Transfers out of the EEA

In most cases your information will remain in the UK and it will not be necessary for us to transfer your personal data outside the European Economic Area (EEA). However, there are some occasions where your information may leave the EEA, for example:

• Where we use a cloud-based IT system to hold your data which is stored on servers located outside the EEA. In these circumstances, we safeguard your data by undertaking appropriate checks on the levels of security offered by the cloud provider and enter into a contract with them which applies protections of the same type and level required by data protection laws within the EEA.

If we do need to share your personal data outside the EEA, we will endeavour to:

• Take all practical steps to make sure your personal information is not sent to a country that is not deemed to provide an adequate level of protections for personal data, either by the UK government or the European Commission.
• Use specific contractual clauses approved by the European Commission which gives personal data the same protection it has in the UK and Europe.
• Use only appropriate safeguards as set out in Chapter V of UK GDPR.