We use sub-processors to deliver our service Voyado Engage. Such use may entail the transfer of personal data. This guidance document describes the relevant transfers and what legislation might apply.
Please subscribe here if you want to receive notifications whenever we update our legal documents.
Voyado uses the sub-processors below for Voyado Engage. For some of Engage’s Components and Third Party Services, additional sub-processor may apply, if so, these will be listed in the table “Components and Third-Party Services” below.
Voyado’s main processing of personal data takes place within the EU. For some sub-processors processing of personal data outside of the EU/EEA may occur. Please see information on applicable transfer and transfer tools below.
For transfer to the US, Voyado’s sub-processors relies on either the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), see information below, or the Standard Contractual Clauses, (the “SCC”). The EU -US DPF shall be used as a first resort. Please see information in the table below for what applies for each sub-processor.
The EU-U.S. DPF, the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were respectively developed in furtherance of transatlantic commerce by the U.S. Department of Commerce and the European Commission, the UK Government, and the Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
The effective date of the EU-U.S. DPF Principles, including the Supplemental Principles and Annex I of the Principles is July 10, 2023, which is the date of entry into force of the European Commission’s adequacy decision for the EU-U.S. DPF. The adequacy decision enables the transfer of EU personal data to participating organizations consistent with EU law.
If you need additional information to perform a data transfer impact assessment, please contact your account manager for such.
The sub-processors below apply for all customers using Voyado Engage regardless of which Components you use.
| Sub-processor and use | Data Center location | Transfer tool | Possible third country data flow | Sub-processors and links |
| Microsoft AB
Hosting of customer data |
Ireland | EU-U.S. DPF | No direct data flow. Data centers are located within the EU but Microsoft Corporation (parent company) is located within the US.
Data may be transferred to the UK when using services powered by Azure Open AI. |
Sub-processors: Service Trust Portal (microsoft.com)
Technical and organisational secuirty measures: DPIA Azure for the GDPR – Microsoft GDPR | Microsoft Learn |
| Link Mobility AB
Inbound and outbound SMS delivery |
Ireland/Germany/France/Netherlands (Service is hosted in Microsoft and AWS) | EU-U.S. DPF (Microsoft)
The SCCs (AWS) |
No direct data flow. Data centers are located within the EU but Microsoft Corporation and AWS Inc (parent companies) are located within the US. | Sub-processors: LINK Mobility Legal
Technical and organizational security measures: LINK Mobility Privacy |
| Sinch Sweden AB
Outgoing SMS |
EU (Service is hosted in Microsoft and AWS) | The SCCs. | No direct data flow. Data centers are located within the EU, but Microsoft Corporation and AWS Inc (parent companies) are located within the US. | Sub-processors: Data Protection | Sub-Processors | Sinch | Enriching Engagement
Technical and organizational security measures: Data Protection Agreement | Sinch | Enriching Engagement |
| Confluent Inc.
Data storage and processing platform |
EU (Service is operated in Microsoft Azure) | EU-U.S. DPF (Microsoft) | No direct data flow. Data centers are located within the EU but Microsoft Corporation (parent company) is located within the US. | Sub-processors: Confluent Cloud Subprocessors
Technical and organizational security measures: Confluent Cloud: Data Processing Addendum for Customers |
| Twilio Inc. (SendGrid)
E-mail message delivery service |
US | EU-U.S. DPF | The US | Sub-processors: Twilio Sub-Processors | Twilio Please note that only sub-processors for the service “SendGrid” applies.
Technical and organizational security measures: data-protection-addendum (twilio.com) |
| Solarwinds Inc.(Loggly)
Log management and analytics service provider |
US | The SCCs | The US | Sub-processors: SubProcessorITOMSaaS09292021.pdf (solarwinds.com) Please note that only sub-processors for the service “Loggly” applies.
Technical and organizational security measures: SolarWinds – Security Information |
| Zendesk
Customer support services |
EU | EU-U.S. DPF | No direct data flow | Sub-processors: Sub-processor Policy – Zendesk help
Technical and organisational: How We Protect Your Service Data (Enterprise Services) – Zendesk help |
| New Relic
Service monitoring, alerts and incident response |
The US and EU | The SCCs | The US | Sub-processors: Not available online, please contact AM for more information.
Technical and organizational security measures:
|
| Atlassian
(Jira, OpsGenie) Internal incident response and mitigation |
The US | The SCCs | The US | Sub-processors: List of Data Subprocessors | Atlassian
Technical and organizational security measures:
|
The sub-processors below apply only if you use the applicable Component and or Third-Party Service. Please check your license agreement or contact your AM to confirm which Components/Third-party Service that applies for you.
| Component/functionality | Sub-processor(s) | Data Center Location | Transfer tool | Possible third country data flow | Sub-processors and Links |
| Webhooks | Svix
|
USA and Ireland | The SCCs for Svix, EU-U.S. DPF (AWS) | The US | Sub-processors: AWS, Auth0 Inc. Google LLC, Slack Technologies Inc, Github Inc. Svix
Technical and organisational security measures: Not available online, please contact your AM for more information. |
| Data Enrichment, monitoring, search (onboarding) | Dun & Bradstreet | The SCCs | The US | Sub-processors:
Technical and organizational security measures: |
|
| Shopify integration | Eastside Co,
AWS Europe / Amazon Web Services EMEA SARL, Laravel FORGE / Laravel LLC / Svix Inc |
Eastside (UK), AWS (Ireland), Forge (International)
Svix (North Europe) |
The SCCs and EU-U.S. DPF (AWS) | The US | AWS sub-processors: Amazon Web Services (AWS) Sub-processors
AWS technical and organizational security measures: Cloud Security – Amazon Web Services (AWS) |
Version 2.1 September 2023.
This document may be subject to updates from time to time.
If you want to receive updates when we make changes or updates regarding our sub-processors you need to subscribe using the link below.
We love all things customer and product data, and would love to chat about your brand’s individual challenges, and how our solutions can help.
