Sub-Processor Description: Fasthosts Internet Ltd

Purpose of Processing

Fasthosts Internet Ltd ("Fasthosts") provides web hosting, domain registration, email hosting, and related IT infrastructure services. As a sub-processor, Fasthosts is engaged to support hosting, storage, and delivery of data required for the operation of websites, email services, and other cloud-based solutions.

Data Categories Processed

• Hosting and email content data
• Customer and end-user information (e.g., IP addresses, log files, email metadata)
• Technical information for infrastructure management (e.g., server logs, application performance data)

Processing Location

Data processed by Fasthosts is primarily hosted in their data centers within the European Economic Area (EEA). They ensure compliance with GDPR requirements for cross-border data transfers if applicable.

Security Measures

Fasthosts employs robust security measures to protect customer data, including:

• Encryption of data in transit and at rest
• Firewalls and intrusion detection/prevention systems
• Regular vulnerability assessments and penetration testing
• ISO 27001 certification of data centers, ensuring compliance with recognized security standards

Sub-Processor Obligations

Fasthosts processes personal data strictly under the instructions of the data controller (or main processor) in accordance with GDPR Article 28. This includes implementing appropriate technical and organizational measures to ensure the protection of personal data and assisting in responding to data subject rights requests.

Third-Party Transfers

Fasthosts does not engage any additional sub-processors without prior authorization and ensures that any third-party processors used adhere to GDPR compliance.

Contact Information

For further details about Fasthosts’ role as a sub-processor, please refer to their privacy policy or contact their data protection officer

Sub-Processor Description: Amazon Web Services (AWS)

Purpose of Processing

Amazon Web Services, Inc. ("AWS") provides cloud computing services, including infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) solutions. As a sub-processor, AWS supports the hosting, storage, and processing of data required for web applications, databases, content delivery, and other cloud-based services.

Data Categories Processed

• Hosting and storage data
• Customer and end-user information (e.g., IP addresses, log files, user-generated data)
• Technical and operational data for infrastructure and service management (e.g., monitoring, performance metrics)

Processing Location

AWS processes data in data centers located within specified regions, as determined by the data controller. AWS offers customers the ability to choose their data storage location and ensures compliance with GDPR for cross-border data transfers, including adherence to Standard Contractual Clauses (SCCs) where necessary.

Security Measures

AWS implements industry-leading security practices and certifications to ensure data protection, including:

• Encryption of data at rest and in transit
• Multi-factor authentication and role-based access controls
• Regular vulnerability scans and penetration testing
• ISO 27001, SOC 1/2/3, PCI DSS, and other certifications
• AWS Shield for Distributed Denial of Service (DDoS) protection

Sub-Processor Obligations

AWS processes personal data under the strict instructions of the data controller in compliance with GDPR Article 28. AWS provides robust contractual guarantees to maintain the confidentiality, integrity, and availability of customer data.

Third-Party Transfers

AWS ensures that any third parties engaged in processing adhere to GDPR standards. AWS does not transfer customer data to additional sub-processors without authorization and maintains a list of sub-processors in their AWS GDPR Data Processing Addendum.

Contact Information

For further details about AWS’s role as a sub-processor, including their security and compliance measures, please visit the AWS GDPR Center

Sub-Processor Description: Google Cloud (Google LLC)

Purpose of Processing

Google Cloud, operated by Google LLC ("Google"), provides cloud-based services, including infrastructure, storage, analytics, and machine learning tools. As a sub-processor, Google facilitates the hosting, processing, and delivery of data to support web applications, databases, collaboration tools, and other cloud-based solutions.

Data Categories Processed

• Hosting and storage data
• Customer and end-user information (e.g., IP addresses, log files, email content)
• Technical and operational data for infrastructure and application management (e.g., monitoring logs, usage metrics)

Processing Location

Google Cloud processes data in data centers located worldwide, with customers retaining control over data residency. Google complies with GDPR requirements for cross-border data transfers, including adherence to Standard Contractual Clauses (SCCs) and participation in the EU-U.S. Data Privacy Framework, as applicable.

Security Measures

Google employs advanced security measures and certifications to protect customer data, including:

• Encryption at rest and in transit
• Zero Trust architecture for access controls
• Threat detection and prevention systems powered by machine learning
• Regular security audits and penetration testing
• Compliance certifications such as ISO 27001, SOC 1/2/3, PCI DSS, and FedRAMP

Sub-Processor Obligations

Google processes personal data exclusively under the instructions of the data controller, adhering to GDPR Article 28. Google maintains comprehensive Data Processing Agreements (DPAs) that outline its obligations, including safeguarding personal data and facilitating data subject rights.

Third-Party Transfers

Google provides a publicly available list of its sub-processors and ensures compliance with GDPR standards for any third-party processing. Google requires its sub-processors to meet equivalent data protection and security obligations.

Contact Information

For more information about Google Cloud's role as a sub-processor, its security practices, and compliance with GDPR, please visit the Google Cloud GDPR Resource Center