Privacy & Data Protection
Privacy Policy
Your Rights
Cookie Policy
International Data Transfers
Data Security
Data Retention
Marketing And Advertising Compliance
Meta Advertising Policy
Evidence For Marketing Claims
Business And Legal
Data Processing Agreement
Regulatory Disclosures
Claim Verification
Code Of Ethics
Transparency Report
Contact And Support
Contact And Complaints
Changes To This Policy
International Data Transfer
December 2025
December 2025
(Version 1.1)
Secure Global Data Transfer
GoGorilla Media and Technologies Group Ltd operates a global platform that necessitates the international transfer of personal data to deliver its services effectively. This policy outlines the framework governing such transfers, ensuring that all personal data remains protected in accordance with UK and EU data protection standards, regardless of its location.
Rationale for International Data Transfers
The international transfer of data is integral to the platform’s operations and is conducted to enhance service delivery. Key reasons include:
Global Platform Operations
Cloud Infrastructure: Our platform uses global cloud services for reliability and speed.
Partner Services: We work with international partners to provide you with the best tools.
Customer Support: Our support team might be located in different countries.
Analytics and Insights: Global data processing helps us provide better insights.
Better Service for You
Faster Performance: Data processing closer to you means faster loading times
24/7 Support: Global teams mean round-the-clock support
Advanced Features: Access to cutting-edge international technology partners
Reliability: Global infrastructure means better uptime and backup systems
Legal Framework for Data Transfers
All international data transfers are conducted in strict compliance with Chapter V of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). A multi-layered approach to data protection is implemented to safeguard all transfers.
Legal Compliance
All our international data transfers comply with:
UK GDPR Chapter V: UK requirements for international transfers
EU GDPR Chapter V: EU requirements for international transfers
Ongoing Monitoring: Regular reviews to ensure continued protection
Multiple Protection Layers
Adequacy Decisions: Data is sent only to jurisdictions that the UK Government or European Commission have formally recognised as offering an adequate level of protection.
Standard Contractual Clauses (SCCs): When no adequacy decision exists, the UK International Data Transfer Agreement(IDTA) or the 2021 EU Standard Contractual Clauses(SCCs) are adopted to provide equivalent safeguards and data-subject rights.
Transfer Impact Assessments(TIAs): Before any new route for data transfer is used, the legal context, surveillance risks, available remedies, and data sensitivity are weighed to confirm an acceptable risk level.
Ongoing Monitoring: Legal and operational teams track legal changes and practical developments in each destination, pausing, and adjusting transfers if protection can no longer be ensured.
Where Your Data Might Go
We prioritise transfers to countries with adequacy decisions, which provide the highest level of protection for your data.
What adequacy means for you:
Equal protection: Your personal data enjoys the same safeguards overseas as it does under UK or EU law.
No extra paperwork: Because the destination already meets GDPR standards, no additional contractual safeguards are required.
Seamless service: Adequacy decisions allow data to move freely, keeping our services uninterrupted.
Countries with Adequacy Decisions
These countries have been officially recognised as providing adequate data protection:
EU-UK Data Transfers
Data transfers between the UK and EU benefit from mutual adequacy arrangements:
Status: Full adequacy recognition
What this means: Your data can flow freely between the UK and EU with full protection
Why it's safe: Both jurisdictions maintain equivalent data protection standards
Other Adequate Countries:
Andorra, Argentina, Canada (commercial), Faroe Islands
Guernsey, Israel, Isle of Man, Japan, Jersey
New Zealand, Republic of Korea, Switzerland, Uruguay
Countries with Standard Contractual Clauses
For countries without adequacy decisions, we use legally binding agreements:
UK International Data Transfer Agreement (IDTA):
For transfers from the UK: We use the UK IDTA or UK Addendum
Protection level: Equivalent to UK GDPR standards
Your rights: Full UK GDPR rights maintained
EU Standard Contractual Clauses:
• For transfers from the EU: We use the European Commission's 2021 SCCs
• Protection level: Equivalent to EU GDPR standards
• Your rights: Full EU GDPR rights maintained
US Data Transfers and Sub-Processors
We carefully manage data transfers to the United States through certified partners and robust safeguards.
