TermsPrivacyCookiesDPASecuritySub-processorsTechnologySLAAUPIP

Effective date: JUNE 16, 2026

This Data processing addendum applies only where SUPPRESSED processes Customer Personal Data as a processor or sub-processor on behalf of a customer in connection with the services.

In this DPA, "we," "us," and "our" mean SUPPRESSED PTE. LTD. The "customer" means the person or entity that orders, accesses, or uses the services.

This DPA is part of the agreement between us and the customer. If this DPA conflicts with the agreement, this DPA controls only to the extent required for compliance with applicable Data Protection Laws.

Nothing in this DPA limits obligations that cannot be limited under applicable law.

1. Definitions

TermMeaning
Account DataPersonal data relating to the customer's relationship with us, including account contacts, authorized users, authentication records, billing records, subscription records, support contacts, business communications, and information required to manage the customer relationship.
AffiliateAn entity that directly or indirectly controls, is controlled by, or is under common control with a party.
AgreementThe Terms of Service, order form, statement of work, enterprise agreement, or other written or electronic agreement governing the customer's use of the services.
CCPAThe California Consumer Privacy Act, as amended by the California Privacy Rights Act, and related regulations.
CustomerThe entity or person that orders, accesses, or uses the services.
Customer Personal DataPersonal data processed by us on behalf of the customer under the agreement. Customer Personal Data does not include Account Data or Usage Data where we process that data as an independent controller.
Data Protection LawsPrivacy, data protection, data security, and data transfer laws applicable to the processing of Customer Personal Data, including, where applicable, the GDPR, UK GDPR, Swiss FADP, Singapore PDPA, CCPA, and other substantially similar laws.
Data SubjectAn identified or identifiable natural person to whom Customer Personal Data relates.
DPAThis Data processing addendum, including its annexes.
GDPRRegulation (EU) 2016/679.
Personal DataInformation relating to an identified or identifiable natural person, including equivalent terms such as personal information, personal data, or personally identifiable information under applicable Data Protection Laws.
PDPAThe Personal Data Protection Act 2012 of Singapore and related regulations.
Process, Processing, Processor, Controller, Sub-processorThe meanings given to those terms under applicable Data Protection Laws.
Security IncidentA confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data processed by us on behalf of the customer.
ServicesThe SUPPRESSED platform, managed data removal services, exposure discovery, suppression workflows, validation workflows, customer account services, support services, and related operational services provided under the agreement.
Sub-processorA third party engaged by us to process Customer Personal Data on behalf of the customer.
SUPPRESSEDSUPPRESSED PTE. LTD., UEN 202613955G, 68 Circular Road, #02-01, Singapore 049422, Republic of Singapore.
UK AddendumThe United Kingdom International Data Transfer Addendum to the European Commission Standard Contractual Clauses.
UK GDPRThe GDPR as incorporated into the law of the United Kingdom.
Usage DataService usage, diagnostic, event, log, telemetry, security, performance, and operational data generated by or through use of the services.

2. Roles of the parties

The customer is the controller of Customer Personal Data, unless the customer acts as a processor on behalf of another controller.

We act as a processor when we process Customer Personal Data on behalf of the customer. Where the customer is itself a processor, we act as a sub-processor.

Each party is responsible for complying with the obligations that apply to it under Data Protection Laws.

The customer is responsible for ensuring it has the lawful basis, authority, notice, consent, instruction, or other valid legal ground required to provide Customer Personal Data to us for processing.

3. Customer instructions

We will process Customer Personal Data only as necessary to provide the services and in accordance with the customer's documented instructions.

The customer's documented instructions include:

  1. the agreement;
  2. this DPA;
  3. order forms, statements of work, account configuration, product settings, and customer-submitted workflows;
  4. instructions submitted through the services;
  5. support, deletion, export, correction, suppression, or other operational requests submitted by the customer;
  6. any other written instruction we accept.

We will promptly inform the customer if we believe an instruction infringes applicable Data Protection Laws, unless the law prohibits us from doing so.

4. Details of processing

The subject matter, nature, purpose, duration, categories of Data Subjects, and types of Customer Personal Data processed under this DPA are described in Annex A.

