Subprocessors List

Third-party service providers processing data on our behalf

Last updated: January 15, 2025

Introduction

This page lists all subprocessors (third-party service providers) that AmiSyn B.V. (including its divisions Amisec, Amiphished, and AmiCloud) engages to process personal data on behalf of our customers.

In accordance with Article 28(2) and 28(4) of the GDPR, we maintain this list and notify customers of any changes to our subprocessors. All subprocessors are bound by data processing agreements that ensure GDPR compliance.

Change Notification Process

How We Notify You

30-Day Notice: We provide at least 30 days' advance notice before adding or replacing any subprocessor that processes personal data
Notification Methods:
- Email notification to your registered contact address
- Update to this webpage with clear "NEW" or "UPDATED" labels
- Entry in our Legal Changelog
Right to Object: You have the right to object to the appointment of a new subprocessor. Objections must be submitted in writing to dpo@amisyn.com within 30 days of notification
Resolution: If you object and we cannot accommodate your concerns, either party may terminate the affected services without penalty

Current Subprocessors

The following subprocessors are currently engaged by AmiSyn B.V.:

Hostinger UAB

Visit website →

Infrastructure hosting and VPS services

Data Location

Netherlands (EU)

Data Types Processed

Application data, system logs, user content

Security Safeguards

Standard Contractual Clauses, ISO 27001

Cloudflare Inc.

Visit website →

CDN, DDoS protection, and web security

Data Location

United States (EU Data Centers)

Data Types Processed

IP addresses, HTTP requests, security logs

Security Safeguards

Standard Contractual Clauses, Privacy Shield successor framework

Google LLC

Visit website →

Analytics and monitoring (Google Analytics)

Data Location

United States

Data Types Processed

Usage data, anonymized IP addresses, browser information

Security Safeguards

Standard Contractual Clauses, IP anonymization enabled

Data Processing Safeguards

1. Contractual Requirements

All subprocessors must enter into a Data Processing Agreement (DPA) that includes:

Obligations to process data only on documented instructions
Confidentiality commitments
Appropriate technical and organizational security measures
Assistance with data subject requests and breach notifications
Data deletion or return upon termination

2. International Transfers

When subprocessors are located outside the European Economic Area (EEA), we ensure adequate protection through:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Additional technical measures (encryption, pseudonymization)
Regular reviews of data protection practices

3. Due Diligence

We conduct thorough due diligence before engaging any subprocessor, including:

Security and privacy policy reviews
Certifications verification (ISO 27001, SOC 2, etc.)
Data residency and transfer impact assessments
Ongoing monitoring of compliance and performance

Service-Specific Subprocessors

Some subprocessors are used only for specific services or divisions:

Amisec Services

Penetration testing and security services primarily use internal infrastructure. Subprocessors listed above are used for hosting reports and client communications only.

Amiphished Services

Training platforms and phishing simulations use all listed subprocessors for platform hosting, content delivery, and analytics.

AmiCloud Services

Cloud infrastructure and AI solutions primarily rely on Hostinger for hosting. Additional AI-specific subprocessors may be added with prior notification.

Historical Changes

For a complete history of subprocessor changes, please refer to our Legal Changelog.

Latest Change

January 15, 2025: Initial publication of subprocessors list

Objection Process

How to Object to a Subprocessor

If you wish to object to the addition of a new subprocessor or have concerns about an existing one:

Submit your objection in writing to dpo@amisyn.com within 30 days of receiving notification
Include specific reasons for your objection (e.g., data residency concerns, security requirements)
We will review your objection and attempt to find an acceptable alternative solution
If we cannot accommodate your objection, we will discuss transition options
You may terminate affected services without penalty if no acceptable solution is found

Note: Objections do not apply to general administrative or operational tools that do not process customer personal data (e.g., internal HR systems, accounting software).

Questions and Contact

For questions about our subprocessors or data processing practices:

Data Protection Officer: dpo@amisyn.com

Privacy Team: privacy@amisyn.com

Company: AmiSyn B.V.

