In order to provide its services, Easol may engage third parties to carry out data-processing activities that involve access to customer data. These organisations, called “subprocessors,” are identified below with their locations and the types of services they provide to Easol.
| Vendor | Country | Type of Service | GDPR Policies | Data security audit |
|---|---|---|---|---|
| Amazon Web Services, Inc | Ireland | Infrastructure provider | GDPR compliance | Audit reports available as described in §10.3 of dpa |
| Cloudflare | United States | Content delivery network services, cybersecurity | GDPR compliance | Compliance certifications available here |
| Crunchy Data Solutions, Inc | United States | Database management | Data processing addendum | Security and compliance information |
| Datadog Ireland Limited | Ireland | Observability and monitoring services | GDPR compliance | Audit reports available as described in section 8 dpa |
| Formstack | United States | Secure data collection | GDPR compliance | Compliance certifications available here |
| Google LLC (Google Workspace) | United States | Email and office applications | GDPR compliance | Audit reports available as described in section 7.5 and clause 5f of the UK addendum |
| HubSpot | United States | Customer relationship manager | • GDPR FAQ and guidance | |
| • GDPR playbook | Audit reports available as described in section 7 of dpa | |||
| Justt | Israel | Chargeback management | GDPR compliance | N/A |
| Mailchimp | United States | Email notification services | • GDPR compliance | |
| • GDPR FAQ and guidance | Audit reports available as described in section 5 of dpa | |||
| Mixpanel | United States | User interaction analytics | GDPR compliance | Compliance certifications available here |
| Notion | United States | Productivity & note taking | GDPR compliance | Compliance certifications available here |
| QFlow | United Kingdom | Event check-in solution | GDPR compliance | N/A |
| Queue-it | Denmark | Website traffic management | GDPR compliance | Audit data available |
| Redis.io | United States | Database management | SOC 2 compliance | |
| GDPR notice | ||||
| Data processing addendum | Redis trust center reports | |||
| Retool | United States | Workflow automations | GDPR Compliance | Compliance certifications available here |
| Salesforce, Inc (Heroku) | Germany | Infrastructure provider | GDPR compliance | Audit reports available as described in section 6.2.1 of dpa |
| Segment | United States | Customer data platform | GDPR compliance | Compliance certifications available here |
| Slack Technologies, Inc | United States | Messaging services | GDPR compliance | Subsidiary of Salesforce so has the same dpa |
| Stripe Payments UK, Ltd | United Kingdom | Payments processor | GDPR compliance | Audit reports available as described in §4.1.h |
| Superhuman | United States | GDPR compliance | DPA | |
| TrueLayer | United Kingdom | Payments processor | GDPR compliance | Some data security certifications available here. No explicit reference to audit requests. |
| Zapier | United States | Workflow automations | GDPR compliance | Data privacy overview |
| Zendesk, Inc | United States | Customer support | GDPR compliance | Data security certifications available here. |