5. Customer responsibilities

The customer is responsible for:

  1. the accuracy, quality, legality, and relevance of Customer Personal Data;
  2. providing all required notices to Data Subjects;
  3. obtaining all required consents, authorizations, or lawful bases;
  4. ensuring that instructions to us comply with Data Protection Laws;
  5. determining whether the services are suitable for the customer's intended use;
  6. responding to Data Subject requests where the customer is the controller;
  7. ensuring that Customer Personal Data submitted to the services is limited to what is necessary for the intended suppression, discovery, account, support, or operational purpose.

The customer must not submit sensitive, regulated, or high-risk data unless it is necessary for the services, lawful to process, and covered by an applicable instruction.

6. Our responsibilities

We will:

  1. process Customer Personal Data only in accordance with the agreement, this DPA, and the customer's documented instructions;
  2. ensure that personnel authorized to process Customer Personal Data are subject to appropriate confidentiality obligations;
  3. implement technical and organizational measures designed to protect Customer Personal Data;
  4. assist the customer with Data Subject requests where required by Data Protection Laws and where reasonably possible;
  5. assist the customer with data protection impact assessments and regulator consultations where required by Data Protection Laws and where reasonably possible;
  6. notify the customer of Security Incidents as described in this DPA;
  7. engage Sub-processors only in accordance with this DPA;
  8. delete or return Customer Personal Data as described in this DPA.

7. Confidentiality

We will treat Customer Personal Data as confidential information.

We will ensure that personnel with access to Customer Personal Data are informed of the confidential nature of that data and are subject to contractual, professional, or statutory confidentiality obligations.

8. Account Data and Usage Data

The parties acknowledge that we may process Account Data and Usage Data as an independent controller.

We may process Account Data to:

  1. create, administer, and secure accounts;
  2. manage authentication and authorized users;
  3. provide customer support;
  4. manage subscriptions, payments, invoices, tax, and accounting records;
  5. communicate with the customer;
  6. verify identity, authority, or account eligibility;
  7. comply with legal, regulatory, tax, accounting, and contractual obligations.

We may process Usage Data to:

  1. provide, operate, secure, monitor, maintain, and improve the services;
  2. detect, prevent, and investigate fraud, abuse, security incidents, and misuse;
  3. debug, diagnose, and improve service performance;
  4. maintain audit logs and operational records;
  5. generate deidentified, aggregated, or statistical information;
  6. comply with legal, regulatory, contractual, and security obligations.

This DPA does not apply to Account Data or Usage Data where we process that data as an independent controller. Independent controller processing is governed by the Privacy policy and applicable law.

9. Data Subject requests

Taking into account the nature of the processing, we will provide reasonable assistance to the customer to respond to Data Subject requests under applicable Data Protection Laws.

If we receive a request directly from a Data Subject relating to Customer Personal Data, we will not respond to the request except to confirm receipt, direct the Data Subject to the customer, or comply with applicable law.

Where legally permitted, we will notify the customer of the request.

The customer remains responsible for determining whether and how to respond to a Data Subject request.

10. Assistance with compliance

Taking into account the nature of the processing and information available to us, we will provide reasonable assistance to the customer with:

  1. security obligations;
  2. breach notification obligations;
  3. data protection impact assessments;
  4. prior consultation obligations;
  5. transfer assessments;
  6. deletion, return, access, correction, restriction, or portability requests.

We may charge reasonable fees for assistance that is not included in the services, unless prohibited by applicable law or agreed otherwise in writing.

11. Sub-processors

The customer provides general written authorization for us to engage Sub-processors to process Customer Personal Data.

Current Sub-processors are listed in the Sub-processors standard.

We will enter into a written agreement with each Sub-processor that imposes data protection obligations substantially equivalent to those in this DPA, to the extent applicable to the nature of the services provided by the Sub-processor.

We remain responsible for the performance of our Sub-processors' obligations to the extent required by applicable Data Protection Laws.

12. Changes to Sub-processors

We may add, replace, or remove Sub-processors.

Where required by Data Protection Laws, we will provide reasonable prior notice of material new Sub-processors. Notice may be provided by updating the Sub-processors standard, publishing a changelog entry, sending notice to the customer, or using another reasonable method.

The customer may object to a new Sub-processor on reasonable data protection grounds by notifying us within ten business days after notice of the change.

If the customer objects, we will use reasonable efforts to make a commercially reasonable alternative available. If no commercially reasonable alternative is available, either party may terminate the affected services in accordance with the agreement.

