International Data Transfer Summary

Draft only. Requires legal review before publication. This software provides compliance tooling, but does not provide legal advice.

International Data Transfer Summary

Purpose

Summarize how BAAM AI handles transfers of personal data outside the EEA.

Source model

This slot follows mature SaaS and security-software legal-center patterns: Zapier-style customer terms, DPA, subprocessors, security, and data-transfer material; Avast-style license, acceptable-use, privacy, IP, transparency, and accessibility material.

Jurisdiction focus

Prepare this for EU users and Czech-market operation. Complete operator details, Czech consumer wording, cookie consent behavior, GDPR roles, and cross-border transfer safeguards before publication.

Transfer map

Identify which providers, support teams, infrastructure locations, and AI services may receive EEA personal data outside the EEA.

Safeguards

Document adequacy decisions, EU Standard Contractual Clauses, UK addendum if relevant, Data Privacy Framework participation where relied on, encryption, access restrictions, and vendor due diligence.

Customer-controlled transfers

Customers may connect third-party services. Their own provider choices can create additional transfers governed by those third-party terms.

Sensitive data

State whether BAAM AI is designed for special categories of personal data. If not, prohibit customers from submitting it except under a written addendum.

Review cadence

Review transfer safeguards when adding processors, enabling new AI providers, changing hosting, or responding to regulatory/legal changes.

Completion checklist

• Confirm actual provider locations.
• Keep SCC and adequacy references current.
• Align with DPA and Subprocessor List.