print_label | resize_label
International transfers

International Transfers

Which transfers are covered by Our BCRs?

AstraZeneca’s BCRs are not limited just to transfers from the EEA, but they do not cover all transfers of personal data between AstraZeneca Affiliates.

Our BCRs will apply to :

  • Transfers of personal data from any other country which regulates the processing of personal data;
  • The subsequent processing or onward transfer of that personal data by an AstraZeneca Affiliate.

Our BCRs will not apply :

  • Where an AstraZeneca Affiliate is simply processing personal data on behalf of  a non AZ entity who controls and is legally responsible for the processing of that personal data;
  • Personal data which originates from a jurisdiction where the transfer of personal data is not regulated, and which is not controlled at any stage by an AstraZeneca Affiliate in a regulated jurisdiction;
  • CCTV footage (because CCTV footage is not ordinarily moved across borders); and
  • Data about AstraZeneca employees of U.S entities.

What Personal Data may be transferred?

The type of personal data which may be transferred could include anything which AstraZeneca has a legitimate business need to transfer as part of its business operations. The privacy notice which you are provided with at the time of collection (or shortly thereafter) will provide you with more information about what personal data is being collected by AstraZeneca and how it is going to be used.

Where could the Personal Data be transferred to?

AstraZeneca’s global headquarters are based in the U.K and therefore it anticipates that most personal data transfers outside the EEA are from systems controlled from the U.K.

Whilst We may transfer personal data to any of Our Affiliates, it is likely that most transfers will be to our Affiliates in the U.S, China, India and Singapore. Further details of AstraZeneca’s operations are available on our website.