Sub-processors are third-party businesses engaged by a processor for performing data processing on behalf of a controller. According to the GDPR, these companies are also accountable for protection of an individual’s personal data. Data protection obligations of sub-processors are to be established by way of contract or other legal acts under the Union or Member State law. This includes providing sufficient guarantees to implement appropriate technical and organisational measures as specified in the regulation.
Chainsfr uses sub-processors (listed below), to assist in providing services as described in the our Terms of Service or a similar services agreement customers may have signed with us.
Chainsfr partners with organizations, that like itself adhere to global standards and regulations. Apart from evaluation for technical requirements, Chainsfr ensures examination of data protection measures, compliance with Chainsfr’ security requirements and security audit reports before close of contract. Initial agreements include review and approval of - provision for breach notification in the event of unwarranted data incidents, and necessary security measures for data protection.
As part of Chainsfr’ revised Terms of Service & Privacy Notice for compliance, Chainsfr provides all EU customers a data processing addendum (DPA) that covers its obligations under the GDPR. You can find our DPA here. It automatically applies to processing of EU personal data and no additional paperwork is required in this regard.
Chainsfr commits to keep this list updated regularly, to enable Controllers stay informed of the scope of sub-processing associated with Chainsfr services.
List of Sub-processors
Chainsfr utilises both infrastructure and services specific vendors to provide product and services to it’s Controllers (Chainsfr customers) and end-users. The following is an up-to-date list (as of 1st May 2020) of names and purpose of Chainsfr sub-processors and 3rd-party vendors:
Infrastructure & Services Sub-processors:
Chainsfr products and services operate on cloud platforms, listed in the table below. Chainsfr holds control and access to data hosted on these services, and resides in corresponding data center facilities based on location or choice(plan) of the Controller (Chainsfr’ customer). Data subsequently remains in the data center unless, shifted to ensure performance and availability of services, or specifically agreed between the Controller and Chainsfr as per needs of the Controller. The following table describes the services and purpose for which these infrastructure service providers have been engaged.
To be able to provide specific functionality within its products and services, Chainsfr partners with third-party services. These entities are sub-processors with access to service data (limited to purpose and use of indicated services) and are listed in below:
Amazon Web Services, Inc.
- Purpose: Primary cloud infrastructure provider for Chainsfr, where all SaaS applications are hosted. Almost all data stored, processed and transmitted through Chainsfr products and services resides on Amazon Web Services data centers.
- Data Centers: United States
Google Cloud Platform
- Purpose: Secondary cloud infrastructure provider of Chainsfr, data is stored and processed in Google Cloud Platform Data Centers. Specifically, we use Google Drive API, Google OAuth 2.0 API for Web Application.
- Data Centers: United States
For questions or objections regarding sub-processors please write to firstname.lastname@example.org