WeSolve uses certain Sub-Processors to assist in providing WeSolve’s services. A Sub-Processor is a third party data processor engaged by WeSolve who agrees to receive personal data from WeSolve intended for processing activities to be carried out (i) on behalf of WeSolve Customers; (ii) in accordance with Customer instructions as communicated by WeSolve; and (iii) in accordance with the terms of a written contract between WeSolve and the Sub-Processor.
WeSolve imposes data protection terms on each Sub-Processor regarding their security controls and applicable regulations for the protection of personal data.
Data Processing Agreements
We have in place written Data Processing Agreements (“DPA”) with all of our Sub-Processors. The DPA is a contract between a data controller and a data processor, and covers the items required under Art. 28 of the GDPR. This includes the roles and responsibilities of the parties when personal data is processed.
Definitions
To give you a better understanding of which kind of Customer data we share with our Sub-Processers We have broken down the data we share with them into relevant data categories
Secret
Secret data is all Content (as defined in Our ToS) as well as passwords and user IP addresses.
Access
Shareable access links, reset password links and similar.
Billing
VAT ID, credit cards, transaction data, invoices (if applicable)
Account
Name, surname, email, phone (optional), profile picture (optional), short bio (optional)
Company
Customer ID, customer email, owner account name, subdomain, company name, current subscription
Support
Support communication and requests.
Activity
Completed actions, clicks, scrolling, mouse movements
Content
Content uploaded or created on the platform (text, photo)
Meta
Operating system, time zone, browser, device, current URL, referrer, screen dimensions, search engine and search keyword, UTM parameters, time on site, last seen time, city, connection speed, geo-position.
Third Party Sub-Processors
WeSolve works with other third parties to provide specific functions or features within the Service. These providers will have access to relevant personal information (in both an identifiable and anonymous manner) in order to provide their relevant functions. The use of information is limited to the specific purposes.
Server Infrastructure
WeSolve uses the following sub-processor to store, host and collect Personal Information, or provide other infrastructure that helps with delivery of the WeSolve Service.
Sub-Processor: Microsoft Azure
Organisation nr.: IE8256796U
Legal Basis: Microsoft Ireland Operations, Ltd. Attn: Data Protection Carmenhall Road Sandyford, Dublin 18, Ireland
Links: https://azure.microsoft.com/en-us/support/legal/privacy-statement/germany/
https://azure.microsoft.com/en-us/support/legal/
Data Location: Europe
Categories of data are limited to: Secret, Access, Account, Company, Activity.
WeSolve uses the following sub-processor to provide spam protection:
Sub-Processor: Google Recaptcha
Organisation nr.: IE657921
Legal Basis: 70 SIR JOHN ROGERSON’S QUAY , 662881 , DUBLIN 2DUBLIN , Ireland
Link: https://www.google.com/recaptcha/about/
Data Location: Europe
Categories of data are limited to: Secret, Access, Account, Activity and Meta.
WeSolve uses the following sub-processor to storage and cache data:
Sub-Processor: Amazon Web Services EMEA SARL (“AWS Europe”)
Organisation nr.: FC034225
Legal Basis: 38 Avenue John F. Kennedy, Luxembourg 1855, Luxembourg
Link: https://aws.amazon.com/compliance/gdpr-center/
Data Location: Europe
Categories of data are limited to: Account, Content.
WeSolve uses (if enabled) the following sub-processor to perform Artificial intelligence language models:
– User input-based text generation assistance
– Systematic understanding of text content.
Sub-Processor: Microsoft Azure Open AI Service
Organisation nr.: IE8256796U
Legal Basis: Microsoft Ireland Operations, Ltd. Attn: Data Protection Carmenhall Road Sandyford, Dublin 18, Ireland
Data Location: Europe
Link: https://trust.openai.com/
https://openai.com/policies/data-processing-addendum
Data Location: Europe
Categories of data are limited to: Content.
Email
WeSolve uses the following provider as email delivery service. The use of information is limited to that specific purpose. While a limited amount of Secret data is sent over SendGrid, it is fully encrypted and not readable as we enforce full TLS 1.1. end-to-end encryption in transit for all emails that contain Content.
Our email providers retains email message activity (such as opens and clicks) for 30 days. It stores aggregated sending stats and suppression lists (bounces, unsubscribes) and spam reports indefinitely.
Sub-Processor: Sendgrid (Twilio)
Organisation nr.: IE8256796U
Legal Basis: Twilio Ireland Limited, a company registered in the Republic of Ireland, whose registered address is 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland
Link: https://www.twilio.com/en-us/legal/data-protection-addendum
Data Location: Europe
Categories of data are limited to: Account.
Billing
WeSolve works with the following third-party for services related to payment processing for Our subscription and billing.
Currently not applicable
Analytics
WeSolve works with the following third-party for services related to analytics with the purpose of monitoring activity and continuously improving Our Service.
Sub-Processor: Google Analytics 4
Organisation nr.: IE657921
Legal Basis: 70 SIR JOHN ROGERSON’S QUAY , 662881 , DUBLIN 2DUBLIN , Ireland
Link: https://developers.google.com/analytics/devguides/collection/ga4
https://business.safety.google/controllerterms/
Data Location: Europe
Categories of data are limited to: Secret, Activity and Meta.
WeSolve works with the following third-party for services related to the geo-location of reported content, functionality that may be activated from the Customer.
Sub-Processor: Google Maps
Organisation nr.: IE657921
Legal Basis: 70 SIR JOHN ROGERSON’S QUAY , 662881 , DUBLIN 2DUBLIN , Ireland
Link: https://developers.google.com/analytics/devguides/collection/ga4
https://business.safety.google/controllerterms/
Data Location: Europe
Categories of data are limited to: Meta and Content.
Business Operations
WeSolve works with the following third-party for services related to running business operations like internal file sharing and office communications in order to ensure an efficient use of time.
As Our core business is about You, the Customer, at times these Services are used to store or transfer Customer Data between WeSolve employees – for example when a support request has to be communicated to a developer. We limit the amount of Customer Data contained in such communication to the minimum required and the use of information is limited to that specific purpose.
Sub-Processor: Google Cloud
Organisation nr.: IE657921
Legal Basis: 70 SIR JOHN ROGERSON’S QUAY , 662881 , DUBLIN 2DUBLIN , Ireland
Link: https://cloud.google.com/terms/sccs/eu-c2p
Data Location: Europe
Categories of data are limited to: Access, Account, Company, Support, Activity and Meta.
Changes in Sub-Processors
Our business needs may change from time to time. For example, we may deprecate a Sub-Processor to consolidate and minimize our use of Sub-Processors. Similarly, we may add a Sub-Processor if we believe that doing so will enhance our ability to deliver our Services. Before engaging a Sub-Processor, we perform due diligence, including a security and legal analysis. We do not engage a Sub-Processor unless our quality, security and the standard of the GDPR are met.
Changes in Sub-Processors are regulated by the DPA we have in place with you. You can access Our DPA at http://wesolve.app/dpa. As stated in Our DPA, Customers can subscribe to updates in the list of Sub-Processors under http://wesolve.app/sub-processors.