How Stannnell Ltd Manages Third-Party Data Processing Partners

Last updated: {{inserisci data}}

Stannnell Ltd uses trusted third-party vendors (“subprocessors”) to support the delivery of our services in digital marketing, cyber security, event management and brand strategy.

All subprocessors are carefully selected, contractually bound and required to comply with:

UK GDPR
Data Protection Act 2018
Industry security standards
Our internal Information Security Policy

We only share personal data when necessary and never sell customer information.

1. Data Hosting & Infrastructure Providers

These partners host our platforms, websites or databases and may process encrypted customer data.

Amazon Web Services (AWS)

Purpose: Cloud hosting, infrastructure
Location: EU/UK regions
Data Transfer Safeguards: SCCs / Adequacy decisions

DigitalOcean (if used)

Purpose: Hosting and infrastructure
Location: EU/UK
Safeguards: SCCs

Cloudflare

Purpose: Security, CDN, performance optimisation
Location: Global edge network
Safeguards: SCCs, encryption

2. Analytics & Performance Tools

Google Analytics 4

Purpose: Website traffic and performance analytics
Data: Anonymised behavioural data
Location: Global
Safeguards: SCCs, IP anonymisation

Hotjar (optional)

Purpose: UX heatmaps and behaviour analysis
Data: Anonymous usage data
Location: EU
Safeguards: GDPR-compliant data storage

3. Marketing & Communication Tools

Google Ads / Google Marketing Platform

Purpose: Advertising and campaign analytics
Data: Advertising identifiers
Safeguards: SCCs

Meta Business Tools (Facebook/Instagram Pixel)

Purpose: Marketing optimisation and audience measurement
Safeguards: UK GDPR–compliant data processing

Mailchimp / Brevo / HubSpot (choose your provider)

Purpose: Email marketing and CRM
Data: Contact details, email engagement
Safeguards: SCCs, ISO 27001 infrastructure

4. Cyber Security & Monitoring Tools

Microsoft Defender / ESET / Bitdefender (choose)

Purpose: Endpoint protection and threat detection
Data: Device telemetry
Safeguards: Encrypted data processing

**Security & Monitoring Tools such as:

Snyk / UptimeRobot / Log monitoring platforms**
Purpose: Vulnerability scanning, uptime monitoring
Data: Technical log files
Safeguards: Encryption + limited retention

5. Payment Processors

(Include only if you accept payments online)

Stripe

Purpose: Payment processing
Data: Card details (tokenised), billing info
Safeguards: PCI-DSS certified, SCCs

6. Communication Tools

Microsoft 365 / Google Workspace

Purpose: Email, file storage, internal communication
Data: Business communications
Safeguards: Encryption + SCCs

Slack (optional)

Purpose: Internal collaboration
Data: Internal messages
Safeguards: GDPR compliance

7. Event Management Tools

(Only if relevant)

Eventbrite / Cvent

Purpose: Registration and ticketing
Data: Attendee personal details
Safeguards: SCCs + GDPR compliance

8. Project Management & Support Tools

Asana / Trello / Monday.com

Purpose: Project management
Data: Project metadata, user info
Safeguards: SCCs

Zendesk / Freshdesk / HelpScout (if support is included)

Purpose: Ticketing and customer support
Data: Support communications
Safeguards: Encryption + SCCs

How We Assess and Monitor Subprocessors

Before onboarding any subprocessor, we conduct:

Security assessments
GDPR compliance review
Contractual and SCC verification
Risk analysis
Ongoing monitoring and audits

We ensure all third parties maintain strong technical and organisational security measures.

Updates to This List

We may update this vendor list when:

A new subprocessor is added
A vendor is removed
A service changes significantly

Clients will be notified of material changes where required by contract.

Contact Us

For questions regarding subprocessors or data protection:

📧 privacy@stannnell.co.uk
📍 Stannnell Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Stay Inspired with Instagram