| Sub-Processor | Purpose for Processing | Personal Data Affected | Country | Safeguard |
|---|---|---|---|---|
| Amazon (AWS) | Data Storage | Personal data contained in user account information and data or files created by customer and stored in Vena Service | United States | SCCs1 |
| Zendesk | Customer Service | Personal data contained in user account information | United States | SCCs |
| Azure | Data Storage | Personal data contained in user account information and data or files created by customer and stored in Vena Service | United States | SCCs |
| CaliberMind | Analytics | Personal data contained in user account information | United States | SCCs |
| Higher Logic | Customer Service | Personal data contained in user account information | United States | SCCs |
| Microsoft Office 365 | Customer Service | Personal data contained in user account information | United States | SCCs |
| Netsuite | Invoicing | Personal data contained in user account information | United States | SCCs |
| Pendo.IO, Inc. | Analytics | Personal data contained in user account information | United States | SCCs |
| Datadog | Application Performance Monitoring | Personal data contained in user account information | United States | SCCs |
| Bizzabo | Event Marketing | Personal data contained in user account information | United States | SCCs |
| Salesforce | Customer Relationship Management | Personal data contained in user account information | United States | SCCs |
| Snowflake Inc. | Analytics | Personal data contained in user account information | Canada | Canada is deemed to have adequate level of data protection by the European Commission and government of the UK |
| 6Sense | Analytics | Personal data contained in user account information | United States | SCCs |
| SoftServe Inc. | Outsourced Implementation, Technical and Service Support | Personal data contained in user account information and data or files created by customer and stored in Vena Service | Poland | SCCs |
| Netskope | Data Loss Prevention | All Personal Data | United States | SCCs |
| Persistent Systems Ltd. | Customer Service, Outsourced Engineering and Technical Support | Personal data contained in user account information and data or files created by customer and stored in Vena Service | India | SCCs |
| Mimecast | Data Loss Prevention | Personal data contained in user account information | Canada | Canada is deemed to have adequate level of data protection by the European Commission and government of the UK |
| Microsoft Azure OpenAI Service, Azure AI Search | Generative AI Processing | Personal data included in any Input or Output | Azure OpenAI Service will be made available in specific data centers in United States, Canada, and Europe, and data processing will be in the same jurisdiction as Subscriber’s AWS instance | SCCs1 |
“Standard Contractual Clauses” (“SCCs”) means the standard contractual clauses designated by EU GDPR or UK GDPR in respect of the export of Subscriber Personal Data which, for greater certainty, shall be,
A) in respect of the European Economic Area: the Annex to the Commission implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, C(2021)3972, as revised from time to time (“EU SCCs”), and
B) in respect of the UK: the International Data Transfer Agreement, in force 21 March 2022, as revised from time to time (“IDTA”).