GDPR subprocessors

&frankly utilizes the following sub-processors in its delivery of its services
We are making changes to the sub-processors that we use to provide &frankly in order to improve the way we work but also as a consequence of a review of which sub-processors we use following the EU courts Schrems II ruling. In short, we have now ensured that all sub-processors we will continue to use adhere to the standard contractual clauses that the EU courts upheld as valid for international transfer of data, and through adjustments of which processors we use and how, we have reduced the amount personal data subject to international transfer. We are continuing to monitor the development following Schrems II re: international data transfer and may make further adjustments to our sub processors as deemed necessary to comply with GDPR in our processing of personal data.

Amazon Web Services Europe

https://aws.amazon.com

Provisioning and operations of server and infrastructure services (PaaS) 

Data handled: All data handled in the service

Location of processing: EU/ESS (Frankfurt data centers). Processing is covered
by DPA including Model/Standard Contractual Clauses (SCC).

Delighted, LLC

https://delighted.com/

Performs customer satisfaction measurements (Net Promotor Score)

Data handled: Name, email, basic account details only for randomly selected administrators in our customer accounts, unless customer has opted out of measurements.

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

Twilio SendGrid

 https://sendgrid.com/

Transactional emails 

Data handled: Email address and email activity (receipts, read events), phone numbers (if provided on specific users)

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

 

Cloudflare Inc

https://www.cloudflare.com/

Infrastructure provider (IaaS) providing CDN, WAF, Network acceleration

Data handled: IP-address & traffic logs

Location of processing: Worldwide (ip-addresses may be logged on servers globally). Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

ZenDesk

https://www.zendesk.com/

Support services, providing SaaS tool for support ticket handling 

Data handled: Name, email, support ticket details

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

HubSpot

https://www.hubspot.com/

Marketing & leads handling

Data handled: Name, email, account activity data, marketing website activity

Location for processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

 

Google Analytics

https://www.google.com/

Traffic analytics and Maps

Data handled: Ip-adress & website activity

Location of processing: Worldwide (distributed in EU/ESS and USA)

GetAccept

https://www.getaccept.com/

Legal agreements 

Data handled: Digitally signed agreements with personal data in them, limited to personal data within agreements.

Location of processing:US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)

OneSignal

https://onesignal.com/

Infrastructure provider providing push notification delivery

Data handled: Device identifiers and basic device data for app users, connected to the users &frankly pseudonymous id (no direct personally identifiable information such as name, email etc.)

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)

Sentry

https://sentry.io/

Software provider (SaaS) providing logging for errors occurring in our application for troubleshooting & quality improvements.

Data handled: IP-address, &frankly pseudonymous id, basic user agent details

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)