6. Data transfers beyond the European Union
The European Union (EU) will adopt the same Data Protection safeguards as the United Kingdom. It’s by exception that data would be sent outside the EU.
If we send information to non-EU countries, this will be:
- with your consent, or
- to comply with a lawful and legitimate request, or
- if we use service providers or contractors in non-EU countries
If we transfer your information beyond the EU, we will make sure that it’s protected in the same way as if it was being used in the EU.
To keep your information safe we will either:
- transfer it to a non-EU country with privacy laws that give the same protection as the EU. You can find out more on the European Commission Justice website
- put in place a contract with the recipient that means they must protect it to the same standards as the EU. You can find out more information on the European Commission Justice website.
- transfer it to organisations that are part of the Privacy Shield - this is a framework that sets privacy standards for data sent between the US and EU countries and makes sure those standards are similar to what is used within the EU. Find out more about the Privacy Shield on the European Commission Justice website
If we intend to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.