Board Secure Limited (“BoardSecure”) may engage and use data processors with access to certain data to provide our services to our customers (each one therefore a “Sub-processor”).
This page provides important information about the identity, location and role of each Sub-processor. As BoardSecure, we do not directly transfer any of your personal data outside the European Economic Area or EEA. In maintaining our service though, some of our data processors may do so. The next section explains the impact of these international transfers and how your information is protected which is our number one concern.
Many of our data processors use “cloud-based systems”, meaning the information is held in information data centres in different locations. Some of the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA to hold back-up copies, so they can guarantee recovery and uptime of the service they provide. We set out more about these services below.
Please read this page in conjunction with our Terms & Conditions.
What do we mean by a “Sub-processor”
We describe a “Sub-processor” as a third party data processor who will have, or potentially may have access to or process data (which may contain Personal Data) during the provision of our services. We set out below a listing of each of the Sub-processors that we use and the main use we make of their services.
Diligence and Process we use to procure Sub-processors
We expect all of our Sub-processors to adhere to the main terms and conditions under which we provide our services, not least in their adherence to strict GDPR and cyber conditions to help us all protect and safeguard customer data.
As BoardSecure grows, we reserve the right to change the Sub-processors we use. We will provide subscribers to BoardSecure notice of any new Sub-processors by posting such updates here in the first instance, as well as where practical in our subscriber updates.
We will keep this list updated regularly to enable BoardSecure subscribers stay informed of the scope of sub-processing associated with the Service.
Please check back frequently for updates.
At the date of you reading this page, the following is an up-to-date list of the names and locations of the Sub-Processors that we use.
For our core processing and back-up facilities we use:
Google Inc (Cloud Service provider for our database and core processing activities for our services). For more on our use of their services see our Security statement here. GDPR statement is found here
Twilio SendGrid (email services to subscribers). United States. GDPR statement is found here
The following Sub-Processors are used within our Marketing and Sales activities:
Amazon Web Services Inc (Cloud Service provider for our Marketing website). European data centres. GDPR statement is found here
Calend.ly (Meeting appointment bookings). United States. GDPR statement is found here
Capsule CRM (Customer Management database (CRM)). United States and Europe. GDPR policy is found here
Freshdesk Inc (Customer support desk). United States. GDPR policy is found here
Freshdesk Inc (Telephony support). United States. GDPR policy is found here
Microsoft Inc (Hosted email support). United States and Europe. GDPR policy is found here
Typeform (Online diagnostics and surveys). United States and Germany. GDPR policy is found here
The following Sub-Processors are used for Payment Services:
Stripe Inc. United States and Europe. GDPR policy is found here
GoCardless Limited. Europe. GDPR policy is found here
Our policy on what data we do and do not hold with regards to payment information is found here