Data protection laws limit our ability to transfer personal data to countries outside the UK (i.e. the countries which are subject to the UK data protection regime or very similar data protection laws). This is to help ensure that a consistent level of data protection applies to your data at all stages of processing, and that you are not exposed to additional privacy risks through the transfer of your data. Transfers of data outside the UK are only permitted in certain circumstances. Where such transfers area necessary, we ensure that we have appropriate safeguards in place.

We have given some information in section 4 about specific situations in which your personal data is or may be transferred outside the UK. Aside from these situations there may be a transfer of your personal data outside the UK in the following circumstances:

  • Where we are using a cloud-based IT system to hold your data, and the data in the cloud is stored on servers located outside the UK. In these circumstances we safeguard your data through undertaking appropriate checks on the levels of security offered by the cloud provider and entering into a contract with them which applies protections of the same type and level required by data protection laws within the UK;
  • Where you are based outside the UK and we need to send you emails or other communications which are necessary for the performance of our contract with you or for implementing pre-contractual measures which you have asked us to take (e.g. processing your application or enquiry). In these circumstances the data protection laws say that transfer is permitted.
  • With your consent.

Privacy Notice Contents

  1. Introduction

  2. When and how we collect your data

  3. How we hold your data

  4. How and why we process your data for BU purposes

  5. Overseas transfers of your personal data

  6. Retention: how long will we keep your data for?

  7. Your rights as a data subject and how to exercise them