2017-blog-post-generic-header.jpg

Xref Sub-processors

Overview

Xref uses its Affiliates and a range of third party Sub-processors to assist it in providing the Services (as described in the Agreement). These Sub-­processors set out below provide cloud hosting and storage services; reporting services, sales & marketing services and user services; assist in providing customer support; as well as incident tracking, response, diagnosis and resolution services.

AWS

https://aws.amazon.com/compliance/gdpr-center/

Xref hosts its platform (application, APIs, background services and data) in AWS in four different regions (Sydney, Frankfurt, Toronto and North Virginia). All of the personal data is stored in the databases in the region chosen by the customer.

Tableau

https://www.tableau.com/privacy

https://www.privacyshield.gov/welcome

We run tableau instance in our Sydney region which is used to generate various reports, scheduled and on-demand.

Hotjar

https://help.hotjar.com/hc/en-us/sections/115003180467-Privacy-Security-and-Operation

https://help.hotjar.com/hc/en-us/sections/115003180467-Privacy-Security-and-Operations#FAQ_1

Xref uses this service to observe user behaviour, interaction with various elements on the application and to identify issues in its user experience.

Neither Hotjar nor Xref can identify an individual from the data held.

All data Hotjar collects is stored electronically in Ireland, Europe on the Amazon Web Services infrastructure, eu-west-1 datacenter. Application servers and database servers run inside an Amazon VPC, Virtual Private Cloud. The database containing visitor and usage data is only accessible from the application servers and no outside sources are allowed to connect to the database. Data retention times are no longer than 365 days.

Papertrail

https://www.solarwinds.com/legal/privacy

https://www.solarwinds.com/general-data-protection-regulation-cloud

This is a logging service that we use for application logging. Logs from all applications from all regions are collated here. These logs do not include any personal data. These are purely for our development team for monitoring and debugging. The data is retained for 30 days. The entirety of Papertrail’s systems are located inside the United States. Log data will only be stored outside the United States if a customer attaches an S3 bucket from a non-US region to their Papertrail account. This bucket would be used to store copies of log archives that can be retained for a potentially indefinite amount of time by the customer.

Neither Papertrail nor Xref can identify an individual from the data held.

Sendgrid

https://sendgrid.com/resource/general-data-protection-regulation/

Xref uses this transactional email provider for consistent delivery of emails to the users. The data is retained for 30 days. SendGrid’s US-based data centers are located in Herndon, VA; Las Vegas, NV; and Chicago, IL.

Mailgun

https://www.mailgun.com/gdpr

Xref uses this transactional email provider for consistent delivery of emails to the users. The data is retained for 30 days. Mailgun is hosted within both the EU and the US.

Mandrill

https://mailchimp.com/legal/privacy/

https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr

Xref uses this transactional email provider for consistent delivery of emails to the users. The data is retained for 30 days. As per Mandrill's (MailChimp) data processing information "Mailchimp [Mandrill] may transfer and process Customer Data to and in the United States and anywhere else in the world where Mailchimp, its Affiliates or its Sub-processors maintain data processing operations."

Kickbox

https://docs.kickbox.com/v2.0/docs/gdpr

Xref uses this service for email address validation. No data is stored on this service. As per Kickbox's privacy policy; "Kickbox Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. Kickbox has certified that it adheres to the Privacy Shield Principles with respect to such data."

Marketo

https://au.marketo.com/company/trust/gdpr/

https://au.marketo.com/company/trust/security/

Marketo is used as Xref’s marketing automation platform for prospect data collection, email marketing and management of marketing campaigns. Data stored includes, but is not limited to: IP address, online behaviour (i.e. page visits) and, once Xref has consent, name, email, job title. Data is stored in Sydney, Australia and can be purged at request.

Google Analytics

https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html

Google Analytics is used by Xref to track traffic and behaviours across all of Xref’s websites and web applications. Data in Google Analytics is anonymised. Platform and web visitors have the option of opting out of tracking by not accepting cookies on the Xref website.

Facebook

https://developers.facebook.com/docs/facebook-pixel/implementation/gdpr/

Facebook’s tracking pixel is used across the Xref website to track website visitors for retargeting purposes. Data collected includes web pages visited, button-click data and form field names (more details at the above link). Web visitors have the option of opting out of tracking by not accepting cookies on the Xref website.

LinkedIn

https://www.linkedin.com/help/linkedin/answer/65521

The LinkedIn Insight Tag is used across the Xref website to track website visitors for retargeting purposes. Data collected includes: metadata such as IP address, timestamp, and page events (like page views). For more information see the above link. Web visitors have the option of opting out of tracking by not accepting cookies on the Xref website.

Salesforce

https://www.salesforce.com/gdpr/platform/

https://help.salesforce.com/articleView?id=Salesforce-Services-Trust-and-Compliance-Documentation&language=en_US&type=1

Xref use Salesforce as their CRM platform. We hold customer data within Salesforce, as well as prospective customer data for the purpose of sales and account management. Data is stored by Salesforce in their Japan region.


Try Xref Lite