Sub-processor policy

BitaBIZ engages selected sub-processors that may process personal data submitted to BitaBIZ services.
A BitaBIZ sub-processor must meet and comply with EU GDPR regulation regarding the processing of personal data as specified in Article 28 of the GDPR.

If the sub-processor processes personal data outside the EEA, the processing may take place only in full compliance with Chapter V of the GDPR.

Adequacy decision. Personal data may flow outside the EEA if European Commission has decided that the third country or an international organization ensures an adequate level of protection of personal data.

In absence of adequacy decision, the sub-processor must provide appropriate safeguards that include binding on the sub-processor:

  • A legally binding and enforceable instrument between public authorities or bodies.
  • Binding Corporate Rules approved by the competent supervisory authority
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Approved Codes of Conduct
  • Approved certification mechanisms

Statement. BitaBIZ does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data to the USA. Nonetheless, if the sub-processor is processing data in the USA, the sub-processor must comply with EU-U.S. and Swiss-U.S. Privacy Shield Framework and adhere to the security standards they entail.

Sub-processors used by BitaBIZ are listed below. The list may be updated by BitaBIZ from time to time:

Sub-processor Purpose of using the sub-processor Place of data processing Note
Intercom Online support USA GDPR compliant DPA with incorporated SCCs approved by the EU Commission
SOC 2 certification
EU-U.S. and Swiss-U.S. Privacy Shield framework.
Microsoft AZURE Hosting EU EU-U.S. and Swiss-U.S. Privacy Shield framework
Twilio/Sendgrid E-mail gateway USA & EU Twilio’s binding corporate rules at Link
SCCs approved by the EU Commission
SOC 2 certification
EU-U.S. and Swiss-U.S. Privacy Shield framework
New Relic Infrastructure monitoring USA & EU GDPR compliant DPA and SCCs approved by the EU Commission
SOC 2 certification
EU-U.S. and Swiss-U.S. Privacy Shield framework
Cloudflare Traffic optimization and Web application firewall (WAF) USA & EU GDPR compliant DPA and SCCs approved by the EU Commission
PCI DSS certified
EU-U.S. and Swiss-U.S. Privacy Shield framework
Link Mobility SMS gateway EU GDPR compliant DPA
IASE 3402 Type II certified
Rapid7 Vulnerability scanning EU GDPR compliant DPA
SOC 2 certification
Certified under the EU-U.S. Privacy Shield Framework

BitaBIZ Sub Processor Policy accompanies BitaBIZ Terms & Conditions (System2 25.05.2018).