Data processing
Assignment of Sub-Processors
As a customer – and thus as a “Data Controller” according to the European Data Protection Regulation (EU GDPR) – you commission AppNavi as a “Data Processor” with the provision of the IT services described in the service agreement in case of a contract conclusion.
As a Data Processor, Sub-Processors may be engaged for the processing of Personal Data, existing Sub-Processors may be replaced or the scope of their assignments may be adjusted, provided that the Data Controller has approved this in advance.
However, prior approval by you as the Data Controller is not required if
- the Sub-Processor has been carefully selected, in particular taking into account its suitability under data protection law and the appropriateness of the TOM taken by the Sub-Contractor,
- AppNavi as Data Processor and the respective Sub-Processor have entered into an agreement (pursuant to DPA section 9.3), and
- AppNavi as Data Processor informs you as the responsible party about the Sub-Processor at least 30 days in advance in writing or electronically by e-mail and you as the responsible party do not object to the intended assignment of the Sub-Processor to AppNavi in writing or electronically by e-mail for important reasons within 14 days after receipt of this notification.
The following table provides an overview of the Sub-Processors currently engaged.
(Status: January 31, 2021)
Sub-Processors (Product related)
Sub-Processor
Address
Service
Information on appropriate safeguards for data transfers to a third country
ActiveCampaign LLC (Postmark)
Market Street, Suite 235B
Philadelphia, PA 19103
USA
Electronic notifications
appropriate safeguards according to Art. 46 para. 1; para. 2 lit. c GDPR
Amazon Web Services
Amazon Web Services EMEA SARL
Branch office Germany
Marcel-Breuer-Str. 12
80807 Munich
Germany
Cloud Services
appropriate safeguards according to Art. 46 para. 1; para. 2 lit. c GDPR
Digital Dividend AB
Sigurdsgatan 23
721 30 Västerås
Västmanlands län
Schweden
SW Development, Maintenance & Support
appropriate safeguards according to Art. 46 para. 1; para. 2 lit. c GDPR
Freshworks Inc.
2950 S. Delaware Street
Suite 201
San Mateo CA 94403
USA
Ticketing system
appropriate safeguards according to Art. 46 para. 1; para. 2 lit. c GDPR
Sub-Processors (Organizational)
Sub-Processor
Address
Service
Information on appropriate safeguards for data transfers to a third country
Conva Ventures Inc.
BOX 37058 Millstream PO
Victoria, British Columbia
V9B 0E8
Canada
Website Analytics
–
Cookiebot by Usercentrics A/S
Havnegade 39
1058 Copenhagen
Denmark
Cookie Consent Management Tool
–
DATEV eG
Paumgartnerstr. 6 – 14
90429 Nuremberg
Germany
Software solution and IT services for tax consulting and auditing
—
DocuSign Inc.
221 Main St.,
Suite 1550
San Francisco, CA 94105
USA
Electronic signature
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR
Friendly Captcha GmbH
Am Anger 3-5
82237 Woerthsee
Germany
Website data protection
—
Invision Power Services, Inc.
1100 Clay St #6154
Lynchburg, VA 24504
USA
Forum
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR
Microsoft Ireland Operations Ltd
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18, D18 P521
Irland
Document Management System
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR
ProfitSoft B.V.
Meerenakkerplein 51A
5652BJ Eindhoven
The Netherlands
Software solution for sales automation
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR
salesforce.com Germany GmbH
Erika-Mann-Str. 31
80636 Munich
Germany
Custom Relationship Management
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR
Susell GmbH
Rosenthaler Str. 38
10178 Berlin
Germany
Education platform
–
The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308
USA
Marketing platform
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR
Zoom Video Communications, Inc.
55 Almaden Blvd
6th Floor
San Jose, CA 95113
USA
Webinar platform
appropriate safeguards according to Art. 46 (1); (2) lit. c GDPR