Information security and adequate management policies for data are our priorities and the reason we make continuous investments in technology.
EnterpriseAlumni, Inc. (“EnterpriseAlumni”) uses certain sub-processors (including members of the EnterpriseJungle Group and third parties, as listed below), subcontractors and content delivery networks to assist it in providing the Services as described in the Master Subscription Agreement (“MSA”). Defined terms used herein shall have the same meaning as defined in the MSA.
What is a Sub-processor
A sub-processor is a third party data processor engaged by EnterpriseAlumni, including entities from within the EnterpriseAlumni Group, who has or potentially will have access to or process Service Data (which may contain Personal Data). EnterpriseAlumni engages different types of sub-processors to perform various functions as explained in the tables below. EnterpriseAlumni refers to third parties that do not have access to or process Service Data but who are otherwise used to provide the Services as “subcontractors” and not sub-processors.
EnterpriseAlumni undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process Service Data.
EnterpriseAlumni requires its sub-processors to satisfy equivalent obligations as those required from EnterpriseAlumni (as a Data Processor) as set forth in EnterpriseAlumni’s Data Processing Agreement (“DPA”), including but not limited to the requirements to:
- Process Personal Data in accordance with data controller’s (i.e. Subscriber’s) documented instructions (as communicated in writing to the relevant sub-processor by EnterpriseAlumni);
- In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which EnterpriseAlumni is contractually committed to adhere to insofar as they are equally relevant to the sub-processors processing of Personal Data on EnterpriseAlumni’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification EnterpriseAlumni reserves the right to audit the sub-processor;
- Promptly inform EnterpriseAlumni about any actual or potential security breach; and
- Cooperate with EnterpriseAlumni in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give Customers/Users any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate EnterpriseAlumni’s engagement process for sub-processors as well as to provide the actual list of third party sub-processors, subcontractors and content delivery networks used by EnterpriseAlumni as of the date of this policy (which EnterpriseAlumni may use in the delivery and support of its Services).
If you are an EnterpriseAlumni Customer/User and wish to enter into our DPA, please visit our Infosec site inside of the Customer Community Portal.
Process to Engage New Sub-processors:
For all Subscribers who have executed EnterpriseAlumni’s standard DPA, EnterpriseAlumni will provide notice via this policy of updates to the list of sub-processors that are utilized or which EnterpriseAlumni proposes to utilize to deliver its Services. EnterpriseAlumni undertakes to keep this list updated regularly to enable its Subscribers to stay informed of the scope of sub-processing associated with the EnterpriseAlumni Services. EnterpriseAlumni Subscribers may subscribe to receive notifications of updates to this policy by clicking “Follow updates” at the top of this policy.
Pursuant to the DPA, a Subscriber may object in writing to the processing of its Personal Data by a new sub-processor within thirty (30) days following the update of this policy and such objection shall describe Subscriber’s legitimate reason(s) for objection. If Subscriber does not object during such time period the new sub-processor(s) shall be deemed accepted.
If a Subscriber objects to the use of a new sub-processor pursuant to the process provided under the DPA, EnterpriseAlumni shall have the right to cure the objection through one of the following options (to be selected at EnterpriseAlumni’s sole discretion):
(a) EnterpriseAlumni will cease to use the new sub-processor with regard to Personal Data;
(b) EnterpriseAlumni will take the corrective steps requested by Subscriber in its objection (which remove Subscriber’s objection) and proceed to use the sub-processor to process Personal Data; or
(c) EnterpriseAlumni may cease to provide or Subscriber may agree not to use (temporarily or permanently) the particular aspect of an EnterpriseAlumni Service that would involve the use of the sub-processor to process Personal Data.
Termination rights, as applicable and agreed, are set forth exclusively in the DPA.
