Difference between revisions of "FAQ:Subprocessors"
Jump to navigation
Jump to search
(Created page with "=Sub-processors and Partner Suppliers= Hornbill partners with a number of organisations for services that contribute in the delivery of our platform service as described in o...") |
|||
| (13 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| + | This document can now be found at its new location in the [https://docs.hornbill.com/hornbill-cloud/subprocessors/ Hornbill Document Library]. | ||
| + | |||
| + | [[file:hornbill-document-library.png|Hornbill Cloud|link=https://docs.hornbill.com/hornbill-cloud/subprocessors/]] | ||
| + | <!-- | ||
=Sub-processors and Partner Suppliers= | =Sub-processors and Partner Suppliers= | ||
| − | Hornbill partners with a number of organisations for services that contribute in the delivery of our platform service as described in our Terms of Service. Because our suppliers provide us services that we use in order to deliver our service to our customers, our suppliers could be considered Sub-processors. | + | Hornbill partners with a number of organisations for services that contribute in the delivery of our platform service as described in our [https://www.hornbill.com/terms-of-service/ Terms of Service]. Because our suppliers provide us services that we use in order to deliver our service to our customers, our suppliers could be considered Sub-processors. |
==What is a Sub-processor== | ==What is a Sub-processor== | ||
A sub-processor is a third-party data processor engaged by Hornbill, which includes other entities from within the Hornbill Group, who has, or potentially will have access to or process Service Data (which may contain Personal Data). Hornbill engages different types of sub-processors to perform various functions as set out below. | A sub-processor is a third-party data processor engaged by Hornbill, which includes other entities from within the Hornbill Group, who has, or potentially will have access to or process Service Data (which may contain Personal Data). Hornbill engages different types of sub-processors to perform various functions as set out below. | ||
| − | == | + | ==Security by Design== |
Hornbill designs its platform applying a “Secure by Design” philosophy. In the case of partnering with third party contractors or sub-processors, Hornbills platform is designed to eliminate or minimize to the greatest possible extent exposure of customer data to subcontractor/sub-processor personnel. A good example of this is would be, while we partner with data centre providers we either provide our own hardware, or buy/lease bare metal upon which we run our own software stack. | Hornbill designs its platform applying a “Secure by Design” philosophy. In the case of partnering with third party contractors or sub-processors, Hornbills platform is designed to eliminate or minimize to the greatest possible extent exposure of customer data to subcontractor/sub-processor personnel. A good example of this is would be, while we partner with data centre providers we either provide our own hardware, or buy/lease bare metal upon which we run our own software stack. | ||
==Contractual Safeguards== | ==Contractual Safeguards== | ||
| − | Hornbill requires all of its sub-processors satisfy equivalent obligations as those obligations delivered under Hornbills Terms of Service, including, but not limited to... | + | Hornbill requires all of its sub-processors satisfy equivalent obligations as those obligations delivered under Hornbills [https://www.hornbill.com/terms-of-service/ Terms of Service], including, but not limited to... |
* must process any Personal Data in accordance with Hornbills obligations under its Terms of Service. | * must process any Personal Data in accordance with Hornbills obligations under its Terms of Service. | ||
* In relation to any activity that constitutes sub-processing activity, they will only use personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws; | * In relation to any activity that constitutes sub-processing activity, they will only use personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws; | ||
| Line 19: | Line 23: | ||
==Due Diligence== | ==Due Diligence== | ||
| − | Hornbill uses all commercially reasonable steps in its sub-processor selection and partnering | + | Hornbill uses all commercially reasonable steps in its sub-processor selection and partnering process in order to evaluate the security, privacy and confidentiality practices of its sub-processors that will or may have access to or process Service Data. |
This policy does not give Hornbill Subscribers any additional rights or remedies and the details provided here should not be construed as a binding agreement. The information here is only provided to illustrate Hornbill’s approach to selecting and engaging with sub-processors as part of providing the overall service to our customers. | This policy does not give Hornbill Subscribers any additional rights or remedies and the details provided here should not be construed as a binding agreement. The information here is only provided to illustrate Hornbill’s approach to selecting and engaging with sub-processors as part of providing the overall service to our customers. | ||
Infrastructure and Data Storage Sub-processors | Infrastructure and Data Storage Sub-processors | ||
| − | Hornbill does not operate its own data centres, instead we partner with Tier 1 data centre providers. Our computing model is either co-location or bare metal lease, in both cases the software stack is entirely managed by ourselves. | + | Hornbill does not operate its own data centres, instead we partner with Tier 1 data centre providers. Our computing model is either co-location or bare metal lease, in both cases the software stack is entirely managed by ourselves. |
| + | |||
| + | == Partner Sub-Processors == | ||
| + | For the avoidance of doubt, customer data is stored in an appropriate geographic data centre and Personal Data is not transferred outside of the country or controlling region unless the prior written consent of the Customer has been obtained and one of the exceptions outlined in Hornbill's [https://www.hornbill.com/terms-of-service/ Terms of Service] applies. | ||
| − | |||
{| class="wikitable" width="900px" | {| class="wikitable" width="900px" | ||
|- | |- | ||
| Line 33: | Line 39: | ||
|RapidSwitch - Maidenhead | |RapidSwitch - Maidenhead | ||
|Primary UK Data Centre, Co-Location (ISO27001:2013, ISO9001:2015, ISO50001:2011 | |Primary UK Data Centre, Co-Location (ISO27001:2013, ISO9001:2015, ISO50001:2011 | ||
| − | |UK ( | + | |UK |
| + | |- | ||
| + | |Equinix - London 3 | ||
| + | |Primary UK Data Centre, Co-Location (ISO27001:2013, ISO9001:2015, ISO50001:2011 | ||
| + | |UK | ||
|- | |- | ||
|Hornbill Technologies Ltd - London | |Hornbill Technologies Ltd - London | ||
|Beta Zone, Backup UK Data Centre (ISO27001:2013) | |Beta Zone, Backup UK Data Centre (ISO27001:2013) | ||
| − | |UK | + | |UK |
|- | |- | ||
| − | |Peer1 – | + | |Peer1 – Los Angeles |
|Primary US Data Centre, Bare Metal (SSAE 16 Type II) | |Primary US Data Centre, Bare Metal (SSAE 16 Type II) | ||
|North America | |North America | ||
| Line 47: | Line 57: | ||
|North America | |North America | ||
|- | |- | ||
| − | |Amazon Data Services | + | |Amazon Data Services Ltd |
|Off-line Data Backup/Storage | |Off-line Data Backup/Storage | ||
| − | | | + | |UK |
|- | |- | ||
|Amazon Web Services, Inc. | |Amazon Web Services, Inc. | ||
| Line 95: | Line 105: | ||
|UK | |UK | ||
|} | |} | ||
| + | --> | ||
| + | [[Category:HDOC]] | ||
| + | <!-- /hornbill-cloud/subprocessors --> | ||
Latest revision as of 20:07, 2 October 2023
This document can now be found at its new location in the Hornbill Document Library.
