EU-US Privacy Shield Certification. USA, GDPR, TYPE CONTRACTUAL CLAUSES AND ADDITIONAL GUARANTEES
If you are outside the United States and choose to provide us with information, you must bear in mind that your data is transferred to the United States and processed there.
To date, data transit between data exporters from the EU and data importers from the USA (as would be our case) could be covered by the Privacy Shield agreement, under the adherence of the US-based company to the requirements set out under this agreement.
As of today, the judgment of the CJEU of July 16, 2020 declares the Privacy Shield agreement invalid, therefore, until a new agreement can be carried out or a unified position is adopted, the international transfer of data to the USA from the EU it must be justified under other types of measures.
Until the authorities on personal data protection rule again, Standard Contractual Clauses (CCT) may continue to be applied together with the necessary complementary security measures, which will be those that we initially put in place to be able to give service to our customers in the EU with full guarantee for our users in the EU.
While the EU and the USA define a protocol that updates the appropriate mechanisms for the international transfer of personal data between both territories, and until the corresponding control authorities pronounce themselves in November, the adaptation to regulations of the Standard Contractual Clauses remains in force. They define the obligations of the data importer (Mobile Leaves Corp) and the security measures applied, together with the definition of the data collected, categories of interested parties, etc.
We have prepared a document with the security guarantees on data processing that you can consult HERE.