CloudTalk Sub-Processors and Affiliates

The entities that qualify as its Subprocessors can be characterized as follows:

1. Third-Party Data Processors: These are external organizations or entities that CloudTalk engages to process personal data on its behalf. They play a role in supporting or enhancing the services provided by CloudTalk.
2. Entities with Access to Personal Data: Any organization that has, or potentially will have, access to or processes personal data managed by CloudTalk. This indicates that the data they handle could include customer information, employee details, or other types of personal data.
3. GDPR Compliant: All of CloudTalk’s Subprocessors comply with the General Data Protection Regulation (GDPR), ensuring they adhere to strict standards of data privacy and security.
4. Entities Bound by Data Processing Agreements (DPAs): These Subprocessors have formal agreements with CloudTalk, detailing their roles, responsibilities, and obligations in terms of data processing, in compliance with the applicable data protection laws.
5. Entities Assisting in Service Delivery: Subprocessors engaged by CloudTalk are selected for their ability to assist in providing the company’s services effectively and securely.

In summary, any entity that processes data on behalf of CloudTalk, has access to personal data, adheres to GDPR standards, is bound by a formal DPA, and contributes to the delivery of CloudTalk’s services would qualify as a Subprocessor for the company.

CloudTalk selects its subprocessors based on a rigorous evaluation process, ensuring each one adheres to stringent security, privacy, and confidentiality practices. Key factors in this selection process include:

1. Compliance with GDPR: Every subprocessor must be fully compliant with the General Data Protection Regulation, demonstrating a strong commitment to data protection and privacy.
2. Data Security Standards: Subprocessors are chosen based on their ability to maintain high levels of data security, protecting personal and sensitive information effectively.
3. Alignment with Data Processing Agreements (DPAs): Subprocessors must agree to and align with the terms set out in Data Processing Agreements, ensuring legal and operational compliance with data protection laws.
4. Capability to Enhance Service Delivery: The subprocessor must contribute positively to CloudTalk’s service provision, either by enhancing service quality, efficiency, or reliability.

In short, CloudTalk selects its subprocessors through a careful and thorough vetting process, prioritizing data protection, legal compliance, and the ability to enhance service delivery.

CloudTalk ensures that each subprocessor is bound by contractual commitments that rigorously address the protection of personal data. These obligations are detailed in Data Processing Agreements (DPAs), which align with GDPR standards and stipulate stringent data security and privacy measures. Subprocessors are required to maintain high levels of data protection, ensuring that personal information is handled responsibly, securely, and in compliance with all relevant data protection laws. This includes implementing adequate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, and destruction.

Upon signing the Data Processing Agreement (DPA), our customers grant CloudTalk general permission to engage, add, or replace subprocessors as part of our operational framework. This authorization allows us to update our subprocessor list to maintain or enhance service quality and compliance with data protection laws. It is important to note that any changes we make are in strict adherence to GDPR standards and are aligned with the terms outlined in the DPA. In specific cases, where a customer has distinct requirements, alterations to this process can be negotiated and agreed upon between the customer and CloudTalk.