Could not initialize Cookiebot addons: Class cookiebot_addons\controller\addons\custom_facebook_feed_old\Custom_Facebook_Feed_Old not found Data Subprocessors - Splio

Data Subprocessors.

Splio Group (shall mean the company Splio SAS registered in Paris, France, under number 434533071 with its head office at 27 Boulevard des Italiens 75002, Paris, France and any company in which it, fully or partially, owns the majority of the capital or voting rights) uses Sub-processors to assist in the provision of its services. This page provides information about the identity, location and role of each of Splio’s Sub-processors.

Last update: September 2020

What is a Sub-processor?

A Sub-processor is the natural person or legal entity that processes or may process personal data on behalf of the Data controller.

What is a Data controller?

A Data controller is the natural person or legal entity that, alone or jointly with others, determines the purposes and means of the processing of the personal data.

What is Splio?

Splio is a Sub-processor, processing the data collected by its Clients who are Data controllers.

Splio is a Data Controller for the data collected by Splio for the purposes of its own activities.

Information about Splio’s Sub-processors

For all Clients who have executed the standard personal data Processing Agreement (“DPA”) or the standard SaaS Services Agreement of Splio (the “Contract”), Splio provides a written prior notice, via its CRM tool, of any updates to the list of Sub-processors that are utilized by Splio to deliver the services.

Pursuant to the DPA or Contract, a Client may object in writing to the processing of its personal data by a new Sub-processor of Splio within thirty (30) working days following the update information and such objection shall describe Client’s reason(s) for objection. If Client does not object during such time period the new Sub-processor(s) shall be deemed accepted.

If a Client objects to the use of a new Splio’s Sub-processor, the Parties shall meet within eight (8) working days from the date of the refusal in order to evaluate an alternative solution; if the Client maintains his refusal, and only in this case, each Party may terminate ipso jure (without any formalities) the DPA and the Contract with a three (3) months period notice sent by registered letter with acknowledgment of receipt. Splio will provide our Clients with notice of any new Sub-processors, along with posting such updates here.

Security and Confidentiality measures

In the event where Splio contracts with Sub-processors, Splio undertakes to impose on its Sub-processors all necessary obligations to ensure that the confidentiality, security, availability and integrity of the personal data are respected, and that the data cannot be transferred or lent to a third party, or used for purposes other than those set out in the Contract or DPA, and guarantees that the above mentioned Sub-processors will respect their obligations.

Splio’s Sub-processors

The following is an up-to-date list of the names and locations of Splio’s Sub-processors:

Sub-processor Name Sub-processing Activities Provided Registered Address Sub-processing Activities Location Personal Data Processed If transfer OUTSIDE EUROPE, guarantees implemented to allow the transfer [for ex. Data Processing Agreement (DPA) with Standard Contractual Clauses (SCC) of the European Commission (EC) &/or security measures]
Iliad Datacenter Online SAS – Scaleway Hosting 8 rue de la ville l’évêque 75008 Paris, France Europe (Ile-de-France) Splio’s Clients Database excluding the Splio Mobile Wallets’ Clients DPA online

Certifications: ISO 27001, 50001, HSD

Interxion
France SAS
Hosting 129 bd Malesherbes, 75017 Paris, France Europe (Ile-de-France) Splio’s Clients Database excluding the Splio Mobile Wallets’ Clients Certifications: ISO 27001& ISO 22301
Amplitude, Inc. Analytics linked to the use of the services [navigation trends (click on the menu navigation items); rate of use of filter types at Campaign creation; comparison of utilization rates of several platform features] 631 Howard Street, Floor 5, San Francisco, CA 94105, USA AWS US region
Amazon Web Services EMEA SARL Hosting 38 avenue John F. Kennedy, L-1855, Luxembourg Europe (Data centers in Paris, Dublin & Frankfurt) Splio’s Clients Database AWS GDPR DPA signed on 05/03/2020 with SCC of the EC

