Lyft
· Lyft Privacy Policy
Cross-border data transfer provisions establish the operational scope of data flows and define which legal frameworks govern data protection once information leaves the user's home jurisdiction. This affects the regulatory oversight and security standards applicable to personal information during transit and storage.
For users in the EU, UK, or other jurisdictions with strong data protection laws, international data transfers carry legal significance and Microsoft must rely on approved transfer mechanisms such as Standard Contractual Clauses to make such transfers lawful.
The provision establishes the operational framework under which Riot Games processes personal information across jurisdictions with varying regulatory requirements. Standard Contractual Clauses create a contractual basis for lawful international transfer where adequacy decisions do not exist, addressing the legal requirements imposed by EEA, UK, and Swiss data protection regimes.
The clause establishes the geographic scope of data processing operations and notifies users that their information will be subject to the legal and regulatory frameworks of the jurisdiction where servers are located, rather than remaining under their home jurisdiction's data protection regime.
Grindr
· Grindr Privacy Policy
For EU and UK users, transferring sensitive personal data to the US without adequate transfer mechanisms can violate GDPR and create legal exposure for Grindr and reduced rights protections for users.
Klarna
· Klarna Privacy Policy
When your data is transferred outside the EU or UK, it may be subject to government access or privacy standards that are different from those in your home country, even if contractual protections are in place.
For EU and UK users, data transferred to the US is subject to US surveillance laws and the adequacy of Standard Contractual Clauses as a safeguard depends on Coinbase conducting and maintaining transfer impact assessments documenting risks and mitigations.
This provision establishes Standard Contractual Clauses as the primary mechanism for cross-border data transfers out of the EEA, which requires that a transfer impact assessment be conducted and documented for organizations subject to GDPR requirements.
Notion
· Notion Privacy Policy
The policy asserts consent to international data transfer based on use of the service, but under GDPR this type of implied consent is generally insufficient as a transfer mechanism; the policy separately references Standard Contractual Clauses for EEA transfers, which is the operationally relevant mechanism for EU users.
Adobe
· Adobe Privacy Policy
Users outside the U.S., particularly in the EU, have legal protections governing international data transfers, and the adequacy of those protections depends on the legal mechanisms Adobe uses, such as Standard Contractual Clauses or the EU-U.S. Data Privacy Framework.
Uber
· Uber Privacy Notice
Cross-border data transfers of EU/EEA driver data to the US and other third countries require valid transfer mechanisms under GDPR Chapter V, and the adequacy and supplementary safeguards supporting SCCs must be documented and available for supervisory authority review, particularly given the volume and sensitivity of the data categories involved.
The policy states that personal data may be transferred across borders to jurisdictions with different data protection standards, and identifies Standard Contractual Clauses as the primary transfer mechanism for EEA, UK, and Swiss data, which requires ongoing legal validity assessments following the Schrems II ruling.
EU and UK users are entitled to have their data protected to GDPR standards even when transferred abroad, and this clause creates an obligation on Peloton to implement legally adequate transfer mechanisms such as Standard Contractual Clauses.
Webull
· Webull Privacy Policy
For users outside the United States, particularly in the EU and UK, this means your personal and financial data may be subject to U.S. legal process and privacy standards that may differ from those that apply in your jurisdiction.
Waze
· Waze Privacy Policy
The clause establishes the operational scope for personal data infrastructure by permitting Waze to utilize distributed data storage and processing across multiple geographic jurisdictions as part of standard business operations, including reliance on third-party service providers.
The clause establishes the operational framework for international data processing and specifies that Airtable will implement legal compliance mechanisms for cross-border transfers as required by applicable law. This addresses jurisdictional requirements that govern personal data movement across borders.
Transferring personal data out of the EEA to the United States means your data is subject to US law, including potential government access requests, and the adequacy of the transfer mechanism may be subject to legal challenge.
The provision establishes the operational mechanism by which Eventbrite handles cross-border data flows as a global service provider. It delineates that transfers may occur to jurisdictions with varying data protection standards while conditioning such transfers on implementation of protective measures.
The clause establishes the jurisdictional framework for data processing operations and specifies the legal transfer mechanisms employed for regulated regions. This operational structure determines which data protection regimes apply to user information and the contractual protections governing cross-border transfers.
The clause establishes Delta's operational practice of sharing customer data with promotional partners while providing a mechanism for users to exercise control over data sharing preferences through account privacy settings.
This provision establishes the legal basis for cross-border data transfers from the EU/EEA, UK, and Switzerland to the US, which requires ongoing adequacy and Schrems II compliance assessment. Organizations subject to GDPR must confirm that Amplitude's SCCs are current, include required supplementary measures where applicable, and cover all relevant data flows.
Brex
· Brex Privacy Policy
This provision engages GDPR Chapter V cross-border transfer requirements for EU and UK users, requiring that Standard Contractual Clauses be accompanied by a Transfer Impact Assessment where transfers are made to countries without an adequacy decision, including the United States.
Reddit
· Reddit Privacy Policy
This provision operationalizes Reddit's data infrastructure by authorizing cross-border data transfers and establishing the jurisdictional scope of data handling. The clause addresses the operational requirement that user data may be processed in jurisdictions with different legal protections than the user's home country.
Garmin
· Garmin Privacy Statement
The provision establishes the operational framework for cross-border data flows and identifies the specific contractual safeguard (SCCs) used to comply with data transfer restrictions under EU/EEA regulations. This mechanism addresses the legal requirement that international transfers be accompanied by adequate protective measures.
Loom
· Loom Privacy Policy
If you are based in the EU or UK, your Loom data may be transferred to and stored in the United States, and the legal adequacy of that transfer mechanism affects the protections your data receives.
DeepL
· DeepL Privacy Policy
This provision discloses that EEA user data may be routed to non-EEA processors, with Standard Contractual Clauses cited as the primary safeguard mechanism. Organizations subject to strict data residency requirements or sector-specific cross-border transfer restrictions should evaluate whether this transfer framework satisfies their obligations.
The provision operationalizes Smartsheet's data processing infrastructure by establishing the jurisdictional basis for international data transfers and specifying the legal frameworks—primarily SCCs—through which the company complies with cross-border data transfer requirements under applicable law.
eBay
· eBay Privacy Notice
Cross-border data transfers mean your personal information may leave your home country and be processed under different legal standards, which is particularly significant for EU users given GDPR's strict transfer restrictions.
Udemy
· Udemy Privacy Policy
The clause establishes the operational framework for Udemy's cross-border data processing infrastructure and specifies the contractual mechanisms (standard contractual clauses) used to address jurisdictional differences in data protection requirements.
International data transfers mean your personal data may be subject to the laws and government access regimes of countries other than your own, which is particularly significant for EU users whose data may be transferred to the United States or other countries with different privacy frameworks.