Passthrough engages Sub-Processors to assist with its data processing activities on behalf of Passthrough Customer Group Members as defined in our Data Processing Addendum.
We strive to be clear about our use of data and the third party service providers we engage. As we make changes, we will outline a few highlights below, so please review this page carefully. If you have questions or queries, please contact us at info@passthrough.com.
When Passthrough engages third party service providers in our capacity as a data processor for our Customer Group Members’ data, the General Data Protection Regulation (“GDPR”) calls these third-party service providers sub-processors. Sub-processors are service providers who have or potentially will have access to or process personal data that Passthrough processes for, and on behalf of Passthrough’s Customer Group Members.
The list outlines the types of sub-processors we utilize, where they are located, and a description of the work they carry out.
Before engaging any service provider, we perform due diligence, including a vendor security assessment. Our service providers are subject to contract terms designed to ensure that these service providers process personal data only for the purposes of providing services to Passthrough and in accordance with our commitments to Customer Group Members and applicable data protection laws.
Due to the nature of our business and the volume of Customer Group Members, our business needs and services providers may change from time to time. For example, we may deprecate a sub-processor to consolidate and minimize our use of sub-processors. Similarly, we may add a sub-processor if we believe that doing so will enhance our ability to deliver our services.
We will periodically update this page to reflect additions and removals to our list of service providers. If you are a Customer Group Member, you may subscribe to receive email notifications of updates to this page here.
Under the terms of our Data Processing Agreement (DPA), a Customer Group Member may reasonably object in writing to the processing of its personal data by a new sub-processor within 10 days following the update of this page. If a Customer Group Member does not object during the 10 day time period, the appointment of the new sub-processor shall be deemed accepted by the Customer Group Member. If you are a Customer Group Member and want to know more about our DPA, you can review it here.
For more information on Passthrough’s privacy practices, please visit our Privacy Policy. If you have any questions regarding this page, please contact us at info@passthrough.com.
Your Privacy Choices