International Transfer Agreements for inclusion in Data Processing Agreements
If you have received an Agreement from Dubai Holding or one of its group entities that references Standard Contractual Clauses (SCCs) or an International Data Transfer Agreement (IDTA), this page contains the applicable Transfer Agreements. These Transfer Agreements are incorporated by reference into your Agreement and do not require separate execution.
Below you will find all the Transfer Agreements that may apply. Your Agreement will identify the applicable Transfer Agreement(s).
Each Transfer Agreement has been adopted in accordance with the published regulatory requirements of the relevant jurisdiction and is pre-approved by the applicable data protection regulator. Where referenced in the Agreement, the relevant Transfer Agreement sets out binding obligations on both parties, to ensure that personal data shared in connection with the Agreement is protected to a standard essentially equivalent to that required under the laws of the originating jurisdiction.
The appendices within each Agreement refer to the details set out in the applicable Agreement. It will not be necessary to complete or re-execute these appendices separately.
For questions about Dubai Holding approach to international data transfers, please contact Dubai Holding Privacy Office at privacy@dubaiholding.com.
European Union - Standard Contractual Clauses (SCCs)
The following Standard Contractual Clauses are adopted for transfers of personal data originating from the European Union or European Economic Area, in accordance with the European Commission Implementing Decision (EU) 2021/914, as may be amended or replaced from time to time.
United Kingdom - International Data Transfer Agreements (IDTs)
The following International Data Transfer Agreements are adopted for transfers of personal data originating from the United Kingdom, in accordance with the UK Information Commissioner’s Office (ICO) under Section 119A of the UK Data Protection Act 2018.
Kingdom of Saudi Arabia - Standard Contractual Clauses
The following Standard Contractual Clauses are adopted for transfers of personal data originating from the Kingdom of Saudi Arabia in accordance with the Personal Data Protection Law (Royal Decree No. M/19 dated 9/2/1443H, corresponding to 16 September 2021, as amended by Royal Decree No. M/148 dated 5/9/1444H, corresponding to 27 March 2023) and the Regulations on Personal Data Transfers outside the Kingdom issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).
People's Republic of China - Standard Contract for Outbound Transfer Agreement
The following Standard Contract is adopted for transfers of personal information originating from the People’s Republic of China in accordance with the Personal Information Protection Law (Presidential Decree No. 91, adopted 20 August 2021, effective 1 November 2021) and the Measures for the Standard Contract for the Outbound Cross-Border Transfer of Personal Information issued by the Cyberspace Administration of China (effective 1 June 2023).
Technical and Organisational Controls
The Technical and Organisational Controls applicable to all transfers under these Transfer Agreements are set out in the document below. These controls are incorporated by reference into each Transfer Agreement on this page and do not require separate acceptance. They are binding on both parties alongside the Agreement.
This page and its referenced Transfer Agreements were last updated on 25 April 2026. Dubai Holding will update these Transfer Agreements where required to reflect changes in applicable law or regulatory guidance.