13. Sub-processor agreement redactions

Where we are required to provide copies of Sub-processor agreements, we may redact:

  1. commercial information;
  2. unrelated confidential information;
  3. security-sensitive information;
  4. information unrelated to data protection obligations;
  5. information that would compromise another customer, vendor, employee, contractor, or third party.

14. Security measures

We will implement and maintain technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

The security measures are described in Annex B.

We may update our security measures from time to time, provided that the update does not materially reduce the overall level of protection for Customer Personal Data.

The customer is responsible for secure account configuration, authorized user access, endpoint security, credential management, and any systems under the customer's control.

15. Security incidents

We will notify the customer without undue delay after becoming aware of a Security Incident.

The notice will include information reasonably available to us, which may include:

  1. the nature of the Security Incident;
  2. categories of affected data;
  3. categories of affected Data Subjects;
  4. likely consequences;
  5. measures taken or proposed to address the Security Incident;
  6. information reasonably required for the customer to meet applicable breach notification obligations.

We will take reasonable steps to mitigate, remediate, and investigate the Security Incident.

Notification of a Security Incident is not an admission of fault or liability.

The obligations in this section do not apply to incidents caused by the customer's systems, credentials, personnel, instructions, configuration, or unauthorized use outside our reasonable control.

16. Audit and compliance information

We will make information reasonably necessary to demonstrate compliance with this DPA available to the customer.

We may satisfy audit obligations by providing security documentation, summaries, policies, questionnaires, third-party reports, certifications, or other evidence where appropriate.

Where required by Data Protection Laws, we will allow for and contribute to audits, including inspections, conducted by the customer or an independent auditor appointed by the customer, subject to the following conditions:

  1. the audit must be reasonable, proportionate, and limited to the scope of this DPA;
  2. the audit must not compromise security, confidentiality, availability, or the privacy of other customers;
  3. the auditor must not be a competitor of ours;
  4. the audit must be subject to appropriate confidentiality obligations;
  5. the audit must occur no more than once in any twelve-month period unless required by a regulator or following a Security Incident;
  6. the parties must agree in advance on timing, scope, duration, security requirements, and cost allocation.

On-site or infrastructure audits are available only where legally required and subject to reasonable confidentiality, security, timing, scope, and cost controls.

Where legally permitted, we will notify the customer of legally binding requests from law enforcement, government authorities, courts, regulators, or other public authorities seeking access to Customer Personal Data.

Where appropriate and legally permitted, we will attempt to redirect the requesting authority to seek the data directly from the customer.

If we are compelled to disclose Customer Personal Data, we will disclose only the Customer Personal Data we are legally required to disclose.

We will not voluntarily disclose Customer Personal Data to a law enforcement or government authority except where required by law, necessary to protect rights or safety, or permitted by the agreement and applicable law.

18. Return and deletion

Upon termination or expiration of the agreement, or upon written request by the customer, we will delete or return Customer Personal Data in accordance with the agreement, this DPA, product functionality, and applicable law.

We may retain Customer Personal Data where required or permitted for:

  1. legal compliance;
  2. billing, tax, accounting, and financial records;
  3. dispute resolution;
  4. fraud, abuse, and security prevention;
  5. audit trails and suppression evidence;
  6. backup, disaster recovery, and business continuity;
  7. compliance with legal holds, court orders, regulatory requirements, or law enforcement requests.

If deletion or return is not technically practicable or is restricted by law, we will protect the retained Customer Personal Data, restrict it from further active processing except as required, and delete it in accordance with applicable retention schedules.

Customer Personal Data retained in backup or archive systems will be protected from further active processing and deleted in accordance with applicable retention schedules, unless retention is required by law.

19. International transfers

The customer authorizes us and our Sub-processors to process Customer Personal Data in Singapore, the United States, the European Economic Area, the United Kingdom, Switzerland, Australia, and other locations where we or our Sub-processors maintain processing operations.

Where Customer Personal Data is transferred from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction requiring a transfer mechanism, the parties will rely on the applicable transfer mechanism described in this DPA.

20. European Economic Area transfers

For transfers of Customer Personal Data subject to the GDPR from the European Economic Area to a country that has not been recognized as providing an adequate level of protection, the parties incorporate the European Commission Standard Contractual Clauses approved by Implementing Decision (EU) 2021/914.

