Aiven Subprocessors and subcontractors

11 April, 2022

Aiven Oy (herein ‘’Aiven’’)  uses certain Subprocessors (including Aiven Affiliates)  and  subcontractors to assist in providing Aiven Services (Cloud Services and Support Services) to its customers. This page explains the difference between a Subprocessor and subcontractor of Aiven and specifies the services and tasks  provided by the Subprocessors and subcontractors. 

What is a Subprocessor?

Subprocessors are Aiven Affiliates and third parties necessary to participate in processing the personal and other data Customer has input to the Cloud Services (‘’Customer Data’’) in order for Aiven to provide the Services to the Customer as agreed. 

Subprocessors are divided into three categories:

  1. Aiven Affiliates 

  2. Aiven back-end service providers

  3. Aiven infrastructure service providers. 

What is a subcontractor? 

Subcontractors are Aiven service providers who provide Aiven the services necessary to provide the Services to Customer, but who do not participate in processing the data Customer has input into the Cloud Services. 

Aiven Subprocessors

Aiven Affiliates 

Aiven provides its Services from multiple different locations through Aiven Affiliates. The employees of Aiven Affiliates may participate in the processing of Customer Data when Support Services are provided if and to the extent Aiven Support Personnel configure the Cloud Services as part of Support Services. Note, that even though the Aiven Affiliate employees participate in processing of the Customer Data, no personal data transfer takes place as Aiven employees only process the metadata (e.g. information whether the Cloud Service is active or not) of the Cloud Services in which the Customer Data is stored, and the Customer Data never leaves the location chosen by Customer. 

As the definition of processing is wide under the GDPR, Aiven classifies the Affiliates’ employees as Subprocessors of Aiven even though Aiven Affiliates do not access or see the Customer Data when processing service metadata. Aiven Affiliate employees may access and have visibility to the Customer Data only if separately requested by and agreed with the Customer.

Entity Name
Registered Address
Country
Aiven France SAS
c/o CM. Consulting S.A.R.L, 43 Rue de Liège, 75008 Paris.
France
Aiven Deutschland GmbH
Immanuelkirchstraße 26, 10405 Berlin.
Germany
Aiven Italy SRL.
Via Borgogna 8, 20122 Milano.
Italy
Aiven UK Ltd.
c/o Goodwille Limited, 24 Old Queen Street, London, SW1H 9HP.
United Kingdom
Aiven Inc.
c/o United Corporate Services 874 Walker Road, Suite C, Dover, DE 19904.
United States
Aiven Canada Ltd.
1055 W Georgia St Suite 1750 Royal Centre, Vancouver, BC V6E 3P3
Canada
Aiven Australia Pty Ltd.
Level 3, 73 York Street, Sydney, NSW 2000.
Australia
Aiven (Singapore) Pte Ltd.
c/o Connexions Corporate Solutions Pte Ltd, 24 Sin Ming Lane, #03-99 Midview City, Singapore (573970).
Singapore
Aiven New Zealand Limited.
c/o Polson Higgs Ltd, 139 Moray Place, Dunedin Central, Dunedin 9016.
New Zealand
Aiven Japan GK
1-6, Motoazabu 3-chome, Minato-ku, Tokyo.
Japan

Aiven back-end Subprocessors

Aiven back-end Subprocessors provide Aiven with the infrastructure that enables Aiven to run back-end services for managing and monitoring the Cloud Services. The provided back-end services (i.e. management plane) are used by Aiven to manage and monitor, and to ensure the integrity and availability of the Cloud Services and the Customer Data included therein. The back-end services or the back-end service Subprocessors are only used to deploy and manage the Cloud Services and the Customer Data is not accessed. 

The Aiven back-end services, their provider, location and functions are listed below.

Entity Name
Registered Address
Region
Services and tasks
Google Cloud EMEA Limited
70 Sir John Rogerson's Quay, D02 R296, Dublin 2,Dublin, Ireland.
Belgium / europe-west1
Management services for Aiven console, backup, API, system of record database, centralized logging and monitoring systems.
Amazon Web Services
38 Avenue John F. Kennedy, L-1855, Luxembourg.
Sweden / eu-north-1
Management services for DNS, Disaster recovery, backup, long term storage of audits logs.

Aiven infrastructure Subprocessors

Aiven controls access to the infrastructure that Aiven uses to host, store and process the Customer Data input to the Cloud Services. The Subprocessor and location/region depend on which Subprocessor and region Customer chooses independently to select. Customer Data will stay in the region selected by the Customer but may be shifted and co-located between different data centers within the region chosen by the Customer to ensure performance and availability of the Cloud Services. 

The infrastructure Subprocessors  don’t have logical access to the Customer Data as Aiven does not store encryption keys directly on US-based Cloud Service Provider Key Management Systems such as Azure Key Vault, AWS KMS, and GCP KMS. Instead, Aiven utilizes its own Key Management System running on Aiven controlled virtual machines within European GCP data centers ensuring compliance with the Schrems II decision. 

Entity name
Registered address
Region
Services and tasks
Google Cloud EMEA Limited
70 Sir John Rogerson's Quay, D02 R296, Dublin 2,Dublin, Ireland.
As selected by the Customer.
Infrastructure for Cloud Services, Cloud Service backups.
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, L-1855, Luxembourg.
As selected by the Customer.
Infrastructure for Cloud Services, Cloud Service backups.
Microsoft Ireland Operations Limited
South County Business Park, One Microsoft Court, Carmanhall and Leopardstown, Dublin, D18 DH6K, Ireland.
As selected by the Customer.
Infrastructure for Cloud Services, Cloud Service backups.
DigitalOcean LLC
101 Avenue of the Americas, 10th Floor New York 10013, United States.
As selected by the Customer.
Infrastructure for Cloud Services. (No object storage services available, the nearest region from another infrastructure provider is used).
Upcloud Oy
Aleksanterinkatu 15B (7th floor), 00100, Helsinki, Finland.
As selected by the Customer.
Infrastructure for Cloud Services. (No object storage services available, the nearest region from another infrastructure provider is used).

Aiven subcontractors

Aiven uses certain third parties listed below to provide specific functionality within the Services. The subcontractors may process Cloud Service metadata and personal data of the Customer’s contact persons if and as provided by the Customer, in which processing Aiven acts as the data controller determining the means and purposes of the processing as needed to respond to customer requests, to arrange invoicing, and to communicate internally and externally with regards to the Customers use of Cloud Services. 

No Customer Data uploaded to the Cloud Services  is processed by the subcontractor nor can Customer determine the means and purposes of the processing of services provided by Aiven’s subcontractors, hence Customer does not act as a data controller towards the subcontractors listed below.

Entity name
Registered address
Country
Services and tasks
Intercom Inc
55 2nd Street, 4th Floor, San Francisco, CA 94105.
United States
Customer support chat
Stripe Inc
510 Townsend Street, San Francisco, CA 94103.
United States
Credit card payment processing
Slack Technologies LLC
500 Howard Street, San Francisco, CA 94105.
United States
Internal operational messaging
Salesforce.com Inc.
415 Mission Street, San Francisco, CA 94105.
United States
Customer relationship management system
Opsgenie Inc (owned by Atlassian Pty Ltd)
Level 6, 341 George Street, Sydney, NSW 2000.
Australia
Alerting and paging
Atlassian Pty Ltd
Level 6, 341 George Street, Sydney, NSW 2000.
Australia
Internal ticketing system
Amazon Web Services EMEA SARL.
38 Avenue John F. Kennedy, L-1855, Luxembourg.
Luxembourg
Email delivery service