Vendor: Amazon Web Services (AWS)

Website: https://aws.amazon.com

Purpose: Database and hosting

Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details

Location of processing: Server region set by Elucidat – currently AWS EU (London) Region. (Amazon Web Services EMEA SARL)

Compliance mechanism for ex-EEA transfer: N/A: Contracted not to move data from the AWS region selected by Elucidat

Article 28 Data Processing Agreement: AWS GDPR Data Processing Addendum, part of Service Terms at clause 83 of Service Terms

Vendor: Elucidat Inc.

Website: https://elucidat.com

Purpose: Process for purpose of sales and technical support as affiliate of Elucidat Group

Type of personal data processed: Prospective & Existing Customer Contact & Correspondence, Author App usage & Learner Course usage details

Location of processing: Processing happening locally in North Carolina

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield Framework and / or Standard Contractual Clauses (see our Licence Agreement)

Article 28 Data Processing Agreement: Intra-Group Data Transfer Agreement


Vendor: HubSpot

Website: https://www.hubspot.com

Purpose: Marketing & Sales platform

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: Global

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield Framework + Signed DPA in place containing EC Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Intercom

Website: https://www.intercom.com

Purpose: Customer communication system

Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details

Location of processing: US and EEA

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield Framework

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Planhat

Website: https://www.planhat.com

Purpose: Customer success platform 

Type of personal data processed: Existing Customer Contact & Author App usage details

Location of processing: US and EEA

Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Rackspace

Website: https://www.rackspace.com

Purpose: Database and hosting

Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details

Location of processing: Server region set by Elucidat – currently Rackspace  London

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield certified - if applicable

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Salesforce

Website: https://www.salesforce.com/uk

Purpose: Customer relationship management (CRM)

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: EEA and US

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield + DPA provides for combination of Binding Corporate Rules and EU Standard Contractual Clauses across range of solutions

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: SalesLoft

Website: https://salesloft.com

Purpose: Call management software

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: US

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield + Signed DPA stating all onward transfers are only to third party providers who also certify compliance to EU-US and Swiss-US Privacy Shield

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: SherlockScore

Website: https://www.sherlockscore.com

Purpose: Product engagement scoring engine

Type of personal data processed: Author Contact and Usage details

Location of processing: US

Article 28 Data Processing Agreement: Data Processor Addendum in place complying with Article 28 GDPR


Vendor: Segment

Website: https://segment.com/

Purpose: Segment’s Customer Data Infrastructure (CDI)

Type of personal data processed: Author Contact & usage data

Location of processing: US

Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: SendGrid

Website: https://sendgrid.com

Purpose: Cloud-based email delivery platform

Type of personal data processed: Existing Author App usage & Learner Contact details 

Location of processing: US

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Sentry

Website: https://sentry.io

Purpose: Error monitoring software

Type of personal data processed: Existing Author App usage & Learner usage details 

Location of processing: Global

Compliance mechanism for ex-EEA transfer: DPA incorporates obligation to transfer ex-EEA on Standard Contract Clauses or EU-US Privacy Shield where applicable

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Stackpath

Website: https://www.stackpath.com

Purpose: Content delivery network

Type of personal data processed: Course Content assets

Location of processing: Global

Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield + EU Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Unbounce

Website: https://unbounce.com

Purpose: Landing page software

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: EU

Compliance mechanism for ex-EEA transfer: N/A as all data is within the EU

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 

Did this answer your question?