International Transfer Agreementsfor inclusion in Data Processing Agreements
If you have received an agreement from Dubai Holding or one of its group entities that references Standard Contractual Clauses (SCCs) or an International Data Transfer Agreement (IDTA), this page contains the applicable transfer agreements. These agreements are incorporated by reference into your agreement and do not require separate execution.
Below you will find the transfer agreements applicable to each jurisdiction whose data protection laws Dubai Holding and its group entities are subject to. The relevant agreement will have been identified in the agreement.
Each transfer mechanism has been adopted in accordance with the published regulatory requirements of the relevant jurisdiction and is pre-approved by the applicable data protection regulator. Where referenced in the agreement , the relevant mechanism sets out binding obligations on both Dubai Holding (as data exporter) and the service provider (as data importer), ensuring that personal data shared in connection with the agreement is protected to a standard essentially equivalent to that required under the laws of the originating jurisdiction.
The appendices within each agreement refer to the details set out in the applicable Agreement. It will not be necessary to complete or re-execute these appendices separately.
For questions about Dubai Holding approach to international data transfers, please contact Dubai Holding Privacy Office at privacy@dubaiholding.com.
European Union - Standard Contractual Clauses (SCCs)
The following Standard Contractual Clauses are adopted pursuant to the European Commission Implementing Decision (EU) 2021/914, as may be amended or replaced from time to time, for transfers of personal data from the European Union or European Economic Area to third countries.
United Kingdom - International Data Transfer Agreements(IDTs)
The following International Data Transfer Agreements are adopted pursuant to the UK Information Commissioner's Office (ICO) under Section 119A of the UK Data Protection Act 2018, for transfers of personal data from the United Kingdom to third countries.
Kingdom of Saudi Arabia - Standard Contractual Clauses
The following Standard Contractual Clauses are adopted for transfers of personal data from the Kingdom of Saudi Arabia in accordance with the Personal Data Protection Law (Royal Decree No. M/19 dated 9/2/1443H, corresponding to 16 September 2021, as amended by Royal Decree No. M/148 dated 5/9/1444H, corresponding to 27 March 2023) and the Regulations on Personal Data Transfers outside the Kingdom issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).
People's Republic of China - Standard Contract for Outbound Transfer Agreement
The following Standard Contract is adopted for transfers of personal information from the People's Republic of China in accordance with the Personal Information Protection Law (Presidential Decree No. 91, adopted 20 August 2021, effective 1 November 2021) and the Measures for the Standard Contract for the Outbound Cross-Border Transfer of Personal Information issued by the Cyberspace Administration of China (effective 1 June 2023)
Technical and Organisational Controls
The Technical and Organisational Controls applicable to all international transfers under these agreements are set out in the document linked below. These measures are incorporated by reference into each transfer mechanism on this page and donot require separate acceptance. They are binding on both parties alongside the overarching Agreement.
This page and its referenced agreements werelast updated on [date to be added].Dubai Holding will update thesetransfer agreements where required to reflect changes in applicable law orregulatory guidance.