The following is an up-to-date list (as of the date of this policy) of the names and locations of EnterpriseAlumni sub-processors, subcontractors and content delivery networks (including members of the EnterpriseAlumni Group and third parties):
Infrastructure Subprocessors – Service Data Storage
EnterpriseAlumni owns or controls access to the infrastructure that EnterpriseAlumni uses to host Service Data submitted to the Services, other than as set forth below. Currently, the EnterpriseAlumni production systems for the Services are located in co-location facilities in the United States and Europe and in the infrastructure sub-processors listed below. Customer accounts are established in one of these regions based on where the user base or organization is located; the Organization’s Service Data subsequently remains in that region unless agreed between Customer and EnterpriseAlumni, but may be shifted among data centers within a region to ensure performance and availability of the Services. The following table describes the countries and legal entities engaged by EnterpriseAlumni in the storage of Service Data.
|Entity Name||Entity Type||Entity Country|
|Amazon Web Services, Inc.||Cloud Service Provider||United States|
|Amazon Data Services Ireland Ltd||Cloud Service Provider||Ireland|
|Google Inc.||Cloud Service Provider||United States|
|SAP DE||Cloud Service Provider||Germany|
|Microsoft||Cloud Service Provider||Germany|
|Oracle||Cloud Service Provider||Germany|
|IBM||Cloud Service Provider||Germany|
Service Specific Sub-processors
EnterpriseAlumni works with certain third parties to provide specific functionality within the Services. These providers are the Sub-processors set forth below. In order to provide the relevant functionality this Sub-processors access Service Data. Their use is limited to the indicated Services.
|Entity Name||Purpose||Applicable Services||Entity Country|
|Okta, Inc||(“Okta”) is the authentication and authorization provider that EnterpriseAlumni uses to provide appropriate access to the services including inbound corporate federation, social login, Adaptive MFA, passwordless authentication and password breach management.|
|Intercom Inc.||Intercom Inc. (“Intercom”) provides some of the connectors between the EnterpriseAlumni Message functionality available within EnterpriseAlumni Chat and messaging functionality within EnterpriseAlumni Support and certain third party messaging platforms. Intercom has access to Subscribers’ and End-Users’ basic contact information as needed to deliver the messages sent through the connectors. This includes Service Data contained in the messages and the Personal Data of Subscribers’ Agents and End-Users as needed to send and deliver the messages.|
|EnterpriseAlumni Chat, EnterpriseAlumni Support||United States|
|Sendgrid, Inc. (including Twilio)||Sendgrid, Inc. (“Sendgrid”) is an email campaign service provider used within EnterpriseAlumni Explore to send notification emails and dashboards to Agents and End-Users. The primary information Sendgrid has access to is the email addresses of recipients of the emails and the content of the emails themselves. The content of the emails may include the dashboards Subscriber has chosen to include in the email campaign.|
|EnterpriseAlumni Explore||United States|
|Cloudflare, Inc.||Cloudflare, Inc. (“Cloudflare”) provides content distribution, security and DNS services for web traffic transmitted to and from the Services. This allows EnterpriseAlumni to efficiently manage traffic and secure the Services. The primary information Cloudflare has access to is information in and associated with the EnterpriseAlumni website URL that the End-User or Agent is interacting with (which includes End-User or Agent IP address). All information (including Service Data) contained in web traffic transmitted to and from the Services is transmitted through Cloudflare’s systems. Cloudflare also processes a limited amount of Personal Data (specifically Agent and End-User IP addresses and browser and operating system information) for logging purposes.|
|Pendo.io, Inc.||Pendo.io, Inc. (“Pendo”) is a third-party analytics provider that EnterpriseAlumni uses to capture how users interact with the Service. EnterpriseAlumni uses this information to analyze and improve the Services. The primary information Pendo has access to is information in and associated with the EnterpriseAlumni website URL that the Agent and End-User is interacting with, such as time spent on page, items clicked (including Service Data contained in those items), Agent email addresses, End-User email addresses, etc.|
