Subprocessor Register & Third-Party GDPR Compliance
When Progressive Robot processes personal data on your behalf, we may use third-party services (subprocessors). Under UK GDPR, we are required to maintain a register of these subprocessors and ensure they provide adequate data protection guarantees.
What Is a Subprocessor?
A subprocessor is any third-party company that processes personal data on our instructions as part of delivering your project. Examples include: cloud hosting providers (AWS, Azure), monitoring tools, email delivery services, and error tracking tools.
Our Subprocessor Register
We maintain a current register of subprocessors used in project delivery. Categories of subprocessors we commonly use:
- Cloud infrastructure: AWS (Ireland region), Microsoft Azure (UK South/UK West)
- Development tools: GitHub (code repository), Linear (project management)
- Communication: Google Workspace
- Monitoring & error tracking: Sentry, Datadog, New Relic
- Email delivery: SendGrid, Amazon SES, Postmark
How We Ensure Subprocessor Compliance
- All subprocessors are subject to our standard vendor assessment
- We maintain Data Processing Agreements (DPAs) with all subprocessors
- We favour UK or EU data centre locations to minimise international transfer complexity
- Where international transfers occur, we rely on Standard Contractual Clauses (SCCs)
Requesting Our Subprocessor Register
You can request our current subprocessor register at any time by contacting your Account Manager. We will also notify you of material changes to our subprocessor list where those changes affect processing of your data.