personal data transfers to countries like the U.S., and their validity has been subject to legal challenge; understanding this mechanism helps EU users know the basis on which their data leaves the EU.
International data transfers are a high-scrutiny area under GDPR following the Schrems II ruling. The use of SCCs is legally recognized but may require additional technical safeguards depending on the destination country.
EU and UK users' personal data is subject to US legal frameworks once transferred, and the adequacy of standard contractual clauses as a transfer mechanism has been subject to legal challenge and regulatory scrutiny.