The SCCs apply as follows:

ScenarioSCC module
Customer is a controller and we are a processorModule 2
Customer is a processor and we are a sub-processorModule 3

For the SCCs:

  1. Clause 7, the docking clause, does not apply.
  2. Clause 9, Option 2, general written authorization for Sub-processors, applies.
  3. The time period for prior notice of Sub-processor changes is the period stated in this DPA.
  4. Clause 11 optional language does not apply.
  5. Clause 17 is governed by the laws of Ireland.
  6. Clause 18 provides for the courts of Ireland.
  7. The information required by Annex I and Annex II of the SCCs is provided in Annex A and Annex B of this DPA.

If there is a conflict between this DPA and the SCCs, the SCCs control to the extent of the conflict.

21. United Kingdom transfers

For transfers of Customer Personal Data subject to the UK GDPR from the United Kingdom to a country that is not subject to an adequacy regulation, the parties incorporate the UK International Data Transfer Addendum to the European Commission Standard Contractual Clauses, unless the parties agree to use the UK International Data Transfer Agreement.

For UK transfers:

  1. references to the GDPR are interpreted as references to the UK GDPR where required;
  2. references to EU Member States are interpreted as references to the United Kingdom where required;
  3. the competent supervisory authority is the UK Information Commissioner's Office;
  4. the governing law for the UK Addendum is the law of England and Wales;
  5. the courts of England and Wales have jurisdiction.

22. Swiss transfers

For transfers of Customer Personal Data subject to Swiss data protection law to a country that does not provide adequate protection, the SCCs apply with the following adaptations where required:

  1. references to the GDPR include the Swiss Federal Act on Data Protection where applicable;
  2. references to a supervisory authority include the Swiss Federal Data Protection and Information Commissioner;
  3. references to EU Member States are interpreted to include Switzerland where required;
  4. Data Subjects in Switzerland may exercise and enforce rights under the SCCs where applicable.

23. Singapore transfer and protection obligations

Where the PDPA applies, we will take reasonable steps designed to protect personal data in our possession or under our control.

Where we transfer personal data outside Singapore, we will take reasonable steps designed to ensure that the transferred personal data receives a standard of protection comparable to that required under the PDPA, where required by applicable law.

24. CCPA service provider and contractor terms

Where the CCPA applies to Customer Personal Data, the parties agree that we act as a service provider or contractor for Customer Personal Data processed on behalf of the customer.

We will not:

  1. sell Customer Personal Data;
  2. share Customer Personal Data for cross-context behavioral advertising;
  3. retain, use, or disclose Customer Personal Data for any purpose other than the business purposes described in the agreement, this DPA, or as otherwise permitted by the CCPA;
  4. retain, use, or disclose Customer Personal Data outside the direct business relationship between the parties, unless permitted by the CCPA;
  5. combine Customer Personal Data with personal information received from other sources except as permitted by the CCPA.

We may process Customer Personal Data to provide, secure, support, improve, and maintain the services, to detect security incidents, to prevent fraud or abuse, to comply with law, and for other purposes permitted for service providers or contractors under the CCPA.

We certify that we understand and will comply with the restrictions in this section where they apply.

25. Deidentified and aggregated data

We may process deidentified or aggregated data for operational analysis, security, service improvement, benchmarking, abuse prevention, and operational reporting, provided that the data is not used to identify a Data Subject except as permitted by applicable law.

Where required by law, we will take reasonable measures designed to prevent deidentified data from being associated with an identified or identifiable natural person.

26. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability in the agreement, unless prohibited by applicable Data Protection Laws.

Nothing in this DPA limits liability to the extent that such limitation is prohibited by applicable law.

27. Term

This DPA remains in effect for as long as we process Customer Personal Data on behalf of the customer.

28. Order of precedence

If there is a conflict between documents, the following order applies:

  1. the SCCs, UK Addendum, IDTA, or other mandatory transfer mechanism, to the extent applicable;
  2. this DPA;
  3. the agreement;
  4. other incorporated policies, unless the agreement states otherwise.

29. Changes to this DPA

We may update this DPA from time to time.

Where required by law or the agreement, we will provide notice of material changes.

Continued use of the services after the effective date of an updated DPA will be governed by the updated DPA, unless the parties have entered into a separately signed DPA that states otherwise.

