Method Grid

Third Party Sub Processors

Who we are and what this is

Method Apps Limited (“we”, “us” or “our”).
Registered company address: 11 Laura Place, Bath, England, UK, BA2 4BL.
Registered in England & Wales 11235998.

Method Apps Limited engages the third party entities below to perform limited activities in connection with customer data associated with Method Grid and Method Apps Limited.

Sub processors

 

Campaign Monitor Pty Ltd.

Activity: Marketing, Communications

Data processed: Name, email, organization, marketing choices, email tracking

App data processed: Name, email, organization

Data locations: US, AU, DE

We store data in a US-based data center. In addition, we use multiple data processing locations including USA, Australia and Germany. We also use CloudFront at strategic AWS edge and regional locations as an external content delivery network for faster content caching.

Source: https://www.campaignmonitor.com/trust/security/
Source: https://www.campaignmonitor.com/policies/


Google

Activity: Marketing, Office Applications, Communications, Support

Data processed: IP address, marketing tracking

App data processed: None

Data locations: US, Multiple

As described in our Privacy Shield certification, we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries (including EEA member countries) and the UK as well as Switzerland, respectively. Google, including Google LLC and its wholly-owned US subsidiaries (unless explicitly excluded), has certified that it adheres to the Privacy Shield Principles. Google remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described in the “Sharing your information” section.

Source: https://policies.google.com/privacy/frameworks?hl=en-US


Pipedrive UK

Activity: Marketing, Support, Communications

Data processed: Name, email, organization, phone, contact records, email tracking

App data processed: None

Data locations: DE

EU-based customers are hosted in our Rackspace data center in Germany. The rest of our customers are hosted in our Rackspace data center in Chicago. Rackspace is a world-class hosting provider with SAS 70 type II compliance.

Source: https://support.pipedrive.com/en/article/how-secure-is-my-data-in-pipedrive
Source: https://www.pipedrive.com/en/privacy


Groove Networks, LLC

Activity: Support, Communications

Data processed: Name, email, contact records

App data processed: None

Data locations: US

Groove stores Your and Your customers’ personal data on the servers of the cloud-based database management services Groove engages, located in the United States. Groove is hosted at AWS which announced compliance with GDPR.

Source: https://www.groovehq.com/our/privacy


Stripe Inc.

Activity: Finance

Data processed: Name, email, organization, billing details

App data processed: Name, email, organization, billing details

Data locations: US, Multiple

We are a global business. Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected, including to the United States. Those countries may have data protection rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.

If you are located in the European Economic Area (“EEA”), the UK or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the US. Stripe Inc. is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles in connection with personal data transfers from the EEA, the UK and Switzerland. For more, see Stripe’s Privacy Shield Policy. In addition, we have implemented intra-group data transfer agreements which you may view upon request.

UPDATE September 15, 2020: While Stripe Inc. remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, it is not currently relying on these frameworks for the transfer of personal data to the U.S.

Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or verification that the recipient adheres to the EU-US and Swiss-US Privacy Shield Framework.

Source: https://stripe.com/gb/privacy


Xero Limited

Activity: Finance, Communications

Data processed: Name, email, organization, billing details

App data processed: None

Data locations: US

Similar to many SaaS providers, we use a top-tier, third-party data hosting provider (Amazon Web Services) with servers located in the U.S., to host our online and mobile services. For more information about AWS’s approach to compliance with the GDPR, see https://aws.amazon.com/compliance/gdpr-center/.

Xero has no short term plans to store data in the EU, and this isn’t required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.

Xero makes sure that it complies with EU data export restrictions when it exports data outside of the EU, and will be doing a full audit prior to May 2018 on the data export mechanisms it has in place to ensure they comply, and will continue to comply, with GDPR.

Source: https://www.xero.com/uk/campaigns/xero-and-gdpr/
Source: https://www.xero.com/uk/about/legal/privacy/


DigitalOcean, LLC

Activity: Infrastructure

Data processed: Name, email, organization, profile image, all app data

App data processed: Name, email, organization, profile image, all app data

Data locations: UK

… your proprietary data that you upload to Droplets, Spaces, and other services will remain within the region where you choose to host such data, unless we inform you otherwise.

Source: https://www.digitalocean.com/security/gdpr/faq/
Source: https://www.digitalocean.com/legal/privacy-policy/


Habla, Inc (Olark)

Activity: Marketing, Support, Communications

Data processed: Name, email, IP

App data processed: None

Data locations: US

Olark is a participant in the Privacy Shield and has self-certified to the Privacy Shield Frameworks. Olark confirms its commitment to comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from the European Union (including the European Economic Area) and Switzerland to the United States, respectively.

Source: https://www.olark.com/privacy-policy


Chargebee, Inc

Activity: Finance, Communications

Data processed: Name, email, organization, billing details

App data processed: Name, email, organization, billing details

Data locations: US

Chargebee participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Privacy Shield Framework’s applicable Privacy Shield Principles.

Source: https://www.chargebee.com/privacy/


Twilio Inc. (SendGrid)

Activity: Infrastructure, Communications

Data processed: Name, email, email tracking

App data processed: None

Data locations: US, Multiple

Twilio has certified with the EU–U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of “personal data” (as defined under the Privacy Shield principles) transferred from the European Union and the United Kingdom, and/or Switzerland to the United States, respectively. Twilio has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data. As required under the principles, when Twilio receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Twilio’s behalf, Twilio has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Twilio is responsible for the event giving rise to the damage.

