Mobaro A/S (“Mobaro”) utilizes certain subprocessors (including members of the Mobaro Group and third parties, as listed below), subcontractors, and content delivery networks to assist in providing the Mobaro Services as described in the Master Agreement. Defined terms used herein shall have the same meaning as those defined in the MSA.
What is a Subprocessor:
A subprocessor is a third-party data processor engaged by Mobaro, including entities within the Mobaro Group, who has or potentially will have access to or process Service Data (which may contain Personal Data). Mobaro engages different types of subprocessors to perform various functions as explained in the tables below. Third parties that do not have access to or process Service Data but are used to provide the Services are referred to as “subcontractors” rather than subprocessors.
Due Diligence:
Mobaro undertakes to use a commercially reasonable selection process to evaluate the security, privacy, and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.
Contractual Safeguards:
Mobaro requires its subprocessors to satisfy equivalent obligations as those required from Mobaro (as a Data Processor) as set forth in Mobaro’s Data Processing Agreement (“DPA”), including but not limited to the requirements to:
Process Personal Data in accordance with the data controller’s (i.e., Subscriber’s) documented instructions (as communicated in writing to the relevant subprocessor by Mobaro).
Use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws, in connection with their subprocessing activities.
Provide regular training in security and data protection to personnel to whom they grant access to Personal Data.
Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which Mobaro is contractually committed to adhere insofar as they are equally relevant to the subprocessor's processing of Personal Data on Mobaro’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification, Mobaro reserves the right to audit the subprocessor.
Promptly inform Mobaro about any actual or potential security breach.
Cooperate with Mobaro in order to address requests from data controllers, data subjects, or data protection authorities, as applicable.
This policy does not provide Subscribers with any additional rights or remedies and should not be construed as a binding agreement. The information herein illustrates Mobaro’s engagement process for subprocessors and provides the actual list of third-party subprocessors, subcontractors, and content delivery networks used by Mobaro as of the date of this policy (which Mobaro may use in the delivery and support of its Services).
If you are a Mobaro Subscriber and wish to enter into our DPA, please email us at privacy@mobaro.com.
Process to Engage New Subprocessors:
For all Subscribers who have executed Mobaro’s standard DPA, Mobaro will provide notice via this policy of updates to the list of subprocessors that are utilized or which Mobaro proposes to utilize to deliver its Services. Mobaro undertakes to keep this list updated regularly to enable its Subscribers to stay informed of the scope of subprocessing associated with the Mobaro Services.
Pursuant to the DPA, a Subscriber can object in writing to the processing of its Personal Data by a new subprocessor within thirty (30) days after updating of this policy and shall describe its legitimate reasons to object. If the Subscriber does not object during such time period, the new subprocessor(s) shall be deemed accepted.
If a Subscriber objects to the use of a subprocessor pursuant to the process provided under the DPA, Mobaro shall have the right to cure the objection through one of the following options (to be selected at Mobaro’s sole discretion):
(a) Mobaro will cease to use the subprocessor with regard to Personal Data;
(b) Mobaro will take the corrective steps requested by the Subscriber in its objection (which remove Subscriber’s objection) and proceed to use the subprocessor to process Personal Data; or
(c) Mobaro may cease to provide or the Subscriber may agree not to use (temporarily or permanently) the particular aspect of a Mobaro Service that would involve use of the subprocessor to process Personal Data.
Termination rights are set forth in the Master Agreement.
Subprocessors List
The following is an up-to-date list (as of the date of this policy) of the names and locations of Mobaro subprocessors, subcontractors, and content delivery networks (including members of the Mobaro Group and third parties):
Infrastructure Subprocessors – Service Data Storage
Mobaro controls access to the infrastructure that Mobaro uses to host Service Data submitted to the Services, except as set forth below. Currently, the Mobaro production systems for the Services are located in Europe. The following table describes the countries and legal entities engaged in the storage of Service Data by Mobaro.
Entity Name | Entity Type | Entity Country |
Microsoft Azure | Cloud Service Provider | United States |
Service Specific Subprocessors
Mobaro works with certain third parties to provide specific functionality within the Services. These providers are the subprocessors set forth below. To provide the relevant functionality, these subprocessors access Service Data. Their use is limited to the indicated Services.
Entity Name | Purpose | Entity Country | Stored In |
Amazon Europe | Distribution of push notifications to registered devices. | United States | Europe |
SendGrid | Email delivery for notifications, reports, and communications. | United States | US |
Auth0 | User authentication and login management. | United States | Europe |
RayGun | Monitoring and diagnostics for mobile app and web application. | United States | US |
Zendesk | Customer support ticketing and documentation. | United States | Europe |
Intercom | User engagement, communication, and support. | United States | Europe |
Mobaro Group Subprocessors
The following entities are members of the Mobaro Group. Accordingly, they function as subprocessors to provide the Services.
Entity Name | Country |
Mobaro, Inc. | United States |
This list is current as of July 5, 2024.