Subprocessors

Last Updated: 18 Oct 2025

Kodwise OÜ uses carefully selected third-party service providers (“subprocessors”) to support its business operations and delivery of educational services. These subprocessors may process limited personal data on our behalf in accordance with written Data Processing Agreements (DPAs) as required under Article 28 of the General Data Protection Regulation (GDPR).

1. CATEGORIES OF SUBPROCESSORS

• Hosting & Infrastructure – Cloud hosting, CDN, and server management providers responsible for secure data storage and availability (e.g., DigitalOcean, Microsoft Azure, Vercel, Amazon Web Services).
• CRM & Communication Tools – Systems used to manage customer interactions, leads, and communications (e.g., Kommo CRM, Google Workspace, Notion).
• Analytics & Monitoring – Tools for performance tracking, user behavior analysis, and operational improvement (e.g., Google Analytics, Plausible, Microsoft Clarity).
• Payments & Billing – Secure third-party providers managing payments, subscriptions, and invoicing (e.g., Stripe, Iyzico, Wise, LHV Bank).
• Learning Platform Services – Software and cloud providers supporting online classes, storage, and educational content (e.g., Zoom, Vimeo, AWS S3).
• Advertising & Marketing Platforms – Partners providing marketing, ad delivery, analytics, and optimization services (e.g., Google Ads, Meta Ads Manager, TikTok Ads).

2. DATA TRANSFERS & SECURITY

All subprocessors are bound by written agreements that include confidentiality, security, data minimization, and restricted purpose clauses. Kodwise OÜ ensures that each subprocessor provides at least the same level of data protection required under the GDPR.

When subprocessors operate outside the European Economic Area (EEA), Kodwise relies on:
• The European Commission’s Standard Contractual Clauses (SCCs) for international transfers;
• Additional technical and organizational safeguards such as encryption, strict access controls, and pseudonymization;
• Transfer Impact Assessments (TIAs) to verify the adequacy of protection in third countries.

3. DATA ACCESS LIMITATION

Subprocessors are only granted access to the minimum amount of data necessary to perform their contracted duties. They are prohibited from using personal data for their own purposes, sharing it with additional third parties, or engaging further subprocessors without prior written authorization from Kodwise OÜ.

4. SECURITY OBLIGATIONS

Kodwise conducts periodic security reviews of all subprocessors to ensure compliance with our internal data protection standards. Each subprocessor is required to:
• Implement appropriate technical and organizational measures (per GDPR Art. 32);
• Notify Kodwise without undue delay of any actual or suspected data breach;
• Support Kodwise in fulfilling data subject requests and incident responses.

If you have any concerns about a subprocessor or data transfer, you may contact Kodwise or the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at https://www.aki.ee/en.

5. UPDATES TO THIS LIST

We may update this list as our services or subprocessors change. Material updates will be published on this page with a revised “Last Updated” date. In case of any new subprocessor that processes personal data, Kodwise will provide prior notice to affected customers as required under our Data Processing Agreement (DPA).

You may contact us at info@kodwise.org to receive notifications or request a complete list of currently active subprocessors.

CONTACT

Kodwise OÜ
Viru väljak 2, 10111 Tallinn, Estonia
Email: info@kodwise.org