Salesforce Subprocessors: Understanding Key Vendors and Their Roles

By Emily Fenton

Updated February 6, 2024

Salesforce Subprocessors: Understanding Key Vendors and Their Roles

Salesforce, a prominent player in the cloud computing industry, ensures that it meets rigorous privacy standards by managing its network of subprocessors with transparency. These subprocessors are third-party services or entities that Salesforce employs to handle personal data as part of its expansive service offerings. Salesforce maintains a dedicated infrastructure to support its cloud services and entrusts some aspects of data processing to carefully vetted subprocessors. This strategy is crucial in upholding the privacy and security of customer data.

The company's commitment to compliance and trust is evident through its publication of Trust and Compliance documentation, outlining the roles of its subprocessors in the data processing ecosystem. Salesforce lists these entities and the countries where personal data may be stored and processed, providing customers with the clear information they need regarding the handling of their data. The use of subprocessors enables Salesforce to deliver robust and scalable services while adhering to data protection regulations and handling customer information responsibly.

Personal data privacy is a priority for Salesforce, reflected in their Processor Binding Corporate Rules (BCR). These rules set a standard for the protection of personal data that is transferred internationally. By making these guidelines publicly available, Salesforce demonstrates a transparent approach to data processing and subprocessing, underscoring its commitment to global data protection standards and practices.

Salesforce Sub-Processors Overview

image

Salesforce utilizes a range of sub-processors to ensure efficient service delivery. These entities are crucial for the infrastructure and operational needs of Salesforce.com.

Definition and Role

Sub-processors are third-party entities, or affiliates of Salesforce, that perform certain tasks on behalf of Salesforce.com. These tasks often include data processing, storage, and other activities essential for the delivery of Salesforce’s services to their customers. A sub-processor is utilized because it can provide specialized services that are integral to the functionality and performance of Salesforce’s offerings.

List of Key Salesforce Sub-Processors

Salesforce maintains a comprehensive list of key sub-processors that are part of its infrastructure. The following sub-processors play a significant role in the management and operation of Salesforce services:

  • Infrastructure & Sub-processors: These are the entities that detailing the environment where services are hosted and processed, such as where customer data is stored.
  • Salesforce Affiliates: These are various entities within the Salesforce corporate family that process data to support delivery and improve services.
  • Third-Party Sub-processors: External vendors engaged by Salesforce.com are part of this category, providing functionality like customer support, analytics, and cloud services.

Salesforce commits to transparency by providing documentation, such as their Trust and Compliance Documentation, which outlines the structure and roles of its sub-processors.

Data Processing and Privacy

The data handling protocols and privacy policies used by Salesforce reflect a strong commitment to safeguarding personal information. These measures are implemented in accordance with stringent regulatory standards, such as the EU Standard Contractual Clauses.

Data Handling by Sub-Processors

Salesforce ensures that the sub-processors engaged in providing their services adhere strictly to robust data processing practices. This includes establishing clear parameters for the storage and management of customer data. They also detail the infrastructures and the specific countries where customer data is located, ensuring transparency in the data flow.

The sub-processors are contractually bound to process data following Salesforce's directives, aligning with customer expectations on privacy. Salesforce maintains a list of sub-processors that are crucial to their service provision, along with their roles and responsibilities.

Salesforce Data Privacy Policies

Salesforce's privacy policies provide a framework to protect the rights of data subjects. These policies ensure that customers are informed about how their personal information is being used and guarantee that their data is handled in allignment with legal and ethical privacy standards.

The policies include mechanisms for individuals to exercise their rights over their data—such as the right to access, correct, or request deletion of their personal data. Salesforce also has measures in place to respond to data subject rights requests promptly and effectively.

By integrating the latest EU Standard Contractual Clauses into their Data Processing Addendum, Salesforce demonstrates its compliance with EU data transfer regulations and its dedication to data privacy across borders. The updated clauses address intricate aspects of international data transfers, thus reassuring users of the lawful handling of their data (Salesforce Updates DPA).

Updates and Communications

image

Salesforce is dedicated to maintaining transparency with its customers, particularly regarding the handling of personal data by its sub-processors. The company ensures consistent updates and clear communication related to its sub-processors, which is fundamental to the trust that customers place in Salesforce services.

Update Policy for Sub-Processors List

Salesforce updates its sub-processor list to reflect any changes about the entities processing personal data on its behalf. The list includes affiliates and third parties, and Salesforce.com makes these updates available through its Trust and Compliance Documentation. This document serves as a change log where customers can review the historical record of additions and removals of sub-processors.

  • When updates occur: Adequate notice is given before new sub-processors are authorized.

  • How to stay informed: Customers can subscribe to notifications for real-time information on new sub-processors.

Communication with Salesforce Customers

Salesforce prioritizes effective communication with its customers, providing essential updates in a manner that respects their need for clear and precise information. Communication methods are chosen for their efficacy in ensuring that customers are able to keep abreast of changes easily.

  • Communication Channels: Updates are relayed through established and secure channels.

  • Content of Messages: The information communicated is concise, focusing on the relevance and implications for the customer's services.

Salesforce's commitment to clear updates and communication underscores its role as a trusted partner in delivering reliable services while upholding data integrity and compliance standards.

Regulatory Compliance and Standards

Salesforce demonstrates a robust commitment to regulatory compliance and meeting international standards. This dedication ensures that the handling of information within its infrastructure is secure and accountable.

Salesforce's Commitment to Compliance

Salesforce takes a proactive stance on compliance, ensuring that its practices are in strict adherence to legal and ethical standards. Documentation complexly covering the spectrum of trust and compliance certifies Salesforce's rigorous efforts. Such documents are conveniently accessible, providing stakeholders with clarity on compliance and procedural integrity. To confirm the compliance documents relevant to specific services provided by Salesforce, users can reference the Trust and Compliance Documentation, including Service provider and Network Interface (NLI) particulars.

Adherence to International Standards

The company's adherence to international standards is evident in Salesforce's extensive list of compliance certifications and attestations. These affirm its commitment to global compliance frameworks, including those that govern privacy in the EU, UK, and Switzerland, along with accessibility standards such as WCAG 2.1 AA. Salesforce's vigilance in maintaining such standards is a testament to its position as a leader in compliance and trust, as stated in their Salesforce Compliance documents. This robust compliance structure fortifies the security and integrity of information across its vast array of services and content management.

Want to get updated when Salesforce updates their subprocessors? Subscribe to Salesforce subprocessor alerts here.

Want to monitor web changes that impact your business?

Sign up with Visualping to get alerted of important updates, from anywhere online.

Emily Fenton

Emily is the Product Marketing Manager at Visualping. She has a degree in English Literature and a Masters in Management. When she’s not researching and writing about all things Visualping, she loves exploring new restaurants, playing guitar and petting her cats