Leading2Lean, LLC. (“Leading2Lean”) uses certain subprocessors and content delivery networks to assist it in providing the Leading2Lean Services as described in the Cloud Service Agreement (“CSA”). Defined terms used herein shall have the same meaning as defined in the CSA if defined.
What is a Subprocessor
A subprocessor is a third party data processor engaged by Leading2Lean who has or potentially will have access to or process Service Data (which may contain Personal Data). Leading2Lean engages different types of subprocessors to perform various functions as explained in the tables below.
Leading2Lean undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.
Leading2Lean requires its subprocessors to satisfy equivalent obligations as those required from Leading2Lean (as a Data Processor) as set forth in Leading2Lean’s CSA, including but not limited to the requirements to:
- Process Personal Data in accordance with data controller’s (i.e. Subscriber’s) documented instructions;
- In connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which Leading2Lean is contractually committed to adhere insofar as they are equally relevant to the subprocessor’s processing of Personal Data on Leading2Lean’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification Leading2Lean reserves the right to audit the subprocessor;
- Promptly inform Leading2Lean about any actual or potential security breach; and
- Cooperate with Leading2Lean in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give Subscribers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Leading2Lean’s engagement process for subprocessors as well as to provide the actual list of third party subprocessors, subcontractors and content delivery networks used by Leading2Lean as of the date of this policy (which Leading2Lean may use in the delivery and support of its Services).
Infrastructure Subprocessors – Service Data Storage
Leading2Lean owns or controls access to the infrastructure that Leading2Lean uses to host Service Data submitted to the Services, other than as set forth below. Currently, the Leading2Lean production systems for the Services are located in Amazon AWS co-location facilities in the United States, Europe, and Asia. Subscriber accounts are established in one or more of these regions based on where the Subscriber is located; the Subscriber’s Service Data subsequently remains in the region(s), but may be shifted among data centers within a region to ensure performance, redundancy, and availability of the Services.
Entity Name Entity Type Entity Country
Amazon Web Services, Inc. Cloud Service Provider United States
Service Specific Subprocessors
Leading2Lean works with certain third parties to provide specific functionality within the Services. These providers are the Subprocessors set forth below. In order to provide the relevant functionality these Subprocessors are provided limited Service Data. Their use is limited to the indicated Services.
Entity Name Purpose Applicable Services Entity Country
SendGrid Leading2Lean utilizes SendGrid services to deliver email and SMS notifications.SendGrid provides the APIs from which Leading2Lean sends notifications via email and SMS text messages. Leading2Lean provides SendGrid only the information necessary to deliver these notifications (email address, sms gateway email address, and/or mobile phone number). SendGrid does not have direct access to Subscriber Service Data. All Leading2Lean Services United States
Content Delivery Networks
As explained above, Leading2Lean’s Services may use content delivery networks (“CDNs”) to provide the Services, for security purposes, and to optimize content delivery. CDNs do not have access to Service Data but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Website content served to website visitors and domain name information may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by that CDN to enable its functions. The following describes use of CDNs by Leading2Lean’s Services.
CDN Provider Services Using CDN CDN Location Description of CDN Services
Amazon Web Services, Inc. All Leading2Lean Services Global Public and Service website content served to website visitors may be stored with Amazon Web Services, Inc., and transmitted by Amazon Web Services, Inc., to website visitors, to expedite transmission.