Privacy

Subprocessors

Last updated: February 2025

This subprocessors statement is required in line with Article 28 para. 4 of the General Data Protection Regulation (GDPR) and intends to disclose the subprocessors assisting Astrantia in providing services, where Astrantia itself is acting as a data processor. Other member firms of the Astrantia network may also be considered subprocessors where Astrantia is acting as a data processor.

Astrantia engages different types of subprocessors to perform various functions. We undertake to use a commercially reasonable selection process by which we evaluate the security, privacy and confidentiality processes of reviewed subprocessors that will or may have access to or process data. In particular, we evaluate and monitor whether our subprocessors:

• process personal data in accordance with the data controller’s instructions;

• in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security pursuant to applicable data protection laws;

• provide regular training in security and data protection to personnel to whom they grant access to personal data;

• implement and maintain appropriate technical and organizational measures;

• promptly inform Astrantia about any actual or potential security breach; and

• cooperate with Astrantia in order to deal with requests from data controllers, data subjects or data protection authorities.

Below is a list of the names and locations of Astrantia's subprocessors, subcontractors and content delivery networks, including companies of the Astrantia network: