Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

The country to which we transfer your personal data has been deemed to provide an adequate level of protection for personal data by the European Commission.

Where we use certain service providers, we may use specific model contracts approved by the European Commission which give personal data the same protection it has in Europe.

Where we use providers based outside the EEA, we may transfer data to them if the country in which they will process your data has been found by the European Commission or the UK government to provide adequate levels of data protection, or once we have put in place standard contractual clauses issued by the European Commission in order to protect your data. Where we use these standard contractual clauses, we will conduct a risk assessment to ensure we are comfortable that the measures we have taken provide enough protection within the local legal framework and we will work with our overseas providers to actively identify any potential risks to your data.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.