|DataVisor, Inc.||DataVisor, Inc. (“DataVisor”) is a third party service used to prevent fraudulent account registrations for the Service and to prevent spamming and other harmful use of the Services. The primary information that DataVisor has access to is information provided by Subscribers at trial creation (Subscriber email address, IP address, company name, etc.), Guide content and comments, and Support ticket content and associated End-User ticket metadata.|
|Scalyr, Inc.||Scalyr, Inc. (“Scalyr”) is a third party logging platform that EnterpriseAlumni uses for ingesting, parsing, querying and performing analytics on Service application and infrastructure logs (“Logs”). These Logs are then used for debugging, troubleshooting, auditing, reporting, and detecting and alerting on unexpected application behavior. Incidental to the purpose of the Log Processing, Service Data and Personal Data may be Processed by Scalyr. Examples of the data that may be in the Logs includes: timestamp, token ID, email address, user agent, username, Account ID, User ID, name, IP address, application paths and parameters, Session IDs, provisioned infrastructure, Ticket and Help Center data, Agent data and other types of Service Data.|
|NewRelic, Inc.||NewRelic, Inc. (“NewRelic”) is a third party logging platform that EnterpriseAlumni uses for ingesting, parsing, querying and performing analytics on Service application and infrastructure logs (“Logs”). These Logs are then used for debugging, troubleshooting, auditing, reporting, and detecting and alerting on unexpected application behavior. Incidental to the purpose of the Log Processing, Service Data and Personal Data may be Processed by NewRelic. Examples of the data that may be in the Logs includes: timestamp, token ID, email address, user agent, username, Account ID, User ID, name, IP address, application paths and parameters, Session IDs, provisioned infrastructure, Ticket and Help Center data, Agent data and other types of Service Data.|
|Zendesk||Zendesk (“Zendesk”) is a third-party service provider that assists EnterpriseAlumni with the provision of customer support only and is not involved in technical operations which would include the prevention of and addressing technical or service issues. Zendesk has limited access to Subscribers’ information, including Service Data. This limited access is with the dependent on permission granted by Subscribers to Zendesk. Zendesk may have access to the following identifying information about Subscribers and End-Users for the sole purpose of dealing with Subscribers’ support requests: first and last name, email address and phone number. In addition and with Subscriber permission, this Zendesk may be provided access to Service Data for the purpose of dealing with support requests.|
EnterpriseAlumni Group Sub-processors
The following entities are members of the EnterpriseAlumni Group. Accordingly, they function as sub-processors to provide the Services.
|EnterpriseJungle, Inc.||United States|
|EnterpriseAlumni UK Ltd||United Kingdom|
As explained above, EnterpriseAlumni also uses certain “subcontractors” to assist in the operations necessary to provide the EnterpriseAlumni Services as described in the Master Subscription Agreement. The following is a list (as of the date of this policy) of the names and locations of material third-party subcontractors. Subcontractors do not have access to Service Data.
|Entity Name||Entity Type||Location|
|No subcontractors at this time||Data Center||European Union (Ireland and Germany)|
|No subcontractors at this time||Data Center||United States (Virginia and California)|
Content Delivery Networks
As explained above, EnterpriseAlumni’s Services may use content delivery networks (“CDNs”) to provide the Services, for security purposes, and to optimize content delivery. CDNs do not have access to Service Data but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Website content served to website visitors and domain name information may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by that CDN to enable its functions. The following describes use of CDNs by EnterpriseAlumni’s Services.
|CDN Provider||Services Using CDN||CDN Location||Description of CDN Services|
|Akamai||All EnterpriseAlumni Services||Global||Public website content served to website visitors may be stored with Akamai, and transmitted by Akamai to website visitors, to expedite transmission.|
|Amazon Web Services, Inc.||All EnterpriseAlumni Services||Global||Public website content served to website visitors may be stored with Amazon Web Services, Inc., and transmitted by Amazon Web Services, Inc., to website visitors, to expedite transmission.|
|Verizon Digital Media Services, Inc.||All EnterpriseAlumni Services||Global||Public website content served to website visitors may be stored with Verizon Digital Media Services, and transmitted by Verizon Digital Media Services to website visitors, to expedite transmission.|