Schedule it Ltd - Sub-processors
Sub-processors are third-party businesses engaged by a processor for performing data processing on behalf of a controller. According to the GDPR, these companies are also accountable for protection of an individual’s personal data. Data protection obligations of sub-processors are to be established by way of contract or other legal acts under the Union or Member State law. This includes providing sufficient guarantees to implement appropriate technical and organisational measures as specified in the regulation.
Schedule it Ltd uses sub-processors (listed below), to assist in providing services as described in our Terms and Conditions or a similar services agreement customers may have signed with us.
Schedule it Ltd partners with organizations, that like itself adhere to global standards and regulations. Apart from evaluation for technical requirements, Schedule it Ltd ensures examination of data protection measures, compliance with Schedule it Ltd’ security requirements and security audit reports before close of contract. Initial agreements include review and approval of - provision for breach notification in the event of unwarranted data incidents, and necessary security measures for data protection.
Agreements
As part of Schedule it Ltd’ revised
Terms and Conditions and
Privacy Policy for compliance, Schedule it Ltd provides all EU customers a data processing addendum (DPA) that covers its obligations under the GDPR. You can find our
DPA here. It automatically applies to processing of EU personal data and no additional paperwork is required in this regard.
Schedule it Ltd commits to keep this list updated regularly, to enable Controllers stay informed of the scope of sub-processing associated with Schedule it Ltd services.
The list of Sub-processors Schedule it Ltd utilises are both infrastructure and services specific vendors to provide product and services to it’s Controllers (Schedule it Ltd customers) and end-users. The following is an up-to-date list (as of 13th September 2022) of names and purpose of Schedule it Ltd sub-processors and 3rd-party vendors:
Infrastructure & Services Sub-processors:
Schedule it Ltd products and services operate on cloud platforms, listed in the table below. Schedule it Ltd holds control and access to data hosted on these services, and resides in corresponding data center facilities based on location or choice(plan) of the Controller (Schedule it Ltd’ customer). Data subsequently remains in the data center unless, shifted to ensure performance and availability of services, or specifically agreed between the Controller and Schedule it Ltd as per needs of the Controller. The following table describes the services and purpose for which these infrastructure service providers have been engaged.
To be able to provide specific functionality within its products and services, Schedule it Ltd partners with third-party services. These entities are sub-processors with access to service data (limited to purpose and use of indicated services) and are listed in the table below:
VENDOR |
PURPOSE |
DATA CENTERS* |
Akamai - Linode, LCC. |
Primary cloud infrastructure and virtual server provider hosting the servers where SaaS applications are run. Almost all data stored, processed and transmitted through Schedule it Ltd products and services resides on Linode Web Services data centers in London.
Status
Security Compliance
Security Email Contact
|
United Kingdom |
DigitalOcean, LLC. |
Backup cloud infrastructure and virtual server provider hosting the servers where SaaS applications are run. Also running on London based servers.
Status
Security Page
DigitalOcean Security Email Contact
|
United Kingdom |
Amazon Web Services, Inc. |
Storage provider for Schedule it Ltd, where SaaS applications are hosted and upload attachments are stored. |
European Economic Area United States |
Google Cloud Platform. |
Secondary cloud infrastructure provider of Schedule it Ltd, data is stored and processed in Google Cloud Platform Data Centers. |
European Economic Area United States |
Mailgun, Inc. |
Email Service Provider - Managed mail servers are provided by mailgun. Emails that are triggered programmatically from the applications are sent via Mailgun.
Status
Privacy Policy
|
United States |
Brevo (formally SendinBlue, Inc). |
Backup Email Service Provider - Backup mail servers are provided by Brevo. Emails that are triggered programmatically from the applications are sent via Brevo.
Status
Privacy Policy
|
France United States |
Twilio. |
Used for multi-factor authentication if SMS is enabled. |
European Economic Area United States |
Google Analytics. |
Used for behavioral analytics, assigns web site visitors anonymised IDs and then tracks details like clicks, pages visited, bounces, etc. |
European Economic Area United States |
Linkedin Analytics. |
Used for behavioral analytics, assigns web site visitors anonymised IDs and then tracks details like clicks, pages visited, bounces, etc. |
European Economic Area United States |
Facebook Analytics. |
Used for behavioral analytics, assigns web site visitors anonymised IDs and then tracks details like clicks, pages visited, bounces, etc. |
European Economic Area United States |
*For all our sub processors we review and agree to their standard onsite terms and conditions of their service as our due diligence steps to ensure they are able to provide the services in the countries they specify.
*For customers hosted in the EEA datacenter, only those services are turned on by default, where the specific sub-processor has data centers in the EEA. However, if customers choose to use services like 3rd party integrations, file storage and apps, custom apps then data is expected to leave the EEA.