Sub-Processor List

Effective: June 11, 2025

Last updated: March 11, 2026

1. Introduction

This Sub-Processor List identifies the third-party service providers ("Sub-Processors") that Genuinelink B.V. ("Company," "we," "us," or "our") uses to provide our LinkedIn outreach platform services. All Sub-Processors are bound by data processing agreements that ensure compliance with applicable data protection laws.

2. Sub-Processor Categories

2.1 Cloud Infrastructure Providers

Purpose: Hosting, data storage, and cloud computing services

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Amazon Web Services (AWS) | Cloud hosting, storage, databases | EU (Ireland, Germany) | ✅ Signed | June 11, 2025 | | Google Cloud Platform (GCP) | Cloud computing, AI/ML services | EU (Belgium, Netherlands) | ✅ Signed | June 11, 2025 | | Microsoft Azure | Cloud services, Office 365 | EU (Netherlands, Ireland) | ✅ Signed | June 11, 2025 |

2.2 Payment Processing

Purpose: Payment processing, billing, and financial transactions

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Stripe | Payment processing, billing | EU (Ireland) | ✅ Signed | June 11, 2025 | | PayPal | Payment processing | EU (Luxembourg) | ✅ Signed | June 11, 2025 | | Adyen | Payment processing | EU (Netherlands) | ✅ Signed | June 11, 2025 |

2.3 Analytics and Monitoring

Purpose: Website analytics, performance monitoring, and user behavior analysis

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Google Analytics 4 | Website analytics | EU (Belgium) | ✅ Signed | June 11, 2025 | | Hotjar | User experience analytics | EU (Malta) | ✅ Signed | June 11, 2025 | | Mixpanel | Product analytics | EU (Ireland) | ✅ Signed | June 11, 2025 | | Sentry | Error monitoring | EU (Germany) | ✅ Signed | June 11, 2025 |

2.4 Communication Services

Purpose: Email delivery, notifications, and customer communication

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | SendGrid | Email delivery | EU (Ireland) | ✅ Signed | June 11, 2025 | | Mailgun | Email delivery | EU (Germany) | ✅ Signed | June 11, 2025 | | Twilio | SMS, voice communications | EU (Ireland) | ✅ Signed | June 11, 2025 | | Intercom | Customer support, chat | EU (Ireland) | ✅ Signed | June 11, 2025 |

2.5 LinkedIn Integration

Purpose: LinkedIn API access, data synchronization, and platform integration

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Unipile | LinkedIn data integration | EU (France) | ✅ Signed | June 11, 2025 | | LinkedIn API | Official LinkedIn API | Global | ✅ Terms Accepted | June 11, 2025 |

2.6 AI and Machine Learning

Purpose: AI model training, processing, and content generation

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | OpenAI | AI model services | EU (Ireland) | ✅ Signed | June 11, 2025 | | Anthropic | AI model services | EU (Ireland) | ✅ Signed | June 11, 2025 | | Hugging Face | AI model hosting | EU (France) | ✅ Signed | June 11, 2025 |

2.7 Customer Relationship Management

Purpose: CRM, customer data management, and sales automation

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | HubSpot | CRM, marketing automation | EU (Ireland) | ✅ Signed | June 11, 2025 | | Salesforce | CRM, sales automation | EU (Germany) | ✅ Signed | June 11, 2025 | | Pipedrive | CRM, sales pipeline | EU (Estonia) | ✅ Signed | June 11, 2025 |

2.8 Security and Compliance

Purpose: Security monitoring, compliance management, and threat detection

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Cloudflare | CDN, security, DDoS protection | Global | ✅ Signed | June 11, 2025 | | Auth0 | Authentication services | EU (Germany) | ✅ Signed | June 11, 2025 | | Okta | Identity management | EU (Ireland) | ✅ Signed | June 11, 2025 | | Vault | Secrets management | EU (Ireland) | ✅ Signed | June 11, 2025 |

2.9 Data Processing and Storage

Purpose: Data processing, backup, and archival services

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Redis Labs | In-memory data store | EU (Ireland) | ✅ Signed | June 11, 2025 | | Elasticsearch | Search and analytics | EU (Germany) | ✅ Signed | June 11, 2025 | | MongoDB Atlas | Database services | EU (Ireland) | ✅ Signed | June 11, 2025 |

2.10 Marketing and Advertising

Purpose: Marketing automation, advertising, and campaign management

| Sub-Processor | Service | Data Location | DPA Status | Last Updated | |---------------|---------|---------------|------------|--------------| | Facebook Pixel | Marketing analytics | EU (Ireland) | ✅ Signed | June 11, 2025 | | LinkedIn Insight Tag | Marketing analytics | Global | ✅ Terms Accepted | June 11, 2025 | | Google Ads | Advertising platform | EU (Ireland) | ✅ Signed | June 11, 2025 |

