Sub-processors engaged by Connective
Scope
Information made available on this webpage relates to the following services provided by Connective:
- Connective eSignatures
- Connective Digital Signing Service
- Connective Validation Service
- Connective Identity Services
- Connective Identity Hub
- Connective Smart Documents
Sub-processor listing
As indicated in our Data Processing Agreement (“Data Processing Agreement”), Connective engages certain sub-processors (“Sub-processors”) to assist in the performance of the agreement between Connective and its clients (“Client”). Such Sub-processors are involved to offer specific functionalities or services included within our solutions*. By means of this declaration (“Sub-processor Listing”) we are informing you in all transparency on the Sub-processors involved when using our services and on the procedure which applies when a new Sub-processor would be engaged by Connective.
* Please note the information provided via this page applies only in case you have opted for the default set-up of Connective’s services as a hosted SaaS solution. If you opted for a specific set-up, we refer to the relevant data processing agreement executed.
But first, what exactly is a Sub-processor?
A Sub-processor is a data processor engaged by Connective who has or potentially will have access to or process personal data when you are using our services.
Connective engages different types of Sub-processors to perform various functions as explained below. Such services provided by the Sub-processors we engage are essential for making available all functionalities of the services we offer. In the overview below, Sub-processors are listed per service we offer.
When Connective would engage new Sub-processors
Clients who signed Connective’s Data Processing Agreement will be notified by Connective in case the Sub-processor Listing is being updated, aligned with the procedures included in the Data Processing Agreement and as explained on this webpage.*
Connective undertakes to update this Sub-processors Listing regularly to enable its Clients to stay informed of the scope of sub-processing activities associated with our services.
In the event a new material Sub-processor is onboarded by Connective in respect of the service the Client is using, the Client will be notified within reasonable timing before such new Sub-processor will have access to the Client’s personal data. A notification will be send to the Client’s contact person indicated in the Data Processing Agreement, and the present Sub-processor Listing will be updated (and made available for online access via this webpage).
Each Client shall have the right to object to the engagement of a new Sub-processor by Connective by giving Connective written notice of such objection via dpo@connective.eu within thirty (30) days after Connective has notified the Client. In such case Connective and the Client shall discuss in good faith to find a solution acceptable for both parties. If Connective has not received any objection within such time period, the (new) Sub-processor engaged shall be deemed accepted by the Client.
* If you subscribed to Nitro Sign Premium via one of the other Nitro Group entities, please note the provisions of your agreement will prevail to what is set out here.
Sub-processors engaged in our services
Connective eSignatures
Connective eSignatures is by default hosted via Microsoft Azure in co-location facilities in Europe. Depending on your specific set-up, other hosting providers or locations can be in scope as well.*
| Entity Name | Entity Type | Data Center Location | Certifications |
|---|---|---|---|
| Microsoft Azure | Cloud Service Provider | Amsterdam and Dublin | ISO 27001, ISO/IEC 27701, ISO 27018, SOC 1, SOC 2, SOC3. |
* If you subscribed to Nitro Sign Premium via one of the other Nitro Group entities, you can opt for Microsoft Azure Data Centers located in the United States (Virginia) or Australia (New South Wales – Sydney).
Depending on the functionalities activated on your Connective eSignatures environment, the following Sub-processors are engaged to ensure all functionalities within Connective eSignatures are available.
| Entity Name | Purpose | Entity Location | Certifications |
|---|---|---|---|
| CM.com* | SMS OTP signing method: SMS Gateway sending SMS messages | The Netherlands | ISO 9001, 14001, 20000-1, 27001 certified |
| Tripolis* | Email OTP signing: Email Gateway, mailing service provider | The Netherlands | ISO 27001 |
| iDIN | Identification via the Dutch iDIN scheme | The Netherlands | |
| Criipto | Intermediary party related to the Nordics Identity Schemes | Denmark | |
| MTarget** | SMS OTP Signing Method: SMS Gateway sending SMS messages | France |
* If you subscribed to Nitro Sign Premium via one of the other Nitro Group entities, email OTP signing might be performed by Notarius and SMS OTP signing by Amazon Web Services.
