Service status External connectivity status Startups Support center

Data Transfer Agreement to reflect the new EU SCCs and the UK Addendum

Last updated: Tue, 20th Sep ’22

Infobip is offering its customers and partners a possibility to execute an additional Data Transfer Agreement to include the new EU Standard Contractual Clauses (SCCs) and the UK Addendum. This post contains answers to frequently asked questions about this process and will be regularly updated by Infobip.

What is the purpose of this Data Transfer Agreement (DTA)?

On 4 June 2021, the European Commission issued the new European Union Standard Contractual Clauses (“2021 SCCs”), which should be implemented until 27 December 2022 the latest. Moreover, in the United Kingdom, on 21 March 2022, the international data transfer agreement (IDTA) and the international data transfer addendum to the 2021 SCCs (“UK Addendum”) have also entered into force.

To merge the efforts, we have drafted a Data Transfer Agreement (DTA) that covers both the 2021 SCCs and the UK Addendum, ensuring that with one comprehensive document and to the extent applicable, the new European Union’s and United Kingdom’s frameworks for international transfers are covered.

For more information regarding this subject matter, you can check the following links:

Lastly, note that which elements are included in the DTA depends on the fact which Infobip entity is offering the services to you. For example, if it is Infobip UK then the DTA will include both the 2021 SCCs and the UK Addendum. On the other hand, if it is one of the Infobip entities from the EU only 2021 SCCs will be listed.

What does this mean for Infobip’s customers and partners?

Who should sign the Data Transfer Agreement?

This DTA can be signed by our non-EU/EEA customer or partner whose personal data Infobip processes in the EU or UK and then transfers it back to such non-EU/EEA countries (the so-called ‘processor to controller’ transfer). Therefore, any Infobip entity from EU or UK which act as exporters will need to sign this DTA.

For such reason we prepared several different templates, pre-signed by Infobip entities from EU and UK. Our customers and partners are instructed to choose the appropriate template depending on the fact which Infobip entity is providing the services to them.

Lastly, have in mind that this DTA can be signed by our partners too, but only for non – EU/EEA SellThrough partnership agreements.

Is it mandatory for you to sign the DTA?

When providing our services, Infobip acts as a processor on behalf of the controller (i.e., the client) while performing our services. In a controller – processor relationship, as long as, GDPR/UK GDPR applies, it is the duty of the controller to address all issues, including the necessity to have a valid data processing agreement or a transfer mechanism in place. However, the processor is required to indicate to the controller if it considers controller’s activities are not aligned with GDPR/UK GDPR.

If you decline to sign the DTA, please send as a response and briefly explain why you believe the DTA does not apply to you. You can send this respond via e-mail to your Infobip business contact person (e.g., Customer Success Manager/Account Executive/Telecom Partnership Manager).

What to do if you already have signed the EU SCCs with Infobip?

As mentioned earlier, on 4 June 2021, the European Commission issued the new European Union Standard Contractual Clauses (“2021 SCCs”), which should be implemented until 27 December 2022 the latest.

In other words, a transition period is granted until 27 December 2022 to switch to the new SCCs. After that date, it will no longer be possible to rely on the previous SCCs to lawfully transfer personal data to third countries. Note that the term “third country” is a legal term and should be interpreted as it is defined within the SCCs and in accordance with EU’s data protection laws.

With that in mind, first check which version of the SCCs we have signed and whether it is the “new” ones. If it is the new ones, you can disregard this DTA.

If it is not the new ones, you need to sign this DTA which will repeal the EU standard contractual clauses for international data transfers that were in place before this Data Transfer Agreement entered into force. The DTA will incorporate Module 4 of the new SCCs.

How is this DTA executed?

The DTA is pre-signed on behalf of Infobip, and we have prepared multiple versions depending on which Infobip entity is providing you the services.

With that in mind, first check which Infobip entity is providing services to you and then download the appropriate template. Afterwards, follow the steps for execution as listed on the first page of each template.

When does the DTA become effective?

Send the completed and signed DTA to your Infobip business contact person (e.g., Customer Success Manager/Account Executive).

For signature you can use either wet-ink or e-signature depending on what is applicable in your country. If you decide to use an electronic signature, make sure to use a valid one (e.g., a copied-and-pasted image of a signature on a PDF is not a valid form).

Upon our receipt of the validly completed and signed DTA at the email addresses indicated above, it will become legally binding for both parties.

Is it possible to make any changes to this DTA?

Where can I download a pre-signed DTA template?

Our customers and partners are instructed to choose the appropriate template depending on the fact which Infobip entity is providing the services to them.

Please choose one of the templates available for download in the list below:

Infobip Croatia Data transfer agreement

Infobip France Data transfer agreement

Infobip Germany Data transfer agreement

Infobip Italy Data transfer agreement

Infobip Netherlands Data transfer agreement

Infobip Poland Data transfer agreement

Infobip Spain Data transfer agreement

Infobip Sweden Data transfer agreement

Infobip UK Data transfer agreement