This Data Transfers Addendum ("Addendum") supplements the Data Processing Agreement and specifies the mechanisms and safeguards SaveCash employs to facilitate lawful international transfers of personal data. This Addendum is incorporated by reference into the Data Processing Agreement and applies to all cross-border data transfers conducted by SaveCash in connection with the Services.

1. Transfer Mechanisms

To enable lawful international transfers, SaveCash relies on various approved transfer mechanisms depending on the origin and destination of the data:

1.1 Standard Contractual Clauses (SCCs)

For transfers from the EEA, UK, and Switzerland to third countries, SaveCash uses the European Commission's Standard Contractual Clauses (Module Two for processor-to-processor transfers and Module Three for processor-to-controller transfers) as approved by the European Data Protection Board.

1.2 Adequacy Decisions

SaveCash transfers personal data to countries recognized by the European Commission or other regulatory authorities as providing adequate levels of data protection, including Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, and the UK.

1.3 Binding Corporate Rules

SaveCash's intra-group data transfers are governed by Binding Corporate Rules that have been approved by relevant supervisory authorities, ensuring consistent data protection standards across all SaveCash entities.

1.4 Derogations

In limited circumstances where other mechanisms are not available, SaveCash may rely on GDPR Article 49 derogations, such as explicit consent, necessity for contract performance, or establishment of legal claims.

2. Supplementary Measures

Following the European Court of Justice's Schrems II decision, SaveCash implements supplementary technical and organizational measures to ensure transferred data receives essentially equivalent protection:

2.1 Technical Measures

• End-to-end encryption for data in transit (TLS 1.3)
• Encryption at rest using AES-256
• Pseudonymization where appropriate
• Secure deletion and key management

2.2 Organizational Measures

• Contractual commitments from sub-processors
• Internal governance and policies
• Regular security training and awareness
• Transparency reports on government access requests

2.3 Transfer Impact Assessments

SaveCash conducts Transfer Impact Assessments to evaluate risks associated with specific transfer destinations and implements appropriate mitigations.

3. Contact Information

For questions about international data transfers, contact us at: