1. Overview
In accordance with Article 28 of the General Data Protection Regulation (GDPR), GreenTrust Engineering Consulting ("Data Controller") maintains a list of sub-processors engaged in the processing of personal data through the EUDR-X platform.
Each sub-processor listed below has been assessed for GDPR compliance and operates under a Data Processing Agreement (DPA) or equivalent contractual safeguards.
2. Current Sub-processors
| Sub-processor | Purpose | Data Processed | Location | DPA Status |
|---|---|---|---|---|
| Auth0 (Okta) | User authentication, identity management, role-based access control | Email, name, login metadata, IP address, user agent | EU (Frankfurt) | Covered by Okta DPA |
| Appwrite Cloud | Database hosting, document storage, file storage | All platform data: operator profiles, supplier data, geolocation, documents, audit logs | EU (Frankfurt) | Covered by Appwrite DPA |
| Hetzner Online GmbH | Application server hosting, Docker container orchestration | All data in transit and at rest on the application layer | EU (Falkenstein/Nuremberg, Germany) | Covered by Hetzner DPA |
3. Changes to Sub-processors
GreenTrust will notify data subjects and operators of any changes to the sub-processor list at least 30 days before a new sub-processor begins processing personal data. Notifications will be provided via email to registered operators and by updating this page.
If you object to the use of a new sub-processor, you may contact us within the 30-day notice period at the address below.
4. Safeguards
- All sub-processors are located within the European Union or the European Economic Area.
- All data transfers occur over encrypted channels (TLS 1.2/1.3).
- Each sub-processor is contractually bound to process data only for the specified purpose and in accordance with GDPR requirements.
- Sub-processors are reviewed annually for continued compliance.
5. Contact
GreenTrust Engineering Consulting
Email: adcyberx@gmail.com