Date of Last Update: September 2023
Please read this Policy carefully before providing us with any information. If you are a citizen of the U.S. or EU/UK, please also review the Supplemental Statements on your U.S. and EU/UK data privacy rights (located at the end of this Policy). When you visit or use our Properties, interact with customer service representatives, work with us, apply to work with us, or otherwise engage or interact with Common App or its employees, contractors, agents, or representatives, you understand that we will collect, use, and disclosure your personal information as described in this Policy.
Please note that Common App is a not-for-profit organization based in the U.S. Any personal information you provide or we collect is transmitted to, and stored in, the U.S., and will also be shared with our member Colleges and Universities, at your direction, including in countries where laws may be less protective of personal information about you than in your home country.
2. This policy will inform you about:
- Changes to this Policy
- Personal information Common App collects and how we use it
- With whom Common App shares the information we collect about you
- Your choices regarding communications from Common App and Member Colleges and Universities
- Common App’s Data Retention Policy
- Common App’s Data Security Policies and Practices
- Children’s Privacy
- How you can contact us regarding this policy
- U.S. Supplemental
- EEA/UK Supplemental
3. Changes to this Policy
Changes to this Policy will be posted on this page. We reserve the right to modify this Policy at any time, so please review it periodically to learn of updates. If you do not accept this Policy, please do not use our Properties.
4. Personal Information Common App Collects and How We Use It
A. Properties Visitors
- Categories of personal information:
- When you contact us through our contact form on our Properties or by email: we collect your name, email address and any other information that you decide to share with us.
- With your permission where it is required by applicable laws, we and/or our partners may automatically log information about you, your browser, your computer or mobile device, and your activity on the Properties. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our Properties, general location information such as city, state or geographic area; and information about your use of and actions on the Properties, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our business partners may collect this type of information over time and across third-party websites and mobile applications. This information is collected using cookies, and similar tracking technologies. Please consult our Cookie Notice for more information.
- The Google API Service is used to provide a student access to their Google Drive files, if they choose to use the integrated service. No data about the user’s Google account is stored or shared by the Common App.
- Purposes for processing:
We use this information:
- To provide, operate and improve our Properties
- To respond to your requests, questions and feedback
- To analyze and improve our Properties
- To provide you with a personalized experience and advertisements
- For compliance, fraud prevention, and safety.
- Categories of personal information:
- When you create an account, we collect your name, email address, phone number, date of birth, and information regarding your plans to attend college. If you are a transfer student, we also collect information regarding your citizenship/nationality.
- When you create a profile, we may collect your name, home and mailing addresses, home and telephone numbers, gender, legal sex, pronouns, military status, race, language proficiency, place of birth, duration of residency in the U.S./other country of residency, citizenship status, and financial status.
- When completing an application(s), Common App collects detailed information regarding your education, testing, extracurricular and/or community involvement history, and college goals/plan. We also collect any and all information you voluntarily provide in your application(s), including writing samples and essays.
- Common App may also collect personal information about you from recommenders and educational institutions you have attended, including information about your academic achievements and performance, recommendations and impressions of you, and any other information these parties choose to provide us in connection with your application(s).
- Purposes for processing:
We use this information:
- To process your application(s) to our member Colleges and Universities that require the information to assess your suitability for admission, communicate with you about your application, and meet institutional reporting requirements and obligations to safeguard students. If you do not provide the information our members require, we will be unable to process your application.
- To allow you to pay fees required for your application to our member Colleges or Universities, by linking you to the Higher One web site which collects your payment-related information.
- To validate the mailing address that you provide to further our legitimate interests in obtaining accurate information and preventing misuse of the Common App and our Properties.
- To allow our members to meet their institutional reporting requirements regarding certain protected characteristics including gender, race, ethnicity, sexual orientation.
- To generate aggregate data for research and product development purposes.
- To allow you to participate in Common App Programs, such as direct admissions.
- To allow you to participate in Partner Programs, with your consent, which requires sharing your information with those Partners. Common App will never share your data with Partners without your express consent.
- To communicate with you. Applicants may opt-out of programs or request their data be deleted by submitting a request to Common App. To learn more, see the “What is Common App’s policy on retention and allowing you to access, update, correct, or delete your personal information?“ section of this Policy.
C. Parents/Guardians and Siblings of Applicants
- Categories of personal information: If you are a parent or legal guardian of an applicant, we may collect personal information about you from the applicant: name, marital status, household member information, children, whether the parent is living or dead, occupation, and education level. Common App also collects the number of siblings an applicant has.
