Our agreement with You
When providing our services you are the Data Controller and we are the Data Processor. From time to time we use subcontractors (called Sub-Processors) to help us provide our services.
This webpage explains the Sub-Processors we use and how they help us provide our services. We’ve created this page to be as transparent as possible with our customers and help them comply with their own requirements under data protection laws around the world.
If you are in the European Union and your organisation needs us to sign a DPA in order to meet your regulatory requirements, please email firstname.lastname@example.org and we will send you our standard DPA.
Please keep in mind that this webpage does not give You any additional rights or advice, and should not be construed as a binding agreement.
Protecting Your Personal Data
Sub-Processor selection: We evaluate the security practices of all the Sub-Processors we work with to ensure they have acceptable security, privacy and confidentiality practices in place to offer an equivalent level of protection for Personal Data as we have agreed with you in the DPA.
Sub-Processor Contracts: The terms of our contracts with our Sub-Processors offer an equivalent level of protection for Personal Data as those in our DPA, including but not limited to the requirements to:
- Process Personal Data in accordance with your documented instructions as communicated in writing to the Sub-Processor by us (unless those instructions would breach Data Protection Law).
- Ensure the personnel engaged to process the Personal Data are aware of their obligations under Data Protection Law and are contractually bound to adhere to Data Protection Law.
- Implement and maintain appropriate technical and organisational measures to protect Personal Data.
- Promptly inform us of any actual or potential security breach.
- Cooperate with us to respond to requests from data subjects or data protection authorities on your instructions.
- Assist you in meeting your GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.
Updates to the list of Sub-Processors
The list of organisations we use to help us run our business may be updated by us from time to time. To receive notifications of updates to this webpage click “Follow” at the top of the policy.
As per the DPA, we will give 14-days’ notice for you to reasonably object to your Personal Data being processed by the proposed changes to our sub-processors list. The following table gives the name, reason for processing, the type of change (removal or addition), and an inclusive effective date of the proposed changes. After the inclusive effective period, and following no reasonable grounds for objection, we will process your Personal Data with the amended list of Sub-Processors.
Please refer to the terms of your DPA with us for information on your right to object to the processing of Personal Data by a new Sub-Processor.
|Proposed additional sub-processor||Purpose of processing Personal Data||Type of change||Effective date|
Our Sub-Processors (last updated on 29 October 2020)
Our current Sub-Processors that we engage to help us provide our services are:
|Sub-Processor||Purpose of processing Personal Data||RealVNC Division|
One Microsoft Way
|Service processing to message new subscribers.||VNC Connect|
1 King William Street London
|Internet connectivity - server co-location (US, UK).||VNC Connect|
110 Southwark St
|Internet connectivity - server co-location (UK).||VNC Connect|
Our Processors (last updated on 9th March 2023)
Our current processors that we use internally to help us operate our business, such as managing our customer relationships and helping us understand how our services are used, where RealVNC is the Data Controller, are:
|Processor||Purpose of processing Personal Data||RealVNC Division|
|Amazon Web Services, Inc.||Transactional emails and content delivery on our website.||VNC Connect|
|Aha!||Product roadmap management system||VNC Connect|
|Braintree||Payment processing||VNC Connect|
|Browser2Buyer||Website e-commerce optimisation||VNC Connect|
|Convert.com||Website A/B testing||VNC Connect|
|Conveyor, Inc.||Customer trust platform (trust.realvnc.com)||VNC Connect
RealVNC business systems
|Crazy Egg||Website analytics||VNC Connect|
|Flurry||Mobile app analytics and event reporting.||VNC Connect|
|Google Analytics||Website analytics.||VNC Connect|
|Hotjar||Website surveys and anonymised web session recording||VNC Connect|
|Hubspot||Marketing system and managing customer correspondence.||VNC Connect|
|Mailchimp (Mandrill)||Sending transactional emails.||VNC Connect|
|Outreach.io||Sales system used for managing customer correspondence.||VNC Connect|
|PlanHat||Customer Health reporting||VNC Connect|
|Promoter||Customer satisfaction surveys.||VNC Connect|
|QuantSpark||Business Intelligence||VNC Connect
RealVNC business systems
|Salesforce (EU tenant)||Customer relationship management.||VNC Connect|
|SurveyMonkey||Customer surveys.||VNC Connect|
|Talend (Stitch)||Data extraction for business intelligence.||RealVNC business systems|
|Zendesk||Customer support system, including the recording of phone calls.||VNC Connect|
|Zuora, Inc.||Subscription management and financial reporting.||VNC Connect|
As per the DPA, we will give 14-days’ notice for you to reasonably object to your Personal Data being processed by the proposed changes to our processors list. The following table gives the name, reason for processing, the type of change (removal or addition), and an inclusive effective date of the proposed changes. After the inclusive effective period, and following no reasonable grounds for objection, we will process your Personal Data with the amended list of processors.
|Proposed additional processor||Purpose of processing Personal Data||Type of change||Effective date|
Please refer to the terms of your DPA with us for information on your right to object to the processing of Personal Data by a new processor.
Article is closed for comments.