As part of our GDPR compliance SpotlerCRM ensures that all our subprocessors who can access customer data are GDPR compliant, and that we have individual contracts with them enforcing GDPR compliance.
The following subprocessors are authorised to access our customers’ data:
| Entity | Location | Service |
| SendGrid Inc | United States of America | Delivery of emails and return of statistics such as opens, clickthroughs and bounces. For customers using the Marketing tool only. |
The following subprocessors provide infrastructure services but are not authorised to access our customers’ data:
| Entity | Location | Service |
| CloudFlare | United States of America | DNS and anti-DDOS |
| Google Cloud | Belgium, United Kingdom | Cloud hosting |
| Amazon Web Services | France and Sweden | Data Centre |
We use the following services in order to run our business and communicate with our customers and prospects:
| Entity | Location | Service |
| GoCardless | United Kingdom | Payment services |
| Google Analytics | United States of America | Web site analytics |
| Google Apps | United States of America | Email and document storage |
| BigMarker | United States of America | Web Conferencing |
| PayVector | United Kingdom | Payment services |
| SnapEngage | United States of America | Online Chat |
| SurveyMonkey | United States of America | Online Surveys |
If you use the following third-party products then data from the CRM will be passed to them. They are not legally our subprocessors as your contract is directly with them:
| Entity | Location | Service |
| KashFlow | United Kingdom | Cloud Accounting |
| SageOne | United Kingdom | Cloud Accounting |
| Xero | New Zealand | Cloud Accounting |
| Zapier | United States of America | Integration to other cloud services |