Versions

 

13. Transfers out of the ADGM in the absence of an adequate level of protection*

13.1 If an ADGM registered entity intends to transfer Personal Data to a Recipient located in a jurisdiction other than in the table above, the transfer is only possible under certain conditions, including but not limited to:
a) the Registration Authority has granted a permit for the transfer or the set of transfers and the Data Controller applies adequate safeguards with respect to the protection of such Personal Data;
b) the Data Subject has given his written consent to the proposed transfer;
c) the transfer is necessary for the performance of a contract between the Data Subject and the Data Controller or the implementation of pre-contractual measures taken in response to the Data Subject's request;
d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Data Controller and a Third Party;
e) the transfer is made to a person established outside the ADGM who would be a Data Controller (if established in the ADGM) or who is a Data Processor, if, prior to the transfer, a legally binding agreement in the form set out respectively, to these Regulations has been entered into between the transferor and Recipient; or
f) the transfer is made between one or more members of a Group of Companies in accordance with a global data protection compliance policy of that Group, under which all the members of such Group that are or will be transferring or receiving the Personal Data are bound to comply with all the provisions of these Regulations containing restrictions on the use of Personal Data and Sensitive Personal Data in the same way as if they would be if established in the ADGM.

* Section 5 of the Data Protection Regulations 2015