- Purposes for processing: To allow us to communicate with parents or legal guardians of minors so we and our member Colleges and Universities can get evidence of parent or guardian permission to collect the minor applicant’s personal information.
D. College/University Administrators
- Categories of personal information: If you are an administrator at one of our member Colleges or Universities who uses Common App to receive student admission application data, we collect your name and email address to permit you to retrieve data of student applicants who have applied to your college or university using the Common App. The personal information of the administrator is also shared with certain third-party vendors to enable member administrators to gain access to a student applicant’s payment status information.
- Purposes for processing: we use this information to perform the contractual relationship that we have with the member Colleges or Universities you work for.
E. School Officials
- Categories of personal information: If you are an official or employee at an educational institution, when you register for an account with our Properties, we collect information about you and your position at your school, including your name, your position and/or title, and your contact information, including email address, phone number(s), and mailing address(es) and zip code.
- Purposes for processing: we use this information to perform the contractual relationship that we have with the educational institution your work for.
- Categories of personal information: If you wish to submit recommendations for or on behalf of an applicant’s applications to one or more member Colleges or Universities, you must register an account with our Properties and provide information about yourself, including information about you and your relationship with the applicant, including your name, your position and/or title, any school code information, and your contact information including email address, phone numbers, and mailing address(es) and zip code.
- Purposes for processing: To process applicant’s submissions(s) to our member Colleges and Universities
G. Job Applicants
- Purposes for processing: To review job applicant’s qualifications for the position applied.
Common App also collects the above information when we believe that disclosure is necessary to protect our rights and the rights of our members and/or to comply with law or legal obligation (including to meet national security or law enforcement requirements).
5. With Whom Common App Shares the Information We Collect About You
Common App may disclose your personal information to third parties where it is necessary and for purposes described in this Privacy Statement or as notified at the time of collection, including:
- Service Providers: Common App shares applicant names, phone numbers, and home addresses with service providers to confirm the accuracy of the mailing address that you enter. Applicant payment card information is shared with a payment card processor in order to make payment of admission application fees to the selected Colleges and/or Universities. We may also share personal information about you with other third party organizations allowing us and/or them to generate aggregate data which we and/or the third party may publish, combine, or enhance with other aggregate data obtained from other sources, and/or share or distribute the aggregate data. We also use services to provide and maintain our Properties.
- Colleges and/or Universities: Common App shares personal information about applicants with member Colleges and/or Universities to allow them to assess applicants’ suitability for admission, communicate with applicants, and meet institutional reporting requirements. Note that even if an applicant never applies through the Common App, the Colleges and/or Universities in which the applicant has indicated interest will still have access to the applicant’s personal information as part of the applicant’s pre-application data prior to the application being submitted. Such Colleges and/or Universities may use this information, for example, to contact applicants even prior to the time an application is submitted to provide information about their institutions and admission processes and deadlines or track the demographics of their prospective applicant pool. Common App also shares information with Colleges and/or Universities for their own direct marketing purposes.
- Partner Programs: Common App offers certain Partner Programs, where we work with other organizations to provide additional opportunities related to an applicant’s college journey, with which we may share applicant personal information. Applicants are given the opportunity to choose whether they want us to share personal information for the purpose of participating in certain Partner Programs. If Applicants choose to opt out of a Partner Program, they must opt out both with Common App and the Partner. Common App also shares information with Partner Programs for their own direct marketing purposes. Common App has relationships with the following partner programs: The College Board Scholarship Search, Strive for College, Naviance, Maia Learning, and Liaison.
- Business Partners: We may sometimes share your personal information with Business Partners or enable them to collect information directly via our Properties. Our Partners include, notably, Google, Facebook, Instagram, LinkedIn, Twitter, YouTube. Please read our Partners’ privacy policies to understand how they use your personal information.
- Professional Advisors: We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Authorities and others for compliance, fraud prevention and safety: We may share your Personal Data for the compliance, fraud prevention and safety purposes described above.
- Business transferees: We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Data, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
6. Your Choices Regarding Communications from Common App and Member Colleges and Universities
Applicants. When you register with Common App, you are required to express your communications preferences to receive communications from Common App. These communications may include emails, phone or text messages or physical mailings to your address regarding financial aid, tips, and broader topics that Common App feels would benefit you. If you later decide that you would like to “opt out,” please contact the applicant Solutions Center with your request, using the “Instructions & Help” link from your applicant account, or by clicking on the gear icon from your applicant account and changing your communication preference. If you “opt out,” we may still contact you with messages regarding your account with us, including registration and submission confirmation texts, physical mail, and/or emails, to contact you to help answer a technical support question that you may have posed to us regarding your use of the Properties.
