Subprocessor List

In accordance with GDPR Article 28, we maintain this list of third-party subprocessors who may process personal data on our behalf.

Change Notifications: We will notify customers at least 30 days before adding or replacing any subprocessor. Customers may object to changes within 14 days of notification. Subscribe to updates via email at dpo@tinyconsent.comor via our RSS feed.

Loading subprocessors...

How We Manage Subprocessors

Due Diligence

All subprocessors undergo a thorough security and privacy assessment before engagement. We evaluate their data protection practices, security measures, and compliance certifications.

Contractual Obligations

Each subprocessor is bound by a Data Processing Agreement (DPA) with obligations equivalent to those in our customer contracts, including GDPR Article 28 requirements.

International Transfers

Where subprocessors are located outside the EU/EEA or UK, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), UK IDTA, or rely on adequacy decisions.

Change Management

We maintain this list on our website and notify customers of any additions or replacements at least 30 days in advance. Customers may object to new subprocessors within 14 days.

Oversight

We monitor subprocessor performance and compliance regularly. Annual audits and certifications are reviewed to ensure continued adherence to our standards.

Last updated: 12/4/2025 •Contact our DPO

For questions about subprocessors or to request our Data Processing Agreement, please contact privacy@tinyconsent.com