1. Introduction
This Sub-Processor List identifies the third-party service providers ("Sub-Processors") that Genuinelink B.V. ("Company," "we," "us," or "our") uses to provide our LinkedIn outreach platform services. All Sub-Processors are bound by data processing agreements that ensure compliance with applicable data protection laws.
2. Sub-Processor Categories
2.1 Cloud Infrastructure Providers
Purpose: Hosting, data storage, and cloud computing services
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Amazon Web Services (AWS) | Cloud hosting, storage, databases | EU (Ireland, Germany) | ✅ Signed | June 11, 2025 | | Google Cloud Platform (GCP) | Cloud computing, AI/ML services | EU (Belgium, Netherlands) | ✅ Signed | June 11, 2025 | | Microsoft Azure | Cloud services, Office 365 | EU (Netherlands, Ireland) | ✅ Signed | June 11, 2025 |
2.2 Payment Processing
Purpose: Payment processing, billing, and financial transactions
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Stripe | Payment processing, billing | EU (Ireland) | ✅ Signed | June 11, 2025 | | PayPal | Payment processing | EU (Luxembourg) | ✅ Signed | June 11, 2025 | | Adyen | Payment processing | EU (Netherlands) | ✅ Signed | June 11, 2025 |
2.3 Analytics and Monitoring
Purpose: Website analytics, performance monitoring, and user behavior analysis
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Google Analytics 4 | Website analytics | EU (Belgium) | ✅ Signed | June 11, 2025 | | Hotjar | User experience analytics | EU (Malta) | ✅ Signed | June 11, 2025 | | Mixpanel | Product analytics | EU (Ireland) | ✅ Signed | June 11, 2025 | | Sentry | Error monitoring | EU (Germany) | ✅ Signed | June 11, 2025 |
2.4 Communication Services
Purpose: Email delivery, notifications, and customer communication
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | SendGrid | Email delivery | EU (Ireland) | ✅ Signed | June 11, 2025 | | Mailgun | Email delivery | EU (Germany) | ✅ Signed | June 11, 2025 | | Twilio | SMS, voice communications | EU (Ireland) | ✅ Signed | June 11, 2025 | | Intercom | Customer support, chat | EU (Ireland) | ✅ Signed | June 11, 2025 |
2.5 LinkedIn Integration
Purpose: LinkedIn API access, data synchronization, and platform integration
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Unipile | LinkedIn data integration | EU (France) | ✅ Signed | June 11, 2025 | | LinkedIn API | Official LinkedIn API | Global | ✅ Terms Accepted | June 11, 2025 |
2.6 AI and Machine Learning
Purpose: AI model training, processing, and content generation
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | OpenAI | AI model services | EU (Ireland) | ✅ Signed | June 11, 2025 | | Anthropic | AI model services | EU (Ireland) | ✅ Signed | June 11, 2025 | | Hugging Face | AI model hosting | EU (France) | ✅ Signed | June 11, 2025 |
2.7 Customer Relationship Management
Purpose: CRM, customer data management, and sales automation
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | HubSpot | CRM, marketing automation | EU (Ireland) | ✅ Signed | June 11, 2025 | | Salesforce | CRM, sales automation | EU (Germany) | ✅ Signed | June 11, 2025 | | Pipedrive | CRM, sales pipeline | EU (Estonia) | ✅ Signed | June 11, 2025 |
2.8 Security and Compliance
Purpose: Security monitoring, compliance management, and threat detection
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Cloudflare | CDN, security, DDoS protection | Global | ✅ Signed | June 11, 2025 | | Auth0 | Authentication services | EU (Germany) | ✅ Signed | June 11, 2025 | | Okta | Identity management | EU (Ireland) | ✅ Signed | June 11, 2025 | | Vault | Secrets management | EU (Ireland) | ✅ Signed | June 11, 2025 |
2.9 Data Processing and Storage
Purpose: Data processing, backup, and archival services
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Redis Labs | In-memory data store | EU (Ireland) | ✅ Signed | June 11, 2025 | | Elasticsearch | Search and analytics | EU (Germany) | ✅ Signed | June 11, 2025 | | MongoDB Atlas | Database services | EU (Ireland) | ✅ Signed | June 11, 2025 |
2.10 Marketing and Advertising
Purpose: Marketing automation, advertising, and campaign management
| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Facebook Pixel | Marketing analytics | EU (Ireland) | ✅ Signed | June 11, 2025 | | LinkedIn Insight Tag | Marketing analytics | Global | ✅ Terms Accepted | June 11, 2025 | | Google Ads | Advertising platform | EU (Ireland) | ✅ Signed | June 11, 2025 |
3. Sub-Processor Changes
3.1 Change Notification Process
When we add or change Sub-Processors, we will:
- Notify Customers: Email notification at least 30 days in advance
