Subprocessors
OpenEnvoy, Inc. (“OpenEnvoy”) uses certain Subprocessors (including OpenEnvoy affiliates and third-parties, as listed below), when providing its cloud service under the OpenEnvoy Master Services Agreement made available at https://www.OpenEnvoy.com/services-agreement/ (“MSA”). Defined terms used herein shall have the same meaning as defined in the MSA.
What is a Subprocessor?
A Subprocessor is a third-party engaged by OpenEnvoy, who have access to or process Customer Data (which may contain Personal Data).
OpenEnvoy engages different Subprocessors to perform the various functions as explained below.
1.
Due Diligence
OpenEnvoy performs a due diligence review on the data privacy and security posture of potential Subprocessors prior to engagement. Our activities are designed to ensure that processing of Customer Data is only performed by entities with sufficient ability to meet data protection obligations.
2.
Contractual Safeguards
OpenEnvoy requires its Subprocessors to satisfy equivalent obligations as those required from OpenEnvoy (as a Data Processor) as set forth in OpenEnvoy’s Data Processing Agreement (“DPA”), including but not limited to the requirements to:
- Process Personal Data in accordance with data controller’s (i.e. Customer’s) documented instructions (as communicated in writing to the relevant Subprocessor by OpenEnvoy);
- In connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security measures, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel who have been granted access to Personal Data;
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which OpenEnvoy is contractually committed to adhere insofar as they are equally relevant to the Subprocessor’s processing of Personal Data on OpenEnvoy’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification OpenEnvoy reserves the right to audit the Subprocessor;
- Promptly inform OpenEnvoy about any actual or potential security breach; and
- Cooperate with OpenEnvoy to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
3.
Infrastructure Subprocessor(s)
Customer Data is stored in either the US or Europe unless agreed by Customer and OpenEnvoy to move the location of where Customer Data is stored. Processing may take place in different data centers within a region to ensure performance and availability of the cloud service and outside the region for support purposes.
The following table describes the countries and legal entities engaged in the hosting of the cloud service and Customer Data.
Applicable services | Entity name | Entity country(ies) | Purpose |
---|---|---|---|
OpenEnvoy cloud service | Amazon Web Services, Inc. | United States or Europe | Host the cloud service and Customer Data |
OpenEnvoy cloud service | Google, Inc. | United States or Europe | Hosting and Translation Services |
4.
OpenEnvoy AFFILIATES
OpenEnvoy may engage its affiliate(s) listed below as a Subprocessor as necessary to perform its obligations under the MSA.
Applicable services | Entity name | Entity country(ies) | Purpose |
---|---|---|---|
OpenEnvoy cloud service | OpenEnvoy India Private Limited | India | Data research, engineering, support and data labeling |