We may use sub-processors to provide services to a client. This page provides information about the identity, location, and role of each sub-processor.
Current as of 8th August 2024
| Sub-processor | Description & country of processing | Safeguards for transfers of personal data to third countries | General description of technical and organisational security measures. | Link to GDPR compliant data processing policy/contract with sub-processor |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Off-site backupsUK | EU Standard Contractual Clauses | Encrypted storage | https://aws.amazon.com/compliance/gdpr-center/ |
| DigitalOcean, LLC | Customer feedback application – processing and storageUK | Data Processing Agreement in force. | Encrypted storage | https://www.digitalocean.com/legal/data-processing-agreement |
| Twilio – Sendgrid | Email and SMS messages for sending survey links. Encrypted transfer of email and/or SMS number and any optional email personalisation fields, then transmission of survey link by email or SMS.US | Data Processing Agreement signed. | Email metadata (not content) is stored for 30 days. |
Data Processing Addendum agreement in place. https://www.twilio.com/legal/bcr/processor#part-i-introduction-to-this-processor-policy |
| App Signal | Application monitoring: Performance monitoring; Error detection; Anomaly detection. Diagnostic application data is only transferred in case of an exception occurring. Customer contact details are excluded from application error reports. Netherlands (EU) | Data Processing Agreement signed. | Encrypted transfer. Not stored. | https://docs.appsignal.com/appsignal/gdpr.html#data-processor |
| OpenAI | Comment analysis. No personal data is transferred unless it is embedded in customer comments.US Opt-out available on request. | Data Processing Agreement signed. | Encrypted transfer. Not stored. | https://openai.com/policies/data-processing-addendum |