Last updated: August 25, 2020
When Adobe transfers personal information from customers across national borders, we do so in compliance with applicable law.
How does Adobe transfer your personal information?
For our individual users and customers whose use of Adobe websites and apps results in the transfer of personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to non-EEA countries, we rely on one or more of the following legal mechanisms: the Swiss-U.S. Privacy Shield (for transfers of personal information from Switzerland), Standard Contractual Clauses, and consent of the individual.
Additional information about Adobe’s privacy practices relating to our individual users and customers is available in the section of the Adobe Privacy Center titled “What does Adobe do with your personal information?”
How does Adobe transfer European personal information on behalf of our business customers?
For our business customers whose use of Adobe solutions results in the transfer of personal information from the EEA, the United Kingdom, or Switzerland to non-EEA countries, Adobe relies on the Swiss-U.S. Privacy Shield, and Standard Contractual Clauses. More information about our certification to the Privacy Shield is provided below. Regarding the Standard Contractual Clauses, Adobe has prepared a Data Processing Agreement (DPA) that includes the Standard Contractual Clauses (SCCs). If you are an Adobe business customer and want to enter into a DPA and SCCs with Adobe, please request those documents from us.
Additional information about Adobe’s privacy practices in relation to our business customers is available in the section of the Adobe Privacy Center titled “What do Adobe’s business customers do with your information?”
Adobe Privacy Shield certification
Adobe Inc. (our U.S. company) has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA), the United Kingdom, and Switzerland to the United States. Although the EU-U.S. Privacy Shield has been ruled invalid for the transfer of data, where personal information has already been transferred to the U.S. on the basis of the EU-U.S. Privacy Shield, we will continue to protect personal information from the EU and the United Kingdom according to the standards of the Privacy Shield and applicable EU law. To learn more about the Privacy Shield program, or to view the certification for Adobe Inc., please see https://www.privacyshield.gov/.
With respect to personal information processed on behalf of our EEA, United Kingdom, and Swiss business customers, under EU privacy laws, Adobe Systems Software Ireland Limited (Adobe Ireland) is generally considered a “data processor.” For example, an EEA business customer may use Adobe Sign to process documents containing names, email addresses, and other personal information about its consumers. As part of Adobe providing services to the business customer, this personal information of consumers may be transferred by Adobe Ireland to Adobe U.S. under our Privacy Shield certification (for transfers of personal information from Switzerland) or Standard Contractual Clauses, as described above.
Adobe U.S. complies with the Privacy Shield Principles whenever it receives personal information from the EEA and Switzerland in reliance on the Privacy Shield.
If you have a question or complaint about our compliance with the Privacy Shield Principles, please contact us. If we do not resolve your complaint, Adobe has chosen to cooperate with a dispute resolution provider established by the Association of National Advertisers (ANA), who will hear such complaints (more information). You may also have a right to invoke binding arbitration for unresolved complaints (more information). Adobe U.S. is subject to the investigatory and enforcement powers of the FTC.
For information regarding our security measures, please visit the Adobe Security Center.