Data Transfer Frameworks for Privacy

Legal frameworks for data transfers

Effective [Insert Date] | Archived versions

We operate primarily from the United Kingdom. However, in the course of providing web design, web analytics, consultancy and related digital services, personal data may be processed on servers located outside the United Kingdom.

Data protection laws vary between jurisdictions, with some providing more comprehensive protections than others. Regardless of where personal data is processed, we apply the safeguards described in our privacy policy. We also comply with applicable legal frameworks relating to international data transfers, as outlined below.

Adequacy decisions

The UK Government and other data protection authorities recognise that certain countries provide an adequate level of protection for personal data. Where a country benefits from an adequacy regulation, personal data may be transferred to that jurisdiction without additional contractual safeguards.

We may rely on the following adequacy mechanisms:

• European Commission adequacy decisions
• UK adequacy regulations
• Swiss adequacy decisions
• ANPD adequacy decisions (Brazil)

These frameworks confirm that the receiving jurisdiction provides legal protections broadly equivalent to those required under UK data protection law.

International transfer safeguards

Where personal data is transferred to a country that is not subject to an adequacy regulation, we implement appropriate legal safeguards to ensure compliance with UK GDPR and related legislation.

Such safeguards may include:

• The UK International Data Transfer Agreement (IDTA)
• The UK Addendum to the EU Standard Contractual Clauses
• Standard Contractual Clauses approved by the European Commission

Standard Contractual Clauses are legally approved contractual commitments that require recipients of personal data to apply protections equivalent to UK standards. Where relied upon, these clauses are used in their approved form.

In addition, we assess the nature of the transfer, the categories of data involved and the legal framework of the destination country to determine whether supplementary measures are required.

Use of third-party service providers

To operate and improve our services, we may engage reputable third-party providers for hosting, cloud infrastructure, analytics, payment processing and communication services.

Where these providers process personal data outside the United Kingdom, we ensure appropriate contractual safeguards are in place and that they are subject to data protection obligations consistent with UK GDPR.

We remain responsible for ensuring that personal data processed on our behalf is handled in accordance with applicable law.

Security and organisational measures

Irrespective of where personal data is processed, we apply reasonable technical and organisational measures designed to protect against:

• Unauthorised or unlawful processing
• Accidental loss or destruction
• Unauthorised disclosure
• Security breaches

These safeguards are proportionate to the sensitivity of the data and the risks presented by international transfers.

Further information

If you would like further information regarding international data transfers or the safeguards applied to your personal data, please contact:

privacy@jamieparishooper.com

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your personal data has been transferred or processed unlawfully.

Changes to this page

We may update this page from time to time to reflect changes in legal requirements, service providers or operational practices. The effective date above will be updated accordingly.