Source: https://www.twilio.com/legal/privacy
Source: https://www.twilio.com/gdpr


Cloudflare, Inc.

Activity: Infrastructure

Data processed: IP

App data processed: None

Data locations: US, Multiple

While Cloudflare no longer relies on the EU-U.S. and the Swiss -U.S. Privacy Shield as a lawful basis for international transfers of personal data from the EEA and Switzerland to the U.S., Cloudflare remains certified under both the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks respectively as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, the UK, and Switzerland to the United States, respectively (“Privacy Shields”). We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Source: https://www.cloudflare.com/en-gb/privacypolicy/
Source: https://www.cloudflare.com/en-gb/gdpr/introduction/


Calendly LLC

Activity: Support, Communications

Data processed: Name, email, email tracking

App data processed: None

Data locations: US

Our application and database servers are located here in the United States.

If you are an individual located in the European Economic Area, the United Kingdom, Canada or another jurisdiction outside of the United States with laws and regulations governing personal data collection, use, and disclosure that differ from United States laws, please be aware that information we collect (including through the use of methods such as Cookies and other web technologies) will be processed and stored in the United States or in other countries where we or our third-party Service Providers have operations. By submitting your personal data to Calendly and using Calendly, you expressly consent to have your personal data transferred to, processed, and stored in the United States or another jurisdiction which may not offer the same level of privacy protection as those in the country where you reside or are a citizen.

In connection with the operation of its Website, Calendly may transfer your personal data to various locations, which may include locations both inside and outside of the European Economic Area. We process personal data submitted relating to individuals in Europe via the Standard Contractual Clauses.

Source: https://calendly.com/pages/privacy
Source: https://help.calendly.com/hc/en-us/articles/360007032633-GDPR-FAQs


Tribe Technologies Inc.

Activity: Support, Communications

Data processed: Name, email, profile image, user generated content

App data processed: Name, email, profile image

Data locations: US

Tribe’s headquarters in Canada is our primary location for business operations. Servers hosting the Tribe platform are located in the US unless agreed as part of a separate agreement. In order to provide Use with the information, products, or services Use have requested, Personal Data may be transferred or shared with other companies within our family of companies, including those third-party vendors who act on our behalf, process Personal Data in accordance with the purposes for which the data was originally collected, or for purposes to which Data Subjects have subsequently consented. Our Privacy Policy, supported by model contract agreements and safeguards for data governance, are designed to provide equivalent data protection for all customers wherever they may reside.

Further, individuals located in the EU have certain rights under European law (including under the General Data Protection Regulation) with respect to Personal Information, including the right to request access to, obtain, correct, amend, delete, or limit the use of User’s personal data. Individual end users, customers or prospective customers located in the EU who wish to exercise these rights, should contact Tribe using the contact information below in Section 16. If we are processing User’s information on behalf of a third party then User should contact that party directly because Tribe serves as a data processor on behalf of third party in that instance and can only forward User’s request to the buyer to allow them to respond. Individuals also have the right to make complaints to regulatory authorities in respect of our privacy practices.

Source: https://tribe.so/privacy-policy
Source: https://blog.tribe.so/tribe-community-software-commitment-gdpr/


Prospect Global Ltd (SoPro)

Activity: Marketing

Data processed: Name, email, organization, email tracking, contact records

App data processed: None

Data locations: MK

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.

Prospect Global Ltd (trading as SoPro) Reg. UK Co. 09648733. You can contact SoPro and view their privacy policy here: http://sopro.io. SoPro are registered with the ICO Reg: Z123456 their Data Protection Officer can be emailed at: dpo@sopro.io.

We and Our other Group Companies have offices and facilities in Macedonia where your personal data may be processed. Transfers to Macedonia will be protected by appropriate technical and administrative safeguards included in our Terms of Contract for data processing agreed between us and our Macedonian counterparts which of course includes the standard clauses required under GDPR.

Source: https://sopro.io/legal/


HelloSign Service (JN Projects, Inc.)

Activity: Legal

Data processed: Name, email, address, signature

App data processed: None

Data locations: US, Multiple

Around the world – To provide you with the Services, we may store, process and transmit data in the United States and locations around the world – including those outside your country. Data may also be stored locally on the devices you use to access the Services.

Data Transfers. When transferring data from the European Union, the European Economic Area, the United Kingdom and Switzerland, HelloSign relies upon a variety of legal mechanisms, such as contracts with our customers and affiliates, Standard Contractual Clauses and the European Commission’s adequacy decisions about certain countries, as applicable.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. HelloSign complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union, the European Economic Area, the United Kingdom and Switzerland to the United States, although HelloSign does not rely on the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield Frameworks as a legal basis for transfers of personal data. HelloSign has certified to the Department of Commerce that it adheres to the Privacy Shield principles with respect to such data. You can also learn more about Privacy Shield at www.privacyshield.gov.

Source: https://gb.hellosign.com/privacy


Contact

Questions, comments and requests regarding this policy are welcomed and should be addressed via our contact page here.

Last updated: 23rd April 2021

Try Method Grid - it's free Sign up