EU-U.S. Privacy Shield/European data transfers
Last updated: October 26, 2017
When Adobe transfers personal information from customers across national borders, we do so in compliance with applicable law.
How does Adobe transfer your EU personal data?
For our individual users and customers whose use of Adobe websites and apps results in the transfer of personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to non-EEA countries, we rely on one or more of the following legal mechanisms: the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, Standard Contractual Clauses, and consent of the individual.
Additional information about Adobe’s privacy practices relating to our individual users and customers is available in the section of the Adobe Privacy Center titled “What does Adobe do with your personal information?”
How does Adobe transfer EU personal data on behalf of our business customers?
For our business customers whose use of Adobe solutions results in the transfer of personal information from the EEA, the United Kingdom, or Switzerland to non-EEA countries, Adobe relies on the following legal mechanisms: the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, and Standard Contractual Clauses. More information about our certification to the Privacy Shield is provided below. Regarding the Standard Contractual Clauses, Adobe has prepared a Data Processing Agreement (DPA) that includes the Standard Contractual Clauses (SCCs). If you are an Adobe business customer and want to enter into a DPA and SCCs with Adobe, please request those documents from us.
Additional information about Adobe’s privacy practices in relation to our business customers is available in the section of the Adobe Privacy Center titled “What do Adobe’s business customers do with your information?”
Adobe Privacy Shield certification
Adobe Inc. (our U.S. company) has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA) and the United Kingdom and/or Switzerland to the United States. Our certification does not apply to personal information collected in connection with Fotolia and TubeMogul websites and apps. To learn more about the Privacy Shield program, or to view the certification for Adobe Inc., please see https://www.privacyshield.gov/.
With respect to personal information processed on behalf of our EEA, UK, and Swiss business customers, under EU privacy laws, Adobe Systems Software Ireland Limited (Adobe Ireland) is generally considered a “data processor.” For example, an EEA business customer may use Adobe Sign to process documents containing names, email addresses, and other personal information about its consumers. As part of Adobe providing services to the business customer, this personal information of consumers may be transferred by Adobe Ireland to Adobe U.S. under our Privacy Shield certification or Standard Contractual Clauses, as described above.
- The types of personal information collected
- The purposes for which personal information is collected and used
- An individual’s right to access his or her personal information
- The choices we offer individuals for limiting the use and disclosure of personal information
- The types of third parties to which personal information may be disclosed (including when Adobe is required to disclose personal information to lawful requests by public authorities, including to meet national security or law enforcement requirements). Please note that when Adobe U.S. uses service providers to process personal information received in reliance on Privacy Shield, it is responsible if that service provider processes the information in violation of the Privacy Shield Principles (unless Adobe U.S. can prove that it’s not responsible for the service provider’s action that violated the Principles).
Adobe U.S. complies with the Privacy Shield Principles whenever it receives personal information from the EEA, the United Kingdom, and Switzerland in reliance on the Privacy Shield.
If you have a question or complaint about our compliance with the Privacy Shield Principles, please contact us. If we do not resolve your complaint, Adobe has chosen to cooperate with a dispute resolution provider established by the Data & Marketing Association (DMA), who will hear such complaints (more information). You may also have a right to invoke binding arbitration for unresolved complaints (more information). Adobe U.S. is subject to the investigatory and enforcement powers of the FTC.
For information regarding our security measures, please visit the Adobe Security Center.