Salesforce BCRs
Binding Corporate Rules (or "BCRs") are company specific, group-wide data protection policies approved by European and UK data protection authorities to facilitate transfers of personal data from the European Economic Area and the UK to countries that have not been deemed adequate. BCRs are based on strict privacy principles established by European Union and UK data protection authorities and require intensive consultation with European and UK data protection authorities.
Salesforce received approval from European data protection authorities for its EU Binding Corporate Rules ("Salesforce EU Processor BCR") in 2015 and from the Information Commission Office (ICO) for its UK Binding Corporate Rules ("Salesforce UK Processor BCR") in 2023. For more details about the scope of the Salesforce Processor EU BCR and Salesforce Processor UK BCR and their respective applicable services, please see here and here. For additional information about the multiple legal transfer mechanisms which Salesforce has to help customers validate transfers of personal data, please see our Data Processing Addendum.
Please refer to each BCR for the full list of applicable services.
Applicable documents by service
Name | Updated On 2023-07-26 | Infrastructure First party, AWS, Hyperforce | Services  Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Einstein Platform Heroku IoT Cloud LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate Marketing Cloud Marketing Cloud Account Engagement MuleSoft Salesforce Services and Additional Services Slack Tableau Vlocity |
Name | Updated On 2023-06-05 | Infrastructure First party, AWS, Hyperforce | Services Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Einstein Platform Heroku IoT Cloud LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate Marketing Cloud Marketing Cloud Account Engagement MuleSoft Salesforce Services and Additional Services Slack Tableau Vlocity |
