CareIQ sub-processors

Sub-processors used on the CareIQ platform

Janu

Last Update 8 months ago

This article is aimed at those with a background in Information Governance or data protection. 

For the unfamiliar, it can feel quite heavy in legal language.


What's a Sub-processor

A sub-processor is a third-party company that helps another company (the data processor) handle and manage personal data. A sub-processor might help with tasks like data storage, analysis, or processing. 


Both the data processor and the sub-processor must follow GDPR rules to protect people's personal information.


CareIQ works with a range of sub-processors to help us operate smoothly.


Read more to learn about:

  • how we typically review and engage with sub-processors
  • the sub-processors we currently use and what we use them for

Due Diligence

CareIQ employs a commercially reasonable process to assess the security, privacy, and confidentiality practices of potential sub-processors who might access or handle Service Data.

Safeguards

CareIQ typically asks its sub-processors to meet similar obligations as those imposed on CareIQ itself as a Data Processor, as outlined in CareIQ's Data Processing Agreement. 


These requirements cover, but are not limited to:

  • Process Personal Data in accordance with data controller’s documented instructions (as communicated in writing to the relevant sub-processor by CareIQ);
  • Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
  • Implement and maintain appropriate technical and organisational measures (including measures consistent with those to which CareIQ is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on CareIQ's behalf);
  • Promptly inform CareIQ about any actual or potential security breach; and
  • Cooperate with CareIQ in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.


This page does not establish additional rights or legal remedies and should not be interpreted as a legally binding agreement. The purpose of the information here is solely to explain CareIQ's process for engaging with sub-processors and to list the specific third-party sub-processors and content delivery networks that CareIQ is currently using for its Services as of the date of this policy (which CareIQ may employ in the delivery and support of its Services).

Process to Engage New Sub-processors:

CareIQ will provide notice via this policy of updates to the list of sub-processors that are used to deliver its Services. CareIQ undertakes to keep this list updated regularly to enable its Subscribers to stay informed of the scope of sub-processing associated with the CareIQ platform. IG Leads or Data Protection Officers, or anyone else who works for an CareIQ customer may subscribe to receive notifications of updates to this policy by selecting the option in this form.


CareIQ will use this article to notify you of any changes or additions to the list of sub-processors used for delivering its Services. CareIQ will maintain this list (with regular updates) to keep relevant stakeholders about sub-processing activities related to the CareIQ platform. 


As per our standard Data Processing Agreement (DPA), a customer has the right to express their objection in writing if they disagree with the processing of their Personal Data by a new sub-processor. This objection must be submitted within thirty (30) days after the update of this policy, and it should outline the legitimate reasons for the objection. If customers do not raise objections during this specified timeframe, the new sub-processor(s) will be considered accepted.


Any rights related to the termination of services, as applicable and agreed upon, are exclusively outlined in the Data Processing Agreement (DPA).

Platform focused sub-processors

These sub-processors play a role in providing the CareIQ software platform. The tables below clarify the nature for which these sub-processors are utilised.

NameNature and purposeGeographical LocationApplicable features
AWS (Amazon Web Services)CareIQ controls access to the infrastructure that we use to store and process the data on the platform. We use AWS' secure cloud hosting service to securely store and process patient data. The AWS regions used are exclusively located in the UK, for both live and backup environments.UKAll of CareIQ
Ionos CloudCareIQ controls access to the infrastructure that we use to store and process the data on the platform. We use Ionos' secure cloud hosting service to securely store and process patient data. The Ionos regions used are exclusively located in the UK, for both live and backup environments.UKCareIQ Insights
PlanetScaleCareIQ controls access to the infrastructure that we use to store and process the data on the platform. We use PlanetScale's cloud database service managed by AWS to securely store and process patient data. The PlanetScale / AWS regions used are exclusively located in the UK, for both live and backup environments.USAll of CareIQ
VercelCareIQ controls access to the infrastructure that we use to store and process the data on the platform. We use Vercel's secure cloud hosting service managed by AWS to securely store and process patient data. The Vercel / AWS regions used are exclusively located in the UK, for both live and backup environments.USAny CareIQ web application
Twilio IncCareIQ enables users to send WhatsApp and SMS messages to patients. We use third party providers for the delivery of those WhatsApp and SMS messages. They provide APIs that CareIQ servers use to send these messages.USAny CareIQ messaging using WhatsApp and SMS
Sendgrid Inc.Sendgrid is an email campaign service provider used within CareIQ to send automated account emails to CareIQ users only. No personally sensitive information is sent over these emails.USAll of CareIQ
SentrySentry is an error logging platform that helps developers identify, diagnose, and resolve software issues for improved application performance. No personal, confidential, or sensitive information is stored or sent over on these logs.USAll of CareIQ
Clarity by MicrosoftClarity is a user behaviour analytics tool that helps the team understand how users interact with CareIQ web applications and mobile apps. No personal, confidential, or sensitive information is stored or sent over.USAny CareIQ user facing application

Support focused sub-processors

The below sub-processors are exclusively used for CareIQ's user and patient support. Support specialists are trained to minimise personal data processing and the use of the below platforms are essential for this and vital for delivering top-notch live support. Occasionally, and only where necessary this may involve patient information when helping users communicate via CareIQ.

NameNature and purposeGeographical Location
Tawk.toTawk provides a knowledge base platform that we use to create and manage articles for users who are seeking help using our products. It is available in our product or on our public-facing website.US
Google LLCGoogle is CareIQ's email provider. All requests we receive or address via @careiq.health email addresses are processed through their services.EEA

Was this article helpful?

0 out of 0 liked this article