Cubiks uses certain Sub-Processors to assist in the delivery and support of its products and services.
A Sub-Processor is a third party processor engaged by Cubiks for the purposes of processing client data under a contract, including entities from inside Cubiks Group. A list of operating companies of the Cubiks Group can be found here. The Sub-Processor has or potentially will have access to process data (which may contain personal data) as described in the table below.
Cubiks undertakes a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process Data.
Cubiks requires its sub-processors to satisfy equivalent obligations as those required from Cubiks (as a Data Processor) as set forth in Cubik’s Data Processing Agreement (“DPA”), including but not limited to the requirements to:
- Process Personal Data in accordance with the data controller’s documented instructions (as communicated in writing to the relevant sub-processor by Cubiks);
- In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which Cubiks is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on Cubik’s behalf) Cubiks reserves the right to audit the sub-processor on an annual basis or request certification of proof of the sub-processors security commitment;
- Promptly inform Cubiks about any actual or potential security breach; and
- Cooperate with Cubiks in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give Customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Cubik’s engagement process for sub-processors as well as to provide the actual list of third party sub-processors, subcontractors and content delivery networks used by Cubiks as of the date of this policy (which Cubiks
may use in the delivery and support of its Services).
SERVER LOCATION AND SECURITY
The Cubiks platforms are hosted within the EU on Microsoft Azure (in the West and North European regions).
Bespoke Solutions are hosted in data centres in the UK.
Office specific documents are located either on the servers located in each country of operation, in Office 365 or within the EU on
Cubiks is ISO 270001:2013 certified for Information Security Management (certificate number IS639040).
Sub-Processors and Trusted Third Parties
|Cloud Direct (On Direct Business Services Ltd)||Provides routine encrypted backup of Cubiks' PCs and servers.||https://www.clouddirect.net/legal/privacy-policy/||UK, Belgium and The Netherlands|
|Cammio||When requested by clients, provides clients with the option to include video based interviews as part of the assessment process.||https://cammio.com/privacy-policy||European Union|
|Microsoft Corporation||Cubiks use Microsoft Azure (European Region) for the hosting and delivery of Cubiks Online Solutions and storage and back up of associated data. Office 365 is used internally across Cubiks.||https://www.microsoft.com/en-us/trustcenter/privacy/privacy-overview||Microsoft Azure European Regions|
|Pipplet||When requested by clients, provides clients with the option to include language proficiency tests as part of their assessment process||https://www.pipplet.com/en-gb/home||United Kingdom|
|Bytes||Manages cloud hosting services for Microsoft contracts and relevant support services.||https://www.bytes.co.uk/company/corporate-policies/gdpr-documents||United Kingdom|
|Cubiks use Google for Email filtering and quarantine services. Google is certified under both the EU-US and Swiss-U.S Privacy Shield frameworks.||https://policies.google.com/privacy?hl=en&gl=uk||United States of America|
|Barracuda Networks||Barracuda Networks provide email filtering and quarantine services. Barracuda Networks is certified under both the EU-US and Swiss-U.S Privacy Shield frameworks.||https://www.barracuda.com/company/legal/trust-center/data-privacy/privacy-policy||United States of America. Certified under both EU-US Privacy Shield and Swiss-US Privacy Shield frameworks|
|Salesforce||Salesforce provides Customer Relationship Management (CRM) services to Cubiks and all its Group Companies.||https://www.salesforce.com/company/privacy/||United States of America. Certified under both EU-US Privacy Shield and Swiss-US Privacy Shield frameworks|
|NetSuite||Netsuite provides services related to business finances, operations and customer relations.||https://www.oracle.com/legal/privacy/services-privacy-policy.html||United States of America. Certified under both EU-US Privacy Shield and Swiss-US Privacy Shield frameworks|
|PSI Group Companies||Provision of IT support on Cubiks’ email and shared IT resources.||https://www.psionline.com/en-gb/privacy/privacy-policy||UK, EU and United States of America. Certified under both EU-US Privacy Shield and Swiss-US Privacy Shield frameworks|
CUBIKS GROUP SUB PROCESSORS, ASSOCIATES AND AGENTS
Cubiks Belgium SA/NV
Cubiks Group Limited
Any other Cubiks Group Company, or individual Associates, as agreed with the Controller
If you have any queries, please contact us at firstname.lastname@example.org.
Last Updated March 2020.