Sub-Processor List

Last Updated: 21st January 2026

In accordance with our Data Processing Addendum and GDPR transparency requirements, this page lists the third-party sub-processors that AutoChain Limited engages to assist in delivering our services.

What is a Sub-Processor?

A sub-processor is a third-party service provider engaged by AutoChain to process personal data on behalf of our customers. All sub-processors are carefully selected and contractually required to provide appropriate data protection guarantees.

1. Infrastructure & Hosting

Service Provider

Cloud Hosting Providers

Purpose

Application hosting, database storage, file storage

Data Location

UK / EU

Safeguards: UK GDPR compliant, Standard Contractual Clauses where applicable

2. Data Storage & Backup

Service Provider

Cloud Storage Providers

Purpose

Document storage, image storage, backup services

Data Location

UK / EU

Safeguards: Encryption at rest and in transit, UK GDPR compliant

3. Communication Services

Service Provider

Email Delivery Providers

Purpose

Transactional emails, service notifications, reminders

Data Location

UK / EU / US (with safeguards)

Safeguards: Standard Contractual Clauses, UK GDPR compliant

4. Analytics & Monitoring

Service Provider

Analytics Platforms

Purpose

Website analytics, performance monitoring, error tracking

Data Location

Global (with safeguards)

Safeguards: Anonymization where possible, consent-based tracking, UK GDPR compliant

5. Payment Processing

Service Provider

Payment Service Providers

Purpose

Payment processing, fraud prevention, billing

Data Location

UK / EU / Global

Safeguards: PCI-DSS compliant, Standard Contractual Clauses

6. Customer Support

Service Provider

Support & CRM Platforms

Purpose

Customer support, ticketing, communication management

Data Location

UK / EU / US (with safeguards)

Safeguards: Standard Contractual Clauses, encryption in transit and at rest

Our Sub-Processor Commitments

Due Diligence

All sub-processors undergo security and privacy assessments before engagement.

Contractual Protection

Sub-processors are bound by data protection obligations equivalent to those in our DPA.

Change Notification

We provide 30 days' advance notice before adding or replacing sub-processors.

Ongoing Monitoring

We regularly review sub-processor compliance with security and privacy requirements.

Objecting to a Sub-Processor

If you are a customer operating under a Data Processing Addendum with AutoChain and you object to a new or replacement sub-processor on reasonable data protection grounds, please contact us within 30 days of notification:

Email: privacy@autochain.co.uk

Note: This list provides high-level categories of sub-processors for transparency. Specific provider names and detailed information are available to customers upon request in accordance with our Data Processing Addendum.

For questions about sub-processors or data protection, please contact privacy@autochain.co.uk