> ## Documentation Index
> Fetch the complete documentation index at: https://docs.squid.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# International Data Transfers

> How we transfer data across borders, the legal mechanisms (e.g., Standard Contractual Clauses), and protections.

*Last updated: \[August 27, 2025]*

Squid Academy operates internationally. This means that your personal data may be transferred to and processed in countries outside of your own — including countries that may not have the same level of data protection as your home country.

This page summarizes how we handle cross-border transfers as described in Section 14 of our [<u>Privacy Policy</u>](https://docs.google.com/document/u/6/d/1pJDPGOXueYFzt81Wzzv25-04_nuPi3seArJJkqm_d_4/edit) and Section 10 of our [<u>Data Processing Addendum</u>](https://docs.google.com/document/u/6/d/1IXgzc8vsrTkkPtnwghZ2pHGoR_ZyCeKdo2db0m7dNsw/edit).

## **1. Where Your Data May Go**

* **Primary processing locations** – We store and process data in the regions where we (and our sub-processors) operate, which may include the United States, the United Kingdom, the European Union, and Asia-Pacific regions.
* **Third-party sub-processors** – Our [<u>Sub-processor List</u>](https://docs.google.com/document/u/6/d/1hSsHISPyzidVjqRFjI2EwKUCX3lrMDW5LtjxLhJ1zVs/edit) includes details of vendors that may process personal data internationally.

## **2. How We Protect Your Data During Transfers**

When personal data is transferred across borders, we implement safeguards that meet applicable legal requirements, such as:

### **Adequacy Decisions**

* Transfers from the EU/EEA, UK, or Switzerland to countries recognized by the European Commission (or UK Government) as having adequate protection.

### **Standard Contractual Clauses (SCCs)**

* For transfers to countries without an adequacy decision, we use the European Commission’s SCCs or the UK International Data Transfer Addendum as appropriate.

### **Supplementary Measures**

* Technical measures such as encryption in transit and at rest.
* Access controls ensuring only authorized personnel can access the data.
* Organizational measures such as staff training and vendor due diligence.

### **Transfer Impact Assessments (TIAs)**

* We assess the legal and practical risks of each transfer, and document these assessments.

## **3. Transfers Initiated by Your Organization**

If your organization (school, university, or esports center) uses our services from outside the EU/EEA/UK, it is responsible for ensuring that its own data transfers to us comply with applicable laws.

## **4. Your Rights**

You can request:

* A copy of the SCCs or other applicable transfer mechanism.
* Details of the countries where your personal data has been processed.

Contact [<u>privacy@squid.gg</u>](mailto:privacy@squid.gg) or [<u>Submit a Privacy Request</u>](https://drive.google.com/open?id=1IwxaKEtOAeDeaGgC6E3I_nLwY4zKsBp2XVnW1S_0gew) to make this request.

## **5. Updates**

We may update this page to reflect changes in our transfer practices or legal requirements. Updates will be posted here with a revised “Last updated” date.