Last updated on 18 October 2023
Cloudreach Europe Limited (“Cloudreach”) maintains a list of subprocessors authorised to process personal data on its behalf. Cloudreach might share personal data with subprocessors only to the extent necessary to provide our Services or for business support purposes. Cloudreach performs due diligence on the information security practices and data protection compliance of all subprocessors and requires each to commit to written obligations regarding their security controls and applicable regulations for the protection of personal data.
The following categories of subprocessors are used by Cloudreach:
Countries to which personal data may be transferred
Cloudreach will always ensure there is an appropriate data transfer mechanism in place, and that a transfer risk assessment is conducted where applicable. Personal data may be transferred to the following countries outside of the European Union:
Subscribing to receive notification of updates to the Subprocessor List
You can subscribe to receive email notifications for updates to the Cloudreach Subprocessor list by emailing DPO.UKI@atos.net and including in your email the name of your organisation and the word “subscribe”. You can unsubscribe at any time by emailing DPO.UKI@atos.net and including in your email the name of your organisation and the word “unsubscribe”.
Upon receiving any update notification from Cloudreach, a customer may object to Cloudreach’s use of a new subprocessor by notifying Cloudreach in writing DPO.UKI@atos.net within ten (10) business days after receipt of Cloudreach’s notice in accordance with the mechanism set out above.
Provided the customer’s objection to a new subprocessor is based on reasonable grounds, Cloudreach will use reasonable efforts to make available to the customer a change in the provision of the Services to avoid processing of personal data by the objected-to new subprocessor without unreasonably burdening the Customer.
If Cloudreach is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, the Customer may terminate the applicable Order Form(s) with respect only to those Service(s) which cannot be provided by Cloudreach without the use of the objected-to new subprocessor by providing 30 days prior written notice to Cloudreach.
Cloudreach Affiliates
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
Cloudreach, Inc | United States (standard contractual clauses) | In respect of Cloudreach's Affiliates, groups of individuals located in different offices may have a need to access Customer data for service delivery purposes and/or business support purposes. | 13 April 2018 |
Cloudreach SAS | France | 13 April 2018 | |
Cloudreach GmbH | Germany | 13 April 2018 | |
Cloudreach Canada Inc | Canada (adequacy decision) | 13 April 2018 | |
Cloudreach Switzerland GmbH | Switzerland (adequacy decision) | 13 April 2018 | |
Cloudreach BV | The Netherlands | 13 April 2018 | |
Cloudamize, Inc | United States (standard contractual clauses) | 13 April 2018 | |
Cloudreach AB | Sweden | 28 October 2019 | |
Cloudreach Technologies India Private Limited | India (standard contractual clauses) | 28 October 2019 | |
Atos UK IT Holdings Limited | United Kingdom (Binding Corporate Rules in progress) | Sharing of data as part of standard business within the group | 03 January 2023 |
Atos International B.V. | The Netherlands (Binding Corporate Rules in progress) | 03 January 2023 | |
Atos SE | France (Binding Corporate Rules in progress) | 03 January 2023 |
Cloudreach internal business support systems
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
Google LLC | United States (standard contractual clauses) | Google Suite used for communication, collaboration and storage | 13 April 2018 |
Slack Technologies, Inc | United States (standard contractual clauses) | Collaborative and instant messaging tool | 13 April 2018 |
Salesforce.com, Inc | France, Germany, Japan, United Kingdom, United States (standard contractual clauses) | CRM solution | 13 April 2018 |
FinancialForce.com Inc | United States (standard contractual clauses) | Customer accounting, financial management and billing platform | 13 April 2018 |
Jira/Confluence (Atlassian PTY Ltd) | United States (standard contractual clauses) | Internal tooling used for project and tasks management and as knowledge base | 13 April 2018 |
Trello, Inc (Atlassian PTY Ltd) | United States (standard contractual clauses) | Project management software | 13 April 2018 |
Asana, Inc | United States (standard contractual clauses) | Project management tool | 13 April 2018 |
Smartsheet, Inc | United States (standard contractual clauses) | Spreadsheet-like user interface application used for project management | 13 April 2018 |
Bitbucket (Atlassian PTY Ltd) | United States (standard contractual clauses) | Code management and repository | 13 April 2018 |
GitHub, Inc | United States (standard contractual clauses) | Code Management and Repository | 14 November 2018 |
AgileBits, Inc (1Password) | Canada (adequacy decision) | Password Management | 29 November 2018 |
DocuSign, Inc | United States (Binding Corporate Rules) | Electronic signature | 19 March 2019 |
Rapid7, LLC | United States (standard contractual clauses) | Internal Security Monitoring Solution | 26 May 2021 |
Cloudreach internal business support systems for prospecting activities
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
ON24 | United States (standard contractual clauses) | Marketing webinar hosting | 8 September 2021 |
SalesLoft, Inc | United States (standard contractual clauses) | Sales Engagement Platform | 21 January 2019 |
Oktopost Technologies, Inc | United States (standard contractual clauses) | Marketing analytics and insight | 26 May 2021 |
