Why sub-processors matter
Websites and SaaS platforms may use third-party providers for hosting, infrastructure, security, analytics, communication, support, payment, email delivery, backups or operational tooling.
Governance & Legal
Sub-processor Information
This page explains how third-party provider information should be treated for EUAIC website and service contexts.
This page is written for website visitors, procurement teams, compliance reviewers and prospective customers. It is intended to make EUAIC’s website terms and policy position clear without pretending to be legal advice.
AIEU
Read policy
Check scope
Review responsibilities
Contact EUAIC
Govern
Govern
Website context
The public website may involve hosting providers, security services, analytics tools, form handling and communication services depending on the live configuration. The privacy and cookie policies should match the technologies actually in use.
Customer service context
For customer services, the relevant sub-processor list should be provided through the applicable agreement, data processing addendum, security pack or procurement response.
Provider changes
Provider lists can change as services evolve. Material changes should be managed according to the customer contract and data processing terms where applicable.
Due diligence
Providers should be reviewed for role, data access, security, location, retention, service importance and contractual protections where relevant.
Supplier categories
Relevant supplier categories may include hosting, domain and DNS services, server management, analytics, email delivery, CRM, support desk, payment processing, backup, monitoring, security tools and professional advisers. The exact list should match the live service setup.
Data access assessment
Not every supplier has the same access. Review should consider whether the provider stores personal data, only transmits it, has administrative access, processes logs, hosts files, supports the system or merely provides a public resource.
Customer notification
Where customer contracts require notice of new or replacement sub-processors, the notice route, objection period and consequences should be set out in the applicable agreement or data processing addendum.
How this policy should be read
This page is written for website visitors and corporate reviewers. It should be read together with the Legal Notice, Privacy Policy, Cookie Policy and Terms of Use. Where a customer has a signed agreement, order form, statement of work, data processing addendum or service schedule, that document will take priority over this general website wording for the relevant service.
Contact and review
Questions about this policy can be raised through the EUAIC contact route. A useful enquiry should identify the page, the concern, the affected service or communication, and any relevant reference. Policies should be reviewed when the website, service model, supplier stack, cookie configuration, platform features or customer contracting process changes.
Important note
These website policies are written for clear corporate communication. They do not replace a signed agreement, formal legal advice, regulatory advice, security assurance or a customer-specific data processing addendum.
Legal pages
Related EUAIC policies
Use these pages to review privacy, cookies, terms, security, accessibility and responsible AI information in a structured way.
Privacy PolicyUnderstand how EUAIC handles website enquiries, business contact details, communication records, privacy rights and retention.TermsRead EUAIC website terms covering acceptable access, intellectual property, no legal advice, external links and liability boundaries.AccessibilityRead EUAIC accessibility principles for responsive layouts, readable structure, clear navigation and inclusive website improvement.Legal CentreAccess EUAIC legal information including privacy, cookies, terms, legal notice, security, GDPR, accessibility and responsible AI policies.Cookie PolicyRead how the EUAIC website may use essential cookies, analytics cookies, security technologies and visitor preferences.Acceptable UseReview acceptable use expectations for EUAIC website access, enquiry forms, security, communication and responsible conduct.GDPR ComplianceReview EUAIC GDPR principles for website enquiries, data minimisation, retention, rights requests and responsible communication.Data ProcessingRead EUAIC data processing information covering customer instructions, controller and processor roles, security and sub-processor review.Security StatementReview EUAIC security principles for website protection, access control, monitoring, maintenance and responsible reporting.Service LevelsUnderstand EUAIC service level themes for availability, planned maintenance, support expectations and incident handling.Refunds & CancellationReview EUAIC refund and cancellation principles for subscriptions, implementation, consulting, custom work and agreed contracts.Anti-SpamRead EUAIC anti-spam principles for responsible business emails, communication quality, unsubscribe handling and sender reputation.Intellectual PropertyReview EUAIC intellectual property rules for website content, branding, graphics, software descriptions and design materials.ComplaintsLearn how to raise EUAIC website, enquiry, service, privacy, security, accessibility or billing concerns for professional review and response.Responsible AIReview EUAIC responsible AI principles covering governance, oversight, transparency, evidence, risk review and accountability.AI Governance DisclaimerRead the EUAIC disclaimer explaining that AI compliance information is general and does not replace professional advice.Legal NoticeReview EUAIC legal notice information including company identity, website ownership, intellectual property and professional advice limitations.Responsible DisclosureRead EUAIC responsible disclosure expectations for reporting security issues safely, privately and without unauthorised exploitation.Data RetentionReview EUAIC data retention principles for enquiries, communication records, website logs, service records and deletion requests.Modern SlaveryRead EUAIC’s modern slavery and ethical trading statement for responsible business conduct and supplier awareness.Equality & InclusionRead EUAIC’s equality, diversity and inclusion statement for respectful access, communication and responsible business culture.
Questions
Frequently asked questions
Is this a live sub-processor list?
It is a framework page. Customer-specific lists should match the live service.
Can customers review providers?
Yes, where relevant to procurement or onboarding.
Do website tools count?
Some website tools may involve third parties and should be reflected in privacy or cookie information.