Sub Processor Policy
In the following, you can find the BitaBIZ sub-processor policy.
BitaBIZ engages selected sub-processors that may process personal data submitted to BitaBIZ services.
A BitaBIZ sub-processor must meet and comply with EU GDPR regulation regarding the processing of personal data as specified in Article 28 of the GDPR.
If the sub-processor processes personal data outside the EEA, the processing may take place only in full compliance with Chapter V of the GDPR.
Adequacy decision. Personal data may flow outside the EEA if European Commission has decided that the third country or an international organization ensures an adequate level of protection of personal data.
In absence of adequacy decision, the sub-processor must provide appropriate safeguards that include binding on the sub-processor:
- A legally binding and enforceable instrument between public authorities or bodies.
- Binding Corporate Rules approved by the competent supervisory authority
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Approved Codes of Conduct
- Approved certification mechanisms
Statement. BitaBIZ does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data to the USA. Nonetheless, if the sub-processor is processing data in the USA, the sub-processor must comply with EU-U.S. and Swiss-U.S. Privacy Shield Framework and adhere to the security standards they entail.
| Sub-processor | Purpose of using the sub-processor | Place of data processing | Note |
|---|---|---|---|
| Intercom | Online support | USA | GDPR compliant DPA with incorporated SCCs approved by the EU Commission SOC 2 certification EU-U.S. and Swiss-U.S. Privacy Shield framework. |
| Microsoft AZURE | Hosting | EU | EU-U.S. and Swiss-U.S. Privacy Shield framework |
| Twilio/Sendgrid | E-mail gateway | USA & EU | Twilio’s binding corporate rules at Link SCCs approved by the EU Commission SOC 2 certification EU-U.S. and Swiss-U.S. Privacy Shield framework |
| New Relic | Infrastructure monitoring | USA & EU | GDPR compliant DPA and SCCs approved by the EU Commission SOC 2 certification EU-U.S. and Swiss-U.S. Privacy Shield framework |
| Cloudflare | Traffic optimization and Web application firewall (WAF) | USA & EU | GDPR compliant DPA and SCCs approved by the EU Commission PCI DSS certified EU-U.S. and Swiss-U.S. Privacy Shield framework |
| Link Mobility | SMS gateway | EU | GDPR compliant DPA IASE 3402 Type II certified |
| Rapid7 | Vulnerability scanning | EU | GDPR compliant DPA SOC 2 certification Certified under the EU-U.S. Privacy Shield Framework |
BitaBIZ Sub Processor Policy accompanies BitaBIZ Terms & Conditions (System2 25.05.2018).