Annex A: Details of processing

Parties

RoleDetails
Data exporterThe customer and, where applicable, the customer's affiliates or authorized users.
Data importerSUPPRESSED PTE. LTD., UEN 202613955G, 68 Circular Road, #02-01, Singapore 049422, Republic of Singapore.

Subject matter

The subject matter of processing is the provision, operation, support, security, and improvement of the services.

Duration

Processing continues for the term of the agreement and any period required for deletion, return, legal retention, backup retention, dispute handling, security, audit, or compliance purposes.

Nature and purpose of processing

The nature and purpose of processing may include:

  1. account creation and administration;
  2. customer onboarding;
  3. identity, account, and service verification;
  4. exposure discovery;
  5. data broker, search engine, public record, and source analysis;
  6. suppression request preparation and management;
  7. validation of removal or suppression outcomes;
  8. customer support;
  9. billing and subscription administration;
  10. workflow automation;
  11. classification, triage, and operational prioritization;
  12. file storage and retrieval;
  13. communications with customers, vendors, sources, and service providers;
  14. security monitoring;
  15. audit logging;
  16. fraud and abuse prevention;
  17. compliance with legal and contractual obligations.

Categories of Data Subjects

Customer Personal Data may relate to:

  1. customers;
  2. customer account users;
  3. authorized representatives;
  4. employees, contractors, directors, officers, shareholders, founders, or agents of a customer;
  5. individuals whose exposure is submitted for suppression, monitoring, discovery, validation, or related workflows;
  6. household members, family members, associates, or linked persons where relevant to a suppression workflow;
  7. support contacts and business contacts;
  8. individuals appearing in public records, data broker records, search results, breach records, or other sources submitted to or processed through the services.

Categories of Customer Personal Data

Customer Personal Data may include:

  1. names;
  2. aliases;
  3. email addresses;
  4. phone numbers;
  5. residential, business, mailing, and historical addresses;
  6. dates of birth or approximate ages;
  7. usernames, handles, profile URLs, and account identifiers;
  8. employer, company, role, directorship, or business affiliation information;
  9. family, household, associate, or linked-person information;
  10. data broker records;
  11. public record excerpts;
  12. search engine results;
  13. URLs, screenshots, cached records, and source references;
  14. removal request records;
  15. suppression status, validation evidence, and audit records;
  16. support communications;
  17. account configuration and workflow metadata;
  18. authentication, session, device, log, IP address, and diagnostic metadata where processed as Customer Personal Data rather than Account Data or Usage Data;
  19. billing-related identifiers or subscription metadata where processed as Customer Personal Data rather than Account Data;
  20. files, documents, or records submitted by the customer.
  21. files, documents, or records submitted by the customer.

Sensitive or high-risk data

The services are designed to handle sensitive personal exposure. Depending on the customer's instructions and the data submitted or discovered, Customer Personal Data may include:

  1. identity documents;
  2. government identifiers;
  3. precise location or residential address information;
  4. information about public-facing, high-risk, executive, founder, political, legal, media, or security-sensitive roles;
  5. family or household associations;
  6. property, corporate, litigation, insolvency, professional, or regulatory records;
  7. financial, employment, or business affiliation data;
  8. information that may reveal special category or sensitive information under applicable law if provided by the customer or present in external sources.

The customer must not submit sensitive or high-risk data unless necessary for the services and lawful to process.

Frequency of processing

Processing may occur continuously, periodically, or on demand, depending on the services, workflows, customer instructions, and operational requirements.

Retention

Customer Personal Data is retained for the period necessary to provide the services, comply with the agreement, maintain suppression evidence, satisfy legal obligations, resolve disputes, prevent fraud or abuse, maintain security, and comply with applicable retention schedules.

Sub-processors

Sub-processors are listed in the Sub-processors standard.

Annex B: Technical and organizational measures

We maintain technical and organizational measures designed to protect Customer Personal Data. Measures may include the following.

