ClimbHI currently uses certain third party Subprocessors and content delivery networks to assist in providing infrastructure services, and to help us provide customer support and email notifications.
What is a Sub-processor
A sub-processor is a third party data processor engaged by ClimbHI, who has or potentially will have access to or process Service Data (which may contain Personal Data). ClimbHI engages different types of sub-processors to perform various functions as explained in the tables below.
ClimbHI undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or otherwise process Service Data.
ClimbHI generally requires its sub-processors to satisfy equivalent obligations as those required from ClimbHI (as a Data Processor), including but not limited to the requirements to:
- Process Personal Data in accordance with data controller’s (i.e. Subscriber’s) documented instructions (as communicated in writing to the relevant sub-processor by ClimbHI);
- In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which ClimbHI is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on ClimbHI’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification ClimbHI reserves the right to audit the sub-processor;
- Promptly inform ClimbHI about any actual or potential security breach; and
- Cooperate with ClimbHI in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
- Third-party service providers which incidentally have access to Your Service Data in Innovation Services and are used to provide specific features or components of the product outside of the core hosting of Service Data (“Innovation Service Specific sub-processors”) are regularly reviewed by ClimbHI to ensure they work towards implementing each of the standards described in this Section. However, Innovation Service Specific sub-processors may not currently meet all of the measures identified above.
This policy does not give Subscribers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate ClimbHI’s engagement process for sub-processors as well as to provide the actual list of third party sub-processors and content delivery networks used by ClimbHI as of the date of this policy (which ClimbHI may use in the delivery and support of its Services).
Prior to engaging any third party Subprocessor, ClimbHI performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
|Digital Ocean||Cloud Service Provider||United States|
|Pusher.io||Real-time services||United States|
|Forge & Envoyer||Continuous Integration/Delivery||United States|
|MailGun, Inc.||Client Communication||United States|
|MaxMind, Inc.||GeoIP||United States|
|Slack||Internal Communication||United States|
|GitHub||Issue Management||United States|
|Stripe||Payment Processing||United States|
|PayPal||Payment Processing||United States|
|MailChimp||Customer Communication||United States|