Data Privacy Framework Participation
Where possible, we work with US companies certified under the EU-US and UK Extension to the EU-US Data Privacy Framework:
Certified Partners: Priority given to DPF-certified service providers
Self-Certification Verification: Regular verification of partner certification status
Recourse Mechanisms: Access to DPF dispute resolution mechanisms
Enforcement: US Department of Commerce and FTC enforcement
Sub-Processor Management
Our sub-processor management ensures all downstream transfers are protected:
Due Diligence: Comprehensive assessment of sub-processor data protection practices
Contractual Protection: Binding agreements requiring equivalent protection
Regular Audits: Ongoing monitoring of sub-processor compliance
Incident Response: Coordinated response to any sub-processor security incidents
Our Transfer Assessment Process
We conduct thorough assessments before implementing any international data transfer to ensure adequate protection.
Transfer Impact Assessment
Assessment
Criteria
Evaluation
Factors
Risk
Mitigation
Review
Frequency
Legal Framework
Data-protection statutes, surveillance laws, judicial oversight
Formal legal analysis with external expertise and documented opinions
Annual review or whenever legislation changes
Government Access
Scope of authority powers, procedural safeguards, oversight bodies
Encryption and strict data-minimisation controls
Quarterly monitoring of destination-country law and practice
Technical Safeguards
Encryption standards, access controls, data segregation
Enhanced end-to-end encryption and zero-knowledge architecture
Continuous automated security monitoring
Contractual Protection
SCC or IDTA terms, supplementary clauses, audit rights
Strengthened clauses with explicit audit-right provisions and scheduled audits
Annual contractual audit and re-certification
Technical and Organisational Safeguards
Safeguard Type
Measures Implemented
Technical
Encryption (in transit and at rest), strict access controls, pseudonymisation to reduce identifiability, secure transmission channels for all transfers
Organisational
Comprehensive staff training on transfer requirements, binding contractual obligations with all recipients, audit rights for regular inspections, rapid incident-response procedures for any transfer-related issues
Your Data Transfer Rights
You have specific rights regarding international transfers of your personal data.
Right to Information
You can ask us:
Where your data is being transferred.
Why the transfer is necessary.
What safeguards are in place.
How your rights are protected.
Right to Object
You can object to:
Specific international transfers.
Processing in certain countries.
Use of particular safeguards.
Right to Effective Remedies
You have access to:
Local Remedies: Legal remedies in the destination country.
Home Country Protection: Full protection under UK/EU law.
Regulatory Support: Assistance from UK/EU data protection authorities.
What We Don't Do
Unrestricted Transfers
We never transfer data without appropriate safeguards.
We don't rely on adequacy decisions that have been withdrawn.
We don't transfer data to countries with inadequate protection.
Excessive Data Sharing
We only transfer data that's necessary for the specific purpose.
We don't share more data than required.
We regularly review and minimise transfer volumes.
Permanent Relocations
We don't permanently relocate your data without notice.
We maintain primary data processing in appropriate jurisdictions.
We provide clear information about any changes.
Monitoring And Updates
Continuous Monitoring
Legal Developments:
Regular monitoring of adequacy decisions.
Tracking changes in destination country laws.
Assessment of new legal challenges.
Partner Compliance:
Regular audits of transfer recipients.
Monitoring of partner certifications.
Assessment of ongoing protection effectiveness.
Regular Reviews
Annual Assessments:
Comprehensive review of all transfer arrangements
Update of Transfer Impact Assessments
Revision of safeguards where necessary
Incident Response:
Immediate response to any protection failures
Suspension of transfers if necessary
Alternative arrangements implementation
Contact Us
Transfer
Questions
Email:
privacy@gogorilla.com
Subject:
International Data Transfers
Response Time:
Within 48 hours
Data Protection Officer
Email:
privacy@gogorilla.com
For:
Transfer concerns, rights requests, complaints
Technical
Support
Email:
support@gogorilla.com
For:
Technical questions about data location
Your data's journey around the world should be as secure as its stay at home. We're committed to ensuring that international transfers enhance your experience while maintaining the highest levels of data protection.
Last Updated: January 2025
Version: 1.1
Growth Services
Creative Services
Solutions
Company
Phone
info@gogorilla.com
United Kingdom
!
