Binding Corporate Rules (or "BCRs") are company­ specific, group-­wide data protection policies approved by European data protection authorities to facilitate transfers of personal data from the European Economic Area to other countries. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with European data protection authorities.

Salesforce has received approval from European data protection authorities for its Binding Corporate Rules ("Salesforce Processor BCR"). For more details about the scope of the Salesforce Processor BCR and applicable services, please see here. For additional information about the multiple legal transfer mechanisms which Salesforce has to help customers validate transfers of personal data, please see our Data Processing Addendum.