Cloudreach Subprocessors 

Last updated on 26 May 2021

Cloudreach Europe Limited (“Cloudreach”) maintains a list of subprocessors authorised to process personal data on its behalf. Cloudreach might share personal data with subprocessors only to the extent necessary to provide our Services or for business support purposes. Cloudreach performs due diligence on the information security practices and data protection compliance of all subprocessors and requires each to commit to written obligations regarding their security controls and applicable regulations for the protection of personal data.

The following categories of subprocessors are used by Cloudreach:

Subscribing to receive notification of updates to the Subprocessor List

You can subscribe to receive email notifications for updates to the Cloudreach Subprocessor list by emailing subprocessors@cloudreach.com and including in your email the name of your organisation and the word “subscribe”. You can unsubscribe at any time by emailing subprocessors@cloudreach.com and including in your email the name of your organisation and the word “unsubscribe”.

Objecting to a Subprocessor

Upon receiving any update notification from Cloudreach, a customer may object to Cloudreach’s use of a new subprocessor by notifying Cloudreach in writing dpo@cloudreach.com within ten (10) business days after receipt of Cloudreach’s notice in accordance with the mechanism set out above.

Provided the customer’s objection to a new subprocessor is based on reasonable grounds, Cloudreach will use reasonable efforts to make available to the customer a change in the provision of the Services to avoid processing of personal data by the objected-to new subprocessor without unreasonably burdening the Customer.

If Cloudreach is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, the Customer may terminate the applicable Order Form(s) with respect only to those Service(s) which cannot be provided by Cloudreach without the use of the objected-to new subprocessor by providing 30 days prior written notice to Cloudreach.

Cloudreach Affiliates

Subprocessor Name

Location

(transfer mechanism where outside of the EEA)

Brief description and purpose of the processing

Date added to this list

Cloudreach, Inc

United States

(standard contractual clauses)

In respect of Cloudreach's Affiliates, groups of individuals located in different offices may have a need to access Customer data for service delivery purposes and/or business support purposes.  

13 April 2018

Cloudreach SAS

France

13 April 2018

Cloudreach GmbH

Germany

13 April 2018

Cloudreach Canada Inc

Canada

(adequacy decision)

13 April 2018

Cloudreach Switzerland GmbH

Switzerland

(adequacy decision)

13 April 2018

Cloudreach BV

The Netherlands

13 April 2018

Cloudamize, Inc

United States

(standard contractual clauses)

13 April 2018

Cloudreach AB

Sweden

28 October 2019

Cloudreach Technologies    India Private Limited

India

(standard contractual clauses)

28 October 2019

Cloudreach internal business support systems

Subprocessor Name

Location

(transfer mechanism where outside of the EEA)

Brief description and purpose of the processing

Date added to this list

Google LLC

United States

(standard contractual clauses)

Google Suite used for communication, collaboration and storage

13 April 2018

Slack Technologies, Inc

United States

(standard contractual clauses)

Collaborative and instant messaging tool

13 April 2018

Salesforce.com, Inc

United States

(standard contractual clauses)

CRM solution

13 April 2018

FinancialForce.com Inc

United States

(standard contractual clauses)

Customer accounting, financial management and billing platform

13 April 2018

Jira/Confluence

(Atlassian PTY Ltd)

United States

(standard contractual clauses)

Internal tooling used for project and tasks management and as knowledge base

13 April 2018

Trello, Inc

(Atlassian PTY Ltd)

United States

(standard contractual clauses)

Project management software

13 April 2018

Asana, Inc

United States

(standard contractual clauses)

Project management tool

13 April 2018

Smartsheet, Inc

United States

(standard contractual clauses)

Spreadsheet-like user interface application used for project management

13 April 2018

Bitbucket

(Atlassian PTY Ltd)

United States

(standard contractual clauses)

Code management and repository

13 April 2018

GitHub, Inc

United States

(standard contractual clauses)

Code Management and Repository

14 November 2018

AgileBits, Inc

(1Password)

Canada

(adequacy decision)

Password Management

29 November 2018

SalesLoft, Inc

United States

(standard contractual clauses)

Sales Engagement Platform

21 January 2019

DocuSign, Inc

United States

(Binding Corporate Rules)

Electronic signature

19 March 2019

Pardot, LLC

(Salesforce.com, Inc)

