Article 9 - Transfers to jurisdictions with adequate levels of protection

(1) Subject to Article 10, a Data Controller may only transfer Personal Data to a Recipient located in a jurisdiction outside the QFC if an adequate level of protection for that Personal Data is ensured by laws and regulations that are applicable to the Recipient.
(2) The adequacy of the level of protection ensured by laws and regulations to which the Recipient is subject as referred to in Article 9(1) shall be assessed in the light of all the circumstances surrounding a Personal Data transfer operation or set of Personal Data transfer operations, including, but not limited to:
(A) the nature of the data;
(B) the purpose and duration of the proposed Processing operation or operations;
(C) if the data does not emanate from the QFC, the country of origin and country of final destination of the personal data; and
(D) any relevant laws to which the recipient is subject, including professional rules and security measures.