Through our App, we send you push notifications from time-to-time in order to update you about the admission application process. If you no longer wish to receive these types of communications, you may turn them off at the device level. To send these notifications, we collect certain information about your device such as operating system and user identification information.
School Officials and Recommenders. If you “opt out” of the online recommendation system via the email invitation initiated by the applicant, you will not receive any College/University specific information concerning the applicant’s admissions process; however, we may use your email address, cell phone number, and/or mailing address to send you registration and submission confirmation communications, text messages or emails, or we may need to contact the user/recommender to help answer a technical support question that you may have posed to us regarding your use of the Properties and to provide you with other information relevant to the student’s admission application process. Additionally, any member colleges may communicate with you regarding the applicant, using the information you or the applicant provide.
Targeted online advertising. Our targeted online advertising is only directed towards prospective Common App Members, and counselors and recommenders. Some of our business partners that collect information about your activities on or through the Properties may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
You may opt-out of receiving targeted advertising on websites from members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
In addition, your mobile device settings may provide functionality to limit our, or our partners’, ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Apple ID for Advertising associated with your mobile device.
If you choose to opt out of targeted advertisements, you will still see advertisements online, but they may not be relevant to you.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Choosing not to share your Personal Data. Please note that we may not be able to provide you with certain services if you choose not to share with us certain Personal Data.
Please consult the EU/UK Supplemental Statement and U.S. Supplemental Statement to learn about rights that apply to you if you reside in such jurisdictions.
7. Common App’s Retention Policy
Common App keeps personal information about you for as long as it is necessary to provide you with the Common App service or we have another legitimate reason to retain it, including for research purposes, longitudinal studies using aggregate data, or for our business purposes. When determining how long to retain your personal information, our considerations include our legal obligations under applicable law and other mandatory record keeping requirements and the likelihood of you needing access to the personal information we hold for purposes related to your previous use of the Common App or App.
8. Common App’s Data Security Policies and Practices
Common App follows industry-recognized security practices and standards to protect the personally identifiable information submitted to us, both during transmission and once it’s received. We employ physical, administrative, and technical safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information. Those safeguards include: the pseudonymization and encryption of personal information where we deem appropriate; and periodic testing, assessment, and evaluation of the effectiveness of our safeguards.
When Properties are accessed using a supported web browser, Transport Layer Security (TLS) technology protects information using both server authentication and data encryption to help ensure that data are safe, secure, and available only to authorized users.
Your User Registration information is password-protected. We recommend that you do not divulge your password to anyone, that you sign out of your Common App registration account and close your browser window when you have finished your work, and that you do not copy and paste links from within the online application into an email or share with others on a public forum.
9. Children’s Privacy
Common App’s Properties are not intended for the use of children under the age of 13 or not old enough for us to process their Personal Information without parental or age-specific consent in the place where they live. If you believe we might have collected Personal Data from a child in one of these categories, please contact us at firstname.lastname@example.org for us to investigate and delete as appropriate.
We do not process a child’s Personal Information, ages 13 to 15, without the explicit consent of the child’s parent or custodian. We collect this Personal Information to assist our users with the use of our application. Our legal basis for doing this is that it is necessary in order for children ages 13 to 15 to use our application.
10. Links to Other Websites
11. How You Can Contact Us Regarding This Policy
If you have questions or concerns regarding this Policy, you should first contact the following Common App representative by email, phone, or mail at the address below:
The Common App, Inc.
3003 Washington Blvd., Ste. 1000
Arlington, VA 22201
You may also click “Help Center” at www.commonapp.org to communicate any questions, comments, feedback, or complaints regarding this Policy or the use of personal information by the Common App.
U.S. Supplemental Statement
Certain U.S. states provide their residents with certain rights regarding their Personal Data that is collected by businesses. Common App has decided to allow all its customers and other persons in the U.S. to make the same requests, which we call Personal Data Requests (“PDRs”), regardless of whether their place of residence affords them the legal right to make such requests. Common App reserves the right to discontinue this policy at any time, and at its sole discretion, limit PDRs to only those residents of those jurisdictions where privacy laws afford the state residents privacy rights.
This section provides information about the types of Personal Data we collect and disclose to other companies. It also explains how you may make a PDR if you are a US resident.
