Skip to main content

Our Subprocessors and International Data Transfers

List of subprocessors

(selection – full list in Annex 3 of the DPA)

  • Microsoft Azure – Cloud infrastructure (Server location: EU – Ireland/Netherlands)
  • Microsoft Dynamics 365 – CRM (Server location: EU – Ireland/Netherlands)
  • Amazon Web Services (AWS) – Cloud infrastructure (Server location: EU – Germany/Ireland)
  • DeepL – Translation (Server location: EU – Germany)
  • Stripe – Payments (Server location: EU – Ireland)
  • Strato – Web hosting (Server location: EU – Germany)
  • Assembly AI – Speech recognition (Server location: EU – Ireland)
  • Azure OpenAI – AI services via Azure (Server location: EU – Ireland/Netherlands)

Note: The continuously updated full subprocessor list is maintained in Annex 3 of the DPA.

Data locations

  • Processing and storage exclusively within the EU, primarily Germany; alternatively other EU regions (e.g., Ireland/Netherlands)
  • No transfers to non-EU countries (as set out in the DPA)

Contractual safeguards (DPAs/SCCs)

  • DPAs are in place with all subprocessors (Section 6 of the DPA); obligations mirror the main DPA
  • Standard Contractual Clauses (SCCs) are not required at present because no international (non-EU) transfers occur
  • Any exception would be executed only with customer agreement and in compliance with GDPR Articles 44–49

Transparency & review rights

  • Advance notice and right to object to subprocessor changes (Section 6 DPA)
  • Audit/inspection rights and evidence (e.g., certifications, third-party audit reports) as provided in Section 4 of the DPA