Legal · GDPR · UK GDPR

GDPR / UK International Transfer Pack

Last updated: May 30, 2026

Documents the safeguards My Country Mobile uses when transferring Personal Data outside the EEA and UK under the GDPR and UK GDPR.

EU SCCs (2021/914)UK IDTA B1.0Swiss FADPSchrems II TIA

1. Purpose

My Country Mobile operates globally and processes some Personal Data outside the EEA/UK (including in Singapore and the United States). This pack documents the safeguards used for those transfers under the GDPR and UK GDPR.

2. Transfer Mechanisms

a

EU Standard Contractual Clauses (SCCs)

Commission Implementing Decision (EU) 2021/914

Used for transfers of Personal Data from the EEA to MCM and its sub-processors in third countries.

Module Two (Controller → Processor)For customer-to-MCM transfers.
Module Three (Processor → Processor)For MCM-to-sub-processor transfers.
b

UK International Data Transfer Addendum (IDTA)

Addendum to the EU SCCs (version B1.0)

For transfers of UK Personal Data to MCM and its sub-processors in third countries.

c

Switzerland

EU SCCs with Swiss amendments

EU SCCs with Swiss amendments — FADP references, FDPIC as supervisory authority.

3. Transfer Impact Assessment (Schrems II)

For transfers to the United States and other third countries, MCM conducts a transfer impact assessment considering the legal regime of the destination and the supplementary measures in place:

🔒

Encryption in transit

🔑

Access controls

📜

Contractual commitments

🌐

Destination legal regime review

📢

Transparency on govt-access requests

🗂️

Internal TIA records retained

4. Article 27 Representatives

Because MCM is established outside the EU/UK but offers services to data subjects there, it appoints representatives under GDPR/UK GDPR Article 27. Their contact details will be published in the Privacy Policy.

⚠️ EU and UK Article 27 Representatives have not yet been appointed. Appoint before actively marketing to EU/UK regions and update the Privacy Policy with their contact details.

🇪🇺 EU Representative

GDPR Article 27 — located in an EU member state

Pending appointment

🇬🇧 UK Representative

UK GDPR Article 27

Pending appointment

5. Checklist

Confirm operating entity and group transfer flows.

Execute SCCs (correct modules) with customers and sub-processors.

Execute UK IDTA where UK data is transferred.

Complete and retain transfer impact assessments.

Appoint EU + UK Article 27 representatives and publish contacts.

Maintain Records of Processing Activities (ROPA).

Confirm a lawful basis and consent records for marketing.