optilyz Partners

optilyz GmbH (“optilyz”) uses certain subprocessors (including third parties, as listed below) to assist it in providing the optilyz service as described in the Terms & Conditions (“T&Cs”). Defined terms used herein shall have the same meaning as defined in the T&Cs.


What is a Subprocessor

A subprocessor is a third party data processor engaged by optilyz, who has or potentially will have access to or process Service Data (which may contain Personal Data). optilyz engages different types of subprocessors to perform various functions as explained in the tables below.


Due Diligence

optilyz undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.


Process to Engage New Subprocessors

For all Customers who have executed optilyz’s standard DPA, optilyz will provide notice via this policy of updates to the list of subprocessors that are utilized or which optilyz proposes to utilize to deliver its services. optilz undertakes to keep this list updated regularly to enable its Customers to stay informed of the scope of subprocessing associated with the optilyz services.

Pursuant to the DPA, a Customer can object in writing to the processing of its Personal Data by a new subprocessor within thirty (30) days after updating of this policy and shall describe its legitimate reasons to object. If Customer does not object during such time period the new subprocessor(s) shall be deemed accepted.

If a Customer objects to the use of a subprocessor pursuant to the process provided under the DPA, optilyz shall have the right to cure the objection through one of the following options (to be selected at optilyz’s sole discretion):

  1. optilyz will cease to use the subprocessor with regard to Personal Data;

  2. optilyz will take the corrective steps requested by Customer in its objection (which remove Customers’s objection) and proceed to use the subprocessor to process Personal Data; or

  3. optilyz may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of an optilyz Service that would involve use of the subprocessor to process Personal Data.

Termination rights, as applicable and agreed, are set forth exclusively in the DPA.

The following is an up-to-date list (as of the date of this policy) of the names and locations of optilyz subprocessors (including third parties):


Infrastructure Subprocessors – Service Data Storage

optilyz owns or controls access to the infrastructure that optilyz uses to host Service Data submitted to the Services, other than as set forth below. Currently, the optilyz production systems for the Services are located in co-location facilities in Europe. The Customer’s Service Data subsequently remains in that region unless agreed between Customer and optilyz, but may be shifted among data centers within a region to ensure performance and availability of the Services. The following table describes the countries and legal entities engaged in the storage of Service Data by optilyz.


Entity nameEntity typeCountryAddress
Amazon Web Services EMEA Sárl*Cloud Service ProviderLuxembourg5 rue Plaetis, 2338 Luxembourg

Mongo DB Limited**

Database Provider
Ireland

Building Two

Number One Ballsbridge

Ballsbridge

Dublin 4

Ireland


*) The data is hosted on servers at Amazon Web Services in Frankfurt am Main (Germany). There is no transfer of personal identifiable information (PII) to servers outside Germany. However, the legal contractual partner is the company in Luxembourg

**) The database is hosted on servers at Amazon Web Services in Frankfurt am Main (Germany) using MongoDB technology. There is no transfer of data to servers outside Germany. However, the legal contract partner is the company in Ireland

 


Data flow and encryption at optilyz


We work with both AWS and MongoDB on the basis of SCC (standard contractual clauses):

  • Virtual Private Cloud (VPC) – Logically isolated area of the AWS cloud where AWS resources can run on a virtual network defined by optilyz. See also https://aws.amazon.com/de/vpc/
  • Isolated and fully self-managed virtual environment – Virtualized server environment running an operating system installed by optilyz. Appropriate configuration of this system ensures that no third party can gain access to this server and that the processing operations on this system cannot be overheard.
  • Encrypted storage of personal data – All data (files or database entries) are encrypted (when writing) or decrypted (when reading). This encryption and decryption is done within the virtualized server environment. The customer-specific keys used are also stored encrypted.

 


Print and postal service Subprocessors

optilyz works with certain third parties to provide printing and postal services. These providers are the Subprocessors set forth below. In order to provide the relevant functionality these Subprocessors access Personal Data.


Entity NameTypeCountryAddress
Asendia Germany GmbHPostal Service ProviderGermanyRedcarstraße 3, 53842 Troisdorf
Central Mailing Services Ltd.*Printer and LettershopUnited KingdomUnit 59-60, Gravelly Industrial Park Tyburn Rd, Birmingham B24 8TQ, UK
DATACOLOR media solutions GmbH
Printer and Lettershop
Germany

Otto-Brenner-Str. 7a,

21337 Lüneburg

dataform dialogservices GmbHPrinter and LettershopGermany

Wiesenstraße 1, 90614 Ammerndorf

direct services Gütersloh GmbHPrinter and LettershopGermanyAn der Autobahn 300, 33333 Gütersloh
Deutsche Post Direkt GmbH Address Service ProviderGermanyJunkersring 57, 53844 Troisdorf
druck.at Druck- und Handelsgesellschaft mbH
Printer and Lettershop

Austria

Aredstraße 7, A-2544 Leobersdorf


Funke Lettershop AG*Printer and LettershopSwitzerlandBernstrasse 217/223, 3052 Zollikofen
Jetmail BVPrinter and LettershopNetherlandsAmperestraat 5, 2181 HB Hillegom
Mindl Print + Lettershop GmbH
Printer and Lettershop
Germany
Mindl Print + Lettershop GmbH, Dr.-Ernst-Derra-Straße 4, 94036 Passau
MMS Melter Mail Service GmbHPrinter and LettershopGermanyLugwaldstraße 10, 75417 Mühlacker
MSP Druck und Medien GmbH
Printer and LettershopGermanymsp druck und medien gmbh, Stahlwerkstraße 36, 57555 Mudersbach
Ottweiler Druckerei und Verlag GmbHPrinter and LettershopGermanyJohannes-Gutenberg-Straße 14, 66564 Ottweiler
Precision Group*
Printer and Lettershop
New Zealand83-89 Freight Drive, Somerton, Victoria 3062
AIIM Group*Printer and Lettershop
Canada1170 Birchmount Road, Scarborough, M1P 5E3
Reacon Group*
Printer and Lettershop
Australia2/2-6 Orion Road, Lane Cove NSW 2066
Sattler Direct Mail GmbH & Co. KGPrinter and Lettershop
GermanyDaimlerring 2, 31135 Hildesheim
WIRmachenDRUCK GmbHPrinter and LettershopGermany

Mühlbachstr. 7, 71522 Backnang



*) A transfer of data to a state that is not the Federal Republic of Germany, a member state of the European Union, or another state that is a party to the Agreement on the European Economic Area will only occur if the customer explicitly books a campaign for printing & shipping in that specific state. In no other case will optilyz transfer personal data of any kind to a state that is not the Federal Republic of Germany, a member state of the European Union, or another state that is a party to the Agreement on the European Economic Area without the prior consent of the customer.