SaaS contract – Bodle Law

SaaS Agreements – FAQs – Restricted Transfers

23/10/2023 Irene Bodle

Restricted transfers are a type of international data transfer to which special rules apply. SaaS suppliers and SaaS customers are responsible for complying with the relevant rules when making or permitting restricted transfers of personal data to their suppliers, customers, sub-processors, group companies and partners.

What is an international data transfer?

An international data transfer occurs when personal data is sent or transmitted from one country to another.

This includes:

SaaS Agreements – FAQs – Transfer Mechanisms

04/10/2023 Irene Bodle

Below is a summary of the transfer mechanisms that can be relied upon to make a lawful transfer of UK, Swiss or EEA personal data to a country outside of the UK, Switzerland or the EEA.

Adequacy is granted when a recipient country is deemed to have data protection laws and practices similar to those of the sending country.

SaaS Agreements – Data Protection: UK-US Data Bridge

26/09/2023 Irene Bodle

On Friday the 22nd of September the UK agreed its own transfer mechanism which can be used instead of UK standard contractual clauses.

From the 12 October 2023, SaaS Suppliers and SaaS Customers can start to transfer UK personal data to entities located in the USA provided that the US entity is certified under the new “UK Extension to the EU-US Data Privacy Framework” (UK-US Data Bridge).

This now means that all transfers of UK personal data made to US companies certified under the UK-US Data Bridge by SaaS companies will be deemed to be to a third country that has adequate data protection laws.

Once a US organisation has been certified and is publicly placed on the DPF List they can receive EU personal data through the DPF.

SaaS Agreements – Data Protection – New EU-US Privacy Shield?

15/04/2022 Irene Bodle

Following the Schrems II judgement of the European Court of Justice (“ECJ”), which invalidated the EU-US Privacy Shield which resulted in the subsequent European Data Protection Board (“EDPB”) final data transfer guidance, SaaS customers and SaaS suppliers are currently required to carry out a data transfer assessment (“DTA”) prior to transferring personal data outside of the EEA to a “third country” i.e. to a country which does not have an “adequacy decision” from the EU, for example, the USA.

SaaS Agreements – FAQs – Cookies

14/04/2022 Irene Bodle

Cookies are small text files placed on a user’s hardware device, such as a computer, tablet or mobile phone which record online activity. The majority of websites use cookies to measure visits and the use of websites (analytics cookies). Cookies are often also used to save user names, passwords and user preferences to make repeated use of a website more comfortable for the user. However, increasingly cookies are being used to collect information about users for the purposes of targeted marketing, tracking and other non essential purposes.

SaaS Agreements – Data Protection – Schrems II: Data Transfer Assessments

23/07/2021 Irene Bodle

Following the Schrems II judgement and the subsequent European Data Protection Board (EDPB) Schrems II guidance, SaaS customers and SaaS suppliers are now required to carry out a data transfer assessment prior to transferring personal data outside the EEA to a third country which does not have an “adequacy” decision from the EU. i.e. any transfer of EU located data to the USA.

SaaS Agreements – Data Protection – New EU Standard Contractual Clauses

19/07/2021 Irene Bodle

On the 4th of June 2021 the EU Commission announced the adoption of new Standard Contractual Clauses (new SCCs). The new SCCs must be used by all SaaS suppliers and SaaS customers who transfer personal data from the EU to countries outside the EU/EEA (third countries) when the old SCCs (old SCCs) are repealed on the 27th of September 2021.

SaaS Agreements – Data Protection – New EU Standard Contractual Clauses Published

09/06/2021 Irene Bodle

On the 4th of June 2021 the EU Commission announced the adoption of new Standard Contractual Clauses (new SCCs). The new SCCs must be used by all SaaS suppliers and SaaS customers who transfer personal data to countries outside the EU/EEA (third countries) once the current SCCs are repealed.

SaaS Agreements – GDPR – Personal Data Breaches and How to Avoid them

30/09/2019 Irene Bodle

Recently there have been a number of high profile cases involving the UK’s data protection authority (the “ICO”), imposing very large fines on Marriott and British Airways for serious data breaches. SaaS customers and SaaS suppliers should be reviewing the appropriateness of their technical and organisational measures to avoid the

Name	Borlabs Cookie
Provider	Borlabs - Benjamin a. bornschein
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Privacy Policy	https://borlabs.io/privacy/
Cookie Name	borlabs-cookie
Cookie Expiry	180 days

Accept	Google Analytics
Name	Google Analytics
Provider	Google Inc.
Purpose	Cookies are set by Google and are used for website analytics and performance measurement. Cookies create statistical data on how visitors use our Site.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga ; _ga_*
Cookie Expiry	_ga : 1 year 1 month, _ga_* : 1 year 1 month