Cross-border data transfers

 

Last updated: 14 January2022

 

When Adobe transfers personal information from customers across national borders, we do so in compliance with applicable law.

 

How does Adobe transfer your personal information?

For our individual users and customers whose use of Adobe websites and apps results in the transfer of personal information from the European Economic Area (EEA), the United Kingdom or Switzerland to non-EEA countries, we rely on one or more of the following legal mechanisms: Standard Contractual Clauses, the European Commission's adequacy decisions about certain countries, as applicable and consent of the individual.

 

Additional information about Adobe’s privacy practises relating to our individual users and customers is available in the section of the Adobe Privacy Centre titled “What does Adobe do with your personal information?”

 

How does Adobe transfer personal information on behalf of our business customers?

For our business customers whose use of Adobe solutions involves the processing of personal information from the EEA, the United Kingdom or Switzerland, Adobe Systems Software Ireland Limited (Adobe Ireland) processes your personal information and may transfer it to Adobe entities in non-EEA countries, such as Adobe Inc. (Adobe U.S.). Where it does so, Adobe relies on Standard Contractual Clauses (SCCs) and adequacy decisions about certain countries, as applicable and has entered into SCCs between its relevant entities to cover these transfers. We have also prepared a Data Processing Agreement (DPA) to cover the processing of EU personal information of our business customers. If you are an Adobe business customer (with Enterprise Licensing) and want to enter into a DPA with Adobe, please request those documents from us.

 

Additional information about Adobe’s privacy practices in relation to our business customers is available in the section of the Adobe Privacy Centre titled “What do Adobe’s business customers do with your information?”

 

Adobe Privacy Shield certification

Adobe Inc. (our U.S. company) has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA), the United Kingdom and Switzerland to the United States. Although the EU-U.S. and Swiss-U.S. Privacy Shield have been ruled invalid for the transfer of data, where personal information has already been transferred to the U.S. on the basis of the EU-U.S. or Swiss-U.S. Privacy Shield, we will continue to protect personal information from the EU, the United Kingdom and Switzerland according to the standards of the Privacy Shield and applicable EU law. To learn more about the Privacy Shield programme or to view the certification for Adobe Inc., please see https://www.privacyshield.gov/

 

As described in the Privacy Policy, for individual users who reside outside of North America, your relationship is with Adobe Systems Software Ireland Limited, which is the “data controller” with regard to EU personal information collected by Adobe. Your personal information may be transferred to other Adobe entities, as described above.

 

With respect to personal information processed on behalf of our EEA, United Kingdom and Swiss business customers under EU privacy laws, Adobe Systems Software Ireland Limited (Adobe Ireland) is generally considered a “data processor.” For example, an EEA business customer may use Acrobat Sign to process documents containing names, email addresses and other personal information about its end customers. As part of Adobe providing services to the business customer, Adobe Ireland may transfer this personal information of end customers to other Adobe entities under Standard Contractual Clauses, as described above.

 

Additional descriptions about how we treat personal information that was transferred in reliance on Privacy Shield are available in the following sections of the Adobe Privacy Policy:

Adobe Inc. complies with the Privacy Shield Principles where it has received personal information from the EEA and Switzerland in reliance on the Privacy Shield.

 

If you have a question or complaint about our compliance with the Privacy Shield Principles, please contact us. If we do not resolve your complaint, Adobe has chosen to cooperate with a dispute resolution provider established by the Association of National Advertisers (ANA), who will hear such complaints (more information). You may also have a right to invoke binding arbitration for unresolved complaints (more information). Adobe U.S. is subject to the investigatory and enforcement powers of the FTC.

 

For information regarding our security measures, please visit the Adobe Security Centre.