Sub-processors
Overview
To provide our services, PDC Software engages certain third-party sub-processors to process personal data on behalf of our customers. This page lists all sub-processors that may process customer data as part of our service delivery.
All sub-processors listed here have been carefully vetted to ensure they meet our security standards and comply with applicable data protection regulations, including GDPR.
Important Notice
Compliance Certifications: The compliance certifications listed for each sub-processor are based on publicly available information at the time of our last review and are subject to change. PDC Software makes reasonable efforts to ensure this information is current but cannot guarantee the ongoing accuracy of third-party certifications.
Due Diligence: While we perform due diligence on our sub-processors, customers requiring specific compliance certifications should independently verify current compliance status with their account representative.
Notification of Changes
We will notify customers at least 30 days before adding or removing any sub-processor. Customers may object to the addition of a new sub-processor by contacting us within 14 days of notification.
Current Sub-processors
Microsoft (Azure & Microsoft 365)
Location: United States
Purpose:
Cloud Infrastructure, Productivity Suite & Collaboration
Data Types Processed:
- Email data
- Documents
- Cloud infrastructure
- User authentication
Compliance Certifications:
Amazon Web Services (AWS)
Location: United States
Purpose:
Cloud Infrastructure & Hosting
Data Types Processed:
- Application data
- Database storage
- Backups
Compliance Certifications:
Google (Analytics & Ads)
Location: United States
Purpose:
Website Analytics & Marketing
Data Types Processed:
- Website usage data
- Marketing analytics
- IP addresses
Compliance Certifications:
HubSpot
Location: United States
Purpose:
CRM & Marketing Automation
Data Types Processed:
- Contact information
- Sales data
- Marketing communications
Compliance Certifications:
WatchGuard
Location: United States
Purpose:
Network Security & Firewall Management
Data Types Processed:
- Network traffic data
- Security logs
- Authentication data
Compliance Certifications:
AppRiver (OpenText)
Location: United States
Purpose:
Email Security & Protection
Data Types Processed:
- Email communications
- Spam filtering data
- Security logs
Compliance Certifications:
SentinelOne
Location: United States
Purpose:
Endpoint Detection & Response (EDR)
Data Types Processed:
- Endpoint security data
- Threat intelligence
- Security events
Compliance Certifications:
Veeam
Location: Switzerland
Purpose:
Backup & Disaster Recovery
Data Types Processed:
- Backup data
- System configurations
- Recovery points
Compliance Certifications:
Intercom
Location: United States
Purpose:
Customer Support & Communications
Data Types Processed:
- Customer communications
- Support tickets
- User interactions
Compliance Certifications:
IT Glue
Location: Canada
Purpose:
IT Documentation & Knowledge Management
Data Types Processed:
- IT documentation
- Network configurations
- Asset information
Compliance Certifications:
NinjaOne
Location: United States
Purpose:
Remote Monitoring & Management (RMM)
Data Types Processed:
- Device monitoring data
- Performance metrics
- Remote access logs
Compliance Certifications:
Syncro
Location: United States
Purpose:
Professional Services Automation (PSA)
Data Types Processed:
- Ticketing data
- Time tracking
- Billing information
Compliance Certifications:
Apollo.io
Location: United States
Purpose:
Lead Generation & Sales Intelligence
Data Types Processed:
- Business contact information
- Company data
- Engagement analytics
Compliance Certifications:
Calendly
Location: United States
Purpose:
Meeting Scheduling & Calendar Management
Data Types Processed:
- Calendar availability
- Meeting details
- Contact information
Compliance Certifications:
PandaDoc
Location: United States
Purpose:
Proposal & Contract Management
Data Types Processed:
- Contract data
- Proposal content
- Electronic signatures
Compliance Certifications:
Location: United States
Purpose:
Professional Networking & Advertising
Data Types Processed:
- Professional profile data
- Advertising analytics
- Website visitor data
Compliance Certifications:
Facebook (Meta)
Location: United States
Purpose:
Social Media Marketing & Analytics
Data Types Processed:
- Advertising data
- Website visitor behavior
- Conversion tracking
Compliance Certifications:
Malwarebytes
Location: United States
Purpose:
Anti-malware & Threat Protection
Data Types Processed:
- Threat detection data
- System security events
- Malware signatures
Compliance Certifications:
1Password
Location: Canada
Purpose:
Enterprise Password Management
Data Types Processed:
- Encrypted credentials
- Access logs
- Team sharing data
Compliance Certifications:
Hotjar
Location: Malta
Purpose:
Website Analytics & User Behavior
Data Types Processed:
- User behavior data
- Session recordings
- Heatmap data
Compliance Certifications:
Infrastructure Sub-processors
The following sub-processors are used as part of our infrastructure and may process customer data indirectly:
- DNS providers for domain resolution
- Certificate authorities for SSL/TLS certificates
- Telecommunications providers for network connectivity
Security Measures
We require our sub-processors to maintain appropriate security measures, which typically include:
- Implementation of technical and organizational security measures appropriate to the risk
- Processing personal data only on our documented instructions
- Ensuring personnel are subject to appropriate confidentiality obligations
- Providing reasonable assistance with data subject rights and breach notifications
- Making available information necessary to demonstrate compliance
- Deleting or returning data upon termination of services, where technically feasible
The specific security requirements for each sub-processor are detailed in our agreements with them and are appropriate to the nature of the services they provide and the data they process.
Data Transfers
Where sub-processors transfer data outside the EEA, appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Other valid transfer mechanisms under GDPR
Contact Us
For questions about our sub-processors or to object to a new sub-processor:
PDC Software Data Protection Officer
Email: [email protected]
Phone: (336) 886-3282
Address: 1208 Eastchester Drive, Suite 131
High Point, NC 27265