Last updated July 22, 2020
WeSolve uses certain Sub-Processors to assist in providing WeSolve’s services. A Sub-Processor is a third party data processor engaged by WeSolve who agrees to receive personal data from WeSolve intended for processing activities to be carried out (i) on behalf of WeSolve Customers; (ii) in accordance with Customer instructions as communicated by WeSolve; and (iii) in accordance with the terms of a written contract between WeSolve and the Sub-Processor.
WeSolve imposes data protection terms on each Sub-Processor regarding their security controls and applicable regulations for the protection of personal data.
Data Processing Agreements
We have in place written Data Processing Agreements (“DPA”) with all of our Sub-Processors. The DPA is a contract between a data controller and a data processor, and covers the items required under Art. 28 of the GDPR. This includes the roles and responsibilities of the parties when personal data is processed.
Definitions
To give you a better understanding of which kind of Customer data we share with our Sub-Processers We have broken down the data we share with them into relevant data categories
Secret
Secret data is all Content (as defined in Our ToS) as well as passwords and user IP addresses.
Access
Shareable access links, reset password links and similar.
Billing
VAT ID, credit cards, transaction data, invoices
Account
Name, email, phone (optional), profile picture (optional), short bio (optional)
Company
Customer ID, customer email, owner account name, subdomain, company name, current subscription,
Support
Support communication and requests.
Activity
Completed actions, clicks, scrolling, mouse movements
Meta
Operating system, time zone, browser, device, current URL, referrer, screen dimensions, search engine and search keyword, UTM parameters, time on site, last seen time, city, connection speed
Third Party Sub-Processors
WeSolve works with other third parties to provide specific functions or features within the Service. These providers will have access to relevant personal information (in both an identifiable and anonymous manner) in order to provide their relevant functions. The use of information is limited to the specific purposes.
Infrastructure
WeSolve uses the following organisation to store, host and collect Personal Information, or provide other infrastructure that helps with delivery of the WeSolve Service. These are secure environments that are controlled by the WeSolve team and are protected by Data Processing Agreements:
Sub-Processor | Data Location | Legal Basis | Function |
Google Inc. | EU | PSC and DPA | Server Infrastructure |
Categories of data are limited to: Secret, Access, Account, Company, Activity and Meta.
WeSolve uses the following provider as email delivery service. The use of information is limited to that specific purpose.
Sub-Processor | Data Location | Legal Basis | Function |
SendGrid Inc. | USA | PSC and DPA | Email Service |
Categories of data are limited to: Access, Account and Company.
While a limited amount of Secret data is sent over SendGrid, it is fully encrypted and not readable as we enforce full TLS 1.1. end-to-end encryption in transit for all emails that contain Content.
Our email providers retains email message activity (such as opens and clicks) for 30 days. It stores aggregated sending stats and suppression lists (bounces, unsubscribes) and spam reports indefinitely.
Billing
WeSolve works with the following third-party for services related to payment processing for Our subscription and billing. The use of information is limited to that specific purpose
Sub-Processor | Data Location | Legal Basis | Function |
Stripe Inc. | USA | PSC and DPA | Payment Gateway |
Categories of data are limited to Billing and Company.
Analytics
WeSolve works with the following third-party for services related to analytics with the purpose of monitoring activity and continuously improving Our Service. The use of information is limited to that specific purpose.
Sub-Processor | Data Location | Legal Basis | Function |
Google Inc. | USA | PSC and DPA | Visitor Analytics |
Categories of data are limited to: Account, Company, Activity and Meta.
Business Operations
WeSolve works with the following third-party for services related to running business operations like internal file sharing and office communications in order to ensure an efficient use of time.
Sub-Processor | Data Location | Legal Basis | Function |
Google Inc. | USA | PSC and DPA | Business Suite |
As Our core business is about You, the Customer, at times these Services are used to store or transfer Customer Data between WeSolve employees – for example when a support request has to be communicated to a developer. We limit the amount of Customer Data contained in such communication to the minimum required and the use of information is limited to that specific purpose.
Categories of data are limited to: Account, Company, Support, Activity and Meta.
Changes in Sub-Processors
Our business needs may change from time to time. For example, we may deprecate a Sub-Processor to consolidate and minimize our use of Sub-Processors. Similarly, we may add a Sub-Processor if we believe that doing so will enhance our ability to deliver our Services. Before engaging a Sub-Processor, we perform due diligence, including a security and legal analysis. We do not engage a Sub-Processor unless our quality, security and the standard of the GDPR are met.
Changes in Sub-Processors are regulated by the DPA we have in place with you. You can access Our DPA at http://18.158.108.108/dpa. As stated in Our DPA, Customers can subscribe to updates in the list of Sub-Processors under http://18.158.108.108/sub-processors.