Adyen
· Adyen Privacy Policy
Cross-border transfers expose your data to legal systems with potentially lower privacy protections than the EU or UK, and the adequacy of Standard Contractual Clauses as a safeguard depends on ongoing regulatory and judicial developments.
The policy discloses that personal data may be transferred internationally and that NVIDIA relies on Standard Contractual Clauses or equivalent mechanisms; the adequacy of these mechanisms and NVIDIA's implementation of supplementary safeguards is relevant for EU/EEA and UK users.
The clause establishes the geographic scope of data processing operations and creates a jurisdictional framework for where user information may be stored and accessed. For users in regulated regions, it conditions cross-border transfers on the existence of adequate legal safeguards, reflecting compliance with regional data protection requirements.
For users in the EU, UK, and other jurisdictions with strong data protection laws, this transfer must be covered by a lawful mechanism such as Standard Contractual Clauses, and the policy does not specify which transfer mechanism is used.
Square
· Square Privacy Notice
The clause establishes the operational framework for Square's global data handling infrastructure, permitting the company to move personal information across jurisdictions with different regulatory environments. This authorization enables Square to centralize data processing, storage, and systems management across its international operations.
Figma
· Figma Privacy Policy
The provision operationalizes Figma's data handling framework by establishing U.S. law as the governing framework and authorizing international data transfers. This determines the legal regime applicable to data management and defines the jurisdictional scope within which data protection obligations operate.
Webull
· Webull Privacy Policy
For users outside the United States, particularly in the EU and UK, this means your personal and financial data may be subject to U.S. legal process and privacy standards that may differ from those that apply in your jurisdiction.
For EU and UK users, data transferred to the US is subject to US surveillance laws and the adequacy of Standard Contractual Clauses as a safeguard depends on Coinbase conducting and maintaining transfer impact assessments documenting risks and mitigations.
EU and UK users are entitled to have their data protected to GDPR standards even when transferred abroad, and this clause creates an obligation on Peloton to implement legally adequate transfer mechanisms such as Standard Contractual Clauses.
Grindr
· Grindr Privacy Policy
For EU and UK users, transferring sensitive personal data to the US without adequate transfer mechanisms can violate GDPR and create legal exposure for Grindr and reduced rights protections for users.
The policy states that personal data may be transferred across borders to jurisdictions with different data protection standards, and identifies Standard Contractual Clauses as the primary transfer mechanism for EEA, UK, and Swiss data, which requires ongoing legal validity assessments following the Schrems II ruling.
Adobe
· Adobe Privacy Policy
Users outside the U.S., particularly in the EU, have legal protections governing international data transfers, and the adequacy of those protections depends on the legal mechanisms Adobe uses, such as Standard Contractual Clauses or the EU-U.S. Data Privacy Framework.
Klarna
· Klarna Privacy Policy
When your data is transferred outside the EU or UK, it may be subject to government access or privacy standards that are different from those in your home country, even if contractual protections are in place.
Notion
· Notion Privacy Policy
The policy asserts consent to international data transfer based on use of the service, but under GDPR this type of implied consent is generally insufficient as a transfer mechanism; the policy separately references Standard Contractual Clauses for EEA transfers, which is the operationally relevant mechanism for EU users.
Uber
· Uber Privacy Notice
Cross-border data transfers of EU/EEA driver data to the US and other third countries require valid transfer mechanisms under GDPR Chapter V, and the adequacy and supplementary safeguards supporting SCCs must be documented and available for supervisory authority review, particularly given the volume and sensitivity of the data categories involved.
This provision establishes Standard Contractual Clauses as the primary mechanism for cross-border data transfers out of the EEA, which requires that a transfer impact assessment be conducted and documented for organizations subject to GDPR requirements.
Stripe
· Stripe Privacy Policy
International data transfers are subject to legal requirements in the EU, UK, and other jurisdictions, and the adequacy of Stripe's transfer mechanisms directly affects whether EU and UK user data is protected to required standards when processed outside those regions.
For EU and UK users, the legal adequacy of data transfers to the US is an ongoing regulatory concern following the Schrems II decision, and the effectiveness of Standard Contractual Clauses depends on accompanying transfer impact assessments.
GitHub
· GitHub Privacy Statement
The provision establishes the operational framework under which GitHub processes personal data across jurisdictions with varying legal protections. The use of Standard Contractual Clauses represents the contractual mechanism GitHub employs to comply with EU data transfer requirements and provide a defined safeguard structure for international data flows.
Transferring personal data from the EU to the US requires specific legal mechanisms under GDPR, and users should understand their data may be processed under US law rather than their home country's privacy framework.
Auth0
· Auth0 Privacy Policy
Cross-border data transfers from the EU and UK to the US remain a significant regulatory concern following the Schrems II ruling, and the adequacy and current status of Okta's SCCs and any supplementary measures are important for both individual data subjects and enterprise customers.
Twilio
· Twilio Privacy Notice
The provision establishes the operational framework for cross-border data processing and specifies the contractual mechanisms Twilio uses to address jurisdictional differences in data protection requirements. This directly affects how personal information flows through Twilio's infrastructure and which legal standards apply to different segments of data processing.
The clause establishes the geographic scope of data processing operations and notifies users that their information will be subject to the legal and regulatory frameworks of the jurisdiction where servers are located, rather than remaining under their home jurisdiction's data protection regime.
International data transfers are a key compliance area under GDPR; the sufficiency of transfer mechanisms depends on whether Thomson Reuters has conducted Transfer Impact Assessments, particularly for transfers to the United States.
Miro
· Miro Privacy Policy
The clause establishes the operational framework for Miro's cross-border data processing infrastructure. It documents the company's use of a specific legal mechanism (Standard Contractual Clauses) to address the jurisdictional differences that arise when personal data moves between countries with varying regulatory requirements.
BeReal
· BeReal Privacy Policy
The clause establishes the operational framework under which BeReal may process user data across multiple jurisdictions, creating a requirement that international transfers comply with EU-approved contractual mechanisms rather than relying solely on equivalence determinations.
Cross-border data transfers from the EU/EEA to the United States require an approved transfer mechanism under GDPR Chapter V. The policy does not specify in detail which transfer mechanisms are relied upon, which warrants verification by compliance teams evaluating EU data flows.
Airbnb
· Airbnb Privacy Policy
This provision establishes the operational framework under which Airbnb processes personal data across multiple jurisdictions. The clause addresses a core compliance requirement for international data transfers, particularly for EU/EEA users, by identifying the legal mechanisms (standard contractual clauses) used to authorize cross-border data movement.
The provision establishes the operational framework under which Riot Games processes personal information across jurisdictions with varying regulatory requirements. Standard Contractual Clauses create a contractual basis for lawful international transfer where adequacy decisions do not exist, addressing the legal requirements imposed by EEA, UK, and Swiss data protection regimes.
Lyft
· Lyft Privacy Policy
Cross-border data transfer provisions establish the operational scope of data flows and define which legal frameworks govern data protection once information leaves the user's home jurisdiction. This affects the regulatory oversight and security standards applicable to personal information during transit and storage.