The following is a list of the processors/sub-processors named concerning the processing:
|
Amazon Web Services EMEA SARL |
Sub-Processor’s Address: Viale Monte Grappa 3/5, 24124, Milan (Italy) Purpose of Data Processing: AWS is entrusted, as a Cloud Service Provider, solely with ensuring the integrity and availability of the data stored on its servers. Therefore, AWS does not access Customer content except as necessary to provide and maintain the hosting services (e.g., for security and support) and subject to contractual safeguards; the data is protected by additional security measures, such as encryption.
Categories of personal data: personal data related to the use of Imagicle Products and related Services, Call audio and related call metadata; text derived from call content (transcripts), Text provided for synthesis (which may include personal data) and generated audio output, where applicable. Country where processing will take place: cloud services are managed through Amazon Web Services (AWS). Customers can request that their production hosting be in any country-specific AWS location proposed by Imagicle or in another AWS region of their choice Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679) All the information provided by AWS regarding data processing at the following link: |
|
Salesforce UK Limited |
Sub-Processor’s Address: Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N4AY London. (United Kingdom) Purpose of Data Processing: this is a CRM software provider used for administration and business relationship management activities with customers/potential customers/end users only. Salesforce operators in the service and support phases of the product may, on an occasional basis and under the control of Imagicle personnel, access personal data Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country in which the processing activity will take place: worldwide Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: Transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679). All the information provided by Salesforce regarding data processing at the following link: https://www.salesforce.com/eu/company/privacy
|
|
Atlassian |
Sub-Processor’s Address: 350 Bush Street, Level 13 San Francisco, California 94104 (USA) Purpose of Data Processing: this cloud storage (archiving) and file-sharing service allows you to store, synchronize and share documents and other files via the Internet. Imagicle uses it for sharing and storing files and documents that may contain personal data of customers/potential customers/end Users related only to administration and business relationship management activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country in which the processing activity will take place: worldwide Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: Transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679) All the information provided by Atlassian regarding data processing at the following link: https://www.atlassian.com/it/legal/privacy-policy#what-this-policy-covers |
|
Microsoft Ireland Operations Limited Microsoft 365
|
Sub-Processor’s Address: Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland Purpose of the Data Processing: Microsoft 365 is a suite of enterprise collaboration software products. It is used by Imagicle for the management of various digital contents, among which texts, presentations, emails that may contain personal data of Customer and End User and data and Personal Data related to the use of Imagicle Products and in the fruition of related Services Categories of personal data: Customer and End User personal data and data related to the use of Imagicle Products and in the fruition of related Services Country where processing will take place: worldwide Frequency of transfer: continuous/daily Guarantees legitimizing the transfer · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries do not ensure an adequate level of protection: the transfer is permitted if the Commission has decided that the third country, a territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection. In that case, the transfer does not require specific authorizations. The adequacy of the third country or organization is recognized by decision of the European Commission (Art. 45 of EU Regulation 2016/679) · Other countries: The transfer is made on the basis of the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or on the basis of the Binding Corporate Rules (BCRs), (Art. 46 of EU Regulation 2016/679) All the information provided by Microsoft on data processing at the following link: https://privacy.microsoft.com/it-IT/ |
|
Dropbox International Unlimited Company |
Sub-Processor’s Address: One Park Place, Floor 5 Upper Hatch Street, Dublin (Ireland) Purpose of Data Processing: this cloud storage (archiving) and file-sharing service allows you to store, synchronize and share documents and other files via the Internet. Imagicle uses it for sharing and storing files and documents that may contain personal data of Customers/Potential Customers/End Users related only to administration and business relationship management activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country in which the processing activity will take place: worldwide Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: Transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679) All the information provided by Dropbox regarding data processing at the following link: https://www.dropbox.com/privacy |
|
Imagicle Ltd |
Processor’s Address: Pixash Lane, Keynsham, Bristol Purposes of Data Processing: this direct subsidiary of Imagicle Spa works with it to administer and manage the relationship with the customer/potential customer/end user Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country where processing activities will take place: United Kingdom Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). COMMISSION EXECUTIVE DECISION (EU) 2021/1773 of June 28, 2021, under Directive (EU) 2016/680 of the European Parliament and the Council on the adequate protection of personal data by the United Kingdom.
