TariffPilot

Sub Processors List

TariffPilot GmbH uses the following sub processors for processing personal data.

Mandatory sub processors

1) Google Cloud EMEA

Google Cloud EMEA Ltd, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland

Tasks: The TariffPilot infrastructure is operated in the Google Cloud by Google Ireland, and the server locations are within the EU. If personal data is processed, it is encrypted as far as possible.

Description of security measures concerning transfers to third countries (Art.44): EU standard contractual clauses, transport encryption with TLS.

We will provide you with the standard contractual clauses upon request.

2) Cloudflare

Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA

Tasks: TariffPilot uses services from “Cloudflare” for DDoS mitigation. Cloudflare operates a content delivery network (CDN) and provides protection functions for the TariffPilot web application (web application firewall). The data transfer between the browser and the TariffPilot servers is routed via the Cloudflare infrastructure, where it is analyzed to ward off attacks. The user’s IP address is visible to Cloudflare for technical reasons. No other personal data is transmitted via Cloudflare. Cloudflare is used in the interest of a secure use of TariffPilot and the defense against harmful attacks from the outside. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO. Further information can be found in the Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

Cloudflare is listed on the qualified DDoS mitigation service provider list of the German Federal Office for Information Security (BSI). The list can be viewed at the following link:
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Dienstleister-DDos-Mitigation-Liste.pdf

Description of security measures concerning transfers to third countries (Art.44): Transport encryption with TLS, certification according to the EU-U.S. Data Privacy Framework.

3) Amazon Web Services EMEA

Amazon Web Services EMEA SARL, 28 Avenue John F. Kennedy, L-1855, Luxembourg

Tasks: Email sending from TariffPilot is done via AWS. The server location is EU. For sending emails to end customers, a different SMTP can be stored in TariffPilot, effectively preventing the usage of AWS.

Description of security measures concerning transfers to third countries (Art.44): Transport encryption with TLS, certification according to the EU-U.S. Data Privacy Framework.