IV Selecting Third Parties

16. september 2022

Erply may involve and use authorized third parties to process personal data as part of providing our services; these third parties will be granted access to the customers’ data. All authorized data processors go through a rigorous selection process and are evaluated based on a number of criteria, e.g. security features and measures, SLA (Service Level Agreement) terms and conditions, reliability and availability of services, etc. Once a partner is selected, Erply will conclude a contract with them to guarantee our customers with the required data protection.

Depending on how Erply grows and develops, the third party authorized to process personal data may change. We will inform our customers when a new authorized processor comes on board.

Authorized Infrastructure Processors

Erply may include the following authorized processors to host customer data or in relation to the infrastructure required for providing our services:

NameAuthorized OperationsCountry
Amazon Web ServicesCloud service providerUSA/Germany/Australia
HetznerCloud service providerGermany

Other Authorized Processors

Erply may work with the following authorized processors in providing other services:

NameAuthorized OperationsCountry
GoogleEmail, hosting and analysis service providerUSA
MailchimpEmail service providerUSA
SlackCustomer support and sales communications service providerUSA
ChatlioSales communications service providerUSA
JIRACustomer support service providerAustralia
TeamviewerCustomer support service providerGermany
AnyDeskCustomer support service providerGermany
GoToAssistCustomer support service providerUSA
RecurlyAccounting servicesUSA

The Certificates of Authorized Processors

What are the data protection and cybersecurity requirements that Erply’s authorized processors must meet? Below is a list of the data and data center security related certificates that one of Erply’s authorized processors, Amazon Web Services, has and adheres to.

SOC 3 Report

In addition to the SOC 2 SSAE 16 report, the company also ordered the SOC 3 report to cover IT risks in critical areas, incl. security and availability.

EU-US and Swiss-US Privacy Shield Framework

Amazon Web Services meets the EU-US and Swiss-US Privacy Shield Framework designed by the US Department of Commerce. The framework covers the collection, use, and storage of personal data in the EU, Switzerland and the US.

PCI (Payment Card Industry) – AOC

AOC or Attestation of Compliance validates that a company has implemented controls for meeting credit card data processing requirements. PCI conformity helps protect credit card and personal data, and the customer’s identity from malicious use.

General Data Protection Regulation (GDPR)

GDPR replaces the EU’s data protection directive (known as 95/46/EC) and covers privacy issues. The regulation aims to improve data privacy and protect individuals in the EU and the transfer of personal data from the EU to the rest of the world. Amazon Web Services is GDPR compliant in relation to international data transfer. More particularly, Amazon Web Service’s activity complies with the EU-US and Swiss-US Privacy Shield Framework.