For all App customers who have executed Lovestock & Leaf’s standard DPS, Lovestock & Leaf will provide notice via this policy of updates to the list of Sub-processors that are utilized to deliver its Services. Lovestock & Leaf undertakes to keep this list updated regularly to enable its customers to stay informed of the scope of sub-processing associated with the Lovestock & Leaf apps. Lovestock & Leaf customers may subscribe to receive notifications of updates to this policy by clicking “Follow” at the top of this policy.
Pursuant to the DPA, Section 3.2 We shall give you prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 10 days of receipt of that notice: (a) you have not notified us in writing of any objections (on reasonable grounds) to the proposed appointment of that Subprocessor we will assume that you have consented to the appointment of that Subprocessor; or (b) if you notify us in writing of any objections (on reasonable grounds) to the proposed appointment we shall not appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections you raised and you have been informed of these reasonable steps.
The following is an up-to-date list (as of the date of this policy) of the names of Lovestock & Leaf’s sub-processors and content delivery networks in use.
Entity Name | Purpose/Activity | DPA | Data Hosting Location |
Amazon Web Services | Cloud Service Provider | https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/ | United States |
Zendesk | Integration platform/support/crm | Signed DPA | United States |
Cloudflare | CDN | https://www.cloudflare.com/en-gb/cloudflare-customer-dpa/ | United States |
Stripe | Processing payments | Signed DPA | United States |
Slack | Internal communications | Signed DPA | United States |
ChartMogul | Data Analysis | Signed DPA | United States/Ireland |
Xero | Accounting | https://www.xero.com/au/legal/terms/data-processing/ | United States |
Google Cloud | Enterprise Workspace/Email | Agreed to as part of Admin on Google Workspace | United States |
Mailchimp | Email Management | https://mailchimp.com/en-au/legal/data-processing-addendum/ | United States |
Pendo | In App User Analytics | https://www.pendo.io/legal/data-processing-addendum/ | United States |
* Pendo.io, Inc. (“Pendo”) is a third-party analytics provider that Zendesk uses to capture how users interact with the Service. Zendesk uses this information to analyze and improve the Services.
The primary information Pendo has access to is information in and associated with the Zendesk website URL that the Agent and End-User are interacting with, such as time spent on page, items clicked (including Service Data contained in those items) We do not capture the user's email address, only their domain and user ID so the data is anonymised.
Comments