Speak to lily

Book a demo

Menu

Speak to lily

Book a demo

Standard Contractual Clauses

Last Updated :

Sep 11, 2025

1. Purpose of This Page

At Lily, we take data protection seriously.
When personal data is transferred outside the United Kingdom (UK) or European Economic Area (EEA), we must ensure it is protected to the same high standards as if it remained within those regions.

To achieve this, Lily uses Standard Contractual Clauses (SCCs) and, where relevant, the UK Addendum to the SCCs.

This page explains:

  • What SCCs are,

  • How Lily uses them,

  • Where to access the latest versions.

2. What Are SCCs?

Standard Contractual Clauses (SCCs) are template legal agreements approved by regulators (like the UK Information Commissioner’s Office and the European Commission) that allow personal data to be transferred internationally in a lawful and secure way.

They ensure that:

  • Data sent outside the UK/EEA is protected to GDPR-equivalent standards,

  • Both Lily and its partners/vendors have clear obligations to protect data,

  • Employers using Lily can confidently manage international data flows.

3. When SCCs Are Used

SCCs are used whenever:

  • Personal Data processed through Lily’s platform needs to move across borders, such as:

    • Hosting services,

    • Telephony infrastructure,

    • AI model processing,

    • Support services.

Example scenarios:

Scenario

Example Location

Candidate in UK, data stored in secure cloud region

AWS region outside the EEA

AI call processed by telephony provider

US-based service like Twilio

Customer support ticketing data transfer

Vendor in the US

In each case, SCCs are automatically applied between Lily and the relevant vendor to maintain compliance.

4. SCC Structure

Lily uses:

  1. EU Standard Contractual Clauses (June 2021 version)

    • For transfers from the EEA to countries without an adequacy decision.

  2. UK Addendum to EU SCCs (March 2022 version)

    • For transfers from the UK.

Both documents are incorporated into our Data Processing Agreement (DPA) by reference and apply automatically to customers.

5. Our Approach to Cross-Border Data

We follow a “layered protection” approach:

Layer

What It Provides

Local storage where possible

Data hosted in the UK or EEA by default

Vendor due diligence

Security and privacy audits before onboarding vendors

SCCs and UK Addendum

Legal framework for safe international transfers

Technical safeguards

Encryption, access controls, monitoring

Ongoing compliance checks

Regular reviews of data flows and vendor practices

6. Customer and Candidate Transparency

  • Candidates:
    Our Privacy Policy explains how and why data may move internationally and under what legal mechanisms.
    See Privacy Policy.

  • Customers (Employers):
    By signing an Order Form with Lily, you automatically benefit from these SCC protections.
    No additional signature or action is required.

7. Accessing the SCC Documents

The following documents are incorporated by reference into Lily’s Data Processing Agreement:

Document

Description

Link

EU Standard Contractual Clauses (2021)

Official EU-approved clauses for international transfers

Download PDF

UK Addendum to SCCs (2022)

UK-specific addendum that adapts the EU SCCs for UK data law

Download PDF

Lily’s Data Processing Agreement (DPA)

Explains how SCCs apply to customers and their data

View DPA

8. Sub-Processors and Data Locations

To provide the Services, Lily engages carefully selected Sub-Processors who may process data internationally.

You can see a live, up-to-date list of our Sub-Processors, including their locations and services, at:
https://teamlily.ai/legal/sub-processors

Each Sub-Processor agreement includes:

  • SCCs or equivalent transfer mechanism,

  • Security and privacy obligations equal to Lily’s own standards.

9. FAQs

Do customers need to sign the SCCs separately?

No.
The SCCs and UK Addendum are automatically incorporated into your agreement with Lily through our DPA.

Are all international transfers covered?

Yes.
Every transfer of Personal Data outside the UK/EEA is covered by:

  • SCCs or an adequacy decision, and

  • Lily’s technical and organisational safeguards.

How do I verify Lily’s compliance?

  • Review our DPA,

  • Check our Sub-Processor list,

  • Request relevant security documentation through your account representative.

10. Legal References

This page references:

  • UK GDPR – Data Protection Act 2018,

  • EU GDPR – Regulation (EU) 2016/679,

  • EU Commission Implementing Decision (EU) 2021/914 – adopting SCCs,

  • UK ICO International Data Transfer Addendum (March 2022).

11. Contact Us

For questions about cross-border transfers or SCCs, contact:

Progreso AI Limited (Lily AI)
Email: privacy@teamlily.ai