IV Selecting Third Parties
Erply may involve and use authorized third parties to process personal data as part of providing our services; these third parties will be granted access to the customers’ data. All authorized data processors go through a rigorous selection process and are evaluated based on a number of criteria, e.g. security features and measures, SLA (Service Level Agreement) terms and conditions, reliability and availability of services, etc. Once a partner is selected, Erply will conclude a contract with them to guarantee our customers with the required data protection.
Depending on how Erply grows and develops, the third party authorized to process personal data may change. We will inform our customers when a new authorized processor comes on board.
Authorized Infrastructure Processors
Erply may include the following authorized processors to host customer data or in relation to the infrastructure required for providing our services:
| Name | Authorized Operations | Country |
| Amazon Web Services | Cloud service provider | USA |
| LiquidWeb | Cloud service provider | USA |
| Hetzner | Cloud service provider | USA |
Other Authorized Processors
Erply may work with the following authorized processors in providing other services:
| Name | Authorized Operations | Country |
| Email, hosting and analysis service provider | USA | |
| Mailchimp | Email service provider | USA |
| Slack | Customer support and sales communications service provider | USA |
| Chatlio | Sales communications service provider | USA |
| JIRA | Customer support service provider | Australia |
| Teamviewer | Customer support service provider | Germany |
| GoToAssist | Customer support service provider | USA |
| Recurly | Accounting services | USA |
The Certificates of Authorized Processors
What are the data protection and cybersecurity requirements that Erply’s authorized processors must meet? Below is a list of the data and data center security related certificates that one of Erply’s authorized processors, Liquid Web, has and adheres to.
SOC 3 Report
In addition the SOC 2 SSAE 16 report, the company also ordered the SOC 3 report to cover IT risks in critical areas, incl. security and availability.
EU-US and Swiss-US Privacy Shield Framework
Liquid Web meets the EU-US and Swiss-US Privacy Shield Framework designed by the US Department of Commerce. The framework covers the collection, use, and storage of personal data in the EU, Switzerland and the US.
HIPAA/HiTech
An independent audit provider has confirmed that the dedicated and cloud-based solutions managed by the company meet the HIPAA security and privacy rules. The HIPAA or Health Insurance Portability & Accountability Act is a set of rules intended to maintain the security and confidentiality of delicate medical information.
PCI (Payment Card Industry) – AOC
AOC or Attestation of Compliance validates that a company has implemented controls for meeting credit card data processing requirements. PCI conformity helps protect credit card and personal data, and the customer’s identity from malicious use.
General Data Protection Regulation (GDPR)
GDPR replaces the EU’s data protection directive (known as 95/46/EC) and covers privacy issues. The regulation aims to improve data privacy and protect individuals in the EU and the transfer of personal data from the EU to the rest of the world. Liquid Web is GDPR compliant in relation to international data transfer. More particularly, Liquid Web’s activity complies with the EU-US and Swiss-US Privacy Shield Framework.
