Subservice Organizations

Effective Date: April 16, 2021

To deliver the ADAVICO Service, ADAVICO may engage third-party vendors to host and process Service Data submitted to our web application (Production Network), as well as to support our related professional services and day-to-day business operations (Corporate Network).

Definitions

A subservice relationship exists when a) the services provided by the vendor are likely to be relevant to the ADAVICO System and b) the controls at the vendor are necessary, in combination with ADAVICO’s controls, to provide reasonable assurance that service commitments and system requirements are achieved.

  • Sub-processors: A sub-processor is a third party engaged by ADAVICO that has, or potentially will have, access to or ability to process Service Data (which may contain Personal Data).
  • Subcontractors: A subcontractor is a third party engaged by ADAVICO that does not have access to or ability to process Service Data, but that is otherwise used to support the ADAVICO Service.

Due Diligence

Prior to engaging any third-party that will have or may have access to or ability to process Service Data, ADAVICO performs due diligence to evaluate their security, privacy, and confidentiality practices. Before use, and at least annually thereafter, ADAVICO monitors the effective operation of the third-party’s safeguards by conducting reviews of its complementary subservice organization controls (CSOCs).

Contractual Safeguards

ADAVICO requires its sub-processors to satisfy equivalent obligations as those required of ADAVICO, including but not limited to the following:

  • Restrict the sub-processor’s access to Service Data to only what is necessary to assist ADAVICO in providing or maintaining the ADAVICO Service, and prohibit the sub-processor from accessing Service Data for any other purpose;
  • In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • Provide regular training in security and data protection to personnel to whom they grant access to Service Data;
  • Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which ADAVICO is contractually committed to adhere insofar as they are equally relevant to the sub-processor’s processing of Service Data on ADAVICO’s behalf);
  • Promptly inform ADAVICO about any actual or potential security breach; and
  • Cooperate with ADAVICO regarding requests from data controllers, data subjects, or data protection authorities, as applicable.

Infrastructure Sub-processors (Production Network)

ADAVICO leases the infrastructure used to host and process Service Data submitted to the ADAVICO Service. The third-party data centers ADAVICO uses to host the Service and Service Data are in multiple locations throughout the United States, but may be in Canada, Europe, or Asia Pacific by request.

Entity Name Entity Type Entity Country
Digital Realty Data Center Provider United States
Zayo Data Center Provider United States
Cologix Data Center Provider United States
Hurricane Electric Data Center Provider United States

Other Sub-processors (Corporate Network)

ADAVICO may use the following sub-processors to help support delivery of related professional services or day-to-day business operations:

Entity Name Sub-processor Activities Entity Country
Microsoft, Inc. Cloud-based Network, Email, and Collaboration Services United States
Zendesk, Inc. Cloud-based Customer Support Services United States
Citrix Sharefile Cloud-based File Exchange and Storage Services United States

Subservice Changes

As our business evolves, the Subservice Organizations we engage may change. Please check back here frequently for updates.