Klarna
· Klarna Privacy Policy
When your data is transferred outside the EU or UK, it may be subject to government access or privacy standards that are different from those in your home country, even if contractual protections are in place.
Grindr
· Grindr Privacy Policy
For EU and UK users, transferring sensitive personal data to the US without adequate transfer mechanisms can violate GDPR and create legal exposure for Grindr and reduced rights protections for users.
Webull
· Webull Privacy Policy
For users outside the United States, particularly in the EU and UK, this means your personal and financial data may be subject to U.S. legal process and privacy standards that may differ from those that apply in your jurisdiction.
Cross-border transfers of personal data from the EEA or UK to the US require a valid transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses; the policy acknowledges transfer but does not specify the legal mechanism used.
For EU and UK users, data transferred to the US is subject to US surveillance laws and the adequacy of Standard Contractual Clauses as a safeguard depends on Coinbase conducting and maintaining transfer impact assessments documenting risks and mitigations.
Adobe
· Adobe Privacy Policy
Users outside the U.S., particularly in the EU, have legal protections governing international data transfers, and the adequacy of those protections depends on the legal mechanisms Adobe uses, such as Standard Contractual Clauses or the EU-U.S. Data Privacy Framework.
For users in the EU, UK, and other jurisdictions with strong data protection laws, transferring personal data to countries without equivalent protections requires specific legal safeguards that the policy does not detail.
The policy states that personal data may be transferred across borders to jurisdictions with different data protection standards, and identifies Standard Contractual Clauses as the primary transfer mechanism for EEA, UK, and Swiss data, which requires ongoing legal validity assessments following the Schrems II ruling.
Uber
· Uber Privacy Notice
Cross-border data transfers of EU/EEA driver data to the US and other third countries require valid transfer mechanisms under GDPR Chapter V, and the adequacy and supplementary safeguards supporting SCCs must be documented and available for supervisory authority review, particularly given the volume and sensitivity of the data categories involved.
EU and UK users are entitled to have their data protected to GDPR standards even when transferred abroad, and this clause creates an obligation on Peloton to implement legally adequate transfer mechanisms such as Standard Contractual Clauses.
Intuit
· Intuit Privacy Statement
For EU and UK users, international data transfers require specific legal safeguards, and the adequacy of those safeguards is subject to ongoing regulatory and judicial scrutiny.
Roblox
· Roblox Privacy Policy
The policy asserts consent to cross-border data transfers as a basis for transferring data from jurisdictions such as the EU/EEA to the US; under GDPR, reliance on broad consent embedded in a terms of service or privacy policy for international transfers may not satisfy the requirements of a valid transfer mechanism under Chapter V of GDPR, and this provision may require evaluation against the adequacy framework or Article 46 standard contractual clauses.
Stripe
· Stripe Privacy Policy
This provision establishes the legal mechanisms Stripe relies upon for cross-border data transfers, which are subject to ongoing regulatory review and potential challenge; organizations processing EU or UK personal data through Stripe must confirm these mechanisms remain current and adequate under applicable law.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision establishes the geographic scope of data processing and identifies the legal mechanisms Microsoft employs to govern cross-border transfers. This determines the jurisdictional frameworks and contractual obligations that apply to personal data movement across Microsoft's international operations.
Okta
· Okta Privacy Policy
EU, UK, and Swiss users' personal data is being transferred to the United States, and the legal validity of that transfer depends on Okta's correct implementation of the current SCCs, which were updated in 2021 and require accompanying transfer impact assessments.
Canva
· Canva Privacy Policy
Cross-border data transfers involving EU personal data require legally adequate safeguards under GDPR. Canva's reliance on Standard Contractual Clauses is a recognized mechanism but requires accompanying Transfer Impact Assessments under post-Schrems II obligations, and compliance with these requirements cannot be verified from policy text alone.
Cursor
· Cursor Privacy Policy
The policy references legally valid transfer mechanisms for EEA and UK data transfers but does not name the specific mechanism (such as Standard Contractual Clauses), which limits the ability of EEA or UK users to evaluate the adequacy of those protections without making a direct inquiry.
The provision establishes the operational framework under which user data flows internationally, specifying both the destination jurisdictions and the legal mechanism (Standard Contractual Clauses) that Coinbase employs to satisfy data protection obligations for cross-border transfers.
Udemy
· Udemy Privacy Policy
The legal mechanism used for cross-border data transfers determines what protections EU and UK users retain when their data is processed in the U.S.; the Data Privacy Framework has been adopted as an adequacy mechanism but remains subject to political and legal developments.
This technical specification determines the jurisdiction and location where advertiser data and campaign analytics are stored, processed, and reported. The designation of Singapore as the virtual data center (vdc) and reporting region establishes the operational framework for data residency and determines which entity policies and data protection regimes apply to the advertising data flowing through these infrastructure endpoints.
Stripe
· Stripe Privacy Policy
The provision establishes the legal mechanisms by which Stripe operationalizes cross-border data flows, ensuring transfers comply with EU and UK data protection requirements through Commission-approved contractual frameworks and adequacy determinations.
This clause operationalizes HubSpot's compliance framework for international data transfers under GDPR and UK data protection law. The provision documents the specific legal instruments the organization deploys to maintain adequate protection standards when personal data crosses EEA and UK borders.
The provision establishes DocuSign's operational basis for international data movement by reference to an EU-approved legal mechanism. SCCs create contractual obligations between data exporter and importer to protect personal information consistent with GDPR standards, even when destination countries lack adequacy determinations.
The provision establishes the legal mechanism by which the entity operationalizes cross-border data transfers where destination jurisdictions lack formal adequacy findings, ensuring compliance with EU data protection frameworks through contractual safeguards rather than jurisdictional adequacy determinations.
Hinge
· Hinge Privacy Policy
The provision establishes the procedural basis for international data movement and identifies the contractual safeguard mechanism (SCCs) that governs these transfers. This clarifies how Hinge operationalizes its global service model while addressing regulatory requirements for personal data flows to jurisdictions without equivalent data protection frameworks.
ADP
· ADP Privacy Statement
BCR are a recognized but operationally complex transfer mechanism. If regulators in any country determine that BCR do not provide adequate protection, data transfers relying on them could be suspended, potentially disrupting payroll and HR services.
The clause establishes the contractual framework Shopify employs to comply with EU and UK data protection requirements when moving personal data to jurisdictions outside the designated adequacy perimeter. This addresses the operational necessity to conduct cross-border data transfers while maintaining regulatory compliance.
Figma
· Figma Privacy Policy
EU and UK users' personal data is processed by Figma in the US, and the adequacy of the transfer mechanism used is subject to ongoing regulatory scrutiny, meaning users should understand that their data crosses borders and the legal protections that apply.
Fastly
· Fastly Privacy Policy
Cross-border transfer mechanisms are a significant area of GDPR enforcement, and the adequacy of Standard Contractual Clauses depends on whether the destination country provides essentially equivalent protection. Organizations relying on SCCs may also need to conduct Transfer Impact Assessments.
EU, UK, and Swiss users should know their data may be transferred to the United States, but Google states it uses legal transfer mechanisms to maintain applicable protections.