We confirm that Dixa has entered into written data processing agreements with each sub-processor.
Dixa takes reasonable steps to ensure GDPR and DPA compliance by engaged sub-processors and monitoring them on a periodic basis. Auditing of sub-processors is conducted by data protection assessments and requests of information and documentation (such as certifications, attestations, pentest letters, etc.), Such assessments also consider the sub-processor's technical and organizational security measures in place in relation to the processing of personal data.
Information Security Sheet attached
Statement from Dixa regarding their security when asked if they have any security certificates: "No, we currently do not hold a security certification".
Dixa's security documentation: https://dixa.com/trust
Dixa conducts due diligence regularly, including, but not limited to, revision of subprocessors' privacy notices, security and technical measures, and risk assessment.
Dixa defines in the data processing agreement a procedure to notify customers before any addition or replacement of sub-processors. Customers have the right to terminate the Agreement with Dixa when they can demonstrate non-compliance with data protection legislation due to the use of such new sub-processors when Dixa is not able to verify compliance.
Letter of Attestation for SOC 2 Type 1 Compliance attached.