mirror of
https://github.com/OneUptime/oneuptime
synced 2024-11-22 15:24:55 +00:00
156 lines
11 KiB
Plaintext
156 lines
11 KiB
Plaintext
<header id="pagmt">
|
||
|
||
<h1>Subprocessors</h1>
|
||
|
||
<p>To support delivery of our Services we engage and use
|
||
data processors with access to certain Customer Data.</p>
|
||
|
||
</header>
|
||
|
||
<section>
|
||
|
||
<h3>Introduction</h3>
|
||
<p>
|
||
To support delivery of our Services, HackerBay, Inc. (or one of its Affiliates listed below) may engage and
|
||
use
|
||
data processors with access to certain Customer Data (each, a "Subprocessor"). This page provides important
|
||
information about the identity, location and role of each Subprocessor. Terms used on this page but not defined
|
||
have the meaning set forth in the Customer Terms of Service or superseding written agreement between Customer
|
||
and OneUptime (the "Agreement").
|
||
</p>
|
||
|
||
|
||
|
||
<h3>Third Parties</h3>
|
||
|
||
<p>OneUptime currently uses third party Subprocessors to provide infrastructure services, and to help us provide
|
||
customer support and email notifications. Prior to engaging any third party Subprocessor, OneUptime performs
|
||
diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement
|
||
implementing its applicable obligations.
|
||
|
||
Infrastructure Subprocessors
|
||
OneUptime may use the following Subprocessors to host Customer Data or provide other infrastructure that helps
|
||
with
|
||
delivery of our Services:</p>
|
||
|
||
<p><b>Entity Name > Subprocessing Activities > Entity Country</b><br />
|
||
Amazon Web Services, Inc. > Cloud Service Provider > United States<br />
|
||
Google LLC > Cloud Service Provider > United States<br />
|
||
Microsoft Azure > Cloud Service Provider > United States<br /></p>
|
||
|
||
|
||
<h3>OneUptime Affiliates</h3>
|
||
|
||
<p>
|
||
Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services
|
||
provided, OneUptime may also engage one or more of the following Affiliates as Subprocessors to deliver some or
|
||
all
|
||
of the Services provided to a Customer:
|
||
</p>
|
||
|
||
<p><b>Entity Name > Entity Country</b><br />
|
||
OneUptime Limited > United Kingdom<br />
|
||
HackerBay, Inc. > United States.<br /></p>
|
||
|
||
<h3>Use of Processors</h3>
|
||
<p>
|
||
<div class="entry-content">
|
||
<ul>
|
||
<li>Where processing is to be carried out on behalf of a controller - "OneUptime", the controller shall use only
|
||
processors providing sufficient guarantees to implement appropriate technical and organisational
|
||
measures in such a manner that processing will meet the requirements of this Regulation and ensure the
|
||
protection of the rights of the data subject.</li>
|
||
<li>The processor shall not engage another processor without prior specific or general written
|
||
authorisation of the controller. In the case of general written authorisation, the processor
|
||
shall inform the controller of any intended changes concerning the addition or replacement of other
|
||
processors, thereby giving the controller the opportunity to object to such changes.</li>
|
||
<li>Processing by a processor shall be governed by a contract or other legal act under Union or
|
||
Member State law, that is binding on the processor with regard to the controller and that sets out the
|
||
subject-matter and duration of the processing, the nature and purpose of the processing, the type of
|
||
personal data and categories of data subjects and the obligations and rights of the controller.
|
||
That contract or other legal act shall stipulate, in particular, that the processor:
|
||
<ul>
|
||
<ul>
|
||
<ul>
|
||
<li>processes the personal data only on documented instructions from the controller,
|
||
including with regard to transfers of personal data to a third country or an
|
||
international organisation, unless required to do so by Union or Member State law to
|
||
which the processor is subject; in such a case, the processor shall inform the
|
||
controller of that legal requirement before processing, unless that law prohibits such
|
||
information on important grounds of public interest;</li>
|
||
<li>ensures that persons authorised to process the personal data have committed themselves
|
||
to confidentiality or are under an appropriate statutory obligation of confidentiality;
|
||
</li>
|
||
<li>takes all measures required pursuant to <a
|
||
href="https://gdpr-info.eu/art-32-gdpr/">Article 32</a>;</li>
|
||
<li>respects the conditions referred to in paragraphs 2 and 4 for engaging another
|
||
processor;</li>
|
||
<li>taking into account the nature of the processing, assists the controller by appropriate
|
||
technical and organisational measures, insofar as this is possible, for the fulfilment
|
||
of the controller’s obligation to respond to requests for exercising the data subject’s
|
||
rights laid down in <a href="https://gdpr-info.eu/chapter-3/">Chapter III;</a></li>
|
||
<li>assists the controller in ensuring compliance with the obligations pursuant to <a
|
||
href="https://gdpr-info.eu/art-32-gdpr/">Articles 32</a> to <a
|
||
href="https://gdpr-info.eu/art-36-gdpr/">36</a> taking into account the nature of
|
||
processing and the information available to the processor;</li>
|
||
<li>at the choice of the controller, deletes or returns all the personal data to the
|
||
controller after the end of the provision of services relating to processing, and
|
||
deletes existing copies unless Union or Member State law requires storage of the
|
||
personal data;</li>
|
||
<li>makes available to the controller all information necessary to demonstrate compliance
|
||
with the obligations laid down in this Article and allow for and contribute to audits,
|
||
including inspections, conducted by the controller or another auditor mandated by the
|
||
controller.</li>
|
||
</ul>
|
||
<p>With regard to point (h) of the first subparagraph, the processor shall immediately inform
|
||
the controller if, in its opinion, an instruction infringes this Regulation or other Union
|
||
or Member State data protection provisions.
|
||
|
||
</p>
|
||
</ul>
|
||
</ul>
|
||
</li>
|
||
<li>Where a processor engages another processor for carrying out specific processing activities
|
||
on behalf of the controller, the same data protection obligations as set out in the contract or other
|
||
legal act between the controller and the processor as referred to in paragraph 3 shall be imposed on
|
||
that other processor by way of a contract or other legal act under Union or Member State law, in
|
||
particular providing sufficient guarantees to implement appropriate technical and organisational
|
||
measures in such a manner that the processing will meet the requirements of this Regulation.
|
||
Where that other processor fails to fulfil its data protection obligations, the initial
|
||
processor shall remain fully liable to the controller for the performance of that other processor’s
|
||
obligations.</li>
|
||
<li>Adherence of a processor to an approved code of conduct as referred to in <a
|
||
href="https://gdpr-info.eu/art-40-gdpr/">Article 40</a> or an approved certification mechanism as
|
||
referred to in <a href="https://gdpr-info.eu/art-42-gdpr/">Article 42</a> may be used as an element by
|
||
which to demonstrate sufficient guarantees as referred to in paragraphs 1 and 4 of this Article.</li>
|
||
<li>Without prejudice to an individual contract between the controller and the processor, the contract or
|
||
the other legal act referred to in paragraphs 3 and 4 of this Article may be based, in whole or in part,
|
||
on standard contractual clauses referred to in paragraphs 7 and 8 of this Article, including when they
|
||
are part of a certification granted to the controller or processor pursuant to <a
|
||
href="https://gdpr-info.eu/art-42-gdpr/">Articles 42 </a>and <a
|
||
href="https://gdpr-info.eu/art-43-gdpr/">43</a>.</li>
|
||
<li>The Commission may lay down standard contractual clauses for the matters referred to in paragraph 3 and
|
||
4 of this Article and in accordance with the examination procedure referred to in <a
|
||
href="https://gdpr-info.eu/art-93-gdpr/">Article 93</a>(2).</li>
|
||
<li>A supervisory authority may adopt standard contractual clauses for the matters referred to in paragraph
|
||
3 and 4 of this Article and in accordance with the consistency mechanism referred to in <a
|
||
href="https://gdpr-info.eu/art-63-gdpr/">Article 63</a>.</li>
|
||
<li>The contract or the other legal act referred to in paragraphs 3 and 4 shall be in writing, including in
|
||
electronic form.</li>
|
||
<li>Without prejudice to <a href="https://gdpr-info.eu/art-82-gdpr/">Articles 82</a>, <a
|
||
href="https://gdpr-info.eu/art-83-gdpr/">83</a> and <a
|
||
href="https://gdpr-info.eu/art-84-gdpr/">84</a>, if a processor infringes this Regulation by
|
||
determining the purposes and means of processing, the processor shall be considered to be a controller
|
||
in respect of that processing.</li>
|
||
</ul>
|
||
|
||
</p>
|
||
|
||
<h3>Updates</h3>
|
||
<p>As our business grows and evolves, the Subprocessors we engage may also change. We will endeavor to provide
|
||
the
|
||
owner of Customer’s account with notice of any new Subprocessors to the extent required under the Agreement,
|
||
along with posting such updates here. Customers, as data controller, will have the opportunity to be
|
||
informed on the planned subprocessor before usage and must have the right to object to new subprocessors.
|
||
</p>
|
||
</section> |