Schrems II and US-based subprocessors

We have taken several measures to comply with the Schrems II ruling, invalidating EU-US Privacy Shield as a legitimate way of transferring data between the EU and the US. The measures we have taken to ensure the legality of US data transfers are the following:

1. Review of subprocessors
2. Changes in subprocessors
3. For all US-based subprocessors, updated DPAs with the EU's Standard Contractual Clauses (SCCs).

See the full list of our subprocessors here, including the purposes for which we use each of them, and their headquarter addresses.