** MTarget is currently not applicable in case of a default set-up and will only be in scope in case of specific demands of the client.
For the provisioning of support services related to Connective eSignatures, the following Sub-processor is engaged.
| Entity Name | Purpose | Entity Location |
|---|---|---|
| Salesforce (Service Cloud) | Management tool for support services related to Connective eSignatures in general (web-based ticketing system) | United States |
The following third party data controllers may process (personal) data to ensure all functionalities are available when using Connective eSignatures. These parties are not considered a Sub-processor to Connective but qualify as a separate data controller as per the activities they perform. Please note several of these third party data controllers are only applicable in case you are using specific functionalities within Connective eSignatures.
| Entity Name | Purpose | Certifications |
|---|---|---|
| Belgian Mobile ID (itsme® Services) | Provisioning of itsme® Services (for identification, authentication and e-signing) | Qualified Trust Service Provider, ISO 27001 |
| Finnish Trust Network | Provisioning of services related to the Finnish Trust Network | |
| Nem ID / MitID | Provisioning of services related to Nem ID/MitID | |
| Norwegian Bank ID | Provisioning of services related to Norwegian Bank ID | |
| Swedish Bank ID | Provisioning of services related to Swedish Bank ID | |
| Swisscom | Provisioning of Swisscom Signing Service | Qualified Trust Service Provider, ISO 27001 |
Connective eSignatures engages third parties for offering timestamping services and issuing certificates. These parties are by default not considered a Sub-processor to Connective. In this respect, we might engage the following certificate authorities and timestamping providers:
| Entity Name | Purpose | Certifications |
|---|---|---|
| Certigna | Issuing of RGS/eIDAS certificates and timestamping services | RGS/eIDAS European Union Trusted Lists (EUTL) |
| Camerfirma | Issuing of eIDAS certificates and timestamping services | |
| GlobalSign | Issuing of certificates | eIDAS European Union Trusted Lists (EUTL)Adobe Approved Trusted List (AATL) |
| BE-YS | Issuing of certificates (only for specific client set-ups) | eIDAS European Union Trusted Lists (EUTL), ISO 27001 |
| Notarius | Remote hash signing and timestamping | Notarius will only be applied for customers signed up to Nitro Sign Premium |
Connective Digital Signing Service
Connective Digital Signing Service is by default hosted via Microsoft Azure in co-location facilities in Europe. Depending on your specific set-up, other hosting providers or locations can be in scope as well.
| Entity Name | Entity Type | Data Center Location |
|---|---|---|
| Microsoft Azure | Cloud Service Provider | Amsterdam and Dublin |
* If you subscribed to Nitro Sign Premium via one of the other Nitro Group entities, you can opt for Microsoft Azure Data Centers located in the United States (Virginia) or Australia (New South Wales – Sydney).
For the provisioning of support services related to Connective Digital Signing Service, the following Sub-processors are engaged.
| Entity Name | Purpose | Entity Location |
|---|---|---|
| Salesforce Service Cloud | Management tool for support services | United States |
Connective Digital Signing Service engages third parties for offering timestamping services and issuing certificates. These parties are by default not considered a Sub-processor to Connective. In this respect, we might engage the following certificate authorities and timestamping providers:
| Entity Name | Purpose | Certifications |
|---|---|---|
| Certigna | Issuing of RGS/eIDAS certificates and timestamping services | RGS/eIDAS European Union Trusted Lists (EUTL) |
| Camerfirma | Issuing of eIDAS certificates and timestamping services | |
| GlobalSign | Issuing of certificates | eIDAS European Union Trusted Lists (EUTL)Adobe Approved Trusted List (AATL) |
| BE-YS | Issuing of certificates (only for specific client set-ups) | eIDAS European Union Trusted Lists (EUTL), ISO 27001 |
| Notarius | Remote hash signing and timestamping | Notarius will only be applied for customers signed up to Nitro Sign Premium |
Connective Validation Service
Connective Validation Services are by default hosted via Microsoft Azure in co-location facilities in Europe. Depending on your specific set-up, other hosting providers or locations can be in scope as well.
