All Collections
Compliance
Third-Party Subprocessors

Third-Party Subprocessors

Isobel Petty avatar
Written by Isobel Petty
Updated over a week ago

Vendor: Amazon Web Services (AWS)

Website: https://aws.amazon.com

Purpose: Database and hosting

Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details

Location of processing: Server region set by Elucidat – currently AWS EU (Dublin) Region. (Amazon Web Services EMEA SARL)

Compliance mechanism for ex-EEA transfer: N/A: Contracted not to move data from the AWS region selected by Elucidat

Article 28 Data Processing Agreement: AWS GDPR Data Processing Addendum, part of Service Terms at clause 83 of Service Terms

Vendor: Elucidat Inc.

Website: https://elucidat.com

Purpose: Process for purpose of sales and technical support as affiliate of Elucidat Group

Type of personal data processed: Prospective & Existing Customer Contact & Correspondence, Author App usage & Learner Course usage details

Location of processing: Processing happening locally in North Carolina

Compliance mechanism for ex-EEA transfer: Standard Contractual Clauses (see our Licence Agreement)

Article 28 Data Processing Agreement: Intra-Group Data Transfer Agreement


Vendor: HubSpot

Website: https://www.hubspot.com

Purpose: Marketing & Sales platform

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: Global

Compliance mechanism for ex-EEA transfer: Signed DPA in place containing EC Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Intercom

Website: https://www.intercom.com

Purpose: Customer communication system

Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details

Location of processing: US, EEA and UK

Compliance mechanism for ex-EEA transfer: Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Planhat

Website: https://www.planhat.com

Purpose: Customer success platform 

Type of personal data processed: Existing Customer Contact & Author App usage details

Location of processing: US, EEA and UK

Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Rackspace

Website: https://www.rackspace.com

Purpose: Database and hosting

Type of personal data processed: Existing Customer Contact, Author App usage & Learner Course usage details

Location of processing: Server region set by Elucidat – currently Rackspace  London

Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: Salesforce

Website: https://www.salesforce.com/uk

Purpose: Customer relationship management (CRM)

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: EEA, US and UK

Compliance mechanism for ex-EEA transfer: DPA provides for combination of Binding Corporate Rules and EU Standard Contractual Clauses across range of solutions

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: SalesLoft

Website: https://salesloft.com

Purpose: Call management software

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: US and UK

Compliance mechanism for ex-EEA transfer: Signed DPA + Signed DPA in place containing EC Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 


Vendor: SherlockScore

Website: https://www.sherlockscore.com

Purpose: Product engagement scoring engine

Type of personal data processed: Author Contact and Usage details

Location of processing: US and UK

Compliance mechanism for ex-EEA transfer: Signed DPA + Signed DPA in place containing EC Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Addendum in place complying with Article 28 GDPR


Vendor: Segment

Website: https://segment.com/

Purpose: Segment’s Customer Data Infrastructure (CDI)

Type of personal data processed: Author Contact & usage data

Location of processing: US and UK

Compliance mechanism for ex-EEA transfer: EC Model Contract Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 

Vendor: SendGrid

Website: https://sendgrid.com

Purpose: Cloud-based email delivery platform

Type of personal data processed: Existing Author App usage & Learner Contact details

Location of processing: US and UK

Compliance mechanism for ex-EEA transfer: Standard Contractual Clauses

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR + Signed DPA + Signed DPA in place containing EC Standard Contractual Clauses


Vendor: Unbounce

Website: https://unbounce.com

Purpose: Landing page software

Type of personal data processed: Prospect & Existing Customer Contact details & Correspondence

Location of processing: EU and UK

Compliance mechanism for ex-EEA transfer: New DPA to be agreed in light of the UK leaving the EU

Article 28 Data Processing Agreement: Data Processor Agreement in place complying with Article 28 GDPR 

Did this answer your question?