Data protection laws limit our ability to transfer personal data outside the countries within the EEA (i.e. the countries which are subject to the same or very similar data protection laws). This is to help ensure that a consistent level of data protection applies to your data at all stages of processing, and that you are not exposed to additional privacy risks through the transfer of your data. Transfers of data outside the EEA are only permitted in certain circumstances. Aside from these situations there may be a transfer of your personal data outside the EEA in the following circumstances:

  • Where we use a cloud-based IT system to hold your data, and the data in the cloud is stored on servers located outside the EEA. In these circumstances we safeguard your data through undertaking appropriate checks on the levels of security offered by the cloud provider and entering into a contract with them which applies protections of the same type and level required by data protection laws within the EEA;
  • Where you are based outside the EEA and we need to send you emails or other communications which are necessary for the performance of our contract with you or for implementing pre-contractual measures which you have asked us to take (e.g. processing your application or enquiry). In these circumstances the data protection laws say that transfer is permitted; or
  • With your consent.

Privacy Notice Contents

  1. Introduction

  2. When and how we collect your data

  3. How we hold your data

  4. How and why we process your data for BU purposes

  5. Sharing your data with third parties

  6. Transfer of your data outside the European Economic Area (EEA)

  7. Retention: how long will we keep your data for?

  8. Your rights as a data subject and how to exercise them