Before processing your PDRs, we will confirm your identity by requiring you to provide certain information about you and/or your account with us and you will have to declare that you are who you claim to be.
You may exercise any privacy choice below by submitting a PDR via this link– Contact Common App Support
- Request to Know What Personal Data We Have Collected:
You may request that we disclose the following information to you:
- The categories of Personal Data we have collected about you, directly or indirectly, including through or by a service provider or contractor;
- The categories of sources from which the Personal Data was collected;
- The business or commercial purpose for collecting or selling Personal Data;
- The categories of third parties with which we share Personal Data;
- The categories of Personal Data about you that we have sold or shared and the categories of third parties to which the Personal Data was sold or shared;
- The categories of Personal Data about you that we disclosed for a business purpose and the categories of third parties to which the Personal Data was disclosed;
- The specific pieces of Personal Data we have collected about you;
If you are an applicant, you may also save a copy of your application PDF to view the data Common App has collected about you.
Request Deletion of Personal Data: You may request that we delete any Personal Data about you, and that we notify any service provider, contractor, or third party to delete your Personal Data from its records. Your Personal Data may not be deleted under certain circumstances allowed by law, including, but not limited to, where maintenance of your Personal Data is necessary to: complete the transaction for which the Personal Data was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, to provide a good or service that you requested or that is reasonably anticipated within the context of their ongoing business relationship with us, or to otherwise perform a contract between us and you; to detect security incidents, protect against or prosecute fraudulent or illegal activity; to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; to comply with a legal obligation; or to otherwise use your Personal Data internally in a lawful manner that is compatible with the context in which you provided that specific data.
You may also delete your Common App account by sending us an email or through your account settings. For more information, please visit our FAQ page, “How can I delete my Common App account?”
Request Correction of Personal Data: You may correct your Personal Data yourself through your Common App account before you submit your application. Once submitted, you will need to contact the Member institutions you have submitted your application to in order to correct your data.
Request Opt-Out from Sale or Sharing of Personal Data or Use of Personal Data for Targeted Advertising or Profiling:
You may direct us not to do the following:
- Sell your Personal Data;
- Share your Personal Data with third parties for cross-context behavioral advertising;
- Use your Personal Data for targeted advertising;
- Use your Personal Data for profiling that produces legal or similarly significant effects concerning you.
Request to Limit the Use and Disclosure of Sensitive Personal Data: You may request that we limit the use of your Sensitive Personal Data.
Appeal a Denial of a Personal Data Request: Should we deny your Personal Data request, you may appeal the denial within 60 days from receipt of our decision on your request. If your appeal is denied, we will provide you with an online mechanism, if available, or other method through which you may contact the Attorney General of your state to submit a complaint or express your concerns.
Authorized Agent: You may use an authorized agent to submit a PDR, including through the use of a technology including, but not limited to, an Internet link or a browser setting, browser extension or global device setting, indicating your intent to opt out of certain processing of Personal Data. To use an authorized agent, you must provide the agent with a signed authorization. We may require the agent to provide us with proof of the signed authorization. In addition, we may require you to verify your identity with us and directly confirm that you authorized the agent to submit the Personal Data request on your behalf. Such requirements, however, will not apply where you have provided the agent with power of attorney pursuant to applicable state law.
Authorized agents may submit Personal Data requests using the same process described above.
Non-discrimination: We will not discriminate against a person because the person exercised a PDR, including, but not limited to:
- Denying goods or services to the person;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing a different level or quality of goods or services to the person;
- Suggesting that the person will receive a different price or rate for goods or services or a different level or quality of goods or services;
- Retaliating against an employee, applicant for employment, or independent contractor for exercising a PDR.
Personal and Sensitive Personal Data Collected, Shared, Sold, or Disclosed for a Business Purpose:
In the preceding 12 months, we may have collected the following categories of Personal Data from the following sources and for the following purposes. We may collect only certain pieces of Personal Data described in a given category and may not collect certain pieces of Personal Data described in each category. We retain this information as long as necessary for business purposes, which includes, but is not limited to, research and development, college application processing, and for compliance, fraud prevention, and safety.
Device operating system version, device type and system response times, Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, date/time stamp, and/or clickstream data.
|Category of Personal Data Collected||Category of Source of Collection||Business or Commercial
Purpose of Collection
|Name, home and mailing address, email address, home and cell phone number, date of birth, and information regarding your plans to attend college.