|
|
Imagicle Sas |
Processor’s Address: Parc des Barbanniers 5 - Promenade de la Bonnette - 92230 Genevilliers Purposes of the Data Processing: this is a direct subsidiary of Imagicle Spa that collaborates with it to administer and manage the relationship with the customer/potential customer/end user. Categories of personal data: · personal data processed to administer and manage the relationship with the customer/potential customer/end user · personal data related to the use of Imagicle Products and related Services Country in which processing activities will take place: France Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Not necessary, the transfer takes place within the territory of the European Union |
|
Imagicle DMCC |
Processor’s Address: Office 1307, JBC5, Cluster W, JLT - PO BOX 283982 United Arab Emirates Purposes of the Data Processing: this direct subsidiary of Imagicle Spa works with it to administer and manage the relationship with the customer/potential customer/end user and for support activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer /end user Country in which processing will take place: United Arab Emirates Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Transfer is made based on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR |
|
Imagicle Saudi Communication Technology and Information |
Processor’s Address: 7586 King Fahd Rd, 4119 Ar Rahmaniyah Dist, 12341 Riyadh, Kingdom of Saudi Arabia Purpose of Data Processing: this indirect subsidiary of Imagicle Spa works with it to administer and manage the relationship with the customer/potential customer/end user and for support activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user. Country where processing will take place: Saudi Arabia Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Transfer is made based on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR |
|
Imagicle Inc |
Processor’s Address: 333, Las Olas Way - Fort Lauderdale FL33130 - United States Purposes of the Data Processing: this direct subsidiary of Imagicle Spa, works with it to administer and manage the relationship with the customer/potential customer/end user and for support activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user. Country in which processing activities will take place: United States of America Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Transfer is made based on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR
|
|
OpenAI |
Sub-Processor's Address: 1455 3rd Street, San Francisco, CA 94158, United States (OpenAI OpCo, LLC; EEA/Swiss personal data is processed by OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117–126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland) Purpose of Data Processing: AI model (LLM) inference service. OpenAI processes API requests through its large language models for intent recognition and output generation. Processing is performed to provide the Service. By default, OpenAI does not use API platform inputs or outputs to train or improve its models. API inputs and outputs may be securely retained for up to 30 days to provide the services and identify abuse, after which they are removed unless legally required to be retained. Zero Data Retention (ZDR) option available for eligible endpoints/qualifying use cases. OpenAIOpenAI Personal data categories: personal data related to the use of Imagicle Products and related Services, including call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, and AI-generated outputs Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. For EEA/Swiss personal data, OpenAI Ireland Ltd acts as the contracting party and onward transfers to OpenAI affiliates or third parties outside the EEA/Switzerland are made on the basis of agreements incorporating such safeguards. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679). All the information provided by OpenAI regarding privacy and data processing at the following links: · Privacy Policy: https://openai.com/policies/privacy-policy
|
Additional product specific sub-processors
Voice Analytics
|
Soniox |
Sub-Processor's Address: 1045 Helm Lane, Foster City, CA 94404, United States (Soniox Inc) Purpose of Data Processing: AI speech-to-text (ASR), text-to-speech, and translation service. Soniox processes audio submitted via its API to perform real-time and asynchronous transcription, speaker separation, translation, and related speech/voice processing for intent recognition and output generation. Processing is performed to provide the Service. Audio and transcripts are never used to train or improve Soniox models or services. Soniox does not store audio or transcript data unless storage is explicitly requested through a service that supports it (e.g. the async API), in which case stored data is isolated within the customer's Soniox account and can be deleted at any time via the Console or API; minimal logging is performed for reliability, debugging, and billing. In-region processing / data residency (Sovereign Cloud) is available to meet latency and regulatory requirements. Personal data categories: personal data related to the use of Imagicle Products and related Services, including call audio and call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content (e.g. context terms) provided to enable the Service, and AI-generated outputs Country where processing will take place: United States (default; in-region/EU processing available via Soniox data residency where configured) Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. Soniox maintains SOC 2 Type 2, ISO/IEC 27001:2022, HIPAA, and GDPR compliance, with compliance documentation available through the Soniox Console. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679). All the information provided by Soniox regarding privacy and data processing at the following links: · Privacy Policy: https://soniox.com/policies/privacy-policy
|
|
OpenRouter, Inc.
|
Sub-Processor’s Address: 936 W Alder St, Louisville, CO 80027, United States Purpose of Data Processing: AI model routing and API gateway service. OpenRouter routes API requests to various AI model providers for intent recognition and output generation. Processing is performed to provide the Service. Customer content is not used to train models.Zero Data Retention (ZDR) option available Personal data categories: personal data related to the use of Imagicle Products and related Services, including call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, and AI-generated outputs Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by OpenRouter regarding privacy and data processing at the following links: · Privacy Policy:https://openrouter.ai/privacy · Trust Center & DPA:https://trust.openrouter.ai/?tab=documents |
AI Virtual Receptionist and Smartflows
|
OpenRouter, Inc.
