International data transfers

This information is provided for informational purposes only. It is not intended to provide any sort of legal advice. Pearson urges its customers to consult with their own legal advisor to familiarise themselves with the requirements governing their specific situation.

Pearson values our customers' trust and privacy, and we are dedicated to protecting and safeguarding the personal data they entrust as with when using our products and services. We understand and respect that some customers may be concerned about their personal data being processed and stored outside of the countries where it was collected.

This briefly outlines how Pearson processes and protects the personal data of customers in the European Economic Area (EEA)/ United Kingdom (UK), ensuring compliance with applicable data protection laws including General Data Protection Regulation (GDPR) and UK DPA (2018).

Many of Pearson’s products and services are developed, delivered and hosted entirely in the EEA and/or UK. UK region respectively. However, we are a global business with a significant presence in other countries and our operations may require the transfer of personal data to countries outside the EEA, UK and the countries in which it is collected or from which it originates. This may include transfers of personal information to the United States of America.

We understand and respect the rules for onward transfers of personal data across international borders and, where such transfers are necessary the measures we take to protect personal information include:

  • Contractual Safeguards: Pearson’s contracts with its group companies, affiliates and third-party suppliers include necessary data protection terms and appropriate security measures to ensure protection of personal data to the standard required by applicable law.
  • Operational Safeguards: Customer personal data is retained only for the period necessary to fulfil the purposes outlined in the respective privacy notices unless a longer retention period is required or allowed by applicable law(s).
  • Technical and Security Safeguards: Pearson maintains technical, organisational, and physical measures designed to protect personal data in accordance with privacy and applicable laws against loss, and unauthorised access, use, alteration, and disclosure. We consider the nature of the data and the processing, as well as the impact on the rights and freedoms of individuals whose data is being processed. Such measures include but are not limited to encryption during transit and at rest using state- of-art encryption protocols, two-factor authentication, and strict access controls on a need-to-know basis for the purpose of performing required business functions.
  • Legal and Regulatory Safeguards: Pearson relies on EU Commission adequacy decisions and Standard Contractual Clauses (“SCC’s”) for transfers of customer data to its non-EU affiliates and third-party suppliers and based on transfer impact assessments carried out in accordance with the requirements of EU law and the European Data Protection Board (EDPB) Recommendations. 

Contact us

dataprivacy@pearson.com

 

Customer Support Portal