Sub-processor Policy
1. The Basics.
- SurveySparrow Inc., and its affiliates/subsidiaries (collectively “SurveySparrow”, “we”, “us” and “ours”) use certain subcontractors or third-parties (together the “Sub-Processors”) to assist in providing SurveySparrow services.
2. What is a sub-processor
- “Sub-processor” or “Sub-data Processor” means the service providers who interact with the Controller’s Data (in part or full) so as to offer the services promised by the Data Processor as per the Services Agreement.
- SurveySparrow engages different types of Sub-Processors to perform various functions. In some cases, customer data includes personal data as defined by the General Data Protection Regulation (“GDPR”).
3. Due Diligence
- SurveySparrow undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed Sub-Processors that may be processing customer data.
- As a minimum, we ensure that SurveySparrow’s Sub-Processors store and process all customer data we share with them in a manner that is compliant with EU data protection requirements under GDPR.
4. Contractual Safeguards
- SurveySparrow requires the Sub-Processor’s to process personal data in accordance with data controller’s (i.e. customer’s) documented instructions.
- In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- Implement and maintain appropriate technical and organizational measures and provide an annual certification that evidences compliance with this obligation. In the absence of such certification SurveySparrow reserves the right to audit the sub-processor;
- Promptly inform SurveySparrow about any actual or potential security breach; and
- Cooperate with SurveySparrow in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
5. Process to engage new Sub-Processors
- For all customers who have executed SurveySparrow’s standard Data Processing Agreement (“DPA”), we will provide notice of updates to the list of sub-processors that are utilized or which we propose to utilize to deliver our services. We undertake to keep this list updated regularly to enable our customers to stay informed of the scope of sub-processing associated with the services.
- Pursuant to the DPA, a customer may object in writing to the processing of its personal information by a new sub-processor within ten (10) days following the update of this policy and such objection shall describe customer’s legitimate reason(s) for objection. If the customer does not object during such a time period, the new sub-processor(s) shall be deemed accepted.
6. Sub-processors having access to customer data.
| Name | Service Provided | Purpose | Data Centers |
|---|---|---|---|
| Amazon Web Services | Cloud service provider | Cloud infrastructure provider for SurveySparrow. Almost all data stored, processed and transmitted in SurveySparrow resides on Amazon Web Services data centers. | India (Mumbai), USA (Virginia), Canada (Central), EU (Frankfurt), UK (London), UAE (Dubai), and Australia(Sydney) depending on customer preference |
| HubSpot Inc. | CRM | This is our internal CRM tool used to keep our customer contact details and communications up to date. | United States |
| Sparkpost | Email Service Provider | Sending out emails | United States, Europe |
| Newrelic | Application and Performance Monitoring | To monitor the performance of the application and tune it. | United States, Europe |
| Stripe | Payment Solution | Subscription is managed by Stripe | United States |
| Twilio | Messaging | SMS share utilizes Twilio to deliver messages | United States |
| Google Translate | Translation | Survey and Response Translation provider for SurveySparrow | United States, Europe |
| Logz.io | Log Management | Managing the logs created in SurveySparow | United States, Europe |
| Zendesk | CRM | Internal cloud based customer support tool which is used to keep our customer contact details and communications up to date as part of the provision of our services. | United States |
| Heap Analytics | Analytics tool | An web based analytics tool used to track App events and measure user action on the product including page views, taps, swipes etc. | United States |
| Sendgrid | Email Service Provider | Sending out Emails | United States |
| Zipy.ai | Product Analytics & Error Tracking | User session analytics & debugging | United States |
| Open AI | Creating Survey Templates | Machine Learning & Text Analytics | United States |
| Azure OpenAI | Generative AI | Artificial Intelligence & Machine Learning | Europe |
7. Updates
- SurveySparrow will keep this list updated by adding the names of new or replaced sub-processors.
- If you have any questions or concerns regarding our Sub-processors, please send us a detailed message to privacy@surveysparrow.com, and we will try to resolve your concerns.
