Sorry for the delay, but I’ve chased an update for you!
Here’s what our legal team have said…
"In the vast majority of cases, we process data within the EEA, however this not always possible. In the interests of security and confidentiality, we do not disclose the specific types of data that we transfer outside the EEA, the specific recipients of transfers or the locations of recipients. However, we can confirm that we comply with UK law, including the Data Protection Act 1998, and ensure that third parties to whom we transfer personal data demonstrate that they have appropriate safeguards in place for the protection of the privacy of this personal data.
We are in the process of amending the details of our registration with the Information Commissioner’s Office to ensure that these continue to reflect the practices of our growing business, and this may include revising information regarding the transfer of personal data outside the EEA.
For more information about the Data Protection Act 1998, you can visit https://ico.org.uk/. If you have questions relating to us, including any of our policies or terms and conditions, you may contact us at email@example.com."
Thought it was best to repeat what they said, rather than edit it for the community. Hope it answers the questions you’ve had!