Most of our data processing takes place within the UK, however we employ some services which are based outside of the UK. In these cases, limited personal data (for example we use Sendgrid) is passed to another country (e.g. USA).
Whenever we transfer your data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your data to countries that have been deemed to provide an adequate level of protection for personal data under the UK adequacy regulations. For further details, see Information Commissioner’s Office (ICO): Adequacy of the protection of personal data in non-UK countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission and amended by the ICO which give personal data the same protection it has in the UK. For further details, see ICO’s: Model contracts for the transfer of personal data to third countries.
- In the absence of an adequacy decision or appropriate contractual safeguards we may rely on derogations for specific situations. For further details, see GDPR Article 49: Derogations for specific situations.
Please contact us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your data out of the UK.