Sub-processors
Effective starting: 27 May, 2022
Program owner and administrator specific sub-processors
Sub-processor services we use to engage and support your organisation. Entrants/applicants, nominators and judges/reviewers do not make use of these services.
| Sub-processor | Business location | Data processing location(s) | Description of services provided |
|---|---|---|---|
| Chameleon http://trychameleon.com |
United States | United States | In-app product tours. Processes email addresses. Uses Standard Contractual Clauses. Technical security measures: https://www.trychameleon.com/security |
| Deepnote https://deepnote.com |
California, United States | United States | Data pipeline management. May process personal data. Uses Standard Contractual Clauses. Technical security measures: https://deepnote.com/security |
| Elevio https://elev.io |
Collingwood, Victoria, Australia | United States | In-app support panel. Processes email addresses. Uses Standard Contractual Clauses. |
| Hubspot https://www.hubspot.com |
Ireland | United States | Software products for inbound marketing, sales, and customer service. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://www.hubspot.com/security |
| Intercom https://www.intercom.com |
San Francisco, California, US | United States (Virginia) | Chat and support management within our software product. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://www.intercom.com/security |
| Klaus https://klausapp.com |
Estonia | Germany (Frankfurt) | Support team conversation review and QA platform. Processes personal data. Data is not processed outside of the EU. Technical security measures: https://www.klausapp.com/security |
| Sequin https://www.sequin.io |
Los Angeles, California, US | United States | Data pipeline management. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://www.sequin.io/legal/security |
| Zendesk https://www.zendesk.com |
San Francisco, California, US | Australia (Sydney) | Client support management. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://www.zendesk.com/product/zendesk-security |
All user sub-processors
Sub-processor services we use to engage and support your organisation, your program and your participants. All roles including program owners, administrators, entrants, applicants, nominators, judges and reviewers make use of these services.
| Subprocessor | Business location | Data processing location(s) | Description of services provided |
|---|---|---|---|
| Amazon Web Services https://aws.amazon.com |
Seattle, Washington, US | Australia (Sydney) Canada (Montreal) Europe (Ireland and Germany) United States (California) |
Cloud hosting infrastructure for whole AF application stack. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data https://aws.amazon.com/security |
| Google Cloud https://cloud.google.com |
Dublin, Ireland | Australia Canada Europe United States |
Cloud infrastructure for data backup redundancy. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://cloud.google.com/security |
| Imgix https://www.imgix.com |
San Francisco, California, US | United States (rendering) Various edge nodes (caching) |
Image processing service. May process personal data captured in uploaded images and PDFs. Uses Standard Contractual Clauses. |
| MailGun https://www.mailgun.com |
San Francisco, California, US | Germany (Frankfurt) | Email sending service. Processes personal data used in the delivery and communication of email messages. Uses Standard Contractual Clauses. |
| New Relic https://newrelic.com |
San Francisco, California, US | United States | Application monitoring. May process personal data. Uses Standard Contractual Clauses. Technical security measures: https://drive.google.com/file/d/1pMixjKW1G-AuR8hcNwD8YsbOKlQbPq2F/view |
| Pusher https://pusher.com |
London, United Kingdom | United States (North Virginia) | Push service. Background processes use Pusher to send notifications on progress and file scanning. May process IP addresses and cookies. Uses Standard Contractual Clauses. Is GDPR and HIPAA compliant. |
| Stitch https://www.stitchdata.com |
United States | United States | ETL data pipeline. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://www.stitchdata.com/platform/security |
| URL2PNG https://www.url2png.com |
East Derry, New Hampshire, US | United States | Capture screenshots from URLs. May process personal data visible on publicly accessible websites. Uses Standard Contractual Clauses. |
| Vonage https://www.vonage.com |
San Francisco, California, US | Singapore | SMS sending service. May process personal data used in the delivery of SMS messages. Uses Standard Contractual Clauses. Technical security measures: https://www.vonage.com/communications-apis/platform/security https://www.vonage.com/legal/technical-organizational-security-practices |