| Entity Name | Entity Type | Data Center Location |
|---|---|---|
| Microsoft Azure | Cloud Service Provider | Amsterdam and Dublin |
* If you subscribed to Nitro Sign Premium via one of the other Nitro Group entities, you can opt for Microsoft Azure Data Centers located in the United States (Virginia) or Australia (New South Wales – Sydney).
For the provisioning of support services related to Connective Validation Services, the following Sub-processors are engaged.
| Entity Name | Purpose | Entity Location |
|---|---|---|
| Salesforce Service Cloud | Management tool for support services | United States |
Connective Identity Services
Connective Identity Services is by default hosted via Microsoft Azure in co-location facilities in Europe. Depending on your specific set-up, other hosting providers or locations can be in scope as well.
| Entity Name | Entity Type | Data Center Location |
|---|---|---|
| Microsoft Azure | Cloud Service Provider | Amsterdam and Dublin |
For the provisioning of support services related to Connective Identity Services, the following Sub-processors are engaged.
| Entity Name | Purpose | Entity Location |
|---|---|---|
| Salesforce Service Cloud | Management tool for support services | United States |
Connective Identity Hub
Connective Identity Hub is by default hosted via Microsoft Azure in co-location facilities in Europe. Depending on your specific set-up, other hosting providers or locations can be in scope as well.
| Entity Name | Entity Type | Data Center Location |
|---|---|---|
| Microsoft Azure | Cloud Service Provider | Amsterdam and Dublin |
For the provisioning of support services related to Connective Identity Hub, the following Sub-processors are engaged.
| Entity Name | Purpose | Entity Location |
|---|---|---|
| Salesforce Service Cloud | Management tool for support services | United States |
The following third party data controllers may process (personal) data to ensure all functionalities are available when using Connective Identity Hub. These parties are not considered a Sub-processor but qualify as a separate data controller as per the activities they perform.
| Entity Name | Purpose | Certifications |
|---|---|---|
| Belgian Mobile ID (itsme® Services) | Provisioning of itsme® Services (for identification and authentication) | Qualified Trust Service Provider, ISO 27001 |
| Electronic ID | Provisioning of video identification services | ISO 27001, QTSP |
Connective Smart Documents
Connective Smart Documents is by default hosted via Microsoft Azure in co-location facilities in Europe. Depending on your specific set-up, other hosting providers or locations can be in scope as well.
| Entity Name | Entity Type | Data Center Location |
|---|---|---|
| Microsoft Azure | Cloud Service Provider | Amsterdam and Dublin |
Depending on the functionalities activated on your Connective Smart Documents environment, the following Sub-processors are engaged to ensure all functionalities within Connective Smart Documents are available.
| Entity Name | Purpose | Entity Location | Certifications |
|---|---|---|---|
| Tripolis | Email Gateway, mailing service provider | The Netherlands | ISO 27001 |
For the provisioning of support services related to Connective Smart Documents, the following Sub-processors can be engaged. Please note several of these Sub-processors are only applicable in case you are using specific services or connectors.
| Entity Name | Purpose | Entity Location |
|---|---|---|
| Salesforce Service Cloud | Management tool for support services | United States |
Nitro/ Connective Group Companies
The following entities are members of the Nitro/ Connective Group Companies
| Entity Name | Entity Location |
|---|---|
| Connective France SAS | France |
| Connective Digital Transformation SL | Spain |
| Connective NV | Belgium |
| Nitro Software EMEA Limited | Ireland |
| Nitro Software Limited | Australia |
| Nitro Software Canada Limited | Canada |
| Nitro Software, Inc. | USA |
This page was last updated on 28/02/2022