Website designed with ♡ by our in-house design and engineering team
Growth Services
Creative Services
Company
Phone
info@gogorilla.com
United Kingdom
Website designed with ♡ by our in-house design and engineering team
Pricing
Growth Services
Creative Services
Talent & Agency Solutions
FinTech Platform
Solutions
Capital
Company
Phone
info@gogorilla.com
United Kingdom
Website designed with ♡ by our in-house design and engineering team
Pricing
Growth Services
Creative Services
Talent & Agency Solutions
FinTech Platform
Solutions
Capital
Company
Website designed with ♡ by our in-house design and engineering team
[1] ‘World’s First’
Claim
has been
independently
verified by a
third-party
legal representative.
Learn
more
Phone
info@gogorilla.com
Growth Services
Creative Services
Solutions
Company
Phone
info@gogorilla.com
United Kingdom
Website designed with ♡ by our in-house design and engineering team
Privacy & Data Protection
Privacy Policy
Your Rights
Cookie Policy
International Data Transfers
Data Security
Data Retention
Marketing And Advertising Compliance
Meta Advertising Policy
Evidence For Marketing Claims
Business And Legal
Data Processing Agreement
Regulatory Disclosures
Claim Verification
Code Of Ethics
Transparency Report
Contact And Support
Contact And Complaints
Changes To This Policy
International Data Transfer
January 2025
January 2025
(Version 1.1)
Secure Global Data Transfer
At GoGorilla, we operate a global platform that helps businesses succeed worldwide.
Sometimes this means your data needs to travel across borders to provide you with the best possible service. Don't worry, we make sure your data is just as protected when it travels as when it stays home.
This section explains how we handle international data transfers, what protections we have in place, and how we ensure your data remains secure no matter where it goes.
Why Your Data Travels
Our innovative marketing-fintech platform operates globally, which means your data might need to travel internationally for several reasons:
Global Platform Operations
Cloud Infrastructure: Our platform uses global cloud services for reliability and speed.
Partner Services: We work with international partners to provide you with the best tools.
Customer Support: Our support team might be located in different countries.
Analytics and Insights: Global data processing helps us provide better insights.
Better Service for You
Faster Performance: Data processing closer to you means faster loading times
24/7 Support: Global teams mean round-the-clock support
Advanced Features: Access to cutting-edge international technology partners
Reliability: Global infrastructure means better uptime and backup systems
Transfer Framework And Legal Basis
We have a comprehensive framework to ensure your data is protected during international transfers:
Legal Compliance
All our international data transfers comply with:
UK GDPR Chapter V: UK requirements for international transfers
EU GDPR Chapter V: EU requirements for international transfers
Ongoing Monitoring: Regular reviews to ensure continued protection
Multiple Protection Layers
Adequacy Decisions: Data is sent only to jurisdictions that the UK Government or European Commission have formally recognised as offering an adequate level of protection.
Standard Contractual Clauses: When no adequacy decision exists, the UK International Data Transfer Agreement or the 2021 EU Standard Contractual Clauses are adopted to provide equivalent safeguards and data-subject rights.
Transfer Impact Assessments: Before any new route for data transfer is used, the legal context, surveillance risks, available remedies, and data sensitivity are weighed to confirm an acceptable risk level.
Ongoing Monitoring: Legal and operational teams track legal changes and practical developments in each destination, pausing, and adjusting transfers if protection can no longer be ensured.
Where Your Data Might Go
We prioritise transfers to countries with adequacy decisions, which provide the highest level of protection for your data.
What adequacy means for you:
• Equal protection: Your personal data enjoys the same safeguards overseas as it does under UK or EU law.
• No extra paperwork: Because the destination already meets GDPR standards, no additional contractual safeguards are required.
• Seamless service: Adequacy decisions allow data to move freely, keeping our services uninterrupted.
Countries with Adequacy Decisions
These countries have been officially recognised as providing adequate data protection:
EU-UK Data Transfers
Data transfers between the UK and EU benefit from mutual adequacy arrangements:
Status: Full adequacy recognition
What this means: Your data can flow freely between the UK and EU with full protection
Why it's safe: Both jurisdictions maintain equivalent data protection standards
Other Adequate Countries:
Andorra, Argentina, Canada (commercial), Faroe Islands
Guernsey, Israel, Isle of Man, Japan, Jersey
New Zealand, Republic of Korea, Switzerland, Uruguay
Countries with Standard Contractual Clauses
For countries without adequacy decisions, we use legally binding agreements:
UK International Data Transfer Agreement (IDTA):
For transfers from the UK: We use the UK IDTA or UK Addendum
Protection level: Equivalent to UK GDPR standards
Your rights: Full UK GDPR rights maintained
EU Standard Contractual Clauses:
• For transfers from the EU: We use the European Commission's 2021 SCCs
• Protection level: Equivalent to EU GDPR standards
• Your rights: Full EU GDPR rights maintained
US Data Transfers and Sub-Processors
We carefully manage data transfers to the United States through certified partners and robust safeguards.
