Sub-processors
Last updated: 01 Jan 2026
Andzen Pty Ltd (“Andzen”) engages a limited number of third-party service providers (“Sub-processors”) to help us deliver services to our clients. Where a Sub-processor processes personal data on behalf of an Andzen client, we do so under the Data Processing Agreement that forms Schedule 1 of the client’s Master Service Agreement with Andzen, and in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
This page lists the current Sub-processors that may process client personal data in connection with Andzen’s services. Each Sub-processor is bound by data protection obligations no less protective than those Andzen owes to its clients, and where applicable, the EU Standard Contractual Clauses are in place for any restricted transfers under Chapter V of the GDPR.
How to read this list
Andzen does not use every platform listed below for every client. The relevant Sub-processors for any given client are limited to those platforms the client has engaged Andzen to manage on their behalf, plus the underlying infrastructure and collaboration tools used by Andzen to deliver the services.
Where a platform supports multiple regional data centres (for example, Klaviyo’s US and EU instances), Andzen processes the client’s data in the region configured on the client’s own account with that platform.
Current Sub-processors
Email service providers and marketing platforms
These are platforms on which client subscriber data is held and which Andzen accesses on behalf of, and under instruction from, the client.
| Sub-processor | Purpose | Location of processing | Data protection terms |
|---|---|---|---|
| Klaviyo, Inc. | Email and SMS marketing platform | United States by default (AWS us-east-1, Northern Virginia). EU instance available on request. Klaviyo is certified under the EU–US Data Privacy Framework. | Klaviyo Data Processing Agreement |
| The Rocket Science Group LLC d/b/a Mailchimp (an Intuit company) | Email marketing platform | United States. Certified under the EU–US Data Privacy Framework, the UK Extension and the Swiss–US Data Privacy Framework. | Mailchimp Data Processing Addendum |
| Braze, Inc. | Customer engagement and marketing automation | United States by default. EU-hosted instance available (AWS eu-central-1, Frankfurt, with S3 backups in eu-west-1, Ireland). Braze is ISO 27001 certified and SOC 2 compliant. | Braze Data Processing Addendum |
| Dotdigital Group plc | Email and cross-channel marketing | UK and EU. UK and EEA client data is hosted and stored at rest in EEA Microsoft Azure data centres. | Dotdigital Data Processing Agreement |
| Salesforce, Inc. | CRM and marketing platform | United States by default. EU residency available via Hyperforce EU Operating Zone. | Salesforce Data Processing Addendum · Salesforce Infrastructure and Sub-processors |
Cloud infrastructure
Used by Andzen to host its own internal systems where client personal data is processed outside the client’s own platform accounts.
| Sub-processor | Purpose | Location of processing | Data protection terms |
|---|---|---|---|
| Google LLC — Google Cloud Platform | Hosting of Andzen’s internal infrastructure, databases and applications used to deliver the services | australia-southeast1 (Sydney) / europe-west3 (Frankfurt) / europe-west2 (London) | Google Cloud Data Processing Addendum · Google Cloud Sub-processors |
Internal collaboration
Used by Andzen in the day-to-day delivery of the services. Client personal data may transit through these tools where, for example, client subscriber lists are shared by email, stored in shared Drives or analysed in Sheets in the course of providing the services.
| Sub-processor | Purpose | Location of processing | Data protection terms |
|---|---|---|---|
| Google LLC — Google Workspace | Business email (Gmail), file storage and collaboration (Drive, Docs, Sheets) | Global Google infrastructure, with regional data residency options available. Google is certified under the EU–US Data Privacy Framework. | Google Workspace Cloud Data Processing Addendum |
How we notify you of changes
Andzen may, from time to time, add, replace or remove Sub-processors as our tooling evolves. When we plan to add or replace a Sub-processor that will process client personal data:
- We will update this page with the new Sub-processor’s details before the change takes effect.
- Clients may object to a proposed change by writing to us at the contact address below. Where a client raises a reasonable objection, we will work in good faith to address the concern, which may include retaining the data with an alternative provider where reasonably possible.
This mechanism reflects the general written authorisation under clause 4 of our Data Processing Agreement.
Subscribe to updates
To be notified by email when this page is updated, write to data-protection@andzen.co with the subject line “Subscribe — Sub-processor updates” and we will add you to the notification list.
Contact
For any questions about Andzen’s data protection practices or any Sub-processor listed above:
Andzen Pty Ltd — Data Protection contact Brenden Rawson data-protection@andzen.co Andzen Pty Ltd, Level 7 / 154 Melbourne St, South Brisbane, Queensland, Australia
This page is maintained by Andzen Pty Ltd. The Sub-processors and the locations of processing described above are accurate as at the “Last updated” date at the top of this page. References to third-party platforms and their data protection terms are provided for the convenience of our clients; clients should refer to the linked documents for the current and authoritative terms.