MeasureDescription
Logical separationCustomer data is processed in systems designed to separate customer records, access paths, and operational workflows.
Access controlAccess to operational systems is restricted based on role, operational need, and least-privilege principles.
AuthenticationAccess to administrative systems is protected by authentication controls and credential-management procedures.
Encryption in transitData is transmitted using encrypted transport where supported.
Encryption at restData is stored using encryption-at-rest controls provided by infrastructure providers where supported.
Database protectionDatabase access is restricted through managed database controls, application-layer controls, and role-based operational access.
File protectionCustomer files are stored with controlled access and operational restrictions designed to limit unauthorized retrieval or disclosure.
Audit loggingSecurity, operational, and access events may be logged for monitoring, investigation, support, compliance, and abuse-prevention purposes.
Edge securityDNS, edge security, firewall, bot-management, and traffic-filtering controls may be used to protect public-facing services.
Deployment controlsProduction and preview deployments are managed through controlled source-code, review, and deployment workflows.
Availability monitoringAvailability, incident, and operational signals are monitored through designated providers.
Backup and recoveryBackup, recovery, and disaster-recovery procedures may be maintained where supported by service architecture and infrastructure providers.
Incident responseSecurity and privacy incidents are escalated, investigated, mitigated, and communicated according to incident-response procedures.
Vendor reviewSub-processors and operational providers are reviewed based on the nature of their processing and risk profile.
Data minimizationCustomer Personal Data is processed based on service need, customer instruction, operational necessity, and applicable retention requirements.
Retention controlsRetention and deletion procedures are applied according to the agreement, operational requirements, legal obligations, and applicable schedules.
ConfidentialityPersonnel with access to Customer Personal Data are subject to confidentiality obligations.
GovernanceInternal procedures are maintained for access, security, privacy, incident response, vendor management, and operational handling of sensitive personal data.

Access controls

Access controls may include:

  1. role-based access controls;
  2. least-privilege access principles;
  3. restricted operational access;
  4. authentication controls;
  5. session management;
  6. access review and revocation procedures.

Data protection controls

Data protection controls may include:

  1. encryption in transit where supported;
  2. encryption at rest where supported by infrastructure providers;
  3. database-level access controls;
  4. storage permission controls;
  5. separation of customer application workflows, billing workflows, public content, authentication, and monitoring systems where appropriate;
  6. controlled file access;
  7. retention and deletion procedures.

Infrastructure security

Infrastructure security controls may include:

  1. cloud hosting controls;
  2. DNS and edge security controls;
  3. web application firewall and bot protection;
  4. deployment controls;
  5. preview and production deployment separation;
  6. managed database and storage infrastructure;
  7. monitoring of service availability.

Operational security

Operational security controls may include:

  1. security logging;
  2. operational logging;
  3. incident response procedures;
  4. change management;
  5. vulnerability management;
  6. abuse and fraud monitoring;
  7. vendor and Sub-processor review.

Availability and resilience

Availability and resilience controls may include:

  1. backup or recovery procedures where supported by service architecture;
  2. managed infrastructure redundancy where provided by infrastructure providers;
  3. uptime monitoring;
  4. incident communication workflows;
  5. status page publication for material service events.

Personnel and governance

Personnel and governance controls may include:

  1. confidentiality obligations;
  2. internal access restrictions;
  3. operational procedures for handling sensitive personal data;
  4. review of access to customer data;
  5. documented provider and system boundaries;
  6. escalation procedures for security or privacy incidents.

AI and automation controls

Where AI-assisted workflows are used, we use them to support classification, triage, workflow automation, and suppression operations.

AI-assisted processes are intended to support operational work and do not remove the need for appropriate access controls, customer instructions, and operational oversight.

Annex C: Transfer mechanism details

EU SCCs

FieldDetails
SCC versionEuropean Commission Implementing Decision (EU) 2021/914
Applicable modulesModule 2 and Module 3
Clause 7Omitted
Clause 9Option 2, general written authorization
Clause 11 optional wordingNot included
Clause 17Laws of Ireland
Clause 18Courts of Ireland

UK transfers

FieldDetails
UK mechanismUK International Data Transfer Addendum to the EU SCCs, unless the parties agree to use the UK IDTA
Supervisory authorityUK Information Commissioner's Office
Governing lawEngland and Wales
CourtsEngland and Wales

Swiss transfers

FieldDetails
Swiss authoritySwiss Federal Data Protection and Information Commissioner
AdaptationSCCs interpreted as required under Swiss data protection law
Data Subject rightsSwiss Data Subjects may exercise rights under the SCCs where applicable

Annex D: Contact

For privacy, data protection, security, or DPA requests, contact:

priv@suppressed.com