Last Updated on 17/09/2021 10.30 AEST
SecurePii (“SecurePii”) uses certain subprocessors (including members of the SecurePii Group and third parties, as listed below) to assist it in providing our Products and Services.
What is a Subprocessor
A subprocessor is a third party data processor engaged by SecurePii, including entities from within the SecurePii Group, that has or potentially will have access to or process service and marketing related data (which may contain Personal Data).
SecurePii engages different types of subprocessors to perform various functions as explained in the tables below. SecurePii refers to third parties that do not have access to or process Service Data but who are otherwise used to provide the Services as “subcontractors” and not subprocessors.
Due Diligence
SecurePii undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.
Safeguards
SecurePii requires its subprocessors to satisfy equivalent obligations as those required from SecurePii (as a Data Processor), including but not limited to the following requirements:
- Only process Personal Data in accordance with data controller’s (i.e. SecurePii or our Subscribers) documented instructions (as communicated in writing to the relevant subprocessor by SecurePii)
- In connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which SecurePii is contractually committed to adhere insofar as they are equally relevant to the subprocessor’s processing of Personal Data on SecurePii’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification SecurePii reserves the right to audit the subprocessor
- promptly inform SecurePii about any actual or potential security breach
- Cooperate with SecurePii in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
SecurePii Group Subprocessors
The following entities are part of the SecurePii Group, they act as subprocessors to provide services on behalf of SecurePii
| Entity | Country |
| SecurePii Pty Ltd | Australia |
| SecurePii Europe Limited | United Kingdom |
| SecurePii USA LLC | United States |
Third-Party Subprocessors
The following third-party entities act as subprocessors to provide services on behalf of SecurePii
| Entity | Services Provided | Subprocessor Location |
| Zoho Corporation | Customer Relationship Management and Email Marketing Services | United States |
| Zendesk Inc | Customer Helpdesk and Ticketing Platform | United States |
| Twilio Inc | Telephony and SMS Messaging Services | United States |
| Xero Australia Pty Limited | Invoicing and Accounting Platform | Australia |
| Microsoft Corporation | Office 365 Platform | Australia and United States |
Subcontractors
The following third-party entities act as subcontractors and provide service components on behalf of SecurePii
| Entity | Services Provided | Subprocessor Location |
| Amazon Web Services Inc | Hosting Services and Data Storage | United States, Australia and Germany |