Software2 uses certain sub-processors to assist in providing our service to you.
As a processor of personal data, as defined by the EU's General Data Protection Regulations, we have taken all reasonable measures to ensure that our sub-processors are evaluated, on an ongoing basis, for data security, privacy, confidentiality and GDPR compliance within the scope of their practices and activity as subprocessors of Software2's data.
Last updated: May 15, 2018
What is a sub-processor?
A sub-processor is a third party data processor, who is engaged by Software2 for the purpose of maintaining and supporting support our service to our end-users, and for various other critical functions as outlined below.
Our safeguards with sub-processors
All sub-processors are contractually required by Software2 (as Data Processor) to comply with Software2's Data Security and EU Data Protection policy. That includes but is not limited to the requirement to:
- process personal data in accordance with data controller’s (i.e. Customer's) documented instructions (as communicated in writing to the relevant sub-processor by Software2);
- in connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- implement and maintain appropriate technical and organizational measures (including measures consistent with those to which Software2 is contractually committed to adhere insofar as they are equally relevant to the sub-processor’s processing of personal data on Software2's behalf). Software2 reserves the right to audit the sub-processor;
- promptly inform Software2 about any actual or potential security breach; and
- cooperate with Software2 in order to deal with requests from data controllers, data subjects or data protection authorities.
This policy does not give Customers any additional rights and should not be construed as a binding agreement. We provide this information only to highlight Software2's commitment to data security and privacy, and to illustrate the process through which we engage new sub-processors.
How we engage new sub-processors
Software2 will provide notice, via this policy, of updates to the list of sub-processors that are used to process personal data. Customers can object in writing to the processing of personal data by a new sub-processor within 30 days from this policy being updated, describing legitimate reasons to object. If the Customer does not object during this period, we will deem the new sub-processor(s) as accepted.
If a Customer objects to the use of a new sub-processor, and to the process outlined in Software2's Customer Contract, we have the right to remedy the Customer's objection through one of the following options, chosen at Software2's discretion:
- Software2 will cease to use the sub-processor (with regard to personal data only);
- Software2 will take the remedial steps requested by Customer in its objection, then proceed to use the sub-processor to process personal data;
- Software2 may stop providing, or Customer may agree not to use, a certain aspect of Software2's service that would involve use of the particular sub-processor to process personal data.
The following is an up-to-date list (as of the date of this policy) of the names and locations of Software2 sub-processors (including members of the Software2 Group):
Infrastructure sub-processors – Personal data storage
Software2 owns or controls access to the infrastructure that we use to process personal data, other than as set forth below.
|Entity name||Entity type||Location of data|
|Zendesk (link)||Support Ticket System||United Kingdom|
|Microsoft (link)||Cloud Service Provider||United Kingdom|
|Rackspace (link)||Cloud Service Provider||United Kingdom|
Software2 Group sub-processors
The following entities are members of the Software2 Group:
|Software2 Americas Inc.**||United States|
**Transfers subject to the Standard Contractual Clauses approved by the European Commission for transfers from Controllers in the European Economic Area to Controllers outside the European Economic Area