🟢 Approved Sub-processors and Third-Party Services 01.11.2024
This page provides information about the sub-processors that Woba has engaged in accordance with its Data Processing Agreement
Last updated: 1 November 2024
Approved Sub-processors
This page provides information about the sub-processors engaged by Woba in accordance with Woba’s Data Processing Agreement to support the delivery of Woba’s services and the processing of customers’ personal data on behalf of customers.
At the commencement of the Data Processing Agreement, the data controller has approved Woba’s use of the sub-processors listed on this page.
Woba will update this page at least 30 days before engaging a new sub-processor or making material changes to the use of an existing sub-processor. Customers who subscribe to updates will be notified by email of changes to this page. Primary customer contacts will also be notified where required under the Data Processing Agreement.
Woba primarily uses sub-processors located in the European Union or European Economic Area. Where Woba uses sub-processors outside the EU/EEA, Woba ensures that an appropriate transfer mechanism is in place, such as an adequacy decision, the EU-U.S. Data Privacy Framework, Standard Contractual Clauses or another valid transfer mechanism under applicable data protection law.
Information about the EU-U.S. Data Privacy Framework is available here:
https://www.dataprivacyframework.gov/s/
Minimum sub-processors
|
Company Name |
Address |
Purpose |
Transfer mechanism |
|
Aiven Oy 01.03.2018 |
Antinkatu 1, 6th floor, 00100 Helsinki, Finland |
Hosting and operation of Woba’s production database, including managed database infrastructure, backup and restore functionality where applicable. |
Aiven Oy is a Finnish DBaaS provider. Woba’s database hosted by Aiven runs on infrastructure provided by UpCloud, also a Finnish company, with the relevant hosting location in Frankfurt, Germany. Compliance
Services are ISO 27000-series, GDPR, CCPA, HIPAA, and PCI-DSS compliant. We also provide ISAE 3000/SOC2 Type II reports. Technical feature
More information
|
|
Heroku (a Sales force Company) 01.06.2018 |
Heroku, Inc. på 415 Mission Street, 3rd Floor, c/o Salesforce, San Francisco, CA 94105
|
Hosting of the platform, not customer data |
The company is American, and the data is in the "Region: EU" in Frankfurt, Germany. Amazon Web Services hosts Heroku in the eu-central-1 region and falls under EU legislation. EU-US DPF, EU SCC Compliance
More information
|
|
Active Campaign LLC owner of “Postmark” 01.06.2018 |
1 N Dearborn St FL 5 Chicago, Illinois 60602-4349
|
Is used as an email service provider for sending transactional emails related to Woba’s platform, including invitations, sign-up emails, login-related emails and other system-generated notifications. |
USA EU-US DPF, EU SCC GDPR, SOC 2, and HIPAA compliance. |
|
Scalingo SAS 08.12.2024 |
13 rue Jacques Peirotes67000 Strasbourg France SIRET 80866548300018 |
Hosting of the platform, not customer data |
Scalingo is a French company. Scalingo hosts data in France with partner Outscale, which belongs to Dassault Systèmes. We are moving from Heroku to Scalingo, a 100 % European company
Compliance ISO 27001 HDS Certification Security |
Modular sub-processors
The Customer may use sub-processors as part of the Woba Services. (Open AI in Woba is activated unless the customer requests to have it deactivated.)
|
Company Name |
Adresse |
Purpose |
Location |
|
Open AI 01.02.2024 |
1st Floor, The Liffey Trust Centre |
OpenAI is used as an AI service provider through an approved API integration. Woba anonymises survey questions and answers before data is submitted to OpenAI. Where the data submitted to OpenAI is fully anonymised and cannot reasonably be linked to an identifiable person, the data does not constitute personal data under GDPR, and OpenAI does not act as a sub-processor for that specific processing activity.
|
EU SCC Ireland Ltd. |