Effective Date: 05 January 2025
This notice outlines the subprocessors engaged by The Xdemor Group Limited, Company No. 14456444, with its registered office at 86-90 Paul St., London, EC2A 4NE, United Kingdom (“Xdemor”, “We”, “Us”), and describes how and where personal data may be transferred and processed outside of the United Kingdom and the European Economic Area (EEA).
1. What is a Subprocessor? #
A subprocessor is a third-party service provider contracted by Xdemor to process personal data on our behalf. These subprocessors support the delivery of our digital infrastructure, client platforms, analytics systems, and hosting environments.
Each subprocessor is contractually bound by a Data Processing Agreement (DPA) and must implement appropriate technical and organisational security measures in accordance with Article 28 GDPR and the UK Data Protection Act 2018.
2. Data Transfer Mechanisms #
Where data is transferred outside the UK or EEA, we ensure adequate protection using one or more of the following mechanisms:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK Addendum to SCCs or International Data Transfer Agreements (IDTAs)
- Binding Corporate Rules (where applicable)
- Adequacy Decisions by the UK Government or European Commission
3. List of Subprocessors #
Below is a list of the key subprocessors that may process your personal data depending on the services you use:
| Subprocessor | Purpose / Service Area | Country of Processing | Safeguards |
|---|---|---|---|
| Google LLC | Email Routing, Analytics, Tag Manager, Tracking, reCAPTCHA | United States / EU | SCCs, EU-US DPF*, UK Addendum |
| Microsoft Corporation | Email Routing, Identity Auth, Telemetry, Analytics, Tracking | EU / United States | SCCs + DPA |
| WPManageNinja LLC | Form, CRM System, Support Widgets | United States / India | SCCs + Access Controls |
| SER Acquisition Inc. | Tracking, Analytics, Statistics, Reporting | EU / United States / India | SCCs + Regional Isolation |
| Hetzner Online GmbH | Cloud Hosting, infrastructure backend | Germany / Finland | SCCs + Regional Data Preference |
| InterServer LLC | Cloud Hosting, infrastructure backend | United States | SCCs + UK Addendum |
| QUIC.cloud Inc. | DNS, performance, security (WAF, CDN) | Global (with EU preference) | SCCs + ISO 27001 certification |
| Tawk.to Inc. | Live chat and widget integrations | United States | SCCs + Anonymisation Options |
| Poptin Ltd. | Live chat and widget integrations | Israel | SCCs + Anonymisation Options |
*Google is certified under the EU–US Data Privacy Framework (DPF)
4. Onward Transfers by Our Clients or Partners #
If You access Xdemor’s infrastructure through a third-party agency, integrator, or service provider, they may further transfer or process Your data outside the UK or EEA. In such cases:
- They are the primary Data Controller
- Xdemor acts only as their Data Processor or Subprocessor
- You should consult their privacy and transfer policies
5. Data Categories Affected by Transfers #
Depending on Your use of our services, the following categories of personal data may be processed by subprocessors:
- User account and contact information (e.g. name, email)
- Session data and activity logs
- Support tickets and chat communications
- Analytics metadata (browser, IP, UTM, device)
- Uploaded documents or form entries
- Consent preferences and cookie settings
6. Your Rights and Controls #
You have the right to:
- Request details about data transfers affecting Your information
- Object to transfers in certain circumstances
- Request a copy of relevant transfer safeguards (e.g. SCCs)
To make a request, contact us at: privacy@xdemor.com or submit via the Online Data Request Form ↗
7. Changes to Subprocessor Engagements #
We maintain an up-to-date list of all active subprocessors. You can request to be notified in advance of material changes to this list if You are a registered client.
Clients under DPA agreements will be notified of any onboarding of new subprocessors with 15 days’ prior notice.
8. Contact Us #
If you have questions, concerns, or wish to exercise any of your rights under applicable data protection laws, you may contact us as follows:
The Xdemor Group Limited
Compliance & Legal
86-90 Paul St., London, EC2A 4NE, United Kingdom
Email: enquiries@xdemor.com
Data Protection Officer
Email: dpo@xdemor.com
You may also reach out via the following dedicated addresses:
- privacy@xdemor.com – for inquiries related to your personal information, including access, correction, deletion, or objection under GDPR or UK Data Protection Act 2018
- legal@xdemor.com – for formal legal correspondence, such as contractual matters, claims, or regulatory notices
To submit a data subject request (DSAR):
- Submit Online Data Request Form ↗
- Include your full name, contact details, and a clear description of the request. For verification purposes, we may request additional identification.
Postal Mail:
Data Protection Officer
The Xdemor Group Limited
86-90 Paul St., London, EC2A 4NE, United Kingdom
You may also file a complaint with the relevant data protection authority:
- UK Information Commissioner’s Office (ICO)
- If you are resident in the EEA, you may contact your local data protection authority.
9. Changes to This Policy #
We may update this Cookie Policy periodically. If significant changes are made, we will notify you via email or prominent notice. You are responsible for reviewing the latest version.
Last Updated: 22 June 2025