Uploadcare’s Transfer Impact Assessment

Uploadcare safeguards the personal data our customers entrust us to process when we must transfer that data to a third country — whether for the purposes of providing to you our services, support, analysis, security, or sub-processing.

Uploadcare’s Data Protection Addendum now incorporates the the Standard Contractual Clauses (Model Two). In response to the heightened requirements created by the Schrems II decision, these new SCCs require a data importer (such as us) to provide specific information about data transfers it undertakes, and requires importers to conduct a transfer impact assessment to evaluate risks involved with the transfer of personal data to countries outside the EEA. The SCCs also require a data importer to take into account any supplemental technical and organizational security measures and additional assessments may be required to mitigate risks before transferring any personal data across borders.

In Annex I of our SCCs you can find information about:

  • Categories of data subjects whose personal data is transferred
  • Categories of personal data transferred
  • Sensitive data transferred
  • The frequency of the transfer
  • Nature of the processing
  • Purpose(s) of the data transfer and further processing
  • The period for which the personal data will be retained
  • For transfers to (sub-) processors, it also specifies subject matter, nature and duration of the processing

Annex II of our SCCs provides you with technical and organisational measures to ensure the security of the data. We are currently in the process of implementing additional supplementary measures such as regionalized storage, and will continue to watch for additional guidance from our Data Protection Authorities and from the European Data Protection Board (EDPB).

Annex III of our SCCs gives you a list of sub-processors.

You can also find our transparency report here.