- Update List: Update this Sub-Processor List
- Provide Details: Provide details about the new Sub-Processor
- Allow Objection: Allow customers to object within 30 days
3.2 Objection Process
If you object to a new Sub-Processor:
- Submit Objection: Submit written objection within 30 days
- Review Process: We will review your objection
- Alternative Solutions: We will work to find alternative solutions
- Termination Rights: You may terminate affected services if no alternative is available
3.3 Emergency Changes
For emergency Sub-Processor changes:
- Immediate Notification: Immediate notification of the change
- Retroactive Approval: Retroactive approval process
- Documentation: Complete documentation of the emergency change
- Review: Post-change review and approval
4. Data Processing Agreements
4.1 DPA Requirements
All Sub-Processors are required to:
- Sign DPA: Sign our standard Data Processing Agreement
- Comply with GDPR: Comply with all applicable data protection laws
- Implement Security: Implement appropriate security measures
- Allow Audits: Allow audits and inspections when required
4.2 DPA Terms
Our standard DPA includes:
- Data Processing Instructions: Clear instructions for data processing
- Security Requirements: Specific security requirements
- Breach Notification: Breach notification requirements
- Data Subject Rights: Assistance with data subject rights
- Audit Rights: Rights to audit and inspect Sub-Processors
4.3 Compliance Monitoring
We monitor Sub-Processor compliance through:
- Regular Reviews: Regular reviews of Sub-Processor compliance
- Audit Reports: Review of Sub-Processor audit reports
- Security Assessments: Security assessments of Sub-Processors
- Performance Monitoring: Monitoring of Sub-Processor performance
5. Data Transfers
5.1 International Transfers
We ensure appropriate safeguards for international data transfers:
- Standard Contractual Clauses (SCCs): EU SCCs 2021 for transfers outside EEA
- Adequacy Decisions: Use of adequacy decisions where available
- Binding Corporate Rules: BCRs where applicable
- Certification Schemes: Certification schemes where available
5.2 Transfer Impact Assessments
We conduct Transfer Impact Assessments (TIAs) for:
- New Sub-Processors: All new Sub-Processors outside EEA
- Regular Reviews: Regular reviews of existing transfers
- Risk Assessment: Assessment of transfer risks
- Mitigation Measures: Implementation of mitigation measures
5.3 Data Localization
We prefer Sub-Processors that:
- EU Data Centers: Use EU data centers when possible
- Data Residency: Respect data residency requirements
- Local Processing: Process data locally when required
- Compliance: Comply with local data protection laws
6. Security and Compliance
6.1 Security Standards
All Sub-Processors must meet:
- ISO 27001: ISO 27001 certification preferred
- SOC 2: SOC 2 Type II certification preferred
- GDPR Compliance: Full GDPR compliance
- Security Controls: Appropriate security controls
6.2 Compliance Requirements
Sub-Processors must comply with:
- Data Protection Laws: All applicable data protection laws
- Industry Standards: Relevant industry standards
- Security Frameworks: Appropriate security frameworks
- Audit Requirements: Audit and inspection requirements
6.3 Incident Response
Sub-Processors must have:
- Incident Response Plans: Comprehensive incident response plans
- Breach Notification: Rapid breach notification procedures
- Recovery Procedures: Data recovery and restoration procedures
- Communication Plans: Communication plans for incidents
7. Contact Information
For questions about this Sub-Processor List, contact us at [email protected].
8. Updates to This List
This Sub-Processor List is updated regularly to reflect:
- New Sub-Processors: Addition of new Sub-Processors
- Changes to Services: Changes to Sub-Processor services
- DPA Updates: Updates to Data Processing Agreements
- Compliance Changes: Changes to compliance requirements
8.1 Update Notification
We will notify you of updates through:
- Email Notifications: Email notifications for material changes
- Website Updates: Updates to this Sub-Processor List
- Service Announcements: Service announcements for significant changes
- Account Notifications: Account notifications for critical changes
8.2 Version Control
This Sub-Processor List includes:
- Version Number: Current version number
- Last Updated: Date of last update
- Change Log: Log of all changes made
- Archive: Archive of previous versions
This Sub-Processor List is effective as of June 11, 2025 and was last updated on March 11, 2026.
Version: 1.0
Next Review: March 11, 2027