PayPal
· PayPal User Agreement
The clause establishes PayPal's authority to initiate credit inquiries as part of account management and risk assessment procedures, with the trigger for subsequent inquiries tied to PayPal's assessment of risk level rather than fixed timing intervals.
PayPal
· PayPal User Agreement
The clause establishes PayPal's operational authority to conduct credit inquiries as part of account risk assessment procedures, both during initial account establishment and throughout the account lifecycle based on risk-based triggers.
PayPal
· PayPal Privacy Statement
The clause establishes PayPal's authority to share account holder information with external debt collection entities as part of its debt collection procedures. It operationally notifies users that credit reporting may result from debt collection referrals, creating a procedural connection between PayPal's collection activities and credit reporting outcomes.
Uber
· Uber Privacy Notice
The collection and verification of criminal history information establishes the operational mechanism through which Uber performs compliance and eligibility screening for its driver and delivery applicant pool, with legal permissibility determined by jurisdiction-specific background check regulations.
Bumble
· Bumble Terms and Conditions
The clause establishes the operational scope and limitations of Bumble's background check practices. By stating that investigations are not typically updated and are not a perfect safety solution, the provision defines the extent of Bumble's investigative obligations and clarifies the non-comprehensive nature of these checks as a safety mechanism.
This provision establishes a broad data-sharing authorization that extends personal data collected by Audible to the full Amazon affiliate network, which includes advertising, retail, and cloud services entities. Compliance teams should assess whether this cross-affiliate sharing is adequately disclosed in consent mechanisms and whether it triggers CCPA sale or sharing definitions or GDPR controller-to-controller transfer obligations.
Cross-border data infrastructure provisions define the technical and legal mechanisms through which advertising platforms operate globally, affecting data residency, compliance with regional regulations, and the jurisdictional scope of data processing operations.
The clause establishes the operational framework for international data processing by clarifying that data transfers occur as a standard business practice and specifying that such transfers require adequate security controls rather than imposing geographic restrictions on processing locations.
Users in the EU, UK, and other jurisdictions with data export restrictions need to know that their data may be processed in countries with different privacy standards, and that legal safeguards are promised but not specifically named.
Cross-border transfers of personal data to countries without equivalent data protection standards create potential risk that your data will be handled under a less protective legal framework than where you live.
This provision addresses cross-border data transfers, which engage GDPR adequacy and standard contractual clause requirements for EU/EEA users and analogous frameworks in other jurisdictions. The policy asserts that appropriate safeguards are in place but does not specify the legal transfer mechanisms used.
This provision frames Canadian user consent to cross-border data transfer as implicit in accepting the privacy policy, which may require evaluation against Canadian privacy legislation governing cross-border transfers and accountability obligations.
Adobe
· Adobe Terms of Use
The clause establishes the legal basis for Adobe's cross-border data transfer operations and clarifies that personal information may be processed outside the user's home jurisdiction, potentially subject to different data protection regimes in recipient countries.
These certifications are the legal basis on which D&B transfers personal data from the EU, UK, and Switzerland to the United States; if a certification lapses or is challenged, the lawfulness of those transfers could be called into question.
These certifications establish the regulatory and contractual mechanisms under which the company transfers personal data internationally. The frameworks provide procedural requirements and oversight structures that govern how the organization handles data movement across jurisdictions with different privacy standards.
Fastly
· Fastly Privacy Policy
The clause establishes the operational framework for international data transfers subject to EU and UK data protection regulation. It documents the specific legal mechanisms Fastly relies upon to satisfy regulatory requirements when moving personal data across jurisdictional boundaries with differing legal protections.
Microsoft
· Microsoft Privacy Statement (Legacy)
This provision establishes the operational framework governing where and how Microsoft processes user data globally. It specifies the legal mechanisms Microsoft employs to address jurisdictional data protection requirements when transferring data from regulated regions to countries without European Commission adequacy determinations.
Canadian users' data may be subject to U.S. legal process and law enforcement access once transferred to the United States, and the protections available under Canadian law may not apply in full to data held in the U.S.
Kick
· Kick Privacy Policy
When your data is transferred from the EU or UK to the US, it must be protected by a legal mechanism such as Standard Contractual Clauses; without this, the transfer may not comply with GDPR.
Reddit
· Reddit Privacy Policy
This provision operationalizes Reddit's data infrastructure by authorizing cross-border data transfers and establishing the jurisdictional scope of data handling. The clause addresses the operational requirement that user data may be processed in jurisdictions with different legal protections than the user's home country.
The clause establishes the operational framework for international data movement by specifying the jurisdictions where processing occurs and identifying the contractual safeguards (European Commission-approved standard clauses) that govern those transfers.
OpenAI
· OpenAI Privacy Policy
The clause establishes the jurisdictional framework and legal mechanism for international data flows, clarifying that personal data collected from non-U.S. users will be subject to U.S. law and processed in U.S. infrastructure. This addresses regulatory requirements under EU and UK data protection frameworks for lawful cross-border data transfers.
Garmin
· Garmin Privacy Statement
The provision establishes the operational framework for cross-border data flows and identifies the specific contractual safeguard (SCCs) used to comply with data transfer restrictions under EU/EEA regulations. This mechanism addresses the legal requirement that international transfers be accompanied by adequate protective measures.
For users in the EU, UK, and other jurisdictions with strong data protection laws, this transfer must be covered by a lawful mechanism such as Standard Contractual Clauses, and the policy does not specify which transfer mechanism is used.
The policy states that personal data from EU and UK users may be transferred internationally and that Standard Contractual Clauses are the stated mechanism, which matters because the adequacy of these mechanisms for transfers to certain jurisdictions may require ongoing assessment under post-Schrems II guidance.
Microsoft
· Microsoft Privacy Statement (Legacy)
The clause establishes the geographic scope and legal mechanisms governing where user personal data may be processed. By referencing specific regulatory frameworks (DPF and SCCs), the provision defines the compliance structure Microsoft applies to international data transfers, which determines the legal protections applicable to data movement across jurisdictions.
Glean
· Glean Privacy Policy
Cross-border data transfers are a key GDPR compliance obligation. If the transfer mechanisms are not properly implemented, data flows to the US could be challenged by regulators or privacy advocates.
For users in the EU, UK, or other jurisdictions with strong data protection laws, transferring data to the US requires specific legal safeguards, and the adequacy of those safeguards has been subject to ongoing legal scrutiny.
Square
· Square Privacy Notice
The clause establishes the operational framework for Square's global data handling infrastructure, permitting the company to move personal information across jurisdictions with different regulatory environments. This authorization enables Square to centralize data processing, storage, and systems management across its international operations.
International data transfers from the EU require specific legal safeguards and the adequacy of Standard Contractual Clauses as a transfer mechanism has been the subject of ongoing legal scrutiny, meaning the practical protection afforded depends on Databricks' implementation.