Sub-processors & processors

Overview of external services

Sub-processors (processors) are vendors that process personal data on behalf of the controller or a main processor — e.g. hosting, database, email, monitoring. The concrete list depends on your platform contract and should be provided publicly or contractually.

Hosting

Infrastructure to run the web application and store data in the cloud. Region and sub-processing should be governed in the data processing agreement.

Email delivery

Services for transactional email (invitations, password reset, notifications) may process personal data (e.g. email address).

Processing by third parties

For each service, review: purpose, categories of personal data, third-country aspects, sub-processing, and deletion concept. Use only contractually bound providers.

DPA status

Your practice and the platform provider should have a data processing agreement (Art. 28 GDPR); the provider in turn concludes DPAs with its sub-processors. Observe documentation duties and instructions rights.

Related documents

• Legal information & privacy — overview
• Privacy policy
• Security (technical & organizational)