Data Transfers to Third Countries Sample Clauses
The 'Data Transfers to Third Countries' clause governs the conditions under which personal or sensitive data can be transferred from one country to another, particularly to countries outside the jurisdiction where the data was originally collected. This clause typically requires that any transfer of data to a third country must comply with applicable data protection laws, such as ensuring the recipient country provides an adequate level of data protection or that appropriate safeguards are in place, like standard contractual clauses or binding corporate rules. Its core function is to protect individuals' data privacy and security when their information is moved across borders, addressing legal and regulatory risks associated with international data transfers.
Data Transfers to Third Countries. 7.1 If the Processor processes EU, UK or Swiss Personal Data at or from its facilities in a third country as a data controller located in the EU, UK or Switzerland (“European Territories”), the Standard Contractual Clauses shall be incorporated by reference in this DPA. The parties agree that Processor is the data importer and Controller is the data exporter. Unless otherwise agreed by the parties, Exhibits A and B of this DPA shall apply to the Standard Contractual Clauses, and for the purpose of clauses 9 and 11(3) of the Standard Contractual Clauses, the governing law will be the country in which the relevant Controller is established. Nothing in this DPA shall be construed to prevail over any conflicting clause of the Standard Contractual Clauses. Each party acknowledges that it has had the opportunity to review the Standard Contractual Clauses. In particular, the Processor acknowledges its obligations: (i) under clause 5(a) of the Standard Contractual Clauses to promptly inform the Controller of the Processor’s inability to comply with the Standard Contractual Clauses; (ii) under clause 5(d)(i) of the Standard Contractual Clauses to notify the Controller of a legally binding request for disclosure by a law enforcement authority; and (iii) under clause 5(e) of the Standard Contractual Clauses to deal promptly and properly with all inquiries from the Controller relating to the processing which is the subject of the transfer.
7.2 For the avoidance of doubt, in the event that the European Commission approves a successor set of controller to processor Standard Contractual Clauses (“New SCCs”), or the UK authorities issue a set of controller to processor Standard Contractual Clauses (“UK SCCs”), the New SCCs and the UK SCCs shall be incorporated by reference in this DPA in place of the previously approved set of Standard Contractual Clauses. In such cases, the information set out in Exhibits A and B of this DPA shall be deemed to be incorporated into the appropriate sections of the New SCCs and the UK SCCs, and the Processor acknowledges the equivalent obligations in the New SCCs and UK SCCs as those set out above. To the extent that the New SCCs or UK SCCs require the inclusion of additional information not covered by Exhibits A and B of this DPA, the Controller may incorporate that additional information into the New SCCs and UK SCCs by way of a written notice to the Processor.
7.3 This section applies if the Processor is established in the European Terri...
Data Transfers to Third Countries. To the extent any processing of Personal Data by ▇▇▇▇▇▇▇ takes place in any Third Country, the Customer agrees, and ▇▇▇▇▇▇▇ undertakes that, any such processing shall be subject to a written agreement which includes the Standard Contractual Clauses.
Data Transfers to Third Countries. 11.1. YOC and the Service Provider are responsible for ensuring that, in the event of a data transfer, the technologies they use process the personal data either exclusively in a member state of the European Union ("EU") or in another state Party to the agreement on the European Economic Area ("EEA"). Any processing of personal data in countries without an adequate level of data protection (hereinafter "Third Country") requires that the legal requirements for data exports to Third Countries under applicable law are met. This shall apply mutatis mutandis to the extent that YOC or the Service Provider commissions processors in third countries to process the personal data.
11.2. If personal data is transferred to a Third Country by YOC or by the Service Provider, YOC or the Service Provider shall, in particular pursuant to Art. 46 GDPR, provide appropriate safeguards and provide the data subject with enforceable rights and effective remedies.
Data Transfers to Third Countries. The recipients of Personal Data might be located outside the European Union or the European Economic Area and therefore might not have a data protection equivalent to EU data protection law. Unless there is an adequacy decision by the EU Commission for these states or the transfer is based on an exemption provided for by the GDPR (e.g. express consent, assertion, exercise or defense of legal rights), the Supplier will take all necessary measures to ensure that transfers to such organizations are adequately protected, e.g. by signing the standard contractual clauses stipulated by the EU Commission (“SSC”) with the data recipients or be relying on Privacy Shield Principles (“PSP”). A copy of these reasonable warranties may be requested by contacting the Supplier’s Data Protection Department at: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇. A transfer of data to official authorities in countries outside the European Union or the European Economic Area (so-called third countries) takes place, if required by law, express consent has been given or this is legitimated by the legitimate interest of the Supplier or the third party for data protection purposes, e.g. internal administrative purposes and no higher legitimate interests by Customer.