Sub-processors engaged by Connective

Sub-processor listing

As indicated in our Data Processing Agreement (“DPA”), Connective engages certain Sub-processors to assist in the performance of the (license) agreement between Connective and its Clients[1] . The terms and definitions used in this document (“Sub-processor Listing”) shall have the same meaning as defined in Connective’s License Terms and Conditions (“License Terms and Conditions”).

[1] By default such license agreement between Connective and the Client is named “License Terms and Conditions”.

What is a Sub-processor?

A Sub-processor is a third-party data processor engaged by Connective who has or potentially will have access to or process Personal Data in respect of the performance of the License Terms and Conditions.

Connective engages different types of Sub-processors to perform various functions as explained below. Such services provided by our Sub-processors are essential for making available all functionalities in our Products.

Contractual Safeguards

Connective executes with each Sub-processor a data processing agreement and requires its Sub-processors to satisfy equivalent obligations as those required from Connective (as a Data Processor towards its Clients) as set forth in Connective’s DPA, including but not limited to:

  • Process Personal Data only in accordance with documented instructions (as communicated in writing to the relevant Sub-processor);
  • In connection with their sub-processing activities, Sub-processors may only engage personnel which is reliable and subject to a contractually binding obligation to observe confidentiality, data privacy and security, to the extent applicable and pursuant to the applicable data protection laws;
  • Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
  • Implement and maintain appropriate technical and organizational measures;
  • Promptly inform Connective about any actual or potential security breach;
  • Cooperate with Connective in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

Process for Engaging New Sub-processors

Clients who executed Connective’s standard DPA will be notified by Connective via the procedures included in this policy in case the Sub-processor Listing is being updated.

Connective undertakes to keep this Sub-processors Listing updated regularly to enable its Clients to stay informed of the scope of sub-processing activities associated with the Connective Products.

In the event a new material Sub-processor is onboarded by Connective in respect of the Products the Client is using, the Client will be notified within reasonable timing before such new Sub-processor will have access to the Client’s Personal Data. A notification will be send to the Client’s contact person indicated in the DPA, and the present Sub-processing Listing will be updated (and made available for online access).

Each Client shall have the right to object to the engagement of a new Sub-processor by Connective on reasonable grounds and by giving Connective’s DPO Office written notice of such objection. In this case Connective and the Client shall discuss in good faith to find a solution acceptable for both parties.

Infrastructure Sub-processors – Data Storage and Hosting

Currently, the Connective production systems used for hosting data in respect of the Connective Products are located in co-location facilities in Europe, and in the infrastructure of the Sub-processor listed below.

Entity NameEntity TypeEntity Country
Microsoft AzureCloud Service ProviderThe Netherlands
Microsoft AzureCloud Service ProviderIreland

Product Specific Sub-processors

Connective works with certain third parties to provide specific functionalities within the Connective Products. These third parties are the Sub-processors indicated below[2] . In order to provide the relevant functionality these Sub-processors might access Personal Data. The processing activities performed by such Sub-processors is limited to the Products in scope as set out below.

[2] This Sub-processor Listing includes all material Sub-processors which Connective engages for the functioning of its Products. Non-material Sub-processors (e.g. freelance support staff or IT developers) are not listed

Entity NamePurposeProduct(s)Entity CountryCertifications
CM TelecomSMS Gateway
Sending SMS messages
eSignaturesThe NetherlandsISO 27001, ISO 9001
iDINIdentification via the Dutch iDIN SchemeeSignatures
Identity Services
The NetherlandsISO 27001, ISO 9001
itsme®Identification, authentication and e-signingeSignatures
Identity Services
BelgiumISO 27001, QTSP
TripolisEmail gateway
Mass mailing service provider
eSignatures
Identity Services
Smart Documents
The NetherlandsISO 27001, ISO 9001

Timestamping & Certificates

Depending on the services you use, third parties are engaged in the offering of specific functionalities such as timestamping and issuing certificates. In this respect, we might engage the following certificate authorities and timestamping providers:

 

CompanyObjectCertification
CertignaRGS/eIDAS certificateRGS/eIDAS European Union Trusted Lists (EUTL)
CertignaTimestampingRGS/eIDAS European Union Trusted Lists (EUTL)
CamerfirmaeIDAS certificate
CamerfirmaTimestamping
GlobalSignCertificateAdobe Approved Trusted List (AATL)

FOR ANY QUESTIONS REGARDING DATA PROTECTION

FOR ANY QUESTIONS REGARDING TSP