MedLink Sub-Processors
This page informs you about what Sub-Processors MedLink has in place, what agreements MedLink has with them and how data controllers are informed about the appointment of a new Sub-Processor.
Current Sub-Processors
The following table provides an up-to-date list of the names and locations of MedLink’s sub-processors.
| Name | Nature and purpose | Geographical location |
|---|---|---|
| Amazon | Amazon Web Services (AWS) is used for patient communication via SMS, voice call, email | UK |
| MedLink is hosted in Google Cloud Platform (GCP). This provides secure storage of all personal data | UK | |
| Sentry | For error reporting in the MedLink infrastructure | USA* |
| Gov Notify | A government digital service available to the NHS that MedLink uses for patient communication via SMS, email and letter | UK |
| Microsoft Teams | To allow support video calls with MedLink customers | UK |
Sub-Processor agreements
In the event that the MedLink appoints a Sub-Processor, MedLink shall:
- enter into a Sub-Processing Agreement with the Sub-Processor which shall impose upon the Sub-Processor the same obligations as are imposed upon the Data Processor by this Agreement and which shall permit both the Data Processor and the Data Controller to enforce those obligations; and
- ensure that the Sub-Processor complies fully with its obligations under the Sub-Processing Agreement and the Data Protection Legislation.
Appointment of sub-processors
For all customers (Healthcare Organisations) who have executed MedLink’s standard Data Processing Agreement, MedLink will provide notice via this webpage of updates to the list of sub-processors that are used to deliver its services. MedLink undertakes to keep this list updated regularly to enable its customers to stay informed of the scope of sub-processing associated with MedLink. Interested MedLink customers may subscribe to receive notifications of updates to this policy by completing this form.
According to the DPA, a customer may object in writing to the processing of their personal data by a new sub-processor within thirty (30) days following the update of this webpage and such objection shall describe the customer’s legitimate reason(s) for objection. If customers do not object during such time period the new sub-processor(s) shall be deemed accepted.
Termination rights, as applicable and agreed, are set forth exclusively in the DPA.
Questions
For any questions please contact privacy@medlinksolutions.co.uk
*Sentry participates in and relies on the EU-U.S. Data Privacy Framework (EU-U.S. DPF) including the UK extension to the EU-U.S. Data Privacy Framework