Vendor: Amazon Web Services (AWS)
Website: https://aws.amazon.com
Purpose: Database and hosting
Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details
Location of processing: Server region set by Elucidat – currently AWS EU (Dublin) Region. (Amazon Web Services EMEA SARL)
Compliance mechanism for ex-EEA transfer: N/A: Contracted not to move data from the AWS region selected by Elucidat
Article 28 Data Processing Agreement: AWS GDPR Data Processing Addendum, part of Service Terms at clause 83 of Service Terms
Vendor: Elucidat Inc.
Website: https://elucidat.com
Purpose: Process for purpose of sales and technical support as affiliate of Elucidat Group
Type of personal data processed: Prospective & Existing Customer Contact & Correspondence, Author App usage & Learner Course usage details
Location of processing: Processing happening locally in North Carolina
Compliance mechanism for ex-EEA transfer: Standard Contractual Clauses (see our Licence Agreement)
Article 28 Data Processing Agreement: Intra-Group Data Transfer Agreement
Vendor: HubSpot
Website: https://www.hubspot.com
Purpose: Marketing & Sales platform
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: Global
Compliance mechanism for ex-EEA transfer: Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Intercom
Website: https://www.intercom.com
Purpose: Customer communication system
Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details
Location of processing: US, EEA and UK
Compliance mechanism for ex-EEA transfer: Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Planhat
Website: https://www.planhat.com
Purpose: Customer success platform
Type of personal data processed: Existing Customer Contact & Author App usage details
Location of processing: US, EEA and UK
Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Rackspace
Website: https://www.rackspace.com
Purpose: Database and hosting
Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details
Location of processing: Server region set by Elucidat – currently Rackspace London
Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Salesforce
Website: https://www.salesforce.com/uk
Purpose: Customer relationship management (CRM)
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: EEA, US and UK
Compliance mechanism for ex-EEA transfer: DPA provides for combination of Binding Corporate Rules and EU Standard Contractual Clauses across range of solutions
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: SalesLoft
Website: https://salesloft.com
Purpose: Call management software
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: US and UK
Compliance mechanism for ex-EEA transfer: Signed DPA + Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: SherlockScore
Website: https://www.sherlockscore.com
Purpose: Product engagement scoring engine
Type of personal data processed: Author Contact and Usage details
Location of processing: US and UK
Compliance mechanism for ex-EEA transfer: Signed DPA + Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Addendum in place complying with Article 28 GDPR
Vendor: Segment
Website: https://segment.com/
Purpose: Segment’s Customer Data Infrastructure (CDI)
Type of personal data processed: Author Contact & usage data
Location of processing: US and UK
Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: SendGrid
Website: https://sendgrid.com
Purpose: Cloud-based email delivery platform
Type of personal data processed: Existing Author App usage & Learner Contact details
Location of processing: US and UK
Compliance mechanism for ex-EEA transfer: Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR + Signed DPA + Signed DPA in place containing EC Standard Contractual Clauses
Vendor: Unbounce
Website: https://unbounce.com
Purpose: Landing page software
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: EU and UK
Compliance mechanism for ex-EEA transfer: New DPA to be agreed in light of the UK leaving the EU
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR