Asset Bank uses a select number of sub-processors to support the delivery of our services. Each sub-processor has been assessed for their ability to provide appropriately secure services and are themselves providing relevant assurances, policies and Data Processing Agreements that we have entered into.
We are also monitoring the ongoing compliance work of our providers and adjusting our own processes to make the most of any additional privacy options available.
Our current list of sub-processors that process client data are:
|Amazon Web Services Inc||Hosting services for our Shared and Dedicated hosted Asset Banks||USA, with our servers located in the EU, USA and AUS|
|Zendesk Inc||Helpdesk support platform||USA|
|Google Inc||Email and administrative support applications; automatic image recognition and tagging||USA|
|Blitline LLC||Opt in service - image processing||USA (Will be EU by May 25th 2018)|
|SendSafely||Encrypted file transfer service||USA (to be implemented 18th June 2018)|
This list will be kept up to date with any changes to our sub-processors. You can sign up to receive email notifications about any proposed changes by e-mailing firstname.lastname@example.org.
International Data Transfer
For customers using our Shared or Dedicated hosting services, the data in Asset Bank is hosted by Amazon Web Services (AWS). Customers are able to select the region that their Asset Bank will be hosted in, with the choice between the EU, USA or AUS data centres. This allows EU customers to ensure the hosting of their Asset Bank data resides in the EU. The default EU server location is the Republic of Ireland.
Additionally, the GDPR gives multiple ways for personal data to be transferred outside of the EU. This is relevant for the processing of personal data that may occur, upon request of our customers, for support and consultancy purposes. The purposes of these schemes are to ensure that international data transfers can continue to take place while making sure that appropriate controls are in place when data leaves the EU.
Where appropriate, the EU-U.S. Privacy Shield, Binding Corporate Rules and the European Commission-approved Standard Contractual Clauses offer mechanisms by which organisations can transfer data outside of the EU in a GDPR compliant manner.
All of our sub-processors commit to using these methods, as appropriate, to ensure the controlled transfer of data outside of the EU. Additionally, all of our providers make strong commitments related to the restriction of access to the data that is stored with them.