3. Sub-Processor Changes

3.1 Change Notification Process

When we add or change Sub-Processors, we will:

  • Notify Customers: Email notification at least 30 days in advance
  • Update List: Update this Sub-Processor List
  • Provide Details: Provide details about the new Sub-Processor
  • Allow Objection: Allow customers to object within 30 days

3.2 Objection Process

If you object to a new Sub-Processor:

  • Submit Objection: Submit written objection within 30 days
  • Review Process: We will review your objection
  • Alternative Solutions: We will work to find alternative solutions
  • Termination Rights: You may terminate affected services if no alternative is available

3.3 Emergency Changes

For emergency Sub-Processor changes:

  • Immediate Notification: Immediate notification of the change
  • Retroactive Approval: Retroactive approval process
  • Documentation: Complete documentation of the emergency change
  • Review: Post-change review and approval

4. Data Processing Agreements

4.1 DPA Requirements

All Sub-Processors are required to:

  • Sign DPA: Sign our standard Data Processing Agreement
  • Comply with GDPR: Comply with all applicable data protection laws
  • Implement Security: Implement appropriate security measures
  • Allow Audits: Allow audits and inspections when required

4.2 DPA Terms

Our standard DPA includes:

  • Data Processing Instructions: Clear instructions for data processing
  • Security Requirements: Specific security requirements
  • Breach Notification: Breach notification requirements
  • Data Subject Rights: Assistance with data subject rights
  • Audit Rights: Rights to audit and inspect Sub-Processors

4.3 Compliance Monitoring

We monitor Sub-Processor compliance through:

  • Regular Reviews: Regular reviews of Sub-Processor compliance
  • Audit Reports: Review of Sub-Processor audit reports
  • Security Assessments: Security assessments of Sub-Processors
  • Performance Monitoring: Monitoring of Sub-Processor performance

5. Data Transfers

5.1 International Transfers

We ensure appropriate safeguards for international data transfers:

  • Standard Contractual Clauses (SCCs): EU SCCs 2021 for transfers outside EEA
  • Adequacy Decisions: Use of adequacy decisions where available
  • Binding Corporate Rules: BCRs where applicable
  • Certification Schemes: Certification schemes where available

5.2 Transfer Impact Assessments

We conduct Transfer Impact Assessments (TIAs) for:

  • New Sub-Processors: All new Sub-Processors outside EEA
  • Regular Reviews: Regular reviews of existing transfers
  • Risk Assessment: Assessment of transfer risks
  • Mitigation Measures: Implementation of mitigation measures

5.3 Data Localization

We prefer Sub-Processors that:

  • EU Data Centers: Use EU data centers when possible
  • Data Residency: Respect data residency requirements
  • Local Processing: Process data locally when required
  • Compliance: Comply with local data protection laws

6. Security and Compliance

6.1 Security Standards

All Sub-Processors must meet:

  • ISO 27001: ISO 27001 certification preferred
  • SOC 2: SOC 2 Type II certification preferred
  • GDPR Compliance: Full GDPR compliance
  • Security Controls: Appropriate security controls

6.2 Compliance Requirements

Sub-Processors must comply with:

  • Data Protection Laws: All applicable data protection laws
  • Industry Standards: Relevant industry standards
  • Security Frameworks: Appropriate security frameworks
  • Audit Requirements: Audit and inspection requirements

6.3 Incident Response

Sub-Processors must have:

  • Incident Response Plans: Comprehensive incident response plans
  • Breach Notification: Rapid breach notification procedures
  • Recovery Procedures: Data recovery and restoration procedures
  • Communication Plans: Communication plans for incidents

7. Contact Information

For questions about this Sub-Processor List, contact us at [email protected].

8. Updates to This List

This Sub-Processor List is updated regularly to reflect:

  • New Sub-Processors: Addition of new Sub-Processors
  • Changes to Services: Changes to Sub-Processor services
  • DPA Updates: Updates to Data Processing Agreements
  • Compliance Changes: Changes to compliance requirements

8.1 Update Notification

We will notify you of updates through:

  • Email Notifications: Email notifications for material changes
  • Website Updates: Updates to this Sub-Processor List
  • Service Announcements: Service announcements for significant changes
  • Account Notifications: Account notifications for critical changes

8.2 Version Control

This Sub-Processor List includes:

  • Version Number: Current version number
  • Last Updated: Date of last update
  • Change Log: Log of all changes made
  • Archive: Archive of previous versions

This Sub-Processor List is effective as of June 11, 2025 and was last updated on March 11, 2026.

Version: 1.0
Next Review: March 11, 2027