Data Transfer Agreement to reflect the new EU SCCs and the UK Addendum
Last updated: Tue, 20th Sep ’22
Infobip is offering its customers and partners a possibility to execute an additional Data Transfer Agreement to include the new EU Standard Contractual Clauses (SCCs) and the UK Addendum. This post contains answers to frequently asked questions about this process and will be regularly updated by Infobip.
On 4 June 2021, the European Commission issued the new European Union Standard Contractual Clauses (“2021 SCCs”), which should be implemented until 27 December 2022 the latest. Moreover, in the United Kingdom, on 21 March 2022, the international data transfer agreement (IDTA) and the international data transfer addendum to the 2021 SCCs (“UK Addendum”) have also entered into force.
To merge the efforts, we have drafted a Data Transfer Agreement (DTA) that covers both the 2021 SCCs and the UK Addendum, ensuring that with one comprehensive document and to the extent applicable, the new European Union’s and United Kingdom’s frameworks for international transfers are covered.
For more information regarding this subject matter, you can check the following links:
Lastly, note that which elements are included in the DTA depends on the fact which Infobip entity is offering the services to you. For example, if it is Infobip UK then the DTA will include both the 2021 SCCs and the UK Addendum. On the other hand, if it is one of the Infobip entities from the EU only 2021 SCCs will be listed.
As this is a matter of compliance, we ask you to complete and sign the Data Transfer Agreement within 14 days of receipt of our notification to you and send it back to us completed and signed.
Please check questions below to determine if it is applicable to your company and how to execute the DTA.
This DTA can be signed by our non-EU/EEA customer or partner whose personal data Infobip processes in the EU or UK and then transfers it back to such non-EU/EEA countries (the so-called ‘processor to controller’ transfer). Therefore, any Infobip entity from EU or UK which act as exporters will need to sign this DTA.
For such reason we prepared several different templates, pre-signed by Infobip entities from EU and UK. Our customers and partners are instructed to choose the appropriate template depending on the fact which Infobip entity is providing the services to them.
Lastly, have in mind that this DTA can be signed by our partners too, but only for non – EU/EEA SellThrough partnership agreements.
When providing our services, Infobip acts as a processor on behalf of the controller (i.e., the client) while performing our services. In a controller – processor relationship, as long as, GDPR/UK GDPR applies, it is the duty of the controller to address all issues, including the necessity to have a valid data processing agreement or a transfer mechanism in place. However, the processor is required to indicate to the controller if it considers controller’s activities are not aligned with GDPR/UK GDPR.
If you decline to sign the DTA, please send as a response and briefly explain why you believe the DTA does not apply to you. You can send this respond via e-mail to your Infobip business contact person (e.g., Customer Success Manager/Account Executive/Telecom Partnership Manager).
As mentioned earlier, on 4 June 2021, the European Commission issued the new European Union Standard Contractual Clauses (“2021 SCCs”), which should be implemented until 27 December 2022 the latest.
In other words, a transition period is granted until 27 December 2022 to switch to the new SCCs. After that date, it will no longer be possible to rely on the previous SCCs to lawfully transfer personal data to third countries. Note that the term “third country” is a legal term and should be interpreted as it is defined within the SCCs and in accordance with EU’s data protection laws.
With that in mind, first check which version of the SCCs we have signed and whether it is the “new” ones. If it is the new ones, you can disregard this DTA.
If it is not the new ones, you need to sign this DTA which will repeal the EU standard contractual clauses for international data transfers that were in place before this Data Transfer Agreement entered into force. The DTA will incorporate Module 4 of the new SCCs.
The DTA is pre-signed on behalf of Infobip, and we have prepared multiple versions depending on which Infobip entity is providing you the services.
With that in mind, first check which Infobip entity is providing services to you and then download the appropriate template. Afterwards, follow the steps for execution as listed on the first page of each template.
Send the completed and signed DTA to your Infobip business contact person (e.g., Customer Success Manager/Account Executive).
For signature you can use either wet-ink or e-signature depending on what is applicable in your country. If you decide to use an electronic signature, make sure to use a valid one (e.g., a copied-and-pasted image of a signature on a PDF is not a valid form).
Upon our receipt of the validly completed and signed DTA at the email addresses indicated above, it will become legally binding for both parties.
This DTA was pre-signed by Infobip, and changes are not possible.
Please have in mind that the DTA has standardized clauses which were created by either the EU Commission or UK’s Information Commissioner Office. The DTA incorporates those clauses which best reflect the type of relationship we have in regard to international data transfers.
Our customers and partners are instructed to choose the appropriate template depending on the fact which Infobip entity is providing the services to them.
Please choose one of the templates available for download in the list below: