7Sigma Sub-Processor Policy
As of June 2021.
​
7Sigma uses certain sub-processors and content delivery networks to assist it in providing Software and Services to customers.
​
Sub-processor Definition
A sub-processor is a third party data processor engaged by 7Sigma, including providers, vendors, contractors and subcontractors, who have or potentially will have access to or process Data (which may contain Personal Data). 7Sigma engages different types of sub-processors to perform various functions.
​
Due Diligence
7Sigma undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or otherwise process Data.
​
Contractual Safeguards
7Sigma generally requires its sub-processors to satisfy equivalent obligations as those required from 7Sigma (as a Data Processor) as set forth in 7Sigma’s Data Privacy Policy, including but not limited to the requirements to:
-
Process Data in accordance with customer’s document instructions;
-
In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
-
Provide regular training in security and data protection to personnel to whom they grant access to Data;
-
Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which 7Sigma is contractually committed to adhere to, insofar as they are equally relevant to the sub-processor’s processing of Data on 7Sigma’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification 7Sigma reserves the right to audit the sub-processor;
-
Promptly inform 7Sigma about any actual or potential security breach; and
-
Cooperate with 7Sigma in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
​
This policy does not give Customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate 7Sigma’s engagement process for sub-processors as well as to provide the actual list of third party sub-processors and content delivery networks used by 7Sigma as of the date of this policy (which 7Sigma may use in the delivery and support of its Services).
​
Process to Object to New Sub-processors
7Sigma undertakes to keep this list updated regularly to enable its Customers to stay informed of the scope of sub-processing associated with the 7Sigma Software and Services.
​
7Sigma Customers may object in writing to the processing of Data by a new sub-processor within thirty (30) days following the update of this policy and such objection shall describe Customer's legitimate reason(s) for objection. If a Customer does not object during such time period the new sub-processor(s) shall be deemed accepted.
​
If a Customer objects to the use of a new sub-processor pursuant to the process provided, 7Sigma shall have the right to cure the objection through one of the following options (to be selected at 7Sigma’s sole discretion):
-
7Sigma will cease to use the new sub-processor with regard to Data;
-
7Sigma will take the corrective steps requested by Customer in its objection (which steps will be deemed to resolve Customer’s objection) and proceed to use the sub-processor to process Data; or
-
7Sigma may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of a 7Sigma Software or Service that would involve use of the sub-processor to process Data.
​
7Sigma Sub-processors
The following is an up-to-date list (as of the date of this policy) of the names and locations of 7Sigma sub-processors and content delivery networks:
​
Infrastructure Sub-processors – Service Data Storage and Processing
7Sigma owns or controls access to the infrastructure that 7Sigma uses to host and process Data, other than as set forth herein. Currently, the 7Sigma production systems used for hosting Data are located in the United States and in the infrastructure sub-processors listed below.
​
Customer accounts are typically established in one of these regions based on where the customer is located, but may be shifted among locations to ensure performance and availability of 7Sigma’s Software and Services. The following table describes the countries and legal entities engaged by 7Sigma in the storage of Data. 7Sigma also uses additional services provided by these sub-processors to process Data as needed to provide the Services.
​
​
​
​
​
​
​
​
Content Delivery Networks
As explained above, 7Sigma’s Services may use content delivery networks (“CDNs”) to provide the Software and Services, for security purposes, and to optimize content delivery. CDNs do not have access to Data but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. The following describes use of CDNs by 7Sigma’s Software and Services.
​