Privacy Policy: Where does Netlify Store Form Data?

I am a freelancer and I store my clients sites on my Netlify account. I also use Netlify to handle form submissions. We are both UK based.

I am generating a privacy policy using the ICOs privacy policy generator for one of my clients (I’ve told him all the content is his responsibility and I am not liable for anything on there.)

I’ve put him down as the data controller. I’ve put myself as a data processor.

One of the question asks, “Do your data processors share personal data outside the UK for you?”.
I’ve said yes, as personal data is sent to Netlify and they are US based.

They then ask “Country the personal information is sent to”
I’ve put USA. (is this correct?)

Finally, they ask “Which transfer mechanism is relied on?”
What should I answer for this?

Yes, the USA is the correct answer. Netlify’s infrastructure is primarily hosted in the United States, so personal data handled through your form submissions would indeed be transferred there.

“Standard Contractual Clauses (SCCs)” Netlify, as a US-based company processing personal data from the UK, ensures compliance with the UK GDPR through Standard Contractual Clauses (SCCs) .

1 Like