Certifications: ISO 9001, ISO 27001, ISO 27017, PCI-DSS, HDS, SOC 1, SOC 2, SOC

Heroku, Inc.
(currently only for Splio Mobile Wallets SaaS Services)
Application hosting (*PaaS Heroku is hosted on AWS) 1 Market St. Suite 300, San Francisco, CA 94105 Europe (Data center Ireland) Splio Mobile Wallets’ Clients’ database Sales Force DPA signed on 05/10/2020 with  SCC of the EC
MongoDB, Inc.
(currently only for Splio Mobile Wallets SaaS Services)
Database hosting MongoDB Limited
Building Two,
Number One
Ballsbridge, Dublin 4
Ireland
Europe (Data center Ireland) Splio Mobile Wallets’ Clients’ database MongoDB Cloud Terms of Services (which governs MongoDB Atlas) with “Data Processing Terms” requested by art. 28 of the GDPR
Octolis SAS 5 Av. du Général de Gaulle 94160 Saint-Mandé, France Europe

(Data center : Ireland, Dublin-AWS – 38 avenue John F. Kennedy, L-1855, Luxembourg)

Splio CPD Clients’ database DPA with Octolis +

AWS GDPR DPA with SCC of the EC

Certifications: ISO 9001, ISO 27001, ISO 27017, PCI-DSS, HDS, SOC 1, SOC 2, SOC

Microsoft Ireland Operations Ltd. Files Sharing via [EXT] Customer Library (Sharepoint) One Microsoft Place,
South County Business Park Leopardstown
Dublin 18,D18 P521 Ireland
Europe Clients’  End Users data: surname & first name, email, connection info

[IP and location, time & date of connection, connection platform used (mobile, browser, etc.), files accessed]

Microsoft Online Services DPA with SCC of the EC

Certifications : ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, ISO 9001, SOC 1, SOC 2, SOC 3

JotForm Ltd. To generate Information Form (in relation with Managed Services) 3 Albert Mews, Albert Road, London, England, N4 3RD, UK Europe (Data Center: Frankfurt Germany, with possibility in the USA) Information requested in the forms (for ex.: surname, first name, emails, phone, address, birthdays of individuals responding to the forms) EU GDPR DPA with SCC of the EC, signed on 22/01/2021
INTEGROMAT LLC et Integromat s.r.o. To create and send Information form INTEGROMAT LLC [16192 Coastal Highway, Lewes, Delaware 19958 USA]

Integromat s.r.o. [Novákových 1954/20a, 180 00 Prague 8, Czech Republic]

Europe

Czech Republic

Info requested in the forms (for ex.: surname, first name, emails, tel., address, birthdays of individuals responding to the forms) DPA online

 

Other Sub-processors [for contact data of employees of Splio’s Clients where Splio is Data controller]:
Sub-processor Name Sub-processing Activities Registered Address Service/ Processing Location
Splio SPAIN, S.L.U. Support via Zendesk c/Córcega 299, Ático 2º, 08008 Barcelona, Spain Spain
Zendesk Support Glandore, Fitzwilliam Place, Dublin 2, Ireland Europe
Microsoft Ireland Operations Ltd Microsoft Office 365
Internal & external communications (Outlook, Teams, Sharepoint, One Drive)
One Microsoft Place,
South County Business Park Leopardstown
Dublin 18,D18 P521 Ireland
Europe
Docusign, Inc. Digital signatures 221 Main Street, Suite 1000, San Francisco, CA 94105, USA Europe
HubSpot Ireland Ltd CRM One Dockland Central, Guild Street, Dublin 1, Ireland USA (DPA including the Standard Contractual Clauses of the European Commission)
BeeFree (Mail Up Inc.) Email editor 450 Townsend Street, San Francisco, CA 94107, USA Europe
Splio Polska Limited Liability Company Billing via Oracle Net Suite Warsaw (02-605), ul. Ursynowska 72, Poland Europe
Oracle Corporation UK Limited (Net Suite) Billing Parkway Thames Valley Park Reading RG6 1RA United Kingdom Europe
OVH Mobile phone 2 rue Kellermann – 59100 Roubaix, France Europe

Get started with Splio today.

Get a demo of our platform and see how brands use it to connect online and offline loyalty to increase sales and profit.