Standard Contractual Clauses (SCCs)

Updated 6 months ago by admin

The Standard Contractual Clauses (SCCs) in place with Censornet's Sub-Processors with operations outside of the EEA - that include Amazon, IBM and Microsoft - are accessible below.

These SCCs apply until appropriate adequacy decisions, expected from Brussels shortly, are available.

The SCCs are required after the Court of Justice of the European Union issued a judgment in July 2020 declaring the EU-US Privacy Shield as “invalid”.

For more information please refer to the Censornet Master Services Agreement (MSA) 'Module B - Data Processing Requirements' and specifically clause 4. Transfers outside the EEA.

A copy of the latest MSA is available here.

Sub-Processor SCCs can be accessed via the tables below.

Major Sub-Processors

These Sub-Processors are involved in storage of configuration data and/or log data. All data is encrypted at rest using AES 256-bit. For more details please see the Master Services Agreement.

Amazon (Amazon Web Services - AWS)

The Supplier has selected either a specific EU/ESS Data Center location, or a EU/ESS region (eg Western Europe, Northern Europe) depending on the Sub-Processor options provided at the time of provisioning.

AWS - DPA including SCCs.pdf

IBM (IBM Cloud)

The Supplier has selected either a specific EU/ESS Data Center location, or a EU/ESS region (eg Western Europe, Northern Europe) depending on the Sub-Processor options provided at the time of provisioning.

IBM - DPA including SCCs.pdf

Microsoft (Microsoft Azure)

The Supplier has selected either a specific EU/ESS Data Center location, or a EU/ESS region (eg Western Europe, Northern Europe) depending on the Sub-Processor options provided at the time of provisioning.

Microsoft - DPA including SCCs.pdf

Other Sub-Processors

These Sub-Processors are involved in delivery of ancillary services, such as the sending of OTPs, or service status notifications via email. Their use may depend on how services are configured and which optional add-on services are purchased.

ApriorIT LLC

Please note: this Sub-Processor is only used if Email Security (EMS) is purchased.

ApriorIT - SCCs.pdf

Entrust

Please note: this Sub-Processor is only used if MFA powered by IntelliTrust (MFA) is purchased. For EU customers data can be restricted to EU only data center locations depending on the Sub-Processor options selected at the time of provisioning

Entrust - DPA including SCCs.pdf

Lastline, Inc. (part of VMware)

Please note: this Sub-processor is only used if the ‘Sandbox Level 2’ add on is purchased with EMS. For EU customers data can be restricted to EU only data center locations.

Lastline - DPA-OEM.pdf

SorryApp Limited

Please note: this Sub-Processor is only used if Customers subscribe to system status updates/notifications.

SorryApp - DPA including SCCs.pdf

Twilio (inc. SendGrid)

Please note: this Sub-Processor is only used if MFA is enabled to protect portal (USS) logins.

Twilio (including Sendgrid) - DPA including SCCs.pdf


How did we do?