Customers

Partners & sub-processors

To keep our service reliable we work with a small number of specialised providers. This page is deliberately one place, so you can see who we work with and which parties are sub-processors in the GDPR sense (art. 28(2)).

Legal status: this page is the up-to-date sub-processor list that our Data Processing Agreement (Annex C) references. Changes are announced at least 30 days in advance by email to the primary contact so you can object.

Infrastructure

Hetzner Online GmbH

For: server and cloud hosting. All our mail and WordPress environments run on Hetzner. We also use Hetzner Storage Box as one of our two destinations for encrypted off-site backups. Country: Germany (within the EEA). Role: sub-processor. DPA: hetzner.com/AV/DPA_en.pdf

Cloudflare, Inc.

For: CDN, WAF and reverse proxy for WordPress hosting. Standard on every WordPress site: it protects our shared infrastructure from DDoS and application-layer attacks that would otherwise affect every customer on that layer. Not used for email hosting or for somogy.nl itself. Country: United States (EU-US Data Privacy Framework + SCC). Role: sub-processor - for all WordPress hosting customers. DPA: cloudflare.com/cloudflare-customer-dpa

Backups

rsync.net, Inc.

For: second off-site destination for encrypted backups of mail and WordPress data. Country: Switzerland (Zurich - Equinix ZH4; listed on the EU adequacy list, so transfers are permitted without additional safeguards). rsync.net, Inc. is a California Corporation (USA). Role: sub-processor. Additional safeguard: backups are client-side encrypted with borg (BorgBackup) before they leave our environment. rsync.net only receives encrypted chunks and cannot decrypt the content - the encryption keys remain with Somogy. DPA: rsync.net/resources/regulatory/dpa.html

Domains

Hosting Concepts B.V. (trading as OpenProvider)

For: domain name registration and management. For customer domains we register them in the customer’s own name - deliberately, so the domain stays with the customer if Somogy ever stops operating. We manage them technically via our OpenProvider account. Country: Netherlands (within the EEA). Role: registrar; operational processor (exact legal qualification towards the customer depends on the per-customer arrangement - see DPA). Documentation: Privacy Policy · Legal Policies (DPA available through this overview)

Administration

Moneybird B.V.

For: bookkeeping and invoicing. Your contact details and invoice data live in Moneybird; data about your end-users or website visitors does not. Country: Netherlands (within the EEA). Role: sub-processor (for your own customer data only, limited to invoicing). DPA: Moneybird privacy. The processor agreement is concluded per customer via the account management UI in the Moneybird administration (not publicly published).

Questions about this page or a specific partner? Email support@somogy.nl.