We use sub-processors to deliver our Product “Voyado Engage”. The use of sub-processors may entail transfers of personal data. Please see below a description of the relevant transfers and what legislation might apply.
Please subscribe here if you want to receive notifications whenever we update our legal documents.
Voyado uses the sub-processors listed below for the provision of Voyado Engage. For some of Voyado Engage’s Component(s) and Third Party Services, additional sub-processors may apply. If so, these will be listed in the table “Components and Third-Party Services” below.
Voyado’s main processing of personal data takes place within the EU. However, for some sub-processors, processing of personal data outside of the EU/EEA may occur. Please see information on applicable transfer and transfer tools below.
For transfers to the US, Voyado’s sub-processors for Voyado Engage relies on either the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), see information below, or the Standard Contractual Clauses, (the “SCC”). The EU-U.S. DPF shall be used as a first resort. Please see information in the table below for what applies for each sub-processor.
The EU-U.S. DPF, the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were respectively developed in furtherance of transatlantic commerce by the U.S. Department of Commerce and the European Commission, the UK Government, and the Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
The effective date of the EU-U.S. DPF Principles, including the Supplemental Principles and Annex I of the Principles is July 10, 2023, which is the date of entry into force of the European Commission’s adequacy decision for the EU-U.S. DPF. The adequacy decision enables the transfer of EU personal data to participating organizations consistent with EU law.
The sub-processors below apply for all customers using Voyado Engage, regardless of which Component(s) you use.
| Sub-processor and use | Data Center location | Transfer tool | Possible third country data flow | Sub-processors and links |
| Microsoft AB
Hosting of customer data |
Ireland | EU-U.S. DPF | No direct data flow. Data centers are located within the EU but Microsoft Corporation (parent company) is located within the US.
Data may be transferred to the UK when using services powered by Azure Open AI. |
Sub-processors: Service Trust Portal (microsoft.com)
Technical and organisational secuirty measures: DPIA Azure for the GDPR – Microsoft GDPR | Microsoft Learn |
| Link Mobility AB
Inbound and outbound SMS delivery |
Ireland/Germany/France/Netherlands (Service is hosted in Microsoft and AWS) | EU-U.S. DPF (Microsoft and AWS) | No direct data flow. Data centers are located within the EU but Microsoft Corporation and AWS Inc (parent companies) are located within the US. | Sub-processors: LINK Mobility Legal
Technical and organizational security measures: LINK Mobility Privacy |
| Sinch Sweden AB
Outgoing SMS |
EU (Service is hosted in Microsoft and AWS) | EU-U.S. DPF (Microsoft and AWS) | No direct data flow. Data centers are located within the EU, but Microsoft Corporation and AWS Inc (parent companies) are located within the US. | Sub-processors: Data Protection | Sub-Processors | Sinch | Enriching Engagement
Technical and organizational security measures: Data Protection Agreement | Sinch | Enriching Engagement |
| Confluent Inc.
Data storage and processing platform |
EU (Service is operated in Microsoft Azure) | EU-U.S. DPF (Microsoft) | No direct data flow. Data centers are located within the EU but Microsoft Corporation (parent company) is located within the US. | Sub-processors: Confluent Cloud Subprocessors
Technical and organizational security measures: Confluent Cloud: Data Processing Addendum for Customers |
| Twilio Inc. (SendGrid)
E-mail message delivery service |
US | EU-U.S. DPF | The US | Sub-processors: Twilio Sub-Processors | Twilio Please note that only sub-processors for the service “SendGrid” applies.
Technical and organizational security measures: data-protection-addendum (twilio.com) |
| Solarwinds Inc.(Loggly)
Log management and analytics service provider |
US | The SCCs | The US | Sub-processors: SubProcessorITOMSaaS09292021.pdf (solarwinds.com) Please note that only sub-processors for the service “Loggly” applies.
Technical and organizational security measures: SolarWinds – Security Information |
| Zendesk
Customer support services |
EU | EU-U.S. DPF | No direct data flow | Sub-processors: Sub-processor Policy – Zendesk help
Technical and organisational: How We Protect Your Service Data (Enterprise Services) – Zendesk help |
| New Relic
Service monitoring, alerts and incident response |
The US and EU | EU-U.S. DPF | The US | Sub-processors: Not available online, please contact AM for more information.
Technical and organizational security measures:
|
| Atlassian
(Jira, OpsGenie) Internal incident response and mitigation |
The US | EU-U.S. DPF | The US | Sub-processors: List of Data Subprocessors | Atlassian
Technical and organizational security measures:
|
The sub-processors below apply only if you use the applicable Component and/or integration to a Third Party Service. Please check your agreement or contact your AM to confirm which of the below Component(s)/integration(s) to Third Party Services that applies for you.
| Component/functionality | Sub-processor(s) | Data Center Location | Transfer tool | Possible third country data flow | Sub-processors and Links |
| Webhooks | Svix
|
USA and Ireland | The SCCs for Svix, EU-U.S. DPF (AWS) | The US | AWS, Auth0 Inc. Google LLC, Slack Technologies Inc, Github Inc. Svix
Technical and organisational security measures: Not available online, please contact your AM for more information. |
| Data Enrichment, monitoring, search (onboarding) | Dun & Bradstreet | The SCCs | The US | Sub-processors:
Technical and organizational security measures: |
|
| Shopify integration | Eastside Co,
AWS Europe / Amazon Web Services EMEA SARL, Laravel FORGE / Laravel LLC / Svix Inc |
Eastside (UK), AWS (Ireland), Forge (International)
Svix (North Europe) |
The SCCs and EU-U.S. DPF (AWS) | The US | AWS sub-processors: Amazon Web Services (AWS) Sub-processors
AWS technical and organizational security measures: Cloud Security – Amazon Web Services (AWS) |
| Onsite Messaging | Public Cloud Group AB | The EU | N/A | No direct data flow. Sub-processor only processes data within Voyado’s environments (AWS). | Miracle Mill EOOD (Bulgaria) |
| AWS | The EU | EU-U.S. DPF | No direct data flow. Data centers are located within the EU but AWS (parent company) is located within the US. | AWS sub-processors: Amazon Web Services (AWS) Sub-processors AWS technical and organizational security measures: Cloud Security – Amazon Web Services (AWS) |
|
| MongoDB | The EU | EU-U.S. DPF | No direct data flow. Data centers are located within the EU but MongoDB (parent company) is located within the US. | MongoDB sub-processors: MongoDB Subprocessors MongoDB technical and organizational security measures: Technical and Organizational Security Measures |
Version 2.3.1 October 2024.
This document may be subject to updates from time to time.
If you want to receive updates when we make changes or updates regarding our sub-processors you need to subscribe using the link below.
We love all things customer and product data, and would love to chat about your brand’s individual challenges, and how our solutions can help.
