Krowden works with the third parties (“Sub-Processors”) set forth below to provide specific functionality within the Krowden Services. In order to provide the relevant functionality these Sub-processors access Personal Data as defined in the Data Processing Addendum (“DPA”) for Organizers.
- All third parties are GDPR compliant and we have signed DPA’s with third parties which are available on request: legal@krowden.com.
- In case data is stored outside the EU, we always ensure the same Privacy & Security Standards apply as the country the data was collected (EU). All third parties are GDPR compliant and we have signed DPA’s with third parties which are available on request, please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.: legal@krowden.com.
- Furthermore, a visual Data Processing Diagram is available on request that shows how data flows in/out including the third parties: privacy@krowden.com.
We differentiate the third parties we work with into 2 types: Third parties that process Attendee and Organizer data & Third parties that process Organizer data only.
1. Third parties that process Attendee and Organizer Data:
Business Infrastructure
• Amazon EU Frankfurt (Hosting Services)
Data Located in: Frankfurt, Germany (EU) & Backup services in 2 other locations in Frankfurt, Germany (EU).
Links: https://aws.amazon.com/legal/aws-emea/
DPA Signed: Yes
Can be switched on/off for vendor: No
Communication Tools
Communication is a crucial part of the services we offer. We use a number of professional service providers to ensure professional email delivery, video calling, SMS functionality and others.
• Whereby.com (Video calling provider)
Data Located in: EEC
Links: https://whereby.helpscoutdocs.com/article/526-data-storage-and-security
DPA Signed: Yes
Can be switched on/off for vendor: Yes
• Twilio (SMS service provider)
Data Located in: US (DPA signed & GDPR Compliant)
Links: https://www.twilio.com/gdpr
DPA Signed: Yes
Can be switched on/off for vendor: Yes
• Sendgrid (Email service provider)
Data Located in: US (DPA signed & GDPR Compliant)
Links: https://sendgrid.com/docs/glossary/gdpr/
DPA Signed: Yes
Can be switched on/off for vendor: Yes
Analytics / Cookies
Analytics are used to further improve the end-product and user experience. All cookies can be controlled on a per event level and switched on/off by going to Advanced > Customization.
• (Google Analytics) Google LLC
Located in: EU, US (DPA signed & GDPR Compliant)
Links: https://www.google.com/about/datacenters/locations/
Tracking Cookies are set to: Privacy Friendly
DPA Signed: Yes
Can be switched on/off for vendor: Yes
• (Google Tag Manager) Google LLC
Located in: EU, US (DPA signed & GDPR Compliant)
Links: https://www.google.com/about/datacenters/locations/
DPA Signed: Yes
Can be switched on/off for vendor: Yes
• Inspectlet (User experience improvement)
Located in: Virginia, US (DPA signed & GDPR Compliant)
Links: https://docs.inspectlet.com/hc/en-us/articles/360004212092-Inspectlet-Data-Processing-Agreement-under-GDPR
DPA Signed: Yes
Can be switched on/off for vendor: Yes
2.Third parties that process Organizer Data only (no Attendee data) in addition to the above:
Business Infrastructure
• (Google G-Suite) Google LLC (Internal documents, Email, Spreadsheets, Presentations)
Data Located in: Eemshaven, Netherlands
Data / used by: Krowden Employees only
• PandaDoc (Agreement signing tool)
Data Located in: US (DPA signed & GDPR Compliant)
Data / used by: Organizers only
Links: https://www.pandadoc.com/gdpr/
Payment Services
• Moneybird (Invoicing software)
Data Located in: EU
Links: https://www.moneybird.nl/privacy/
• Mollie (Payment service provider)
Data Located in: Netherlands
Links: https://www.mollie.com/en/privacy
Communication Tools
The third parties listed below are crucial for communication between the Krowden employees and Organizers.
• SendinBlue (newsletter solution)
Data Located in: Belgium & Ireland (EU)
Links: https://help.sendinblue.com/hc/en-us/categories/360000229110-GDPR
• Intercom (chat tool between Organizers and Krowden employees)
Located in: US (DPA signed & GDPR Compliant)
Links: https://www.intercom.com/security
• Zendesk Sell CRM (internal Customer Relationship Management system)
Located in: US (DPA signed & GDPR Compliant)
Links: https://www.zendesk.com/company/privacy
About Krowden itself:
GDPR Compliant
Data stored in Frankfurt (Germany – EU)
Information security management system following ISO 27001 guidelines
OWASP development
Last Revised: 20th of April 2023, 19:12 PM