Where a transfer of personal data occurs between Openli and a sub-data processor located outside of the EEA, the transfer of personal data will include one of the following appropriate safeguards, as applicable:
(i) The EU - U.S. Data Privacy Framework.
(ii) The adoption by the parties of the EU model clauses resulting from the EU Commission implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
(iii) Any other appropriate safeguards recognized by the GDPR such as an adequacy decision, an approved code of conduct or an appropriate certification mechanism.
All of Openli’s sub-processors based outside the EU are certified under the EU-U.S. Data Privacy Framework (DPF).
Additionally, Openli has entered into EU Standard Contractual Clauses (SCCs) with all data sub-processors in third countries.
Annual review of our sub processor’s data privacy & security compliance is conducted by Openli’s Privacy team.