List of Sub-Processors

Last updated July 22, 2020

WeSolve uses certain Sub-Processors to assist in providing WeSolve’s services. A Sub-Processor is a third party data processor engaged by WeSolve who agrees to receive personal data from WeSolve intended for processing activities to be carried out (i) on behalf of WeSolve Customers; (ii) in accordance with Customer instructions as communicated by WeSolve; and (iii) in accordance with the terms of a written contract between WeSolve and the Sub-Processor.

WeSolve imposes data protection terms on each Sub-Processor regarding their security controls and applicable regulations for the protection of personal data.

Data Processing Agreements

We have in place written Data Processing Agreements (“DPA”) with all of our Sub-Processors. The DPA is a contract between a data controller and a data processor, and covers the items required under Art. 28 of the GDPR. This includes the roles and responsibilities of the parties when personal data is processed.

Definitions

To give you a better understanding of which kind of Customer data we share with our Sub-Processers We have broken down the data we share with them into relevant data categories

Secret

Secret data is all Content (as defined in Our ToS) as well as passwords and user IP addresses.

Access

Shareable access links, reset password links and similar.

Billing

VAT ID, credit cards, transaction data, invoices

Account

Name, email, phone (optional), profile picture (optional), short bio (optional)

Company

Customer ID, customer email, owner account name, subdomain, company name, current subscription,

Support

Support communication and requests.

Activity

Completed actions, clicks, scrolling, mouse movements

Meta

Operating system, time zone, browser, device, current URL, referrer, screen dimensions, search engine and search keyword, UTM parameters, time on site, last seen time, city, connection speed

Third Party Sub-Processors

WeSolve works with other third parties to provide specific functions or features within the Service. These providers will have access to relevant personal information (in both an identifiable and anonymous manner) in order to provide their relevant functions. The use of information is limited to the specific purposes.

Infrastructure

WeSolve uses the following organisation to store, host and collect Personal Information, or provide other infrastructure that helps with delivery of the WeSolve Service. These are secure environments that are controlled by the WeSolve team and are protected by Data Processing Agreements:

Sub-ProcessorData LocationLegal BasisFunction
Google Inc.EUPSC and DPAServer Infrastructure

Categories of data are limited to: Secret, Access, Account, Company, Activity and Meta.

Email

WeSolve uses the following provider as email delivery service. The use of information is limited to that specific purpose.

Sub-ProcessorData LocationLegal BasisFunction
SendGrid Inc.USAPSC and DPAEmail Service

Categories of data are limited to: Access, Account and Company.

While a limited amount of Secret data is sent over SendGrid, it is fully encrypted and not readable as we enforce full TLS 1.1. end-to-end encryption in transit for all emails that contain Content.

Our email providers retains email message activity (such as opens and clicks) for 30 days. It stores aggregated sending stats and suppression lists (bounces, unsubscribes) and spam reports indefinitely.

Billing

WeSolve works with the following third-party for services related to payment processing for Our subscription and billing. The use of information is limited to that specific purpose

Sub-ProcessorData LocationLegal BasisFunction
Stripe Inc.USAPSC and DPAPayment Gateway

Categories of data are limited to Billing and Company.

Analytics

WeSolve works with the following third-party for services related to analytics with the purpose of monitoring activity and continuously improving Our Service. The use of information is limited to that specific purpose.

Sub-ProcessorData LocationLegal BasisFunction
Google Inc.USAPSC and DPAVisitor Analytics

Categories of data are limited to: Account, Company, Activity and Meta.

Business Operations

WeSolve works with the following third-party for services related to running business operations like internal file sharing and office communications in order to ensure an efficient use of time.

Sub-ProcessorData LocationLegal BasisFunction
Google Inc.USAPSC and DPABusiness Suite

As Our core business is about You, the Customer, at times these Services are used to store or transfer Customer Data between WeSolve employees – for example when a support request has to be communicated to a developer. We limit the amount of Customer Data contained in such communication to the minimum required and the use of information is limited to that specific purpose.

Categories of data are limited to: Account, Company, Support, Activity and Meta.

Changes in Sub-Processors

Our business needs may change from time to time. For example, we may deprecate a Sub-Processor to consolidate and minimize our use of Sub-Processors. Similarly, we may add a Sub-Processor if we believe that doing so will enhance our ability to deliver our Services. Before engaging a Sub-Processor, we perform due diligence, including a security and legal analysis. We do not engage a Sub-Processor unless our quality, security and the standard of the GDPR are met.

Changes in Sub-Processors are regulated by the DPA we have in place with you. You can access Our DPA at http://18.158.108.108/dpa. As stated in Our DPA, Customers can subscribe to updates in the list of Sub-Processors under http://18.158.108.108/sub-processors.