Data Privacy Framework Participation
Where possible, we work with US companies certified under the EU-US and UK Extension to the EU-US Data Privacy Framework:
Certified Partners: Priority given to DPF-certified service providers
Self-Certification Verification: Regular verification of partner certification status
Recourse Mechanisms: Access to DPF dispute resolution mechanisms
Enforcement: US Department of Commerce and FTC enforcement
Sub-Processor Management
Our sub-processor management ensures all downstream transfers are protected:
Due Diligence: Comprehensive assessment of sub-processor data protection practices
Contractual Protection: Binding agreements requiring equivalent protection
Regular Audits: Ongoing monitoring of sub-processor compliance
Incident Response: Coordinated response to any sub-processor security incidents
Our Transfer Assessment Process
We conduct thorough assessments before implementing any international data transfer to ensure
adequate protection.
Transfer Impact Assessment
Assessment
Criteria
Evaluation Factors
Risk
Mitigation
Review Frequency
Legal Framework
Data-protection statutes, surveillance laws, judicial oversight
Formal legal analysis with external expertise and documented opinions
Annual review or whenever legislation changes
Government Access
Scope of authority powers, procedural safeguards, oversight bodies
Encryption and strict data-minimisation controls
Quarterly monitoring of destination-country law and practice
Technical Safeguards
Encryption standards, access controls, data segregation
Enhanced end-to-end encryption and zero-knowledge architecture
Yes since disabling does not affect core functionality
Contractual Protection
SCC or IDTA terms, supplementary clauses, audit rights
Strengthened clauses with explicit audit-right provisions and scheduled audits
Annual contractual audit and re-certification
Technical and Organisational Safeguards
Assessment Criteria
Evaluation Factors
Legal Framework
Data-protection statutes, surveillance laws, judicial oversight
Government Access
Scope of authority powers, procedural safeguards, oversight bodies
Your Data Transfer Rights
You have specific rights regarding international transfers of your personal data.
Right to Information
You can ask us:
Where your data is being transferred.
Why the transfer is necessary.
What safeguards are in place.
How your rights are protected.
Right to Object
You can object to:
Specific international transfers.
Processing in certain countries.
Use of particular safeguards.
Right to Effective Remedies
You have access to:
Local Remedies: Legal remedies in the destination country.
Home Country Protection: Full protection under UK/EU law.
Regulatory Support: Assistance from UK/EU data protection authorities.
What We Don't Do
Unrestricted Transfers
We never transfer data without appropriate safeguards.
We don't rely on adequacy decisions that have been withdrawn.
We don't transfer data to countries with inadequate protection.
Excessive Data Sharing
We only transfer data that's necessary for the specific purpose.
We don't share more data than required.
We regularly review and minimise transfer volumes.
Permanent Relocations
We don't permanently relocate your data without notice.
We maintain primary data processing in appropriate jurisdictions.
We provide clear information about any changes.
Monitoring And Updates
Continuous Monitoring
Legal Developments:
Regular monitoring of adequacy decisions.
Tracking changes in destination country laws.
Assessment of new legal challenges.
Partner Compliance:
Regular audits of transfer recipients.
Monitoring of partner certifications.
Assessment of ongoing protection effectiveness.
Regular Reviews
Annual Assessments:
Comprehensive review of all transfer arrangements
Update of Transfer Impact Assessments
Revision of safeguards where necessary
Incident Response:
Immediate response to any protection failures
Suspension of transfers if necessary
Alternative arrangements implementation
Contact Us
Transfer Questions
Email:
privacy@gogorilla.com
Subject:
International Data Transfers
Response Time:
Within 48 hours
Data Protection Officer
Email:
privacy@gogorilla.com
For:
Transfer concerns, rights requests, complaints
Technical Support
Email:
support@gogorilla.com
For:
Technical questions about data location
Your data's journey around the world should be as secure as its stay at home. We're committed to ensuring that international transfers enhance your experience while maintaining the highest levels of data protection.
Last Updated: January 2025
Version: 1.1