Vendor: Amazon Web Services (AWS)
Website: https://aws.amazon.com
Purpose: Database and hosting
Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details
Location of processing: Server region set by Elucidat – currently AWS EU (London) Region. (Amazon Web Services EMEA SARL)
Compliance mechanism for ex-EEA transfer: N/A: Contracted not to move data from the AWS region selected by Elucidat
Article 28 Data Processing Agreement: AWS GDPR Data Processing Addendum, part of Service Terms at clause 83 of Service Terms
Vendor: HubSpot
Website: https://www.hubspot.com
Purpose: Marketing & Sales platform
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: Global
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield Framework + Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Intercom
Website: https://www.intercom.com
Purpose: Customer communication system
Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details
Location of processing: US and EEA
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield Framework
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Planhat
Website: https://www.planhat.com
Purpose: Customer success platform
Type of personal data processed: Existing Customer Contact & Author App usage details
Location of processing: US and EEA
Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Rackspace
Website: https://www.rackspace.com
Purpose: Database and hosting
Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details
Location of processing: Server region set by Elucidat – currently Rackspace London
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield certified - if applicable
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Salesforce
Website: https://www.salesforce.com/uk
Purpose: Customer relationship management (CRM)
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: EEA and US
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield + DPA provides for combination of Binding Corporate Rules and EU Standard Contractual Clauses across range of solutions
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: SalesLoft
Website: https://salesloft.com
Purpose: Call management software
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: US
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield + Signed DPA stating all onward transfers are only to third party providers who also certify compliance to EU-US and Swiss-US Privacy Shield
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: SherlockScore
Website: https://www.sherlockscore.com
Purpose: Product engagement scoring engine
Type of personal data processed: Author Contact and Usage details
Location of processing: US
Article 28 Data Processing Agreement: Data Processor Addendum in place complying with Article 28 GDPR
Vendor: Segment
Website: https://segment.com/
Purpose: Segment’s Customer Data Infrastructure (CDI)
Type of personal data processed: Author Contact & usage data
Location of processing: US
Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: SendGrid
Website: https://sendgrid.com
Purpose: Cloud-based email delivery platform
Type of personal data processed: Existing Author App usage & Learner Contact details
Location of processing: US
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Sentry
Website: https://sentry.io
Purpose: Error monitoring software
Type of personal data processed: Existing Author App usage & Learner usage details
Location of processing: Global
Compliance mechanism for ex-EEA transfer: DPA incorporates obligation to transfer ex-EEA on Standard Contract Clauses or EU-US Privacy Shield where applicable
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Stackpath
Website: https://www.stackpath.com
Purpose: Content delivery network
Type of personal data processed: Course Content assets
Location of processing: Global
Compliance mechanism for ex-EEA transfer: EU-U.S. and Swiss-U.S. Privacy Shield + EU Standard Contractual Clauses
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR
Vendor: Unbounce
Website: https://unbounce.com
Purpose: Landing page software
Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence
Location of processing: EU
Compliance mechanism for ex-EEA transfer: N/A as all data is within the EU
Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR