optilyz Partners
optilyz GmbH (“optilyz”) uses certain subprocessors (including third parties, as listed below) to assist it in providing the optilyz service as described in the Terms & Conditions (“T&Cs”). Defined terms used herein shall have the same meaning as defined in the T&Cs.
What is a Subprocessor
A subprocessor is a third party data processor engaged by optilyz, who has or potentially will have access to or process Service Data (which may contain Personal Data). optilyz engages different types of subprocessors to perform various functions as explained in the tables below.
Due Diligence
optilyz undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.
Process to Engage New Subprocessors
For all Customers who have executed optilyz’s standard DPA, optilyz will provide notice via this policy of updates to the list of subprocessors that are utilized or which optilyz proposes to utilize to deliver its services. optilz undertakes to keep this list updated regularly to enable its Customers to stay informed of the scope of subprocessing associated with the optilyz services.
Pursuant to the DPA, a Customer can object in writing to the processing of its Personal Data by a new subprocessor within thirty (30) days after updating of this policy and shall describe its legitimate reasons to object. If Customer does not object during such time period the new subprocessor(s) shall be deemed accepted.
If a Customer objects to the use of a subprocessor pursuant to the process provided under the DPA, optilyz shall have the right to cure the objection through one of the following options (to be selected at optilyz’s sole discretion):
optilyz will cease to use the subprocessor with regard to Personal Data;
optilyz will take the corrective steps requested by Customer in its objection (which remove Customers’s objection) and proceed to use the subprocessor to process Personal Data; or
optilyz may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of an optilyz Service that would involve use of the subprocessor to process Personal Data.
Termination rights, as applicable and agreed, are set forth exclusively in the DPA.
The following is an up-to-date list (as of the date of this policy) of the names and locations of optilyz subprocessors (including third parties):
Infrastructure Subprocessors – Service Data Storage
optilyz owns or controls access to the infrastructure that optilyz uses to host Service Data submitted to the Services, other than as set forth below. Currently, the optilyz production systems for the Services are located in co-location facilities in Europe. The Customer’s Service Data subsequently remains in that region unless agreed between Customer and optilyz, but may be shifted among data centers within a region to ensure performance and availability of the Services. The following table describes the countries and legal entities engaged in the storage of Service Data by optilyz.
| Entity name | Entity type | Country | Address |
|---|---|---|---|
| Amazon Web Services EMEA Sárl* | Cloud Service Provider | Luxembourg | 5 rue Plaetis, 2338 Luxembourg |
Mongo DB Limited** | Database Provider | Ireland | Building Two Number One Ballsbridge Ballsbridge Dublin 4 Ireland |
*) The data is hosted on servers at Amazon Web Services in Frankfurt am Main (Germany). There is no transfer of personal identifiable information (PII) to servers outside Germany. However, the legal contractual partner is the company in Luxembourg
**) The database is hosted on servers at Amazon Web Services in Frankfurt am Main (Germany) using MongoDB technology. There is no transfer of data to servers outside Germany. However, the legal contract partner is the company in Ireland
Data flow and encryption at optilyz
We work with both AWS and MongoDB on the basis of SCC (standard contractual clauses):
- Virtual Private Cloud (VPC) – Logically isolated area of the AWS cloud where AWS resources can run on a virtual network defined by optilyz. See also https://aws.amazon.com/de/vpc/
- Isolated and fully self-managed virtual environment – Virtualized server environment running an operating system installed by optilyz. Appropriate configuration of this system ensures that no third party can gain access to this server and that the processing operations on this system cannot be overheard.
- Encrypted storage of personal data – All data (files or database entries) are encrypted (when writing) or decrypted (when reading). This encryption and decryption is done within the virtualized server environment. The customer-specific keys used are also stored encrypted.
Print and postal service Subprocessors
optilyz works with certain third parties to provide printing and postal services. These providers are the Subprocessors set forth below. In order to provide the relevant functionality these Subprocessors access Personal Data.
| Entity Name | Type | Country | Address |
|---|---|---|---|
| Asendia Germany GmbH | Postal Service Provider | Germany | Redcarstraße 3, 53842 Troisdorf |
| Central Mailing Services Ltd. | Printer and Lettershop | United Kingdom | Unit 59-60, Gravelly Industrial Park Tyburn Rd, Birmingham B24 8TQ, UK |
| DATACOLOR media solutions GmbH | Printer and Lettershop | Germany | Otto-Brenner-Str. 7a, 21337 Lüneburg |
| dataform dialogservices GmbH | Printer and Lettershop | Germany | Wiesenstraße 1, 90614 Ammerndorf |
| direct services Gütersloh GmbH | Printer and Lettershop | Germany | An der Autobahn 300, 33333 Gütersloh |
| Deutsche Post Direkt GmbH | Address Service Provider | Germany | Junkersring 57, 53844 Troisdorf |
| druck.at Druck- und Handelsgesellschaft mbH | Printer and Lettershop | Austria | Aredstraße 7, A-2544 Leobersdorf |
| Funke Lettershop AG | Printer and Lettershop | Switzerland | Bernstrasse 217/223, 3052 Zollikofen |
| Jetmail BV | Printer and Lettershop | Netherlands | Amperestraat 5, 2181 HB Hillegom |
| Mindl Print + Lettershop GmbH | Printer and Lettershop | Germany | Mindl Print + Lettershop GmbH, Dr.-Ernst-Derra-Straße 4, 94036 Passau |
| MMS Melter Mail Service GmbH | Printer and Lettershop | Germany | Lugwaldstraße 10, 75417 Mühlacker |
| MSP Druck und Medien GmbH | Printer and Lettershop | Germany | msp druck und medien gmbh, Stahlwerkstraße 36, 57555 Mudersbach |
| Ottweiler Druckerei und Verlag GmbH | Printer and Lettershop | Germany | Johannes-Gutenberg-Straße 14, 66564 Ottweiler |
| Precision Group | Printer and Lettershop | New Zealand | 83-89 Freight Drive, Somerton, Victoria 3062 |
| Primedata | Printer and Lettershop | Canada | 1-205 Industrial Parkway North, Aurora, Ontario L4G 4C4 |
| Reacon Group* | Printer and Lettershop | Australia | 2/2-6 Orion Road, Lane Cove NSW 2066 |
| Sattler Direct Mail GmbH & Co. KG | Printer and Lettershop | Germany | Daimlerring 2, 31135 Hildesheim |
| WIRmachenDRUCK GmbH | Printer and Lettershop | Germany | Mühlbachstr. 7, 71522 Backnang |
*) A transfer of data to a country without adequate data protection according to the EU regulation 2016/679 will only occur if the customer explicitly books a campaign for printing & shipping for such a country. In no other case will optilyz transfer personal data of any kind to a country without adequate data protection according to the EU regulation 2016/679 without the prior consent of the customer.