From Hornbill
Jump to navigation Jump to search

Sub-processors and Partner Suppliers

Hornbill partners with a number of organisations for services that contribute in the delivery of our platform service as described in our Terms of Service. Because our suppliers provide us services that we use in order to deliver our service to our customers, our suppliers could be considered Sub-processors.

What is a Sub-processor

A sub-processor is a third-party data processor engaged by Hornbill, which includes other entities from within the Hornbill Group, who has, or potentially will have access to or process Service Data (which may contain Personal Data). Hornbill engages different types of sub-processors to perform various functions as set out below.

Security by Design

Hornbill designs its platform applying a “Secure by Design” philosophy. In the case of partnering with third party contractors or sub-processors, Hornbills platform is designed to eliminate or minimize to the greatest possible extent exposure of customer data to subcontractor/sub-processor personnel. A good example of this is would be, while we partner with data centre providers we either provide our own hardware, or buy/lease bare metal upon which we run our own software stack.

Contractual Safeguards

Hornbill requires all of its sub-processors satisfy equivalent obligations as those obligations delivered under Hornbills Terms of Service, including, but not limited to...

  • must process any Personal Data in accordance with Hornbills obligations under its Terms of Service.
  • In relation to any activity that constitutes sub-processing activity, they will only use personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • They will ensure they provide regular training in security and data protection to personnel to whom they grant access to any Personal Data;
  • They will implement and maintain good technical and organizational measures (including measures aligned with those to which Hornbill is contractually obliged to deliver insofar as they are equally relevant to the sub-processor’s processing of Personal Data on Hornbills behalf) and provide an annual industry recognised certification that evidences compliance with this obligation.
  • They will promptly notify Hornbill about any actual or potential security breach; and
  • They will cooperate with Hornbill in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

Due Diligence

Hornbill uses all commercially reasonable steps in its sub-processor selection and partnering process in order to evaluate the security, privacy and confidentiality practices of its sub-processors that will or may have access to or process Service Data. This policy does not give Hornbill Subscribers any additional rights or remedies and the details provided here should not be construed as a binding agreement. The information here is only provided to illustrate Hornbill’s approach to selecting and engaging with sub-processors as part of providing the overall service to our customers. Infrastructure and Data Storage Sub-processors Hornbill does not operate its own data centres, instead we partner with Tier 1 data centre providers. Our computing model is either co-location or bare metal lease, in both cases the software stack is entirely managed by ourselves.

Partner Sub-Processors

For the avoidance of doubt, customer data is stored in an appropriate geographic data centre and Personal Data is not transferred outside of the country or controlling region unless the prior written consent of the Customer has been obtained and one of the exceptions outlined in Hornbill's Terms of Service applies.

Entity/Name Purpose Country
RapidSwitch - Maidenhead Primary UK Data Centre, Co-Location (ISO27001:2013, ISO9001:2015, ISO50001:2011 UK (EU)
Equinix - London 3 Primary UK Data Centre, Co-Location (ISO27001:2013, ISO9001:2015, ISO50001:2011 UK (EU)
Hornbill Technologies Ltd - London Beta Zone, Backup UK Data Centre (ISO27001:2013) UK (EU)
Peer1 – Los Angeles Primary US Data Centre, Bare Metal (SSAE 16 Type II) North America
Peer1 – Washington DC Backup US Data Centre, Bare Metal (SSAE 16 Type II) North America
Amazon Data Services Ltd Off-line Data Backup/Storage UK (EU)
Amazon Web Services, Inc. Off-line Data Backup/Storage North America

Service Sub-processors

Entity/Name Purpose Scope
Google, Inc. We use a number of services provided by Google in order to enhance productivity and usability capability of Hornbill In-App Translations, Mobile Messaging, GEO data lookups and mapping.
Apple, Inc. We provide a native iOS app and integrate with Apple’s mobile data services. Mobile Data and Messaging.
Cloudflare, Inc. Cloudflare provides a number of services for Hornbill’s platform, specifically its front-end (excluding user data), including Content Delivery Network, caching, optimisation, performance, threat management and shielding, security and statistical usage insights. All Hornbill Services Globally

Group Sub-Processors

Entity/Name Purpose Country
Hornbill Technologies Ltd Hornbill Platform and Cloud Services Provider UK
Hornbill Service Management Ltd Sales, Marketing and Support of Hornbill Services and Applications UK
Hornbill Service Management Applications Ltd Developer of Service Manager and Project Manager applications. UK