Reachdesk Ltd | United States (standard contractual clauses) | Sales Engagement and gifting | 15 September 2021 |
AddEvent | United States (standard contractual clauses) | Calendar tool | 15 September 2021 |
Drift.com Inc | United States (standard contractual clauses) | Chatbot and Sales Engagement Platform | 15 September 2021 |
Objective7 bvba (Survey Anyplace) | United States (standard contractual clauses) | Survey tool | 15 September 2021 |
Leadscale | United States (standard contractual clauses) | Prospecting aggregator platform | 16 February 2022 |
Triblio, Inc | United States (standard contractual clauses) | ABM tool for prospecting | 16 February 2022 |
Marketo, Inc | United States (standard contractual clauses) | Marketing automation and prospecting services | 22 February 2022 |
Subprocessors used only in the delivery of Managed Services
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
Pager Duty, Inc | United States (standard contractual clauses) | Alerting / Notifications Tool | 10 September 2018 |
ServiceNow UK Ltd | United Kingdom (adequacy decision) | IT service and operations management[1] | 13 April 2018 |
Cylance, Inc[2] | United States (standard contractual clauses) | Malware threats detections and remediations | 14 November 2018 |
Splunk Observability Cloud[3] (Splunk, Inc) | United States (standard contractual clauses) | Monitoring and Alerting | 21 January 2019 |
ParkMyCloud, Inc | United States (standard contractual clauses) | Cloud resource scheduling for cost optimisation purposes | 21 January 2019 |
ZenHub (Axiom Labs, Inc) | Canada (adequacy decision) | Project management tool (bug and issue tracker) | 20 May 2019 |
Alert Logic, Inc | United States (standard contractual clauses) | Use of Alert Logic software for log data retention | 20 May 2019 |
Chef Software, Inc | United States (standard contractual clauses) | Infrastructure automation and scripting | 13 April 2018 |
VMware, Inc (CloudHealth)[4] | United States (Binding Corporate Rules) | Cost management, governance, automation, security, and performance | 13 April 2018 |
Survey Monkey, Inc | United States (standard contractual clauses) | Online survey | 21 April 2020 |
Splunk, Inc (Splunk Cloud) | United States (standard contractual clauses) | Data analytics and reporting | 10 November 2020 |
Auth0, Inc | United States (standard contractual clauses) | Authentication software | 23 January 2020 |
ZestyZesty Tech Ltd | Israel (standard contractual clauses) | Cloud cost optimisation platform | 26 May 2021 |
ONEio Cloud Oy[5] | Finland (standard contractual clauses) | ITSM integration | 26 May 2021 |
CrowdStrike, Inc | United States (standard contractual clauses) | Endpoint Detection and Response | 21 July 2021 |
Nevexis, Ltd (Costimize) | Bulgaria (standard contractual clauses) | Cloud cost, usage and performance management for GCP | 22 February 2022 |
ProsperOps, Inc | United States (standard contractual clauses) | Cloud cost, usage and performance management | 18 January 2023 |
nOps, Inc | United States (standard contractual clauses) | Cloud cost, usage and performance management | 18 January 2023 |
Cloudwiry, Inc | United States (standard contractual clauses) | Cloud cost, usage and performance management | 18 January 2023 |
Anodot Ltd | United States (standard contractual clauses) | Cloud cost, usage and performance management | 18 January 2023 |
Aurea Software, LLC | United States (standard contractual clauses) | Cloud cost, usage and performance management | 20 January 2023 |
Cloud service providers (CSP)
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
Amazon Web Services (AWS Inc)[6] | United States (standard contractual clauses) | Use of AWS by Cloudreach to host all Cloudreach data and systems; Potential additional use of AWS to host Customer data under an AWS platform agreement | 13 April 2018 |
Google Cloud (Google LLC) | United States (standard contractual clauses) | Use of GCP to host Customer data under a GCP agreement or a Cloudreach agreement which includes Cloudamize software | 13 April 2018 |
Microsoft Azure (Microsoft Corporation) | United States (standard contractual clauses) | Use of Microsoft to host Customer data under a Microsoft Azure platform agreement or a Cloudreach agreement which includes Cloudamize software | 13 April 2018 |
Independent software vendors (ISV), products expressly licensed to customers
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
Alert Logic, Inc | United States (standard contractual clauses) | Use of Alert Logic software for security threat detection purposes under a licence agreement | 13 April 2018 |
Sumo Logic, Inc | United States (standard contractual clauses) | Use of Sumo Logic software under a licence agreement | 28 October 2019 |
Cloudamize subprocessors
Subprocessor Name | Location (transfer mechanism where outside of the EEA) | Brief description and purpose of the processing | Date added to this list |
Datadog, Inc. | United States (standard contractual clauses) | Used for monitoring and alerting in research and development of Cloudamize products. | 13 April 2018 |
Alert Logic, Inc | United States (standard contractual clauses) | Use of Alert Logic software for security threat detection purposes under a licence agreement | 13 April 2018 |
HashiCorp, Inc | United States (standard contractual clauses) | Infrastructure automation | 18 January 2023 |
[1] In limited circumstances, ServiceNow may also be used in the delivery of professional services.
[2] Soon to be retired
[3] Used to be SignalFX
[4] CloudHealth software may also be licensed to customers under a licence agreement.
[5] In case of integration between Cloudreach ServiceNow and customer ITSM
[6] For Cloudamize, data may be stored in Germany or the United Arab Emirates (UAE), as per the customer’s preferences.