Standard Contractual Clauses

This page supplements the Data Processing Agreement and describes the framework Wodby uses when customer personal data is transferred internationally and an appropriate transfer mechanism is required under applicable data protection law.

Where the European Commission's Standard Contractual Clauses or a substantially equivalent lawful mechanism are required for a restricted transfer, those clauses are incorporated by reference into the agreement between Wodby and the customer for the relevant services.

The SCCs apply where customer personal data subject to transfer restrictions is transferred from a jurisdiction that requires an approved transfer mechanism to a recipient in a country that is not covered by an adequacy decision or other recognized exemption.

If another lawful transfer mechanism applies to the same transfer, including an adequacy decision or a replacement statutory mechanism, that mechanism may be used instead of the SCCs to the extent legally permitted.

For most customer personal data processed under the services, the customer acts as controller or business and Wodby acts as processor or service provider. In that case, the controller-to-processor module of the SCCs is intended to apply.

If a particular processing activity involves a different legal role allocation that the parties expressly document in writing, the corresponding SCC module will apply to that activity instead.

The categories of data subjects, categories of personal data, frequency of transfers, nature of processing, purposes of processing, and retention approach are as described in the DPA, the purchased services, customer instructions, and the customer's actual use of the platform.

Technical and organizational security measures are those maintained by Wodby for the services as described in the DPA, service documentation, and internal security practices that are appropriate to the nature of the processing and associated risks.

Wodby may use subprocessors to support infrastructure, support, communications, diagnostics, and other service functions, consistent with the DPA and the information published on the Subprocessors page.

Where a subprocessor participates in a restricted transfer, Wodby will use a lawful onward-transfer mechanism as required, which may include SCCs, an adequacy decision, or another recognized legal basis.

• References to the main agreement mean the customer's applicable agreement with Wodby, including the Terms of Service, order form, and DPA.
• References to instructions include service configuration choices, support requests, API use, dashboard actions, and other documented directions issued by or on behalf of the customer.
• References to data deletion or return are subject to the operational limits, retention windows, and exceptions described in the DPA, including security, backup rotation, legal compliance, and dispute handling needs.

If the SCCs are replaced, amended, or supplemented by a new approved transfer mechanism, Wodby may update this page and the incorporated mechanism accordingly, provided the replacement mechanism is legally recognized for the relevant transfers.

Wodby may also make updates needed to reflect changes in law, regulator guidance, subprocessor arrangements, or the services, so long as the overall level of protection required by applicable law is not materially reduced for the relevant restricted transfers.

Questions about this page, international transfers, or requests for a countersigned SCC addendum can be sent to [email protected].