Veramed Sub-processor List

 

Last updated: 17 June 2022

Sub-processor name Veramed Inc
Website www.veramed.co.uk
Location of processing USA
Type of data processed Clinical trial data
Purpose of processing Client project delivery
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement Intra-Group Data Transfer Agreement

 

Sub-processor name Veramed Ukraine LLC
Website www.veramed.co.uk
Location of processing Ukraine
Type of data processed Clinical trial data
Purpose of processing Client project delivery
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement Intra-Group Data Transfer Agreement

 

Sub-processor name Veramed Germany GmbH
Website www.veramed.co.uk
Location of processing Germany
Type of data processed Clinical trial data
Purpose of processing Client project delivery
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement Intra-Group Data Transfer Agreement

 

Sub-processor name d-wise
Website www.d-wise.com
Location of processing US, UK, India
Type of data processed Clinical trial data
Purpose of processing IT Support
Compliance Mechanism for transfer outside EEA Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Salesforce
Website www.salesforce.com
Location of processing Global in Salesforce Data Centres
Type of data processed Prospective & Existing Customer Contact details and correspondence
Purpose of processing CRM
Compliance Mechanism for transfer outside EEA Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Google
Website workspace.google.com
Location of processing Global in Google Data Centres
Type of data processed Employee and third party contact information
Purpose of processing Emails; Drive; etc.
Compliance Mechanism for transfer outside EEA Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name SmartSheet
Website www.smartsheet.com
Location of processing Global in Amazon Web Services (AWS) Data Centres
Type of data processed Client project information
Purpose of processing Project plans
Compliance Mechanism for transfer outside EEA Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name DocuSign
Website www.docusign.com
Location of processing US, Canada, EU, Australia
Type of data processed Employee and third party contact details; digital signatures
Purpose of processing Digital Signatures
Compliance Mechanism for transfer outside EEA Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Dropbox
Website www.dropbox.com
Location of processing USA, Australia, EU, Japan, UK
Type of data processed Customer contact details and correspondence
Purpose of processing Contract filing
Compliance Mechanism for transfer outside EEA DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Recruit So Simple
Website www.recruitsosimple.com
Location of processing EU
Type of data processed Candidate data
Purpose of processing Candidate information stored for purpose of recruitment.
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses or Privacy Shield Principles
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Xero
Website www.xero.com
Location of processing United States
Type of data processed Employee details; expense details
Purpose of processing Accounting system
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Citrix Sharefile
Website www.sharefile.com
Location of processing Global in Citrix Data Centres
Type of data processed Employee and third party contact information
Purpose of processing Secure document sharing platform
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name CezanneHR
Website www.cezannehr.com
Location of processing EU in Amazon Web Services (AWS) Data Centres
Type of data processed Personal data of Veramed employees, consultants and contractors
Purpose of processing HR Management System (HRMS)
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement Signed DPA in place complying with Article 28 GDPR

 

Sub-processor name LogMeIn Inc.
Website www.lastpass.com
Location of processing Europe, Australia, United States, Singapore, India
Type of data processed Contact data for Veramed employees; passwords
Purpose of processing Password management system
Compliance Mechanism for transfer outside EEA Signed DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement Signed DPA in place complying with Article 28 GDPR

 

Sub-processor name Microsoft
Website www.microsoft.com
Location of processing Global in Microsoft Data Centres
Type of data processed Contact data for Veramed employees
Purpose of processing User directory and Microsoft 365 subscriptions
Compliance Mechanism for transfer outside EEA DPA in place containing EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Phishing Tackle
Website www.phishingtackle.com
Location of processing UK in Amazon Web Services (AWS) Data Centres
Type of data processed Contact data for Veramed employees
Purpose of processing Phishing simulation
Compliance Mechanism for transfer outside EEA DPA in place stating data will only be transferred to a country, a territory or sector to the extent that the European Commission has decided that the country, territory or sector ensures an adequate level of protection for Personal Data
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name TeamViewer
Website www.teamviewer.com
Location of processing Global through third party data centres
Type of data processed Contact details for Veramed TeamViewer users
Purpose of processing Remote support and monitoring for Veramed endpoints
Compliance Mechanism for transfer outside EEA DPA in place stating data will only be transferred to a country, a territory or sector to the extent that the European Commission has decided that the country, territory or sector ensures an adequate level of protection for Personal Data unless specifically instructed by Veramed
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name MasterControl
Website www.mastercontrol.com
Location of processing Global through third party data centres
Type of data processed Contact details for Veramed employees
Purpose of processing Quality Management System
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Algorics
Website https://algorics.com/
Location of processing India UK
Type of data processed Pseudonymised data
Purpose of processing Resource partner for Veramed clients
Compliance Mechanism for transfer outside EEA EC Standard Contractual Clauses Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name BioForum
Website https://bioforumgroup.com/
Location of processing Israel Australia South Africa
Type of data processed Pseudonymised data
Purpose of processing Resource partner for Veramed clients
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission EC Standard Contractual Clauses EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Data4knowledge ApS
Website https://d4k.dk/
Location of processing Denmark
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

 

Sub-processor name Exploristics
Website https://exploristics.com/
Location of processing UK Ireland India
Type of data processed Pseudonymised data
Purpose of processing Resource partner for Veramed clients
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission Ireland – UK Adequacy Regulations EC Standard Contractual Clauses
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Hobson Prior
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name JSA Services Ltd
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name JStats Services Ltd
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name NASA Umbrella
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Orange Genie
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Parasol Ltd
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Paystream myMax
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name ProClinical
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR

 

Sub-processor name Sekharico Informatics Ltd
Website N/A
Location of processing UK
Type of data processed Pseudonymised data
Purpose of processing Analysis of clinical trial data for fulfilment of client contracts
Compliance Mechanism for transfer outside EEA Adequacy decision made by EU Commission
Article 28 Data Processing Agreement DPA in place complying with Article 28 GDPR