PayPal
· PayPal User Agreement
The clause establishes PayPal's authority to initiate credit inquiries as part of account management and risk assessment procedures, with the trigger for subsequent inquiries tied to PayPal's assessment of risk level rather than fixed timing intervals.
PayPal
· PayPal User Agreement
The clause establishes PayPal's operational authority to conduct credit inquiries as part of account risk assessment procedures, both during initial account establishment and throughout the account lifecycle based on risk-based triggers.
PayPal
· PayPal Privacy Statement
The clause establishes PayPal's authority to share account holder information with external debt collection entities as part of its debt collection procedures. It operationally notifies users that credit reporting may result from debt collection referrals, creating a procedural connection between PayPal's collection activities and credit reporting outcomes.
Uber
· Uber Privacy Notice
The collection and verification of criminal history information establishes the operational mechanism through which Uber performs compliance and eligibility screening for its driver and delivery applicant pool, with legal permissibility determined by jurisdiction-specific background check regulations.
Bumble
· Bumble Terms and Conditions
The clause establishes the operational scope and limitations of Bumble's background check practices. By stating that investigations are not typically updated and are not a perfect safety solution, the provision defines the extent of Bumble's investigative obligations and clarifies the non-comprehensive nature of these checks as a safety mechanism.
This provision establishes a broad data-sharing authorization that extends personal data collected by Audible to the full Amazon affiliate network, which includes advertising, retail, and cloud services entities. Compliance teams should assess whether this cross-affiliate sharing is adequately disclosed in consent mechanisms and whether it triggers CCPA sale or sharing definitions or GDPR controller-to-controller transfer obligations.
Cross-border data infrastructure provisions define the technical and legal mechanisms through which advertising platforms operate globally, affecting data residency, compliance with regional regulations, and the jurisdictional scope of data processing operations.
The clause establishes the operational framework for international data processing by clarifying that data transfers occur as a standard business practice and specifying that such transfers require adequate security controls rather than imposing geographic restrictions on processing locations.
Users in the EU, UK, and other jurisdictions with data export restrictions need to know that their data may be processed in countries with different privacy standards, and that legal safeguards are promised but not specifically named.
This provision addresses cross-border data transfers, which engage GDPR adequacy and standard contractual clause requirements for EU/EEA users and analogous frameworks in other jurisdictions. The policy asserts that appropriate safeguards are in place but does not specify the legal transfer mechanisms used.
Cross-border transfers of personal data to countries without equivalent data protection standards create potential risk that your data will be handled under a less protective legal framework than where you live.
This provision frames Canadian user consent to cross-border data transfer as implicit in accepting the privacy policy, which may require evaluation against Canadian privacy legislation governing cross-border transfers and accountability obligations.
Adobe
· Adobe Terms of Use
The clause establishes the legal basis for Adobe's cross-border data transfer operations and clarifies that personal information may be processed outside the user's home jurisdiction, potentially subject to different data protection regimes in recipient countries.
These certifications are the legal basis on which D&B transfers personal data from the EU, UK, and Switzerland to the United States; if a certification lapses or is challenged, the lawfulness of those transfers could be called into question.
These certifications establish the regulatory and contractual mechanisms under which the company transfers personal data internationally. The frameworks provide procedural requirements and oversight structures that govern how the organization handles data movement across jurisdictions with different privacy standards.
Fastly
· Fastly Privacy Policy
The clause establishes the operational framework for international data transfers subject to EU and UK data protection regulation. It documents the specific legal mechanisms Fastly relies upon to satisfy regulatory requirements when moving personal data across jurisdictional boundaries with differing legal protections.
Microsoft
· Microsoft Privacy Statement (Legacy)
This provision establishes the operational framework governing where and how Microsoft processes user data globally. It specifies the legal mechanisms Microsoft employs to address jurisdictional data protection requirements when transferring data from regulated regions to countries without European Commission adequacy determinations.
Figma
· Figma Privacy Policy
The provision operationalizes Figma's data handling framework by establishing U.S. law as the governing framework and authorizing international data transfers. This determines the legal regime applicable to data management and defines the jurisdictional scope within which data protection obligations operate.
For users in the EU, UK, and other jurisdictions with strong data protection laws, transferring personal data to countries without equivalent protections requires specific legal safeguards that the policy does not detail.
Square
· Square Privacy Notice
The clause establishes the operational framework for Square's global data handling infrastructure, permitting the company to move personal information across jurisdictions with different regulatory environments. This authorization enables Square to centralize data processing, storage, and systems management across its international operations.
Roblox
· Roblox Privacy Policy
The policy asserts consent to cross-border data transfers as a basis for transferring data from jurisdictions such as the EU/EEA to the US; under GDPR, reliance on broad consent embedded in a terms of service or privacy policy for international transfers may not satisfy the requirements of a valid transfer mechanism under Chapter V of GDPR, and this provision may require evaluation against the adequacy framework or Article 46 standard contractual clauses.
Bumble
· Bumble Privacy Policy
International data transfers mean your personal information may be processed under legal frameworks that provide different or potentially lower levels of protection than your home country's laws.
Cross-border transfers of authentication data to the US are subject to EU privacy rules, and Standard Contractual Clauses are the primary safeguard Cisco uses, but the adequacy of those safeguards depends on implementation and cannot be assumed without verification.
Lime
· Lime Privacy Policy
For EU, UK, and other international users, this means their personal data including location history may be transferred to a jurisdiction with a different privacy legal framework, and the adequacy of the transfer mechanisms protecting that data is not detailed in the notice.
OpenAI
· OpenAI Privacy Policy
The clause establishes the jurisdictional framework and legal mechanism for international data flows, clarifying that personal data collected from non-U.S. users will be subject to U.S. law and processed in U.S. infrastructure. This addresses regulatory requirements under EU and UK data protection frameworks for lawful cross-border data transfers.
International data transfers from the EU require specific legal safeguards and the adequacy of Standard Contractual Clauses as a transfer mechanism has been the subject of ongoing legal scrutiny, meaning the practical protection afforded depends on Databricks' implementation.
The policy states that personal data from EU and UK users may be transferred internationally and that Standard Contractual Clauses are the stated mechanism, which matters because the adequacy of these mechanisms for transfers to certain jurisdictions may require ongoing assessment under post-Schrems II guidance.
Cross-border transfers of personal data from the EEA or UK to the US require a valid transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses; the policy acknowledges transfer but does not specify the legal mechanism used.
Kick
· Kick Privacy Policy
When your data is transferred from the EU or UK to the US, it must be protected by a legal mechanism such as Standard Contractual Clauses; without this, the transfer may not comply with GDPR.
Fiverr
· Fiverr Privacy Policy
This clause establishes the operational framework for cross-border data handling and specifies the legal mechanisms Fiverr uses to comply with data protection requirements when transferring personal information internationally. It documents the company's reliance on European Commission-approved contractual mechanisms as the basis for lawful international data movement.