Effective date: 2025-10-22
Scope: This page lists third‑party sub‑processors (Art. 28(4) GDPR) engaged by CloudTeam sp. z o.o. to support the Credentium Issuer app and related services where they may process personal data on our behalf. It mirrors the style of our Terms of Service and Privacy Policy.
TL;DR (≈1 minute): We primarily process in EU/EEA regions. Today, our core sub‑processors are Microsoft Azure (EU regions) for hosting, Auth0 (EU tenant) for identity/authentication, and EuroCert (EU) for qualified e‑seal services. If we add or replace a sub‑processor, we will update this page and, for Issuer customers, provide advance notice with an opportunity to object on justified grounds.
Role (Purpose): What the sub‑processor does.
Data categories: Types of personal data the vendor can access when providing its service.
Location: Primary processing/hosting region for the service we use.
Transfers: Additional safeguards if a vendor or its group involves restricted third‑country access (e.g., remote support).
Notes: Extra info relevant to security/compliance.
Name | Role (Purpose) | Data categories (typical) | Location | Transfers | Notes |
|---|---|---|---|---|---|
Microsoft Azure (EU regions) | Cloud hosting, storage, databases, queues, managed services for Issuer/Wallet/Validator | Account data (name, email), credential issuance metadata, operational logs, support files | EU/EEA | Not applicable by default (EU hosting). | Data residency in EU. Security & compliance per Azure SOC/ISO reports. |
Auth0 (Okta) — EU tenant | Identity & authentication (OIDC/SSO), session/token management, role mapping | Login identifiers, organization/tenant identifiers, authentication events | EU/EEA | Possible restricted remote support by non‑EEA personnel; protected via SCCs and supplementary measures. | Group headquartered outside EEA; EU tenant configured. |
EuroCert (Qualified Trust Service Provider) | Qualified eIDAS electronic seal for issuance workflows | Organization identification data necessary to produce the qualified e‑seal; artifact/hash values required by the sealing flow | EU/EEA | Not applicable (EU trust service) | Used to create the qualified e‑seal attached to credentials (and sealed PDFs). |
Controller‑chosen integrations (e.g., LMS/Moodle connectors, webhooks) operate under the Controller’s responsibility as independent controllers or processors of the Controller. Those are not sub‑processors of CloudTeam unless explicitly stated here.
Notice of changes: We will post updates to this page before a new sub‑processor gains access to personal data. Issuer customers may subscribe to change notifications via privacy@cloudteam.pl.
Right to object: If you have justified grounds relating to data protection, email us within the notice window. If unresolved, you may suspend the affected feature or terminate it as your sole remedy (per DPA).
Processing is primarily in the EU/EEA.
Where a vendor is EU‑hosted but owned outside the EEA (e.g., Auth0/Okta), restricted remote support may constitute a transfer; we rely on SCCs (2021/914) and apply supplementary measures.
Technical/organizational measures include encryption in transit/at rest, RBAC/least privilege, logging/monitoring, isolation, and incident response (see DPA Annex II).
2025-10-11 — Initial publication of live sub‑processor list for Credentium.
Contacts
CloudTeam sp. z o.o., Plac Konesera 9, 03‑736 Warszawa, Poland • privacy@cloudteam.pl
References
Privacy Policy: https://legal.cloudteam.global/credentium/privacy-policy
Terms of Service: https://legal.cloudteam.global/credentium/terms-of-service
DPA (Processors): https://legal.cloudteam.global/credentium/dpa
7f3ca5cda86d12fd70d46728e3cf428c0510e93c6985a1b244b60d69e6015608
Download the raw content and verify: sha256sum filename.html
(The downloaded file contains the exact content used for hash calculation)