Data protection laws limit our ability to transfer personal data to countries outside the EEA (i.e. the countries which are subject to the EU data protection regime or very similar data protection laws). This is to help ensure that a consistent level of data protection applies to your data at all stages of processing, and that you are not exposed to additional privacy risks through the transfer of your data. Transfers of data outside the UK and the EEA are only permitted in certain circumstances.
We have given some information in section 4 about specific situations in which your personal data is or may be transferred outside the UK and the EEA. Aside from these situations there may be a transfer of your personal data outside the UK and the EEA in the following circumstances:
- Where we are using a cloud-based IT system to hold your data, and the data in the cloud is stored on servers located outside the UK and the EEA. In these circumstances we safeguard your data through undertaking appropriate checks on the levels of security offered by the cloud provider and entering into a contract with them which applies protections of the same type and level required by data protection laws within the UK and the EEA;
- Where you are based outside the UK and the EEA and we need to send you emails or other communications which are necessary for the performance of our contract with you or for implementing pre-contractual measures which you have asked us to take (e.g. processing your application or enquiry). In these circumstances the data protection laws say that transfer is permitted.
- With your consent.