United States

(standard contractual clauses)

Marketing automation services

19 July 2019

Oktopost Technologies, Inc

United States

(standard contractual clauses)

Marketing analytics and insight

26 May 2021

Rapid7, LLC

United States

(standard contractual clauses)

Internal Security Monitoring Solution

26 May 2021

Subprocessors used only in the delivery of Cloud Operations services

Subprocessor Name

Location

(transfer mechanism where outside of the EEA)

Brief description and purpose of the processing

Date added to this list

Bitdefender Ltd

 United Kingdom

Malware threats detections and remediations[1]

13 April 2018

Pager Duty, Inc  

United States

(standard contractual clauses)

Alerting / Notifications Tool

10 September 2018

ServiceNow UK Ltd

United Kingdom

IT service and operations management[2]

13 April 2018

Cylance, Inc

United States

(standard contractual clauses)

Malware threats detections and remediations

14 November 2018

SignalFX, Inc 

United States

(standard contractual clauses)

Monitoring and Alerting

21 January 2019

ParkMyCloud, Inc

United States

(standard contractual clauses)

Cloud resource scheduling for cost optimisation purposes

21 January 2019

ZenHub

(Axiom Labs, Inc)

Canada

(adequacy decision)

Project management tool

(bug and issue tracker)

20 May 2019

Alert Logic, Inc

United States

(standard contractual clauses)

Use of Alert Logic software for log data retention

20 May 2019

Chef Software, Inc

United States

(standard contractual clauses)

Infrastructure automation and scripting

13 April 2018

VMware, Inc

(CloudHealth)[3]

United States

(Binding Corporate Rules)

Cost management, governance, automation, security, and performance

13 April 2018

Survey Monkey, Inc

United States

(standard contractual clauses)

Online survey

21 April 2020

Splunk, Inc

(Splunk Cloud)

United States

(standard contractual clauses)

Data analytics and reporting

10 November 2020

Auth0, Inc

United States

(standard contractual clauses)

Authentication software

23 January 2020

New Relic, Inc[4]  

United States

(standard contractual clauses)

Network monitoring

13 April 2018

ZestyZesty Tech Ltd

Israel

(standard contractual clauses)

Cloud cost optimisation platform

26 May 2021

ONEio Cloud Oy[5]

Finland

(standard contractual clauses)

ITSM integration

26 May 2021

Subprocessors used only in relation to Cloudamize software

Subprocessor Name

Location

(transfer mechanism where outside of the EEA)

Brief description and purpose of the processing

Date added to this list

Zendesk, Inc

United States

(standard contractual clauses)

Customer Service Software & Support Ticket System

10 September 2018

Cloud service providers (CSP)

Subprocessor Name

Location

(transfer mechanism where outside of the EEA)

Brief description and purpose of the processing

Date added to this list

Amazon Web Services

(AWS Inc)

United States

(standard contractual clauses)

Use of AWS by Cloudreach to host all Cloudreach data and systems;

 Potential additional use of AWS to host Customer data under an AWS platform agreement

13 April 2018

Google Cloud

(Google LLC)

United States

(standard contractual clauses)

Use of GCP to host Customer data under a GCP agreement or a Cloudreach agreement which includes Cloudamize software

13 April 2018

Microsoft Azure

(Microsoft Corporation)

United States

(standard contractual clauses)

Use of Microsoft to host Customer data under a Microsoft Azure platform agreement or a Cloudreach agreement which includes Cloudamize software  

13 April 2018

Independent software vendors (ISV), products expressly licensed to customers

Subprocessor Name

Location

(transfer mechanism where outside of the EEA)

Brief description and purpose of the processing

Date added to this list

Alert Logic, Inc

United States

(standard contractual clauses)

Use of Alert Logic software for security threat detection purposes under a licence agreement

13 April 2018

Sumo Logic, Inc

United States

(standard contractual clauses)

Use of Sumo Logic software under a licence agreement

28 October 2019


[1] Bitdefender licences can also be purchased independently.

[2] In limited circumstances, ServiceNow may also be used in the delivery of professional services.

[3] CloudHealth software may also be licensed to customers under a licence agreement.

[4] New Relic software may also be licensed to customers under a licence agreement.

[5] In case of integration between Cloudreach ServiceNow and customer ITSM