Standard Contractual Clauses (SCCs)

Updated 4 weeks ago by admin

The Standard Contractual Clauses (SCCs) in place with Censornet's Sub-Processors with operations outside of the EEA - that include Amazon, IBM and Microsoft - are accessible below.

In relation to any transfer of Personal Data to the Sub-Processors outside of the Protected Area, we will make such transfer by (i) relying on such Sub- Processor’s BCR-processor instrument (if any); (ii) entering into the appropriate set of SCCs on a processor to processor basis with any such Sub-Processors in relation to such transfer; or (iii) in the case of transfers to the United States, relying on such Sub- Processor’s participation in the EU-US Data Privacy Framework and/or the UK Extension to this Framework (if applicable).

For more information please refer to the Censornet Master Services Agreement (MSA) 'Module B - Data Processing Requirements' and specifically clause 4. Transfers outside the EEA.

A copy of the latest MSA is available here.

Sub-Processor SCCs can be accessed via the tables below.

Major Sub-Processors

These Sub-Processors are involved in storage of configuration data and/or log data. All data is encrypted at rest using AES 256-bit. For more details please see the Master Services Agreement.

Amazon (Amazon Web Services - AWS)

The Supplier has selected either a specific EU/ESS Data Center location, or a EU/ESS region (eg Western Europe, Northern Europe) depending on the Sub-Processor options provided at the time of provisioning.

AWS_DPA.pdf

IBM (IBM Cloud)

The Supplier has selected either a specific EU/ESS Data Center location, or a EU/ESS region (eg Western Europe, Northern Europe) depending on the Sub-Processor options provided at the time of provisioning.

IBM_DPA.pdf

Microsoft (Microsoft Azure)

The Supplier has selected either a specific EU/ESS Data Center location, or a EU/ESS region (eg Western Europe, Northern Europe) depending on the Sub-Processor options provided at the time of provisioning.

MS_DPA.pdf

Other Sub-Processors

These Sub-Processors are involved in delivery of ancillary services, such as the sending of OTPs, or service status notifications via email. Their use may depend on how services are configured and which optional add-on services are purchased.

ApriorIT LLC

Please note: this Sub-Processor is only used if Email Security (EMS) is purchased.

ApriorIT - SCCs.pdf

Entrust

Please note: this Sub-Processor is only used if MFA powered by IntelliTrust (MFA) is purchased. For EU customers data can be restricted to EU only data center locations depending on the Sub-Processor options selected at the time of provisioning

Entrust - DPA including SCCs.pdf

SorryApp Limited

Please note: this Sub-Processor is only used if Customers subscribe to system status updates/notifications.

SorryApp - DPA including SCCs.pdf

Twilio (inc. SendGrid)

Please note: this Sub-Processor is only used if MFA is enabled to protect portal (USS) logins.

Twilio (including Sendgrid) - DPA including SCCs.pdf


How did we do?