SolidCo Pty Ltd
ABN 41 680 244 446
Subprocessor Policy
Version 1.0
1. Purpose
SolidCo Pty Ltd (“SolidCo”, “we”, “our” or “us”) is committed to protecting the personal information entrusted to us by our clients and their users.
As part of providing our services, we may engage carefully selected third party service providers (“subprocessors”) to assist us in delivering web development, cloud hosting, managed services, cybersecurity, software development, communications, billing and related business services.
This policy explains how we select, manage and monitor our subprocessors and should be read together with our:
- Privacy Policy;
- Data Processing Addendum (where applicable); and
- Information Security Statement.
2. Scope
This policy applies whenever SolidCo processes personal information on behalf of a client and engages a third party to assist in delivering those services.
Where SolidCo acts as a data processor under applicable privacy legislation, including the UK General Data Protection Regulation (UK GDPR) and the European Union General Data Protection Regulation (EU GDPR), we will only appoint subprocessors that provide appropriate safeguards for protecting personal data.
3. What is a Subprocessor?
A subprocessor is a third party organisation that processes personal information on behalf of SolidCo so that we can deliver our services to our clients.
Examples include providers of:
- Cloud hosting
- Content delivery and cybersecurity
- Email and productivity services
- Accounting and invoicing
- Payment processing
- Source code management
- Business communications
4. Our Principles
When selecting subprocessors, SolidCo aims to:
- use reputable providers with established security practices;
- minimise the amount of personal information shared;
- only share information necessary to provide the relevant service;
- require subprocessors to protect personal information appropriately;
- periodically review the suitability of our subprocessors; and
- comply with applicable privacy legislation and contractual obligations.
5. International Data Transfers
Some of our subprocessors operate globally and may process personal information outside Australia, the United Kingdom or the European Economic Area.
Where required by applicable law, we rely on appropriate safeguards for international data transfers, which may include:
- European Commission Standard Contractual Clauses (SCCs);
- the UK International Data Transfer Addendum or International Data Transfer Agreement (IDTA);
- adequacy decisions; or
- other lawful transfer mechanisms recognised under applicable privacy laws.
6. Security
SolidCo expects subprocessors to maintain appropriate technical and organisational measures to protect personal information.
Depending on the services provided, these measures may include:
- encryption in transit;
- encryption at rest where appropriate;
- multi factor authentication;
- role based access controls;
- security monitoring and logging;
- vulnerability and patch management;
- incident response procedures; and
- business continuity and disaster recovery processes.
While we undertake reasonable due diligence before engaging subprocessors, each provider remains independently responsible for the security of its own systems and services.
7. Current Subprocessors
The following organisations may process personal information on our behalf as part of delivering our services.