|
Sub-Processor’s Address: 936 W Alder St, Louisville, CO 80027, United States Purpose of Data Processing: AI model routing and API gateway service. OpenRouter routes API requests to various AI model providers for intent recognition and output generation. Processing is performed to provide the Service. Customer content is not used to train models.Zero Data Retention (ZDR) option available Personal data categories: personal data related to the use of Imagicle Products and related Services, including call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, and AI-generated outputs Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by OpenRouter regarding privacy and data processing at the following links: · Privacy Policy:https://openrouter.ai/privacy · Trust Center & DPA:https://trust.openrouter.ai/?tab=documents |
|
Deepgram |
Sub-Processor's Address: 548 Market Street, PMB 25104, San Francisco, CA 94104, United States (Deepgram, Inc.) Purpose of Data Processing: AI speech-to-text (ASR) and voice AI service. Deepgram processes audio submitted via its API to perform transcription, language understanding, and related speech/voice processing for intent recognition and output generation. Processing is performed to provide the Service. Deepgram acts as a data processor and processes Customer Data solely on behalf of, and as directed by, the customer (controller). Deepgram operates a Model Improvement Partnership Program; requests can be excluded from model improvement by setting the mip_opt_out=true API parameter, in which case data from opted-out requests is retained only for the duration necessary to process the request. Real-time PII/PCI redaction and configurable/zero-retention processing options are available. EU in-region processing is available via Deepgram's EU endpoint (api.eu.deepgram.com). DeepgramDeepgram Personal data categories: personal data related to the use of Imagicle Products and related Services, including call audio and call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, and AI-generated outputs Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. Deepgram enters into data processing agreements with its customers and frequently enters into the EU Commission's Standard Contractual Clauses to legitimize transfers of Customer Data outside the EEA, United Kingdom or Switzerland to the US. Deepgram · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679). All the information provided by Deepgram regarding privacy and data processing at the following links: · Privacy Policy: https://deepgram.com/privacy
|
|
ElevenLabs
|
Sub-Processor’s Address: 169 Madison Ave #2484, New York, NY 10016, United States Purpose of Data Processing: Text-to-speech generation (TTS) for AI-enabled voice services (e.g., Virtual Receptionist). Customer content is not used to train models. Personal data categories: Text provided for synthesis (which may include personal data) and generated audio output; related request metadata. Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by ElevenLabs regarding privacy and data transfers at the following links: · Privacy Policy: https://elevenlabs.io/privacy-policy · EU-U.S. Data Privacy Framework Policy: https://elevenlabs.io/eu-us-data-privacy-framework-policy/ |
|
MongoDB |
Sub-Processor's Address: 1633 Broadway, 38th Floor, New York, NY 10019, United States (MongoDB, Inc.; for customers located outside the Americas and Japan, the contracting entity is MongoDB Limited, Building 2, Number 1 Ballsbridge, Shelbourne Road, Ballsbridge, D04 Y3X9 Dublin, Ireland) Purpose of Data Processing: Managed cloud database service (MongoDB Atlas). MongoDB hosts, stores, and enables retrieval of application data on Imagicle's behalf, including the persistence of content used to provide the Service. Processing is performed to provide the Service. MongoDB acts as a data processor for any personal data that customers upload to its cloud services and processes it solely on the customer's instructions; by default MongoDB does not have visibility into the nature or categories of personal data uploaded. MongoDB does not use Customer Personal Data to train AI models; for optional AI Features, customer input data is not used for model training where the customer opts out. Customers select their preferred data hosting region and cloud provider (AWS, Microsoft Azure, or Google Cloud); MongoDB does not choose the physical geographic location where Customer Personal Data is stored. Encryption at rest/in transit, with optional Queryable Encryption / Client-Side Field Level Encryption, is available. Personal data categories: personal data related to the use of Imagicle Products and related Services, including call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, AI-generated outputs, and associated application/configuration data persisted in the database Country where processing will take place: Customer-selected deployment region (configured by Imagicle). Where Imagicle deploys in a MongoDB Atlas European region, Customer Personal Data physically resides in the EU; MongoDB, Inc. (United States) may access data for support/operations under the safeguards below. Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. MongoDB is certified to the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework; its DPA incorporates the 2021 EU SCCs and the 2022 UK International Data Transfer Addendum. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679). All the information provided by MongoDB regarding privacy and data processing at the following links: · Privacy Policy: https://www.mongodb.com/legal/privacy/privacy-policy
|
|
Pinecone
|
Sub-Processor’s Address: New York, 1375 Broadway, Floor 11, United States Purpose of Data Processing: Use of Pinecone Vector Database to build knowledgeable AI Personal data categories: personal data related to the use of Imagicle Products and related Services, including vectorized representations (embeddings) derived from Customer-provided knowledge content and/or text derived from call content, where applicable Country where processing will take place: United States, Europe, based on customer region service selection. Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by Pinecone regarding privacy and security at the following links: · Privacy Policy (Cross-border transfers): https://www.pinecone.io/privacy/ · Trust/Security Center: https://security.pinecone.io/ |