1. Purpose
My Country Mobile operates globally and processes some Personal Data outside the EEA/UK (including in Singapore and the United States). This pack documents the safeguards used for those transfers under the GDPR and UK GDPR.
2. Transfer Mechanisms
EU Standard Contractual Clauses (SCCs)
Commission Implementing Decision (EU) 2021/914
Used for transfers of Personal Data from the EEA to MCM and its sub-processors in third countries.
UK International Data Transfer Addendum (IDTA)
Addendum to the EU SCCs (version B1.0)
For transfers of UK Personal Data to MCM and its sub-processors in third countries.
Switzerland
EU SCCs with Swiss amendments
EU SCCs with Swiss amendments — FADP references, FDPIC as supervisory authority.
3. Transfer Impact Assessment (Schrems II)
For transfers to the United States and other third countries, MCM conducts a transfer impact assessment considering the legal regime of the destination and the supplementary measures in place:
Encryption in transit
Access controls
Contractual commitments
Destination legal regime review
Transparency on govt-access requests
Internal TIA records retained
4. Article 27 Representatives
Because MCM is established outside the EU/UK but offers services to data subjects there, it appoints representatives under GDPR/UK GDPR Article 27. Their contact details will be published in the Privacy Policy.
🇪🇺 EU Representative
GDPR Article 27 — located in an EU member state
Pending appointment🇬🇧 UK Representative
UK GDPR Article 27
Pending appointment5. Checklist
Confirm operating entity and group transfer flows.
Execute SCCs (correct modules) with customers and sub-processors.
Execute UK IDTA where UK data is transferred.
Complete and retain transfer impact assessments.
Appoint EU + UK Article 27 representatives and publish contacts.
Maintain Records of Processing Activities (ROPA).
Confirm a lawful basis and consent records for marketing.