1. Where Your Data May Go
- Primary processing locations – We store and process data in the regions where we (and our sub-processors) operate, which may include the United States, the United Kingdom, the European Union, and Asia-Pacific regions.
- Third-party sub-processors – Our Sub-processor List includes details of vendors that may process personal data internationally.
2. How We Protect Your Data During Transfers
When personal data is transferred across borders, we implement safeguards that meet applicable legal requirements, such as:Adequacy Decisions
- Transfers from the EU/EEA, UK, or Switzerland to countries recognized by the European Commission (or UK Government) as having adequate protection.
Standard Contractual Clauses (SCCs)
- For transfers to countries without an adequacy decision, we use the European Commission’s SCCs or the UK International Data Transfer Addendum as appropriate.
Supplementary Measures
- Technical measures such as encryption in transit and at rest.
- Access controls ensuring only authorized personnel can access the data.
- Organizational measures such as staff training and vendor due diligence.
Transfer Impact Assessments (TIAs)
- We assess the legal and practical risks of each transfer, and document these assessments.
3. Transfers Initiated by Your Organization
If your organization (school, university, or esports center) uses our services from outside the EU/EEA/UK, it is responsible for ensuring that its own data transfers to us comply with applicable laws.4. Your Rights
You can request:- A copy of the SCCs or other applicable transfer mechanism.
- Details of the countries where your personal data has been processed.