Data processor registry
You have a right to be informed about how we process your personal data. One of our core organizational values is transparency, and in that spirit, we attempt to go above and beyond the required level of detail when we tell you how your data are used.
This page serves as a registry of every third-party data processor ("service provider") whose services we use when processing your personal data. For each processor, we include all of the ways in which we process your data with that service provider, the purposes of the processing, under what lawful basis we justify its use, details about whether your data may be transferred outside the UK or EEA (and, if so, how it is protected), the retention period, how to withdraw your consent (and whether it's applicable), and more.
In some cases, we may use the same service provider for processing different personal data, potentially under a different lawful basis, with a different retention period, etc. When this happens, we will create a distinct entry in the registry for each type of processing we perform using that provider's services.
When possible, we will provide links to our data processing agreements (DPAs) with these service providers, in addition to any relevant documentation from the service provider about how your data is processed, how international transfers are protected, etc. (Note that these are third party links. We are not responsible for their accuracy, and they are provided on a best-effort basis.)
We will keep this page up to date as our processing needs change and we add or remove service providers. We will note, for each provider, when we last updated the information in the registry, so that you may be informed when we make such changes.
We hope this level of transparency helps inform your choices about what personal data you wish to share with us.
Service providers who do not process personal data
If you have any questions about this registry, or if you believe any of the information listed here to be insufficient or incorrect, please contact us at [email protected].
Google Cloud EMEA Limited (email)
We use Google Cloud EMEA Limited ("Google") for transactional email services.
|Who is the controller?
|Who are the recipients of the data?
|What is the purpose of the processing?
Google are our email provider. When you send us email to ask a question, request information, or inform us of a problem or issue (transactional email), we use Google's email service to read and, if necessary, reply to your email.
|What is the lawful basis of the processing?
Legitimate interests: we have a legitimate interest to provide you with good service, and you have a legitimate interest in receiving prompt and accurate assistance.
|Is data transferred outside the UK or EEA?
In some cases, yes. Our data processing agreement (DPA) with Google states that Google will ensure that when data is transferred, it will be transferred either to a country subject to an adequacy decision, or else using appropriate safeguards.
|What is the retention period of the data?
At least as long as is required to service the request. We generally delete email once it is no longer needed. We may occasionally keep email for longer if we feel it may be needed at some later date for legal reasons.
|Your rights with respect to the processing
|How can you withdraw your consent?
Not applicable: consent is not the basis for processing this data.
|When was this information last updated?
|August 29, 2022
|Where can you find more information?
Our DPA with Google can be found here: https://workspace.google.com/terms/dpa_terms.html