top of page

​​

Data Transfer Agreement

Updated as of: October 4, 2025

​

This Data Transfer Agreement (“DTA”) is entered into by and between:

  • GeoWGS84 Corp (“GeoWGS84”) DBA LizardTech, and

  • Customer of GeoWGS84 Online Services (“Customer”),

to the extent Customer transfers personal data to GeoWGS84 or permits GeoWGS84 to access personal data located in a jurisdiction that requires special protections for transfers across international borders (e.g., the European Economic Area, Switzerland, or the United Kingdom).

​

1. General Provisions

​

  • For any jurisdiction not listed in this DTA that requires special protections for an international data transfer, the parties hereby agree to be bound by the EEA Standard Contractual Clauses unless otherwise agreed in writing.

  • The specific roles and responsibilities of the parties under relevant data protection law are described in Schedule 1.

​

2. European Economic Area (EEA)

​

  • EEA Standard Contractual Clauses means the European Union standard contractual clauses for international transfers (Commission Implementing Decision (EU) 2021/914 of 4 June 2021).

  • Where transfers from the EEA are not subject to an adequacy decision or exception, the parties hereby incorporate and agree to be bound by the EEA Standard Contractual Clauses.

​

Selected Options (per SCCs):

  • Clause 11(a), Module 1: Independent dispute resolution not selected.

  • Clause 17, Module 1 & 2: Option 1 selected; governing law is Ireland.

  • Clause 18(b), Module 1 & 2: Forum is the courts of Ireland.

  • Annex I(A): Data exporter = Customer; data importer = GeoWGS84.

  • Annex I(B): Schedule 1 describes the transfer.

  • Annex I(C): Competent supervisory authority = Data Protection Commission of Ireland.

  • Annex II: Technical & organizational measures = Schedule 2.

  • Annex III: Subprocessors = listed in Schedule 1.

​

3. Switzerland

  • The parties adopt the GDPR standard for all data transfers from Switzerland.

  • Clause 13 / Annex I(C): Competent authorities = Federal Data Protection and Information Commissioner and EEA supervisory authority identified above.

  • Clause 17: Governing law = Switzerland.

  • Clause 18: Forum = courts of Switzerland.

  • “Data subjects” includes Swiss legal entities until the revised Federal Act on Data Protection becomes operative.

​

4. United Kingdom

  • IDTA means the International Data Transfer Agreement issued by the UK ICO (effective February 2, 2022).

  • For transfers from the UK not subject to an adequacy decision or exception, the parties hereby incorporate the IDTA Mandatory Clauses by reference.

​

IDTA Tables:

​

  • Table 1: Parties’ details and signatures in DTA signature block.

  • Table 2:

    • Governing law = England & Wales.

    • Forum = courts of England.

    • Parties’ statuses = Exhibit 1.

    • UK GDPR does not apply to Data Importer’s processing under this Agreement.

    • Duration = coterminous with DTA.

    • Transfers to third parties must comply with IDTA Mandatory Clauses.

    • Security measures reviewed annually (see Schedule 2 & Schedule 3).

  • Table 3: Categories of personal data and purposes = Exhibit 1.

  • Table 4: Security measures = Schedule 2.

​

5. Schedules

Schedule 1: Description of the Processing

​

Includes:

  • Nature and purpose of processing.

  • Status of parties as Controllers/Processors.

  • Exporter and Importer roles.

  • Categories of data subjects & personal data processed.

  • Frequency of transfer (continuous).

  • Subprocessors (e.g., AWS, Azure, Salesforce, HubSpot, Zoom, Zendesk, etc.).

  • Applicable SCCs Module (Module 1 or 2 depending on activity).

(See original detailed listing for each processing activity and subprocessor, with GeoWGS84 as Importer.)

​

Schedule 2: Technical & Organizational Security Measures

​

GeoWGS84 maintains a written information security program, including:

  • Defined roles and responsibilities for managing security.

  • Employee training and disciplinary measures.

  • Asset management and encryption standards.

  • Physical and environmental security.

  • Access controls, monitoring, and logging.

  • Incident response procedures.

  • Business continuity & disaster recovery plans.

  • Mobile device and telework safeguards.

  • Secure solutions for data transfer with customers.

  • ​

Schedule 3 (if applicable): Supplementary Measures

​

Additional safeguards for transfers (reviewed annually), including encryption, access restrictions, and ongoing compliance audits.

​

bottom of page