Subprocessors

Subprocessors

In providing you with our Service, the Bright Software Group of Companies (“Bright”, “we”, “us”, “our”) may use carefully selected third party service providers (each, a "Subprocessor”) to help us deliver that Service to you.

This page provides essential information about the identity, location, and role of the Subprocessors used by Bright.

What is a Subprocessor?

A Subprocessor is a third-party data processor engaged by Bright who has, or potentially will have access to, or process Service data (which may contain personal data) on our behalf. Bright engages multiple Subprocessors to perform various functions as explained in the tables below.

Due diligence

Bright will always take steps to ensure that the safety and security of your information is considered, implementing and maintaining necessary technical and organisational measures over each transfer of personal information, and mandating that our third parties maintain a similar level of duty and care.

Contractual safeguards

Bright requires its Subprocessors to satisfy equivalent obligations as those required of Bright (as a Data Processor) as set forth in either Bright’s, or the corresponding Subprocessor’s equivalent, Data Processing Addendum (“DPA”), incorporating either an appropriate European Commission adopted framework (eg. EU-US Data Privacy Framework), or Standard Contractual Clauses ("SCC") where appropriate for transfers outside the EU, including but not limited to the requirements to:

• process Personal Data only in accordance with Bright’s instructions;
• in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
• implement and maintain appropriate technical and organisational measures (including measures consistent with those to which Bright is contractually committed to adhere as far as they are equally relevant to the Subprocessor’s processing of Personal Data on Bright’s behalf);
• promptly inform Bright about any actual or potential security breach; and
• cooperate with Bright in order to deal with requests from data controllers, data subjects or data protection authorities, as and where applicable.

This policy does not give users of the Service any additional rights or remedies and should not be construed as a binding agreement. The information here is provided for transparency purposes to illustrate Bright’s engagement process for Subprocessors as well as to provide the actual list of third party Subprocessors used by Bright (as of the date of this policy) which Bright may use in the delivery and support of its Service.

Process to engage new subprocessors

As our business grows and evolves, the Subprocessors we engage may also change. We will provide users of the Service with notice of any new Subprocessors to the extent required under the Agreement by posting such updates here.

Bright will provide notice, via this policy, of updates to the list of Subprocessors that are utilised, or which Bright proposes to utilise to deliver its Service. Bright undertakes to keep this list updated regularly to enable users of the Service to stay informed of the scope of subprocessing associated with the Service.

Infrastructure Subprocessors

Bright online Services are located in secure, ISO 27001 certified data centre facilities. We may use the following Subprocessors to host Service data or provide other infrastructure that helps with the delivery of the Service.