Address: [Complete Address], Utrecht, Netherlands

How We Notify You

30-Day Notice: We provide at least 30 days' advance notice before adding or replacing any subprocessor that processes personal data
Notification Methods:
- Email notification to your registered contact address
- Update to this webpage with clear "NEW" or "UPDATED" labels
- Entry in our Legal Changelog
Right to Object: You have the right to object to the appointment of a new subprocessor. Objections must be submitted in writing to dpo@amisyn.com within 30 days of notification
Resolution: If you object and we cannot accommodate your concerns, either party may terminate the affected services without penalty

Current Subprocessors

The following subprocessors are currently engaged by AmiSyn B.V.:

Hostinger UAB

Visit website →

Infrastructure hosting and VPS services

Data Location

Netherlands (EU)

Data Types Processed

Application data, system logs, user content

Security Safeguards

Standard Contractual Clauses, ISO 27001

Cloudflare Inc.

Visit website →

CDN, DDoS protection, and web security

Data Location

United States (EU Data Centers)

Data Types Processed

IP addresses, HTTP requests, security logs

Security Safeguards

Standard Contractual Clauses, Privacy Shield successor framework

Google LLC

Visit website →

Analytics and monitoring (Google Analytics)

Data Location

United States

Data Types Processed

Usage data, anonymized IP addresses, browser information

Security Safeguards

Standard Contractual Clauses, IP anonymization enabled

Data Processing Safeguards

1. Contractual Requirements

All subprocessors must enter into a Data Processing Agreement (DPA) that includes:

Obligations to process data only on documented instructions
Confidentiality commitments
Appropriate technical and organizational security measures
Assistance with data subject requests and breach notifications
Data deletion or return upon termination

2. International Transfers

When subprocessors are located outside the European Economic Area (EEA), we ensure adequate protection through:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Additional technical measures (encryption, pseudonymization)
Regular reviews of data protection practices

3. Due Diligence

We conduct thorough due diligence before engaging any subprocessor, including:

Security and privacy policy reviews
Certifications verification (ISO 27001, SOC 2, etc.)
Data residency and transfer impact assessments
Ongoing monitoring of compliance and performance

Service-Specific Subprocessors

Some subprocessors are used only for specific services or divisions:

Amisec Services

Penetration testing and security services primarily use internal infrastructure. Subprocessors listed above are used for hosting reports and client communications only.

Amiphished Services

Training platforms and phishing simulations use all listed subprocessors for platform hosting, content delivery, and analytics.

AmiCloud Services

Cloud infrastructure and AI solutions primarily rely on Hostinger for hosting. Additional AI-specific subprocessors may be added with prior notification.

Objection Process

How to Object to a Subprocessor

If you wish to object to the addition of a new subprocessor or have concerns about an existing one:

Submit your objection in writing to dpo@amisyn.com within 30 days of receiving notification
Include specific reasons for your objection (e.g., data residency concerns, security requirements)
We will review your objection and attempt to find an acceptable alternative solution
If we cannot accommodate your objection, we will discuss transition options
You may terminate affected services without penalty if no acceptable solution is found

Note: Objections do not apply to general administrative or operational tools that do not process customer personal data (e.g., internal HR systems, accounting software).

Subprocessors List

Introduction

Change Notification Process

How We Notify You

Current Subprocessors

Hostinger UAB

Cloudflare Inc.

Google LLC

Data Processing Safeguards

1. Contractual Requirements

2. International Transfers

3. Due Diligence

Service-Specific Subprocessors

Amisec Services

Amiphished Services

AmiCloud Services

Historical Changes

Objection Process

How to Object to a Subprocessor

Questions and Contact

Related Documents

Subprocessors List

Introduction

Change Notification Process

How We Notify You

Current Subprocessors

Hostinger UAB

Cloudflare Inc.

Google LLC

Data Processing Safeguards

1. Contractual Requirements

2. International Transfers

3. Due Diligence

Service-Specific Subprocessors

Amisec Services

Amiphished Services

AmiCloud Services

Historical Changes

Objection Process

How to Object to a Subprocessor

Questions and Contact

Related Documents