AppsAnywhere uses certain sub-processors to assist in providing our service to you.
As a processor of personal data, as defined by the EU's General Data Protection Regulations, we have taken all reasonable measures to ensure that our sub-processors are evaluated, on an ongoing basis, for data security, privacy, confidentiality and GDPR compliance within the scope of their practices and activity as subprocessors of AppsAnywhere's data.
Last updated: May 15, 2018
What is a sub-processor?
A sub-processor is a third party data processor, who is engaged by AppsAnywhere for the purpose of maintaining and supporting support our service to our end-users, and for various other critical functions as outlined below.
Our safeguards with sub-processors
All sub-processors are contractually required by AppsAnywhere (as Data Processor) to comply with AppsAnywhere's Data Security and EU Data Protection policy. That includes but is not limited to the requirement to:
- process personal data in accordance with data controller’s (i.e. Customer's) documented instructions (as communicated in writing to the relevant sub-processor by AppsAnywhere);
- in connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- implement and maintain appropriate technical and organizational measures (including measures consistent with those to which AppsAnywhere is contractually committed to adhere insofar as they are equally relevant to the sub-processor’s processing of personal data on AppsAnywhere's behalf). AppsAnywhere reserves the right to audit the sub-processor;
- promptly inform AppsAnywhere about any actual or potential security breach; and
- cooperate with AppsAnywhere in order to deal with requests from data controllers, data subjects or data protection authorities.
This policy does not give Customers any additional rights and should not be construed as a binding agreement. We provide this information only to highlight AppsAnywhere's commitment to data security and privacy, and to illustrate the process through which we engage new sub-processors.
How we engage new sub-processors
AppsAnywhere will provide notice, via this policy, of updates to the list of sub-processors that are used to process personal data. Customers can object in writing to the processing of personal data by a new sub-processor within 30 days from this policy being updated, describing legitimate reasons to object. If the Customer does not object during this period, we will deem the new sub-processor(s) as accepted.
If a Customer objects to the use of a new sub-processor, and to the process outlined in AppsAnywhere's Customer Contract, we have the right to remedy the Customer's objection through one of the following options, chosen at AppsAnywhere's discretion:
- AppsAnywhere will cease to use the sub-processor (with regard to personal data only);
- AppsAnywhere will take the remedial steps requested by Customer in its objection, then proceed to use the sub-processor to process personal data;
- AppsAnywhere may stop providing, or Customer may agree not to use, a certain aspect of AppsAnywhere's service that would involve use of the particular sub-processor to process personal data.
The following is an up-to-date list (as of the date of this policy) of the names and locations of AppsAnywhere sub-processors (including members of the AppsAnywhere Group):
Infrastructure sub-processors – Personal data storage
AppsAnywhere owns or controls access to the infrastructure that we use to process personal data, other than as set forth below.
|Location of data
|Support Ticket System
|Cloud Service Provider
|Cloud Service Provider
AppsAnywhere Group sub-processors
The following entities are members of the AppsAnywhere Group:
|AppsAnywhere Americas Inc.**
**Transfers subject to the Standard Contractual Clauses approved by the European Commission for transfers from Controllers in the European Economic Area to Controllers outside the European Economic Area