🇨🇿 Česká verze

International Data Transfers

Effective from: 2 July 2026 · Privacy Policy · Terms of Service

This document supplements the BREVET Privacy Policy and describes the legal basis on which personal data is transferred outside the European Economic Area (EEA), where applicable, in connection with the processors that BREVET uses.

1. Why the Transfer Occurs

Some processors used by BREVET to operate the Platform (in particular for payment processing, communication, and hosting) are companies headquartered or corporately structured in the United States. GDPR (Chapter V, Article 44 et seq.) requires that any transfer of personal data outside the EEA be covered by an appropriate legal mechanism — most commonly an adequacy decision or Standard Contractual Clauses (SCCs).

2. Overview of Processors and Transfer Mechanisms

ProcessorPurposeTransfer mechanism
Meta Platforms, Inc. (WhatsApp Business Platform)Delivery of Job-related messagesCertified under the EU-U.S. Data Privacy Framework (DPF), including the UK Extension
Stripe, Inc. / Stripe Payments EuropePayment processing (Stripe Connect)Certified under the EU-U.S. Data Privacy Framework (DPF), including the UK Extension
Twilio Inc.Automated voice calls (robocalls) to Tradespeople as part of the emergency dispatch cascadeCertified under the EU-U.S. Data Privacy Framework (DPF), including the UK Extension
Supabase, Inc.Data storage, authentication, database hostingPrimary storage in an EU region (Frankfurt); transfer to Supabase, Inc. (USA) covered by Standard Contractual Clauses (SCCs) under the Data Processing Agreement
Vercel Inc.Hosting of the web and mobile applicationStandard Contractual Clauses (SCCs) under the Data Processing Agreement — we monitor the current scope of certification on an ongoing basis
Google Ireland Ltd. / Google LLCWeb analytics and advertising measurement (Google Analytics, Google Ads)Certified under the EU-U.S. Data Privacy Framework (DPF), including the UK Extension

3. A Note on Supabase

Even when a European region (Frankfurt) is selected for primary data storage, Supabase, Inc. remains a U.S. company and, as such, may in theory be subject to requests from U.S. authorities (e.g. under the CLOUD Act) regardless of the physical location of the server. We disclose this transparently in line with the GDPR's accountability principle. This is not a circumstance that currently requires a change of processor, but it forms part of our ongoing documentation of the processing chain.

4. Verifying Certifications

The current list of companies certified under the Data Privacy Framework can be verified in the official registry at www.dataprivacyframework.gov.

5. Your Rights

In connection with the international transfer of data, you have the same rights as set out in the Privacy Policy, including the right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ), www.uoou.cz, or with the competent supervisory authority in your country of residence.

Questions about international data transfers?
info@brevet.cz