Transferring personal data out of the EEA to the United States means your data is subject to US law, including potential government access requests, and the adequacy of the transfer mechanism may be subject to legal challenge.
Udemy
· Udemy Privacy Policy
The clause establishes the operational framework for Udemy's cross-border data processing infrastructure and specifies the contractual mechanisms (standard contractual clauses) used to address jurisdictional differences in data protection requirements.
International data transfers are a key compliance area under GDPR; the sufficiency of transfer mechanisms depends on whether Thomson Reuters has conducted Transfer Impact Assessments, particularly for transfers to the United States.
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borders, which affects the legal standards and accountability structures applicable to the company's data handling practices.
The provision operationalizes Smartsheet's data processing infrastructure by establishing the jurisdictional basis for international data transfers and specifying the legal frameworks—primarily SCCs—through which the company complies with cross-border data transfer requirements under applicable law.
Cohere
· Cohere Privacy Policy
This provision is particularly significant for EU and UK users because transfers of personal data from the EEA and UK to the United States require a lawful transfer mechanism under GDPR and UK GDPR, and the adequacy or sufficiency of those mechanisms is subject to ongoing regulatory scrutiny.
The provision establishes the operational framework under which Riot Games processes personal information across jurisdictions with varying regulatory requirements. Standard Contractual Clauses create a contractual basis for lawful international transfer where adequacy decisions do not exist, addressing the legal requirements imposed by EEA, UK, and Swiss data protection regimes.
Waze
· Waze Privacy Policy
The clause establishes the operational scope for personal data infrastructure by permitting Waze to utilize distributed data storage and processing across multiple geographic jurisdictions as part of standard business operations, including reliance on third-party service providers.
The provision establishes the factual basis for Epic Games' multi-jurisdictional operations, which creates the operational context for cross-border data processing. This geographic distribution of operations forms the foundation for how personal data may be transferred and processed across different regulatory jurisdictions.
eBay
· eBay Privacy Notice
Cross-border data transfers mean your personal information may leave your home country and be processed under different legal standards, which is particularly significant for EU users given GDPR's strict transfer restrictions.
Canva
· Canva Privacy Policy
The clause establishes the operational framework for international data processing by Canva's Australian headquarters and identifies the contractual mechanism (Standard Contractual Clauses) used to govern such transfers. This addresses jurisdictional compliance requirements for cross-border personal data flows.
International data transfers mean your personal data may be subject to the laws and government access regimes of countries other than your own, which is particularly significant for EU users whose data may be transferred to the United States or other countries with different privacy frameworks.
Uber
· Uber Privacy Notice
This clause establishes the operational framework for Uber's global data architecture, specifying that personal data collected in one jurisdiction may be processed, stored, or accessed in other jurisdictions. The provision sets out the compliance mechanisms—standard contractual clauses and law-required safeguards—that govern these transfers.
BeReal
· BeReal Privacy Policy
The clause establishes the operational framework under which BeReal may process user data across multiple jurisdictions, creating a requirement that international transfers comply with EU-approved contractual mechanisms rather than relying solely on equivalence determinations.
The clause establishes the geographic scope of data processing operations and creates a jurisdictional framework for where user information may be stored and accessed. For users in regulated regions, it conditions cross-border transfers on the existence of adequate legal safeguards, reflecting compliance with regional data protection requirements.
The clause establishes the jurisdictional framework for data processing operations and specifies the legal transfer mechanisms employed for regulated regions. This operational structure determines which data protection regimes apply to user information and the contractual protections governing cross-border transfers.
Hinge
· Hinge Privacy Policy
Cross-border transfers of personal data from the EEA to the United States require specific legal safeguards under GDPR, and users in the EEA should understand that their data is ultimately processed within a US-headquartered corporate group.
The provision establishes the operational basis for Dropbox's international data transfers by specifying the legal mechanisms that govern how personal data flows from European jurisdictions to other regions. This authorization structure ensures compliance with regional data protection regulations that restrict cross-border data movement.
Twilio
· Twilio Privacy Notice
The provision establishes the operational framework for cross-border data processing and specifies the contractual mechanisms Twilio uses to address jurisdictional differences in data protection requirements. This directly affects how personal information flows through Twilio's infrastructure and which legal standards apply to different segments of data processing.
Miro
· Miro Privacy Policy
The clause establishes the operational framework for Miro's cross-border data processing infrastructure. It documents the company's use of a specific legal mechanism (Standard Contractual Clauses) to address the jurisdictional differences that arise when personal data moves between countries with varying regulatory requirements.
Cross-border data transfers from the EU or UK to countries without an adequacy decision require specific legal safeguards under GDPR and UK GDPR, and the policy's general disclosure does not specify which transfer mechanisms are used.
Auth0
· Auth0 Privacy Policy
Cross-border data transfers from the EU and UK to the US remain a significant regulatory concern following the Schrems II ruling, and the adequacy and current status of Okta's SCCs and any supplementary measures are important for both individual data subjects and enterprise customers.
Visa
· Visa Privacy Notice
The provision establishes the operational framework governing Visa's cross-border data transfer practices and specifies the contractual mechanisms through which Visa implements protective measures. This addresses the jurisdictional and regulatory complexity of global data transfers where destination countries may have different legal protections than the user's home jurisdiction.
Lyft
· Lyft Privacy Policy
Cross-border data transfer provisions establish the operational scope of data flows and define which legal frameworks govern data protection once information leaves the user's home jurisdiction. This affects the regulatory oversight and security standards applicable to personal information during transit and storage.
Garmin
· Garmin Privacy Statement
The provision establishes the operational framework for cross-border data flows and identifies the specific contractual safeguard (SCCs) used to comply with data transfer restrictions under EU/EEA regulations. This mechanism addresses the legal requirement that international transfers be accompanied by adequate protective measures.
Cross-border data transfers from the EU/EEA to the United States require an approved transfer mechanism under GDPR Chapter V. The policy does not specify in detail which transfer mechanisms are relied upon, which warrants verification by compliance teams evaluating EU data flows.
Airbnb
· Airbnb Privacy Policy
This provision establishes the operational framework under which Airbnb processes personal data across multiple jurisdictions. The clause addresses a core compliance requirement for international data transfers, particularly for EU/EEA users, by identifying the legal mechanisms (standard contractual clauses) used to authorize cross-border data movement.
EU, UK, and other non-U.S. users should be aware that their data is transferred to a jurisdiction with a different legal framework, and the adequacy of transfer mechanisms is a material compliance consideration.
Intuit
· Intuit Privacy Statement
For EU and UK users, international data transfers require specific legal safeguards, and the adequacy of those safeguards is subject to ongoing regulatory and judicial scrutiny.
EU and UK users are entitled to have their data protected to GDPR standards even when transferred abroad, and this clause creates an obligation on Peloton to implement legally adequate transfer mechanisms such as Standard Contractual Clauses.