Your gender, legal sex, pronouns, military status, race, language proficiency, place of birth, duration of residency in the U.S./other country of residency, citizenship status, and financial status.
Your education, testing, extracurricular and/or community involvement history, and any information you voluntarily provide in your application, including writing samples and essays.
|Name, marital status, household member information, children, whether the parent is living of dead, occupation, and education level, and number of siblings the Applicant has.
|Parents/Guardians and Siblings of Applicants||To communicate with parents or legal guardians for minors so we and our Member Colleges and Universities can get evidence of parent or guardian permission.|
|Name and email address
|College/University Administrators||To perform the contractual relationship that we have with the Member College or University you work for.|
|Name, email address, phone number(s), mailing address(es), zip code, the educational institution you work for, and your position and/or title.
|School Officials||To perform the contractual relationship that we have with the Member College or University you work for.|
|Name, position and/or title, any school code information, email address, phone number(s), mailing address(es), zip code, and your relationship to the applicant.
|Recommenders||To process applicant submission(s) to our Member Colleges and Universities.|
|Name, email address, phone number, address, resume, cover letter, and EEO information (which may include race, gender, sex, preferred pronouns, disability, veteran status, and residency).||Employment Applicants||To process job application and candidacy for applied position.|
EEA/UK GDPR Supplemental Statement
If you are located in the European Economic Area or the United Kingdom, and access our Properties, this EEA/UK GDPR supplemental notice applies to you.
- Who is the controller?
Common App established at 3003 Washington Blvd, Suite 1000, Arlington VA, 22203, USA is the controller of your Personal Data.
- What Are Our Legal Bases for Processing Personal Data?
- Performance of a contract
We process your personal information as is necessary to provide the services that you requested from us. For example:
- We use your information in order to create your account and set you up on our Properties.
- We use your information to proceed with your application to our member Colleges and Universities.
- Your consent
We process certain information based on your consent, which you may revoke at any time. For example:
- we and our partners rely on your consent to provide you with personalized experience and advertisements based on your activity on our Properties and other websites;
- When you create a profile, we may process sensitive personal information about you, such as information about your ethnic or racial origin. We will only process such sensitive personal information when you have explicitly consented to it and will only use it to provide you with our services.
Where we process your personal information based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of personal information performed on other lawful grounds.
- Legitimate Interests
We may process your information where it is necessary for the purposes of our legitimate interests or our partners’ legitimate interests. In particular, we process your information in furtherance of the following legitimate interests. For example:
- Providing, improving, and developing our Properties: We and our service providers use your information to provide our Properties, including any personalized services, and to understand and improve our business.
- Conducting research and studies: We and our service providers/partners use your information to conduct research and studies.
- Providing ads, and measurement and analytics services: We and our partners use your information to provide personalized ads, and to measure and analyze the success of those ads in order to provide accurate and reliable reporting to our advertisers. We do so as necessary to pursue our legitimate interests and our partners’ legitimate interests of marketing and monetizing our services.
- Legal Obligation
We may process your information in order to comply with a legal obligation, a court order, or to exercise and defend legal claims. For example:
- we may preserve and disclose your information if it is necessary to respond, based on applicable law, to a valid legal request (e.g., a subpoena, search warrant, court order, or other binding request from government or law enforcement); and
- we may retain and process your information where it is necessary for compliance with applicable laws.
- Performance of a contract
- Your rights
You have the following rights in relation to the Personal Data we hold about you:
- Right of access: you can ask us to provide you with information about our processing of your Personal Data and give you access to your Personal Data;
- Right to rectification: If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified;
- Right to erasure: You can ask us to delete or remove Personal Data where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request;
- Right to restrict processing: you can ask us to suspend the processing of your Personal Data if, (i) you want us to establish the data's accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to object: Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Right to data portability: You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent at any time: where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the Personal Data or where certain exemptions apply.
To exercise any of these rights, please contact us using the contact details provided above.
Although we urge you to contact us first to find a solution for every concern you may have, you always have the right to lodge a complaint with your competent data protection authority.
- How Do We Protect Personal Data if we transfer it internationally?
We may transfer your Personal Data outside of the EEA and/or UK. Some of these recipients are located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under UK and/or European data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.
Some recipients of your Personal Data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). Where we transfer your Personal Data to a recipient in a Restricted Country, we will either:
- enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable); or
- rely on other appropriate means permitted by the EU/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
You may ask for a copy of such appropriate data transfer agreements by contacting us using the contact details above.