Sub Processors – GDPR Resource

Updated 25th May 2018

To support delivery of our Service, Effective Experiments (t/a Digital Tonic Ltd) may engage and use data processors with access to certain Service data (each, a “Subprocessor”). This page provides important information about the identity, location and role of each Subprocessor. Terms used on this page but not defined have the meaning set forth in our Terms of Service and/or Contract Agreement (the “Agreement”). Defined terms used herein shall have the same meaning as defined in the Agreement.

What is a subprocessor

A Subprocessor is a third party data processor engaged by Effective Experiments who has or potentially will have access to or process Service data (which may contain Personal Data).Effective Experiments engages different types of Subprocessors to perform various functions as explained in the tables below.

Due diligence

Effective Experiments undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed Subprocessors that will or may have access to, or process, Service data.

Contractual Safeguards

Effective Experiments requires its Subprocessors to satisfy equivalent obligations as those required from Effective Experiments (as a Data Processor) as set forth in either Effective Experiments’s, or the corresponding Subprocessor’s equivalent, Data Processing Addendum (“DPA”), incorporating Standard Contractual Clauses (“SCC”) where appropriate, including but not limited to the requirements to:

  • process Personal Data in accordance with Effective Experiments’ instructions;
  • in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • implement and maintain appropriate technical and organisational measures (including measures consistent with those to which Effective Experiments is contractually committed to adhere insofar as they are equally relevant to the Subprocessor’s processing of Personal Data on Effective Experiments’s behalf);
  • promptly inform Effective Experiments about any actual or potential security breach; and
  • cooperate with Effective Experiments in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

This policy does not give users of the Service any additional rights or remedies and should not be construed as a binding agreement. The information here is provided for transparency purposes to illustrate Effective Experiments’s engagement process for Subprocessors as well as to provide the actual list of third party Subprocessors used by Effective Experiments (as of the date of this policy) which Effective Experiments may use in the delivery and support of its Service.

Process to engage new subprocessors

As our business grows and evolves, the Subprocessors we engage may also change. We will provide users of the Service with notice of any new Subprocessors to the extent required under the Agreement by posting such updates here.

Effective Experiments will provide notice via this policy of updates to the list of Subprocessors that are utilised or which Effective Experiments proposes to utilise to deliver its Service.Effective Experiments undertakes to keep this list updated regularly to enable users of the Service to stay informed of the scope of subprocessing associated with the Service.

Please check back frequently for updates.

The following is an up-to-date list (as of the date of this policy) of the names and locations of Effective Experiments Subprocessors.

 

SubprocessorCountry PurposeAdequacy
Amazon Web Services, IncUSA / UK Ireland / GermanyCloud Service Web ProviderGDPR
ISO 27001
Privacy Shield
DPA with SCC
Google IncUSAEmail & Cloud storageGDPR
ISO 27001
Privacy Shield
DPA with SCC
Solarwinds Worldwide LLCUSAServer Monitoring & Error reportingDPA with SCC
IntercomEULive chat / customer supportPrivacy shield
Atlassian Pty LtdUSABug trackingPrivacy Shield
Drift.com, IncUSALive Chat salesDPA with SCC
Privacy shield
TypeformSpainContact FormsGDPR
Stripe Payments Europe, Ltd.IrelandCredit CardPayment ProcessingPCI compliant
GDPR
FullstoryUSAUser interface toolPrivacy Shield